From f3aef4cd4b5eaf2a52725ef4227068f51d92978c Mon Sep 17 00:00:00 2001
From: Julien Pages <jpages@mozilla.com>
Date: Mon, 4 Nov 2024 14:00:14 +0000
Subject: [PATCH] Bug 1928038 - Avoid possible dangling reference in
 BaselineJIT.cpp. r=yury

Differential Revision: https://phabricator.services.mozilla.com/D227681
---
 js/src/jit/BaselineJIT.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/js/src/jit/BaselineJIT.cpp b/js/src/jit/BaselineJIT.cpp
index e74433d32b90..a950d508585d 100644
--- a/js/src/jit/BaselineJIT.cpp
+++ b/js/src/jit/BaselineJIT.cpp
@@ -759,8 +759,7 @@ jsbytecode* BaselineScript::approximatePcForNativeAddress(
   // Return the last entry's pc. Every BaselineScript has at least one
   // RetAddrEntry for the prologue stack overflow check.
   MOZ_ASSERT(!retAddrEntries().empty());
-  const RetAddrEntry& lastEntry = retAddrEntries()[retAddrEntries().size() - 1];
-  return script->offsetToPC(lastEntry.pcOffset());
+  return script->offsetToPC(retAddrEntries().crbegin()->pcOffset());
 }
 
 void BaselineScript::toggleDebugTraps(JSScript* script, jsbytecode* pc) {