diff --git a/js/src/ion/IonBuilder.cpp b/js/src/ion/IonBuilder.cpp
index a90fc9cf70ed..f9a7d8a1389f 100644
--- a/js/src/ion/IonBuilder.cpp
+++ b/js/src/ion/IonBuilder.cpp
@@ -3237,14 +3237,12 @@ IonBuilder::makeInliningDecision(AutoObjectVector &targets)
     uint32_t totalSize = 0;
     uint32_t maxInlineDepth = js_IonOptions.maxInlineDepth;
     bool allFunctionsAreSmall = true;
-    RootedFunction target(cx);
-    RootedScript targetScript(cx);
     for (size_t i = 0; i < targets.length(); i++) {
-        target = targets[i]->toFunction();
+        JSFunction *target = targets[i]->toFunction();
         if (!target->isInterpreted())
             return false;
 
-        targetScript = target->nonLazyScript();
+        JSScript *targetScript = target->nonLazyScript();
         uint32_t calleeUses = targetScript->getUseCount();
 
         totalSize += targetScript->length;
@@ -3281,6 +3279,7 @@ IonBuilder::makeInliningDecision(AutoObjectVector &targets)
     JSOp op = JSOp(*pc);
     for (size_t i = 0; i < targets.length(); i++) {
         JSFunction *target = targets[i]->toFunction();
+        JSScript *targetScript = target->nonLazyScript();
 
         if (!canInlineTarget(target)) {
             IonSpew(IonSpew_Inlining, "Decided not to inline");
diff --git a/js/src/ion/TypeOracle.cpp b/js/src/ion/TypeOracle.cpp
index d82da3a2da9c..febec87cd3bc 100644
--- a/js/src/ion/TypeOracle.cpp
+++ b/js/src/ion/TypeOracle.cpp
@@ -603,9 +603,11 @@ TypeInferenceOracle::canEnterInlinedFunction(RawScript caller, jsbytecode *pc, R
     AssertCanGC();
     RootedScript targetScript(cx, target->nonLazyScript());
 
-    // Always permit the empty script.
-    if (targetScript->length == 1)
-        return true;
+    // Make sure empty script has type information, to allow inlining in more cases.
+    if (targetScript->length == 1) {
+        if (!targetScript->ensureRanInference(cx))
+            return false;
+    }
 
     if (!targetScript->hasAnalysis() ||
         !targetScript->analysis()->ranInference() ||
diff --git a/js/src/jit-test/tests/ion/bug843866.js b/js/src/jit-test/tests/ion/bug843866.js
new file mode 100644
index 000000000000..53f3b3a6694f
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug843866.js
@@ -0,0 +1,8 @@
+function g(f) {}
+function f(b) {
+  g.apply(null, arguments);
+
+  if (b < 10)
+    f(b+1);
+}
+f(0);