LibJS: Don't mark blocks for unification multiple times

This would cause a UAF otherwise
Author: https://github.com/Hendiadyoin1 Commit: 7697e09660 Pull-request: https://github.com/SerenityOS/serenity/pull/15971 Reviewed-by: https://github.com/FireFox317 Reviewed-by: https://github.com/alimpfard Reviewed-by: https://github.com/kleinesfilmroellchen ✅
2025-09-12 12:32:21 +00:00 · 2022-11-02 14:28:47 +01:00 · 2022-11-02 14:28:47 +01:00 · 7697e09660 · 2024-07-18 00:41:35 +09:00
commit 7697e09660
parent 35db0c5e18
1 changed files with 2 additions and 0 deletions
--- a/Userland/Libraries/LibJS/Bytecode/Pass/UnifySameBlocks.cpp
+++ b/Userland/Libraries/LibJS/Bytecode/Pass/UnifySameBlocks.cpp
@ -24,6 +24,8 @@ void UnifySameBlocks::perform(PassPipelineExecutable& executable)
        auto& block = executable.executable.basic_blocks[i];
        auto block_bytes = block.instruction_stream();
        for (auto& candidate_block : executable.executable.basic_blocks.span().slice(i + 1)) {
+            if (equal_blocks.contains(&*candidate_block))
+                continue;
            // FIXME: This can probably be relaxed a bit...
            if (candidate_block->size() != block.size())
                continue;