[Backport] Security bug 378701682

Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/v8/v8/+/6022072:
[liftoff] Fix clobbered scratch register

`GetMemOp` returns an `Operand` which can contain `kScratchRegister`. We
should hence not clobber that register until after the last use of the
`Operand`.

This CL changes the scratch register to `kScratchRegister2` which has
much fewer uses, and in particular none which collides with `GetMemOp`.

[email protected]

Fixed: 378779897, 378701682
Change-Id: Id1ed25edfe76200d069ac2ab54e5000eed313c8f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/6022072
Reviewed-by: Matthias Liedtke <[email protected]>
Commit-Queue: Clemens Backes <[email protected]>
Cr-Commit-Position: refs/heads/main@{#97224}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/609171
Reviewed-by: Anu Aliyas <[email protected]>

Author: backes

chromium/v8/src/wasm/baseline/x64/liftoff-assembler-x64.h

@@ -66,7 +66,7 @@ inline Operand GetMemOp(LiftoffAssembler* assm, Register addr,
                : Operand(addr, offset_reg, scale_factor, offset_imm32);
   }
   // Offset immediate does not fit in 31 bits.
-  Register scratch = kScratchRegister;
+  Register scratch = kScratchRegister2;
   assm->MacroAssembler::Move(scratch, offset_imm);
   if (offset_reg != no_reg) assm->addq(scratch, offset_reg);
   return Operand(addr, scratch, scale_factor, 0);