system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-02 22:24:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibJS: Dereference intrinsic accessor before deleting it

Browse source 
The iterator used to find an intrinsic accessor is used after calling
`HashMap.remove()` on it, which works for our current implementation but
will fall apart when you consider that modifications to the hash map
might invalidate all existing iterators that came from it, as many
implementations do.

Since we're aiming to replace our `HashTable` implementation with
something new, let's fix this first :^)
This commit is contained in:
Jelle Raaijmakers 2023-02-14 01:22:54 +01:00 committed by Andrew Kaster
parent bc76cba7c2
commit 8f015a18a5
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Userland/Libraries/LibJS/Runtime/Object.cpp
View file

@ -1007,12 +1007,13 @@ static Optional<Object::IntrinsicAccessor> find_intrinsic_accessor(Object const*
if (intrinsics == s_intrinsics.end())
return {};
auto accessor = intrinsics->value.find(property_key.as_string());
if (accessor == intrinsics->value.end())
auto accessor_iterator = intrinsics->value.find(property_key.as_string());
if (accessor_iterator == intrinsics->value.end())
return {};
intrinsics->value.remove(accessor);
return move(accessor->value);
auto accessor = accessor_iterator->value;
intrinsics->value.remove(accessor_iterator);
return accessor;
}
Optional<ValueAndAttributes> Object::storage_get(PropertyKey const& property_key) const