diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index 4c6e1b3138c4..71886597de6d 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,23 @@
+2015-05-27  Basile Clement  <basile_clement@apple.com>
+
+        LazyNode comparison can return incorrect results when comparing an empty value
+        https://bugs.webkit.org/show_bug.cgi?id=145421
+
+        Reviewed by Geoffrey Garen.
+
+        When comparing a LazyNode to another, we compare the value pointers if
+        we have one, and otherwise compare the nodes.
+        We should be comparing value pointers if the other LazyNode has one as
+        well, otherwise we risk an incoherency when we are a empty LazyNode
+        being compared to a FrozenValue without node.
+
+        Note that this is not a problem in any other case because if we don't
+        have a FrozenValue and we are not an empty LazyNode, we are a
+        non-constant node, and comparing the node pointers is correct.
+
+        * dfg/DFGLazyNode.h:
+        (JSC::DFG::LazyNode::operator==):
+
 2015-05-27  Geoffrey Garen  <ggaren@apple.com>
 
         REGRESSION: These sorting idioms used by Peacekeeper and Browsermark are ~20X slower
diff --git a/Source/JavaScriptCore/dfg/DFGLazyNode.h b/Source/JavaScriptCore/dfg/DFGLazyNode.h
index 12571f7abacb..cc7102bb05b1 100644
--- a/Source/JavaScriptCore/dfg/DFGLazyNode.h
+++ b/Source/JavaScriptCore/dfg/DFGLazyNode.h
@@ -34,8 +34,6 @@
 
 namespace JSC { namespace DFG {
 
-
-
 class LazyNode {
 public:
     static const size_t jsConstantTag = 0;
@@ -119,7 +117,7 @@ class LazyNode {
 
     bool operator==(const LazyNode& other) const
     {
-        if (asValue())
+        if (asValue() || other.asValue())
             return m_value == other.m_value;
         return m_node == other.m_node;
     }