beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 15:40:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

LibJS: Call the correct base class in LexicalEnvironment::visit_edges()

Browse source 
We were calling directly up to Cell, skipping over ScopeObject.
This made us not mark the scope chain parent for lexical environments,
sometimes causing them to get GC'd and use-after-free'd.

Found by Fuzzilli.

Fixes #5140.
This commit is contained in:
Andreas Kling 2021-01-28 10:13:47 +01:00
parent 7ec8f83a7f
commit 803a20fa86
Notes: sideshowbarker 2024-07-18 22:47:45 +09:00 
Author: https://github.com/awesomekling
Commit: https://github.com/SerenityOS/serenity/commit/803a20fa867
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Userland/Libraries/LibJS/Runtime/LexicalEnvironment.cpp
View file

@ -63,7 +63,7 @@ LexicalEnvironment::~LexicalEnvironment()
void LexicalEnvironment::visit_edges(Visitor& visitor)
{
Cell::visit_edges(visitor);
Base::visit_edges(visitor);
visitor.visit(m_this_value);
visitor.visit(m_home_object);
visitor.visit(m_new_target);