Luke Wilde 2f3ebce7c8 LibJS: Keep GeneratorObject's stored execution context's internals alive ...

This would previously crash with a heap UAF when storing the result of
`yield 1` into `e` on the second `next` call:
```js
function* a() { const e = yield 1; }
b = a();
b.next();
gc();
b.next();
```

2022-12-12 13:58:32 +00:00

11 KiB

Raw Blame History

View Raw