mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-29 12:19:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibJS: Take a pointer in get_or_prune_cached_prototype_transition()

Browse source 
Prototypes can be set to null, and while the previous version also kinda
allowed null (by not reading through the null reference), it was making
UBSAN very sad.
This commit is contained in:
Ali Mohammad Pur 2021-10-01 08:03:39 +03:30 committed by Ali Mohammad Pur
commit 36516a4c47
Notes: sideshowbarker 2024-07-18 03:15:41 +09:00
2 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Userland/Libraries/LibJS/Runtime/Shape.cpp
View file

@ -36,9 +36,9 @@ Shape* Shape::get_or_prune_cached_forward_transition(TransitionKey const& key)
return it->value;
}
Shape* Shape::get_or_prune_cached_prototype_transition(Object& prototype)
Shape* Shape::get_or_prune_cached_prototype_transition(Object* prototype)
{
auto it = m_prototype_transitions.find(&prototype);
auto it = m_prototype_transitions.find(prototype);
if (it == m_prototype_transitions.end())
return nullptr;
if (!it->value) {
@ -71,7 +71,7 @@ Shape* Shape::create_configure_transition(const StringOrSymbol& property_name, P
Shape* Shape::create_prototype_transition(Object* new_prototype)
{
if (auto* existing_shape = get_or_prune_cached_prototype_transition(*new_prototype))
if (auto* existing_shape = get_or_prune_cached_prototype_transition(new_prototype))
return existing_shape;
auto* new_shape = heap().allocate_without_global_object<Shape>(*this, new_prototype);
m_prototype_transitions.set(new_prototype, new_shape);