summaryrefslogtreecommitdiff
path: root/Userland/Libraries/LibJS/Runtime/NumberConstructor.cpp
diff options
context:
space:
mode:
authorTimothy Flynn <trflynn89@pm.me>2022-09-14 19:10:27 -0400
committerAndreas Kling <kling@serenityos.org>2022-09-15 09:45:13 +0200
commit85e313077a1eb0c99fa26a07f73fad9ca2542c35 (patch)
treee22750d48c7c27d7b03779764be22cf695dbf9c5 /Userland/Libraries/LibJS/Runtime/NumberConstructor.cpp
parent3efe611dbfe76a816c837fc02037793fa4e22e61 (diff)
downloadserenity-85e313077a1eb0c99fa26a07f73fad9ca2542c35.zip
LibJS: Do not invoke Cell::vm in constructors before Cell is constructed
In a subclass of Cell, we cannot use Cell::vm() before the base Cell object itself is constructed. Use the Realm's VM instead. This was caught by UBSAN with vptr sanitation enabled.
Diffstat (limited to 'Userland/Libraries/LibJS/Runtime/NumberConstructor.cpp')
-rw-r--r--Userland/Libraries/LibJS/Runtime/NumberConstructor.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/Userland/Libraries/LibJS/Runtime/NumberConstructor.cpp b/Userland/Libraries/LibJS/Runtime/NumberConstructor.cpp
index a14921ce61..540b8c7414 100644
--- a/Userland/Libraries/LibJS/Runtime/NumberConstructor.cpp
+++ b/Userland/Libraries/LibJS/Runtime/NumberConstructor.cpp
@@ -24,7 +24,7 @@ constexpr double const MIN_SAFE_INTEGER_VALUE { -(__builtin_exp2(53) - 1) };
namespace JS {
NumberConstructor::NumberConstructor(Realm& realm)
- : NativeFunction(vm().names.Number.as_string(), *realm.intrinsics().function_prototype())
+ : NativeFunction(realm.vm().names.Number.as_string(), *realm.intrinsics().function_prototype())
{
}