Fix possible use after free in Array#forEach if the array resizes halfway (#408)

2025-06-15 16:01:30 +00:00 · 2019-01-09 20:06:34 +08:00
parent 20f4092eb2
commit 9ec226de1b
4 changed files with 1328 additions and 986 deletions
--- a/std/assembly/array.ts
+++ b/std/assembly/array.ts
@ -250,9 +250,8 @@ export class Array<T> {
  }

  forEach(callbackfn: (value: T, index: i32, array: Array<T>) => void): void {
-    var buffer = this.buffer_;
    for (let index = 0, toIndex = this.length_; index < toIndex && index < this.length_; ++index) {
-      callbackfn(LOAD<T>(buffer, index), index, this);
+      callbackfn(LOAD<T>(this.buffer_, index), index, this);
    }
  }