LibJS: Don't consider cells in the lazy freelist in conservative scan

Cells after the lazy freelist bump index are guaranteed to not be valid cell pointers, so ignore them during the conservative scan.
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/751ad19c861
2024-09-29 16:21:29 +00:00 · 2021-05-17 19:57:40 +02:00 · 2021-05-17 19:57:40 +02:00 · 751ad19c86 · 2024-07-18 17:55:55 +09:00
parent aa857bcdeb
commit 751ad19c86
1 changed files with 2 additions and 1 deletions
--- a/Userland/Libraries/LibJS/Heap/HeapBlock.h
+++ b/Userland/Libraries/LibJS/Heap/HeapBlock.h
@ -60,7 +60,8 @@ public:
        if (pointer < reinterpret_cast<FlatPtr>(m_storage))
            return nullptr;
        size_t cell_index = (pointer - reinterpret_cast<FlatPtr>(m_storage)) / m_cell_size;
-        if (cell_index >= cell_count())
+        auto end = has_lazy_freelist() ? m_next_lazy_freelist_index : cell_count();
+        if (cell_index >= end)
            return nullptr;
        return cell(cell_index);
    }