Remove potential use-after-free data corruption in ByteArray.toString.
If a garbage collection occurs between when we call js::GetUint8ArrayLengthAndData
and gjs_string_from_utf8
in ByteArray.toString
a use-after-free corruption can occur if the garbage collector shifts the location of the Uint8Array
's private data. To mitigate this we call js::GetUint8ArrayLengthAndData
again and then compare if the length and pointer are still the same. If the pointers differ, we use the slow path to ensure no data corruption occurred.
Fixes #339 (closed)