Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix adding entries to the internal buffer of a Map object (#3805)
When appending the key/value pair separately, garbage collection could be
triggered before the value is added, which could cause problems during
marking. This patch changes insertion to add both values at the same
time, which prevents partial entries from being present in the internal
buffer.

Fixes #3804.

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai@inf.u-szeged.hu
  • Loading branch information
dbatyai committed May 28, 2020
1 parent 7a20150 commit c2b6621
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions jerry-core/ecma/operations/ecma-container-object.c
Expand Up @@ -64,11 +64,14 @@ ecma_op_internal_buffer_append (ecma_collection_t *container_p, /**< internal co
{
JERRY_ASSERT (container_p != NULL);

ecma_collection_push_back (container_p, ecma_copy_value_if_not_object (key_arg));

if (lit_id == LIT_MAGIC_STRING_WEAKMAP_UL || lit_id == LIT_MAGIC_STRING_MAP_UL)
{
ecma_collection_push_back (container_p, ecma_copy_value_if_not_object (value_arg));
ecma_value_t values[] = { ecma_copy_value_if_not_object (key_arg), ecma_copy_value_if_not_object (value_arg) };
ecma_collection_append (container_p, values, 2);
}
else
{
ecma_collection_push_back (container_p, ecma_copy_value_if_not_object (key_arg));
}

ECMA_CONTAINER_SET_SIZE (container_p, ECMA_CONTAINER_GET_SIZE (container_p) + 1);
Expand Down

0 comments on commit c2b6621

Please sign in to comment.