Andreas Kling 803a20fa86 LibJS: Call the correct base class in LexicalEnvironment::visit_edges() ...

We were calling directly up to Cell, skipping over ScopeObject.
This made us not mark the scope chain parent for lexical environments,
sometimes causing them to get GC'd and use-after-free'd.

Found by Fuzzilli.

Fixes #5140.

2021-01-28 10:15:24 +01:00

4.4 KiB

Raw Blame History

View Raw