From 229f91a339431ee118b0eb4b1ec469aa0a5b85f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Fl=C3=BCckiger?= <olivf@chromium.org>
Date: Mon, 6 Feb 2023 12:19:45 +0100
Subject: [PATCH] [gc][static-roots] Fix one remaining access to r/o markbits
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Yet another access to the markbits on the r/o pages that was overlooked
in https://chromium-review.googlesource.com/c/v8/v8/+/4212397.

No-Tree-Checks: true
No-Try: true
Bug: v8:13717
Change-Id: I682a2604512dfda00b3f69d0e1f60edd66391687
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4221702
Commit-Queue: Olivier Flückiger <olivf@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#85672}
---
 src/heap/mark-compact.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index f5a8ee7adf..4a5a84a3ba 100644
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -2073,6 +2073,7 @@ bool MarkCompactCollector::IsUnmarkedHeapObject(Heap* heap, FullObjectSlot p) {
   Object o = *p;
   if (!o.IsHeapObject()) return false;
   HeapObject heap_object = HeapObject::cast(o);
+  if (heap_object.InReadOnlySpace()) return false;
   MarkCompactCollector* collector = heap->mark_compact_collector();
   if (V8_UNLIKELY(collector->uses_shared_heap_) &&
       !collector->is_shared_heap_isolate_) {