RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 16:37:35 +00:00
Code Issues Activity Actions

LibJS: Only update EC instruction pointer when pushing to EC stack

Browse source 
Instead of trying to keep a live reference to the bytecode interpreter's
current instruction stream iterator, we now simply copy the current
iterator whenever pushing to the ExecutionContext stack.

This fixes a stack-use-after-return issue reported by ASAN.
This commit is contained in:
Andreas Kling 2023-09-02 17:38:17 +02:00
parent 2966188ea3
commit c78506d79b
4 changed files with 19 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

16
Userland/Libraries/LibJS/Runtime/VM.cpp
View file

@ -746,7 +746,7 @@ void VM::dump_backtrace() const
{
for (ssize_t i = m_execution_context_stack.size() - 1; i >= 0; --i) {
auto& frame = m_execution_context_stack[i];
if (frame->instruction_stream_iterator->source_code()) {
if (frame->instruction_stream_iterator.has_value() && frame->instruction_stream_iterator->source_code()) {
auto source_range = frame->instruction_stream_iterator->source_range().realize();
dbgln("-> {} @ {}:{},{}", frame->function_name, source_range.filename(), source_range.start.line, source_range.start.column);
} else {
@ -1121,4 +1121,18 @@ void VM::finish_dynamic_import(ScriptOrModule referencing_script_or_module, Modu
// 6. Return unused.
}
void VM::push_execution_context(ExecutionContext& context)
{
if (!m_execution_context_stack.is_empty())
m_execution_context_stack.last()->instruction_stream_iterator = bytecode_interpreter().instruction_stream_iterator();
m_execution_context_stack.append(&context);
}
void VM::pop_execution_context()
{
m_execution_context_stack.take_last();
if (m_execution_context_stack.is_empty() && on_call_stack_emptied)
on_call_stack_emptied();
}
}