LibJS: Do not invoke Cell::vm in constructors before Cell is constructed

In a subclass of Cell, we cannot use Cell::vm() before the base Cell object itself is constructed. Use the Realm's VM instead. This was caught by UBSAN with vptr sanitation enabled.
author: Timothy Flynn <trflynn89@pm.me> 2022-09-14 19:10:27 -0400
committer: Andreas Kling <kling@serenityos.org> 2022-09-15 09:45:13 +0200
commit: 85e313077a1eb0c99fa26a07f73fad9ca2542c35 (patch)
tree: e22750d48c7c27d7b03779764be22cf695dbf9c5 /Userland/Libraries/LibJS/Runtime/ArrayConstructor.cpp
parent: 3efe611dbfe76a816c837fc02037793fa4e22e61 (diff)
download: serenity-85e313077a1eb0c99fa26a07f73fad9ca2542c35.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/Userland/Libraries/LibJS/Runtime/ArrayConstructor.cpp b/Userland/Libraries/LibJS/Runtime/ArrayConstructor.cpp
index 784648874a..7dc7110f6b 100644
--- a/Userland/Libraries/LibJS/Runtime/ArrayConstructor.cpp
+++ b/Userland/Libraries/LibJS/Runtime/ArrayConstructor.cpp
@@ -17,7 +17,7 @@
 namespace JS {
 
 ArrayConstructor::ArrayConstructor(Realm& realm)
-    : NativeFunction(vm().names.Array.as_string(), *realm.intrinsics().function_prototype())
+    : NativeFunction(realm.vm().names.Array.as_string(), *realm.intrinsics().function_prototype())
 {
 }
author	Timothy Flynn <trflynn89@pm.me>	2022-09-14 19:10:27 -0400
committer	Andreas Kling <kling@serenityos.org>	2022-09-15 09:45:13 +0200
commit	85e313077a1eb0c99fa26a07f73fad9ca2542c35 (patch)
tree	e22750d48c7c27d7b03779764be22cf695dbf9c5 /Userland/Libraries/LibJS/Runtime/ArrayConstructor.cpp
parent	3efe611dbfe76a816c837fc02037793fa4e22e61 (diff)
download	serenity-85e313077a1eb0c99fa26a07f73fad9ca2542c35.zip