diff --git a/js/src/jsarray.cpp b/js/src/jsarray.cpp
index 4e79debc9e43..27769b8c7023 100644
--- a/js/src/jsarray.cpp
+++ b/js/src/jsarray.cpp
@@ -490,17 +490,20 @@ js_EnsureDenseArrayCapacity(JSContext *cx, JSObject *obj, jsint i)
     Class *origObjClasp = obj->clasp; 
 #endif
     jsuint u = jsuint(i);
-    JSBool ret = (obj->ensureDenseArrayElements(cx, u, 1) == JSObject::ED_OK);
+    if (obj->ensureDenseArrayElements(cx, u, 1) != JSObject::ED_OK)
+        return false;
 
     /*
      * Write undefined to the element so the tracer doesn't see an uninitialized value
-     * when testing for a hole, and doesn't call dense_setelem_hole.
+     * when testing for a hole.
      */
     obj->setDenseArrayElement(i, UndefinedValue());
+    if (u >= obj->getArrayLength())
+        obj->setArrayLength(cx, u + 1);
 
     /* Partially check the CallInfo's storeAccSet is correct. */
     JS_ASSERT(obj->clasp == origObjClasp);
-    return ret;
+    return true;
 }
 /* This function and its callees do not touch any object's .clasp field. */
 JS_DEFINE_CALLINFO_3(extern, BOOL, js_EnsureDenseArrayCapacity, CONTEXT, OBJECT, INT32,