From d21d1d99bd742e6c95475d15b2e4379c592abc5f Mon Sep 17 00:00:00 2001 From: Andreas Kling Date: Mon, 13 Mar 2023 20:43:01 +0100 Subject: [PATCH] LibJS: Don't skip CPU registers when gathering conservative roots We were accidentally skipping over most of the CPU registers by incrementing the register index by sizeof(FlatPtr) instead of 1. This fixes a long-standing issue where live objects could still get garbage-collected if they were only pointed to by an unlucky register. --- Userland/Libraries/LibJS/Heap/Heap.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Userland/Libraries/LibJS/Heap/Heap.cpp b/Userland/Libraries/LibJS/Heap/Heap.cpp index d58758bfdd..6c228ad2ff 100644 --- a/Userland/Libraries/LibJS/Heap/Heap.cpp +++ b/Userland/Libraries/LibJS/Heap/Heap.cpp @@ -162,7 +162,7 @@ __attribute__((no_sanitize("address"))) void Heap::gather_conservative_roots(Has } }; - for (size_t i = 0; i < ((size_t)sizeof(buf)) / sizeof(FlatPtr); i += sizeof(FlatPtr)) + for (size_t i = 0; i < ((size_t)sizeof(buf)) / sizeof(FlatPtr); ++i) add_possible_value(raw_jmp_buf[i]); auto stack_reference = bit_cast(&dummy);