mirror of
https://github.com/LadybirdBrowser/ladybird
synced 2026-04-25 17:25:08 +02:00
0b9636fadf
WebAssembly.Memory-backed ArrayBuffers wrap external ByteBuffer storage. When that memory grows, ByteBuffer::try_resize() may realloc the backing storage while old fixed-length buffer objects remain reachable from JS. TypedArrayBase cached m_data for all fixed-length buffers, and the asm interpreter fast path dereferenced that cached pointer directly. For wasm memory views this could leave a stale pointer behind across grow(). Restrict cached typed-array data pointers to fixed-length ArrayBuffers that own stable ByteBuffer storage. External/unowned buffers, including WebAssembly.Memory buffers, now keep m_data == nullptr and fall back to code that re-derives buffer().data() on each access. Add regressions for both the original shared-memory grow case and the second-grow stale-view case.
13 lines
252 B
Plaintext
13 lines
252 B
Plaintext
firstView[0x0]: 0x11
|
|
firstView[0x1]: 0x22
|
|
firstView[0x2]: 0x33
|
|
firstView[0x3]: 0x44
|
|
thirdView[0x4]: 0x55
|
|
thirdView[0x5]: 0x66
|
|
thirdView[0x6]: 0x77
|
|
thirdView[0x7]: 0x88
|
|
firstView[0x8]: 0x99
|
|
firstView[0x9]: 0xaa
|
|
firstView[0xa]: 0xbb
|
|
firstView[0xb]: 0xcc
|