webkitgtk3: add patch to fix qemuarm

The patch here is backported from webkitgtk 2.50 and allows
32 bit arm to successfully build (qemuarm)

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

meta-oe/recipes-support/webkitgtk/webkitgtk3/0001-Fix-32bit-arm.patch

@@ -0,0 +1,128 @@
+From 014b9dad4ec5c432410254c0d0cab7d20b1f31d7 Mon Sep 17 00:00:00 2001
+From: Jason Schonberg <schonm@gmail.com>
+Date: Mon, 29 Sep 2025 14:34:48 -0400
+Subject: [PATCH] From: amaxcz <amaxcz@gmail.com> Date: Fri, 19 Sep 2025
+ 11:55:30 +0000 Subject: [PATCH] JSC: fix op_instanceof handler for 32-bit
+ C-loop build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8
+ Content-Transfer-Encoding: 8bit
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+JSC: fix op_instanceof handler for 32-bit C-loop build
+
+Fixes missing 'op_instanceof' handler in LowLevelInterpreter32_64.asm
+which breaks 32‑bit builds.
+
+* No ChangeLog (raw external patch).
+
+Upstream-Status: Backport [https://bugs.webkit.org/show_bug.cgi?id=299166]
+
+Signed-off-by: Jason Schonberg <schonm@gmail.com>
+---
+ .../llint/LowLevelInterpreter32_64.asm        | 95 ++++++++++++++++++-
+ 1 file changed, 94 insertions(+), 1 deletion(-)
+
+diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
+index 0d7c92bb..0b81cc1a 100644
+--- a/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
+@@ -3437,4 +3437,97 @@ slowPathOp(enumerator_has_own_property)
+ slowPathOp(mod)
+ 
+ llintSlowPathOp(has_structure_with_flags)
+-llintSlowPathOp(instanceof)
++
++llintOpWithMetadata(op_instanceof, OpInstanceof, macro (size, get, dispatch, metadata, return)
++
++    macro getAndLoadConstantOrVariable(fieldName, tagReg, payloadReg)
++        get(fieldName, t5)
++        loadConstantOrVariable(size, t5, tagReg, payloadReg)
++    end
++
++    macro isObject(field, falseLabel)
++        getAndLoadConstantOrVariable(field, t0, t1)
++        bineq t0, CellTag, falseLabel
++        bbneq JSCell::m_type[t1], ObjectType, falseLabel
++    end
++
++    macro overridesHasInstance(hasInstanceField, constructorField, trueLabel)
++        getAndLoadConstantOrVariable(hasInstanceField, t0, t1)
++        bineq t0, CellTag, trueLabel
++        loadp CodeBlock[cfr], t2
++        loadp CodeBlock::m_globalObject[t2], t2
++        loadp JSGlobalObject::m_functionProtoHasInstanceSymbolFunction[t2], t2
++        bpneq t1, t2, trueLabel
++
++        get(constructorField, t5)
++        loadConstantOrVariablePayload(size, t5, CellTag, t1, trueLabel)
++        btbz JSCell::m_flags[t1], ImplementsDefaultHasInstance, trueLabel
++    end
++
++    macro storeValue(tagReg, payloadReg, fieldName)
++        move tagReg, t0
++        move payloadReg, t1
++        get(fieldName, t5)
++        storei t0, TagOffset[cfr, t5, 8]
++        storei t1, PayloadOffset[cfr, t5, 8]
++    end
++
++.getHasInstance:
++    isObject(m_constructor, .throwStaticError)
++    get(m_constructor, t5)
++    metadata(t2, t6)
++    loadConstantOrVariablePayload(size, t5, CellTag, t3, .getHasInstanceSlow)
++    performGetByIDHelper(OpInstanceof, m_hasInstanceModeMetadata, m_hasInstanceValueProfile, .getHasInstanceSlow, size,
++        macro (resultTag, resultPayload)
++            storeValue(resultTag, resultPayload, m_hasInstanceOrPrototype)
++            jmp .getPrototype
++        end)
++    jmp .getPrototype
++
++.getHasInstanceSlow:
++    callSlowPath(_llint_slow_path_get_hasInstance_from_instanceof)
++    branchIfException(_llint_throw_from_slow_path_trampoline)
++    jmp .getPrototype
++
++.getHasInstanceInlinedGetterOSRReturnPoint:
++    # This path is taken when exiting to the LLInt from an inlined getter for Symbol.hasInstance.
++    getterSetterOSRExitReturnPoint(op_instanceof, size)
++    valueProfile(size, OpInstanceof, m_hasInstanceValueProfile, r1, r0, t2)
++    storeValue(r1, r0, m_hasInstanceOrPrototype)
++
++.getPrototype:
++    overridesHasInstance(m_hasInstanceOrPrototype, m_constructor, .instanceofCustom)
++    isObject(m_value, .false)
++    get(m_constructor, t5)
++    metadata(t2, t6)
++    loadConstantOrVariablePayload(size, t5, CellTag, t3, .getPrototypeSlow)
++    performGetByIDHelper(OpInstanceof, m_prototypeModeMetadata, m_prototypeValueProfile, .getPrototypeSlow, size,
++        macro (resultTag, resultPayload)
++            storeValue(resultTag, resultPayload, m_hasInstanceOrPrototype)
++            jmp .instanceof
++        end)
++    jmp .instanceof
++
++.getPrototypeSlow:
++    callSlowPath(_llint_slow_path_get_prototype_from_instanceof)
++    branchIfException(_llint_throw_from_slow_path_trampoline)
++    jmp .instanceof
++
++.instanceof:
++    callSlowPath(_llint_slow_path_instanceof_from_instanceof)
++    dispatch()
++
++.throwStaticError:
++    callSlowPath(_slow_path_throw_static_error_from_instanceof)
++    dispatch()
++
++.instanceofCustom:
++    callSlowPath(_slow_path_instanceof_custom_from_instanceof)
++    dispatch()
++
++.false:
++    get(m_dst, t5)
++    storei BooleanTag, TagOffset[cfr, t5, 8]
++    storei 0, PayloadOffset[cfr, t5, 8]
++    dispatch()
++end)

meta-oe/recipes-support/webkitgtk/webkitgtk3_2.48.7.bb

@@ -21,6 +21,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/webkitgtk-${PV}.tar.xz \
            file://0001-Fix-build-errors-on-RISCV-https-bugs.webkit.org-show.patch \
            file://fix-ftbfs-riscv64.patch \
            file://0001-CMake-Add-a-variable-to-control-macro-__PAS_ALWAYS_I.patch \
+           file://0001-Fix-32bit-arm.patch \
            "
 SRC_URI[sha256sum] = "2c62aebb608e09f930a539f3623a5cc8023b5068029f42a208f45f9124da6e30"