From 6960e8d82bc5bb806564861401f3164d8703c02b Mon Sep 17 00:00:00 2001
From: "mrbkap%gmail.com" <mrbkap%gmail.com>
Date: Fri, 3 Feb 2006 01:19:31 +0000
Subject: [PATCH] If a function becomes heavyweight in the middle of an inline
 call, remember to pop the call object when it returns. bug 325540, r=brendan

---
 js/src/jsinterp.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/js/src/jsinterp.c b/js/src/jsinterp.c
index 6faac8c55953..6b3d5ba1d082 100644
--- a/js/src/jsinterp.c
+++ b/js/src/jsinterp.c
@@ -2143,6 +2143,17 @@ interrupt:
                         LOAD_INTERRUPT_HANDLER(rt);
                     }
                 }
+
+#if JS_HAS_CALL_OBJECT
+                /*
+                 * If frame has a call object, sync values and clear the back-
+                 * pointer. This can happen for a lightweight function if it
+                 * calls eval unexpectedly (in a way that is hidden from the
+                 * compiler). See bug 325540.
+                 */
+                if (fp->callobj)
+                    ok &= js_PutCallObject(cx, fp);
+#endif
 #if JS_HAS_ARGS_OBJECT
                 if (fp->argsobj)
                     ok &= js_PutArgsObject(cx, fp);