Bug 210174

Summary: [JSC] Threading JSGlobalObject in RegExp::match properly
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, ews-watchlist, keith_miller, mark.lam, msaboff, product-security, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch saam: review+

Description Yusuke Suzuki 2020-04-07 23:34:18 PDT 
[JSC] Threading JSGlobalObject in RegExp::match properly
Comment 1 Yusuke Suzuki 2020-04-07 23:36:01 PDT 
Created attachment 395773 [details]
Patch
Comment 2 Radar WebKit Bug Importer 2020-04-08 00:16:35 PDT 
<rdar://problem/61436342>
Comment 3 Saam Barati 2020-04-08 10:40:08 PDT 
Comment on attachment 395773 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=395773&action=review

> Source/JavaScriptCore/runtime/RegExpInlines.h:113
> +        if (nullOrGlobalObject) {

This is the downside of us using JSCell* everywhere instead of JSCell&

When the pointer is actually nullable, we need to name the variable properly
Comment 4 Yusuke Suzuki 2020-04-08 13:01:51 PDT 
Committed r259747: <https://trac.webkit.org/changeset/259747>