PACCage should first cage leaving PAC bits intact then authenticate
Created attachment 373254 [details] Patch
Comment on attachment 373254 [details] Patch You need to change the LLint and WTF too. Otherwise, LGTM
Comment on attachment 373254 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=373254&action=review > Source/JavaScriptCore/ChangeLog:11 > + This ordering prevents someone from taking a signed pointer from > + outside the gigacage and using it in a struct that expects a caged > + pointer. Previously, the PACCaging just double checked that the PAC > + bits were valid for the original pointer. Might be worth spending a few more sentences explaining why this is. It's kinda subtle. Maybe an example would help
Created attachment 373289 [details] Patch
Comment on attachment 373289 [details] Patch gtk build failure seems unrelated.
Comment on attachment 373289 [details] Patch Clearing flags on attachment: 373289 Committed r247041: <https://trac.webkit.org/changeset/247041>
All reviewed patches have been landed. Closing bug.
<rdar://problem/52506922>
Re-opened since this is blocked by bug 199425
Created attachment 373409 [details] Patch
Committed r247101: <https://trac.webkit.org/changeset/247101>