From ac6fdfbfac65ec1ee58005418a11fd953af2464c Mon Sep 17 00:00:00 2001
From: Manos Koukoutos <manoskouk@chromium.org>
Date: Wed, 24 Nov 2021 13:49:38 +0000
Subject: [PATCH] [wasm] Fix heap sandbox compilation

This fixes an oversight in crrev.com/c/3277878.

Bug: v8:11510
Change-Id: I91b55682fd27c55ef556e919d7f04a9dbbecadea
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3300137
Reviewed-by: Jakob Kummerow <jkummerow@chromium.org>
Commit-Queue: Manos Koukoutos <manoskouk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78072}
---
 src/wasm/baseline/liftoff-compiler.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wasm/baseline/liftoff-compiler.cc b/src/wasm/baseline/liftoff-compiler.cc
index 190bc43da0..c253b715d6 100644
--- a/src/wasm/baseline/liftoff-compiler.cc
+++ b/src/wasm/baseline/liftoff-compiler.cc
@@ -6072,7 +6072,7 @@ class LiftoffCompiler {
 
 #ifdef V8_HEAP_SANDBOX
       LOAD_INSTANCE_FIELD(temp.gp(), IsolateRoot, kSystemPointerSize, pinned);
-      __ LoadExternalPointer(target.gp(), func_data.gp(),
+      __ LoadExternalPointer(target.gp(), func_ref.gp(),
                              WasmInternalFunction::kForeignAddressOffset,
                              kForeignForeignAddressTag, temp.gp());
 #else