From 5b36ca13b198de62df54df38fce9465caf62932e Mon Sep 17 00:00:00 2001
From: Artem Udovichenko <artem.udovichenko@huawei.com>
Date: Tue, 15 Nov 2022 17:46:41 +0300
Subject: [PATCH] Fix a bug with using a raw pointer after GC

Change-Id: Ifde463ad0f6222a0e1db885a93751d14602fef45
---
 runtime/base/json_stringifier.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/runtime/base/json_stringifier.cpp b/runtime/base/json_stringifier.cpp
index 49cceb45c..b5de02e32 100644
--- a/runtime/base/json_stringifier.cpp
+++ b/runtime/base/json_stringifier.cpp
@@ -301,6 +301,8 @@ JSTaggedValue JsonStringifier::GetSerializeValue(const JSHandle<JSTaggedValue> &
             thread_, FastRuntimeStub::FastGetPropertyByValue(thread_, tagValue, toJson.GetTaggedValue()));
         // b. ReturnIfAbrupt(toJSON).
         RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread_);
+        // Reread tagValue because GC may move it in FastRuntimeStub::FastGetPropertyByValue
+        tagValue = value.GetTaggedValue();
 
         // c. If IsCallable(toJSON) is true
         if (UNLIKELY(toJsonFun->IsCallable())) {
-- 
Gitee