From 44417b17cfed322f68bae181473ddeaf81f6e1ce Mon Sep 17 00:00:00 2001
From: Dragan Mladjenovic <dragan.mladjenovic@rt-rk.com>
Date: Fri, 30 Mar 2018 12:00:13 +0200
Subject: [PATCH] Bug 1450221 - [MIPS] Fix ProfilingFrameIterator unwinding
 when pc is in FarJumpIsland; r=bbouvier

---
 js/src/wasm/WasmFrameIter.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/js/src/wasm/WasmFrameIter.cpp b/js/src/wasm/WasmFrameIter.cpp
index 0eee1aa2eb97..3807e10f8ea9 100644
--- a/js/src/wasm/WasmFrameIter.cpp
+++ b/js/src/wasm/WasmFrameIter.cpp
@@ -843,7 +843,14 @@ js::wasm::StartUnwinding(const RegisterState& registers, UnwindState* unwindStat
       case CodeRange::BuiltinThunk:
       case CodeRange::DebugTrap:
 #if defined(JS_CODEGEN_MIPS32) || defined(JS_CODEGEN_MIPS64)
-        if (offsetFromEntry < PushedFP || codeRange->isThunk()) {
+        if (codeRange->isThunk()) {
+            // The FarJumpIsland sequence temporary scrambles ra.
+            // Don't unwind to caller.
+            fixedPC = pc;
+            fixedFP = fp;
+            *unwoundCaller = false;
+            AssertMatchesCallSite(fp->returnAddress, fp->callerFP);
+        } else if (offsetFromEntry < PushedFP) {
             // On MIPS we rely on register state instead of state saved on
             // stack until the wasm::Frame is completely built.
             // On entry the return address is in ra (registers.lr) and