diff --git a/js/src/jit-test/tests/debug/bug1254578.js b/js/src/jit-test/tests/debug/bug1254578.js
new file mode 100644
index 000000000000..828faf1869b0
--- /dev/null
+++ b/js/src/jit-test/tests/debug/bug1254578.js
@@ -0,0 +1,23 @@
+// |jit-test| error:ReferenceError; slow
+
+if (!('oomTest' in this))
+  throw (new ReferenceError);
+
+var g = newGlobal();
+g.debuggeeGlobal = this;
+g.eval("(" + function() {
+    dbg = new Debugger(debuggeeGlobal);
+    dbg.onExceptionUnwind = function(frame, exc) {
+        var s = '!';
+        for (var f = frame; f; f = f.older)
+            debuggeeGlobal.log += s;
+    };
+} + ")();");
+var dbg = new Debugger;
+dbg.onNewGlobalObject = function(global) {
+    get.seen = true;
+};
+oomTest(function() {
+    newGlobal({
+    })
+});
diff --git a/js/src/jit/RematerializedFrame.cpp b/js/src/jit/RematerializedFrame.cpp
index 22c08bb75f5b..115bc67db881 100644
--- a/js/src/jit/RematerializedFrame.cpp
+++ b/js/src/jit/RematerializedFrame.cpp
@@ -78,7 +78,8 @@ RematerializedFrame::RematerializeInlineFrames(JSContext* cx, uint8_t* top,
                                                MaybeReadFallback& fallback,
                                                Vector<RematerializedFrame*>& frames)
 {
-    if (!frames.resize(iter.frameCount()))
+    Vector<RematerializedFrame*> tempFrames(cx);
+    if (!tempFrames.resize(iter.frameCount()))
         return false;
 
     while (true) {
@@ -91,13 +92,14 @@ RematerializedFrame::RematerializeInlineFrames(JSContext* cx, uint8_t* top,
                 return false;
         }
 
-        frames[frameNo] = frame;
+        tempFrames[frameNo] = frame;
 
         if (!iter.more())
             break;
         ++iter;
     }
 
+    frames = Move(tempFrames);
     return true;
 }