Bug 220397

Summary: The scratch register should be different from the target register when calling validateUntaggedPtr.
Product: WebKit Reporter: Mark Lam <mark.lam>
Component: JavaScriptCoreAssignee: Mark Lam <mark.lam>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, msaboff, saam, tzagallo, webkit-bug-importer, ysuzuki, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
proposed patch. none

Description Mark Lam 2021-01-06 21:11:11 PST 
rdar://72771069
Comment 1 Mark Lam 2021-01-06 21:20:16 PST 
Created attachment 417152 [details]
proposed patch.
Comment 2 Yusuke Suzuki 2021-01-06 21:22:44 PST 
Comment on attachment 417152 [details]
proposed patch.

r=me
Comment 3 Mark Lam 2021-01-07 09:02:41 PST 
Comment on attachment 417152 [details]
proposed patch.

Thanks for the review.  Landing now.
Comment 4 EWS 2021-01-07 09:33:29 PST 
Committed r271240: <https://trac.webkit.org/changeset/271240>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 417152 [details].
Comment 5 zalan 2021-01-09 04:24:09 PST 
I can still repro the crash with the most recent spade (r271343).
Comment 6 Mark Lam 2021-01-09 08:53:38 PST 
(In reply to zalan from comment #5)
> I can still repro the crash with the most recent spade (r271343).

This turns out to be a different issue.  We should track it with a new bug.  Closing this one.