From b7cffe025416845cf006a19b1e07b1d24fec7dd2 Mon Sep 17 00:00:00 2001
From: Milad Fa <mfarazma@ibm.com>
Date: Fri, 6 Mar 2026 14:20:50 +0000
Subject: [PATCH] deps: V8: cherry-pick aa0b288f87cc

Original commit message:

    PPC/S390: [wasm] Fix jump table offset when patching

    ... need to make sure patching of target occurs at the correct spot
    based on what `EmitFarJumpSlot` emits. Also mask the branch offset in
    PPC64 EmitJumpSlot to match `Assembler::b()`.

    Change-Id: I5a8079d0079d8ad427034761d42c90b64d5746dd
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/7642190
    Reviewed-by: John <junyan1@ibm.com>
    Commit-Queue: Milad Farazmand <mfarazma@ibm.com>
    Reviewed-by: Clemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#105646}

Refs: https://github.com/v8/v8/commit/aa0b288f87ccfc2ad25f5d828af6627a7dccc9cb
---
 common.gypi                              | 2 +-
 deps/v8/src/wasm/jump-table-assembler.cc | 9 ++++++---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/common.gypi b/common.gypi
index a4825c5429d761..c58aa7fd89305d 100644
--- a/common.gypi
+++ b/common.gypi
@@ -38,7 +38,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.12',
+    'v8_embedder_string': '-node.13',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/wasm/jump-table-assembler.cc b/deps/v8/src/wasm/jump-table-assembler.cc
index 7953adb138e18b..47d21e29785be8 100644
--- a/deps/v8/src/wasm/jump-table-assembler.cc
+++ b/deps/v8/src/wasm/jump-table-assembler.cc
@@ -426,7 +426,8 @@ void JumpTableAssembler::EmitFarJumpSlot(Address target) {
 // static
 void JumpTableAssembler::PatchFarJumpSlot(WritableJitAllocation& jit_allocation,
                                           Address slot, Address target) {
-  Address target_addr = slot + 8;
+  // See {EmitFarJumpSlot} for the offset of the target.
+  Address target_addr = slot + kFarJumpTableSlotSize - kSystemPointerSize;
   jit_allocation.WriteValue(target_addr, target, kRelaxedStore);
 }
 
@@ -636,7 +637,7 @@ bool JumpTableAssembler::EmitJumpSlot(Address target) {
 
   CHECK_EQ(0, relative_target & (kAAMask | kLKMask));
   // The jump table is updated live, so the write has to be atomic.
-  emit<uint32_t>(inst[0] | relative_target, kRelaxedStore);
+  emit<uint32_t>(inst[0] | (relative_target & kImm26Mask), kRelaxedStore);
   return true;
 }
 
@@ -671,7 +672,9 @@ void JumpTableAssembler::EmitFarJumpSlot(Address target) {
 // static
 void JumpTableAssembler::PatchFarJumpSlot(WritableJitAllocation& jit_allocation,
                                           Address slot, Address target) {
-  Address target_addr = slot + kFarJumpTableSlotSize - 8;
+  // See {EmitFarJumpSlot} for the offset of the target.
+  Address target_addr =
+      slot + kFarJumpTableSlotSize - (2 * kInstrSize) - kSystemPointerSize;
   jit_allocation.WriteValue(target_addr, target, kRelaxedStore);
 }