RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 22:48:11 +00:00
Code Issues Activity Actions

LibJS: Don't skip CPU registers when gathering conservative roots

Browse source 
We were accidentally skipping over most of the CPU registers by
incrementing the register index by sizeof(FlatPtr) instead of 1.

This fixes a long-standing issue where live objects could still get
garbage-collected if they were only pointed to by an unlucky register.
This commit is contained in:
Andreas Kling 2023-03-13 20:43:01 +01:00
parent 6070875564
commit d21d1d99bd
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Heap/Heap.cpp
View file

@ -162,7 +162,7 @@ __attribute__((no_sanitize("address"))) void Heap::gather_conservative_roots(Has
}
};
for (size_t i = 0; i < ((size_t)sizeof(buf)) / sizeof(FlatPtr); i += sizeof(FlatPtr))
for (size_t i = 0; i < ((size_t)sizeof(buf)) / sizeof(FlatPtr); ++i)
add_possible_value(raw_jmp_buf[i]);
auto stack_reference = bit_cast<FlatPtr>(&dummy);