[Webkit-unassigned] [Bug 232165] New: JITReservation initializeJITPageReservation() overwrites g_wtfConfig with USE_SYSTEM_MALLOC

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 22 12:31:09 PDT 2021 

https://bugs.webkit.org/show_bug.cgi?id=232165

            Bug ID: 232165
           Summary: JITReservation initializeJITPageReservation()
                    overwrites g_wtfConfig with USE_SYSTEM_MALLOC
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: nep-webkit at packageloss.eu

This was discovered in the haiku port because of an assertion in Source/WTF/wtf/threads/Signals.cpp:343

Reproduced with https://github.com/haiku/haikuwebkit/commit/889085c4ff8e7954ca830cb3b54b33113e707718
Which is based on https://github.com/WebKit/WebKit/commit/b683340bee5c998a212c2918cfa0af5389579a99

This is the patch used to fix the haiku build
diff --git a/Source/JavaScriptCore/jit/ExecutableAllocator.cpp b/Source/JavaScriptCore/jit/ExecutableAllocator.cpp
index 31476313ba..669915502a 100644
--- a/Source/JavaScriptCore/jit/ExecutableAllocator.cpp
+++ b/Source/JavaScriptCore/jit/ExecutableAllocator.cpp
@@ -403,7 +403,7 @@ static ALWAYS_INLINE JITReservation initializeJITPageReservation()
         g_jscConfig.startExecutableMemory = tagCodePtr<ExecutableMemoryPtrTag>(reservation.base);
         g_jscConfig.endExecutableMemory = tagCodePtr<ExecutableMemoryPtrTag>(reservationEnd);

-#if ENABLE(UNIFIED_AND_FREEZABLE_CONFIG_RECORD)
+#if !USE(SYSTEM_MALLOC) && ENABLE(UNIFIED_AND_FREEZABLE_CONFIG_RECORD)
         WebConfig::g_config[0] = bitwise_cast<uintptr_t>(reservation.base);
         WebConfig::g_config[1] = bitwise_cast<uintptr_t>(reservationEnd);
 #endif

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211022/378d521d/attachment.htm>

More information about the webkit-unassigned mailing list