Ver Fonte

LibJS: Don't consider cells in the lazy freelist in conservative scan

Cells after the lazy freelist bump index are guaranteed to not be
valid cell pointers, so ignore them during the conservative scan.
Andreas Kling há 4 anos atrás
pai
commit
751ad19c86
1 ficheiros alterados com 2 adições e 1 exclusões
  1. 2 1
      Userland/Libraries/LibJS/Heap/HeapBlock.h

+ 2 - 1
Userland/Libraries/LibJS/Heap/HeapBlock.h

@@ -60,7 +60,8 @@ public:
         if (pointer < reinterpret_cast<FlatPtr>(m_storage))
             return nullptr;
         size_t cell_index = (pointer - reinterpret_cast<FlatPtr>(m_storage)) / m_cell_size;
-        if (cell_index >= cell_count())
+        auto end = has_lazy_freelist() ? m_next_lazy_freelist_index : cell_count();
+        if (cell_index >= end)
             return nullptr;
         return cell(cell_index);
     }