Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 0bf7411f79883b90e0571fc0009b3d93e6c38ed7
https://github.com/WebKit/WebKit/commit/0bf7411f79883b90e0571fc0009b3d93e6c38ed7
Author: Marcus Plutowski <[email protected]>
Date: 2026-04-15 (Wed, 15 Apr 2026)
Changed paths:
M Source/bmalloc/libpas/src/libpas/pas_mte.h
M Source/bmalloc/libpas/src/libpas/pas_mte_config.h
M Source/bmalloc/libpas/src/libpas/pas_runtime_config.h
Log Message:
-----------
[libpas] Disable tag-check-on-dealloc for Release builds
https://bugs.webkit.org/show_bug.cgi?id=312382
rdar://174561714
Reviewed by Keith Miller.
Certain allocation pathways result in MTE-tagged objects being freed via
zero-tagged pointers. This currently only happens in the scavenger path,
meaning that we don't have visibility into which allocation is actually
freeing the pointers in question. As such further investigation is
needed to understand the root cause.
Disabling this feature for release builds in the meantime.
Canonical link: https://commits.webkit.org/311334@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
