From 6e776e6d55857e7e4ecc36c66038b42cc2bd5f4c Mon Sep 17 00:00:00 2001
From: Benoit Girard <b56girard@gmail.com>
Date: Wed, 21 Nov 2012 16:24:39 -0500
Subject: [PATCH] Bug 805797 - Validate sp before unwinding to fix crash in
 mozilla::FramePointerStackWalk. r=ehsan

---
 tools/profiler/TableTicker.cpp | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/tools/profiler/TableTicker.cpp b/tools/profiler/TableTicker.cpp
index 4684e0b85f7d..3c43d4a29062 100644
--- a/tools/profiler/TableTicker.cpp
+++ b/tools/profiler/TableTicker.cpp
@@ -800,7 +800,9 @@ void TableTicker::doBacktrace(ThreadProfile &aProfile, TickSample* aSample)
   void *stackEnd = reinterpret_cast<void*>(-1);
   if (pt)
     stackEnd = static_cast<char*>(pthread_get_stackaddr_np(pt));
-  nsresult rv = FramePointerStackWalk(StackWalkCallback, 0, &array, reinterpret_cast<void**>(aSample->fp), stackEnd);
+  nsresult rv = NS_OK;
+  if (aSample->fp >= aSample->sp && aSample->fp <= stackEnd)
+    rv = FramePointerStackWalk(StackWalkCallback, 0, &array, reinterpret_cast<void**>(aSample->fp), stackEnd);
 #else
   nsresult rv = NS_StackWalk(StackWalkCallback, 0, &array, thread);
 #endif