From a4376e3e36532673c8907c4cd0b8ea88e5fa273a Mon Sep 17 00:00:00 2001
From: Yuta Saito <kateinoigakukun@gmail.com>
Date: Thu, 27 Mar 2025 12:14:14 +0000
Subject: [PATCH] Fix potential use-after-free in JSString

The guts' lifetime was not guaranteed to be longer than
`swjs_value_equals` call, which could lead to a use-after-free.
---
 Sources/JavaScriptKit/FundamentalObjects/JSString.swift | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Sources/JavaScriptKit/FundamentalObjects/JSString.swift b/Sources/JavaScriptKit/FundamentalObjects/JSString.swift
index b4ad1023..f084ffc8 100644
--- a/Sources/JavaScriptKit/FundamentalObjects/JSString.swift
+++ b/Sources/JavaScriptKit/FundamentalObjects/JSString.swift
@@ -77,7 +77,11 @@ public struct JSString: LosslessStringConvertible, Equatable {
     ///   - lhs: A string to compare.
     ///   - rhs: Another string to compare.
     public static func == (lhs: JSString, rhs: JSString) -> Bool {
-        return swjs_value_equals(lhs.guts.jsRef, rhs.guts.jsRef)
+        withExtendedLifetime(lhs.guts) { lhsGuts in
+            withExtendedLifetime(rhs.guts) { rhsGuts in
+                return swjs_value_equals(lhsGuts.jsRef, rhsGuts.jsRef)
+            }
+        }
     }
 }