From 2fb3b6c542db3a86cbd1aa7e34d470e34c485372 Mon Sep 17 00:00:00 2001
From: Andreas Kling <andreas@ladybird.org>
Date: Tue, 12 Nov 2024 15:21:02 +0100
Subject: [PATCH] LibJS: Make ConservativeVector<T> visit all possible values

We were miscalculating the length of the buffer in pointer-sized chunks,
which is what the conservative root scan cares about.

This could cause some values to be prematurely garbage-collected.
---
 Libraries/LibJS/Heap/ConservativeVector.h | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Libraries/LibJS/Heap/ConservativeVector.h b/Libraries/LibJS/Heap/ConservativeVector.h
index 2c1fcf3b274..cb23bd20930 100644
--- a/Libraries/LibJS/Heap/ConservativeVector.h
+++ b/Libraries/LibJS/Heap/ConservativeVector.h
@@ -66,7 +66,11 @@ public:
 
     virtual ReadonlySpan<FlatPtr> possible_values() const override
     {
-        return ReadonlySpan<FlatPtr> { reinterpret_cast<FlatPtr const*>(this->data()), this->size() };
+        static_assert(sizeof(T) >= sizeof(FlatPtr));
+        return ReadonlySpan<FlatPtr> {
+            reinterpret_cast<FlatPtr const*>(this->data()),
+            this->size() * sizeof(T) / sizeof(FlatPtr),
+        };
     }
 };