[Webkit-unassigned] [Bug 242599] [AArch32][Aarch64] ASSERTION FAILED variant.intrinsic() == NoIntrinsic in void JSC::DFG::ByteCodeParser::handleGetById
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 12 13:32:04 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=242599
Yusuke Suzuki <ysuzuki at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|Security-Sensitive |
Component|Security |JavaScriptCore
Assignee|webkit-security-unassigned@ |webkit-unassigned at lists.web
|lists.webkit.org |kit.org
Product|Security |WebKit
--- Comment #3 from Yusuke Suzuki <ysuzuki at apple.com> ---
Previously all intrinsic getters are handled. So at this point, it should be NoIntrinsic.
But 4GB wasm array work added a case which can fail.
But then, we should just continue using this generic path, invoking a getter. Thus, this assertion is stale. Let's just remove it.
And marking it non-security since the solution is just removing this assertion and this is debug assertion.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220712/5e4e8c14/attachment.htm>
More information about the webkit-unassigned
mailing list