Patch coming.
Created attachment 348779 [details] proposed patch.
Comment on attachment 348779 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=348779&action=review > Source/JavaScriptCore/interpreter/Register.h:125 > + return asanUnsafeJSValue(); How does this not remove asan protection?
Comment on attachment 348779 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=348779&action=review >> Source/JavaScriptCore/interpreter/Register.h:125 >> + return asanUnsafeJSValue(); > > How does this not remove asan protection? I was previously thinking that the outer function Register::jsValue() not being a ASAN suppressed function means that this is OK. But I'm wrong: this is a bug. I will undo these call forwardinh changes.
Created attachment 348788 [details] proposed patch.
Comment on attachment 348788 [details] proposed patch. Got a bug.
Created attachment 348789 [details] proposed patch.
Comment on attachment 348789 [details] proposed patch. Clearing flags on attachment: 348789 Committed r235603: <https://trac.webkit.org/changeset/235603>
All reviewed patches have been landed. Closing bug.
<rdar://problem/44079982>