mirror of
https://github.com/fergalmoran/ladybird.git
synced 2025-12-30 21:28:40 +00:00
bd5abbc454
When scanning for potential heap pointers during conservative GC, we look for any value that is an address somewhere inside a heap cell. However, we were failing to account for the slack at the end of a block (which occurs whenever the block storage size isn't an exact multiple of the cell size.) Pointers inside the trailing slack were misidentified as pointers into "last_cell+1". Instead of skipping over them, we would treat this garbage data as a live cell and try to mark it. I believe this is the test-js crash that has been terrorizing Travis for a while. :^)