From 3c8f3a181afb7407ca6b8dd6605dcea3a8e78ba8 Mon Sep 17 00:00:00 2001
From: Elvis Pranskevichus <elvis@magic.io>
Date: Sat, 24 Mar 2018 13:34:10 -0400
Subject: [PATCH] Fix crankshaft RCE patch

---
 patches/v8/crankshaft-hydrogen-rce.patch | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/patches/v8/crankshaft-hydrogen-rce.patch b/patches/v8/crankshaft-hydrogen-rce.patch
index d99d964..273705e 100644
--- a/patches/v8/crankshaft-hydrogen-rce.patch
+++ b/patches/v8/crankshaft-hydrogen-rce.patch
@@ -1,16 +1,17 @@
 diff --git a/src/crankshaft/hydrogen.cc b/src/crankshaft/hydrogen.cc
-index d55bb37..d595617 100644
+index d55bb37..2833c63 100644
 --- a/src/crankshaft/hydrogen.cc
 +++ b/src/crankshaft/hydrogen.cc
-@@ -7176,7 +7176,10 @@ HValue* HOptimizedGraphBuilder::HandlePolymorphicElementAccess(
+@@ -7176,8 +7176,11 @@ HValue* HOptimizedGraphBuilder::HandlePolymorphicElementAccess(
    // Get transition target for each map (NULL == no transition).
    for (int i = 0; i < maps->length(); ++i) {
      Handle<Map> map = maps->at(i);
 +    // Don't generate elements kind transitions from stable maps.
      Map* transitioned_map =
+-        map->FindElementsKindTransitionedMap(&possible_transitioned_maps);
 +        map->is_stable()
 +            ? nullptr
 +            : map->FindElementsKindTransitionedMap(&possible_transitioned_maps);
--         map->FindElementsKindTransitionedMap(&possible_transitioned_maps);
      if (transitioned_map != nullptr) {
        transition_target.Add(handle(transitioned_map));
+     } else {
-- 
2.16.1