From 71f3920afd35f19f8b820aaeb6361493c8da8b87 Mon Sep 17 00:00:00 2001
From: Jason Orendorff <jorendorff@mozilla.com>
Date: Tue, 3 Feb 2009 12:39:46 -0600
Subject: [PATCH] Bug 476666 - TM: Crash reading near 0 @Detecting, regression
 due to bug 476238. r=gal.

---
 js/src/jsinterp.cpp | 30 ++++++++++++------------------
 js/src/jsobj.cpp    |  4 +++-
 2 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/js/src/jsinterp.cpp b/js/src/jsinterp.cpp
index 9b4703801416..70f877767831 100644
--- a/js/src/jsinterp.cpp
+++ b/js/src/jsinterp.cpp
@@ -4293,13 +4293,11 @@ js_Interpret(JSContext *cx)
                         LOAD_ATOM(i);
                 }
                 id = ATOM_TO_JSID(atom);
-                BEGIN_PC_HINT(regs.pc);
-                    if (entry
-                        ? !js_GetPropertyHelper(cx, aobj, id, &rval, &entry)
-                        : !OBJ_GET_PROPERTY(cx, obj, id, &rval)) {
-                        goto error;
-                    }
-                END_PC_HINT();
+                if (entry
+                    ? !js_GetPropertyHelper(cx, aobj, id, &rval, &entry)
+                    : !OBJ_GET_PROPERTY(cx, obj, id, &rval)) {
+                    goto error;
+                }
             } while (0);
 
             STORE_OPND(-1, rval);
@@ -4403,21 +4401,17 @@ js_Interpret(JSContext *cx)
                         goto error;
                 } else
 #endif
-                BEGIN_PC_HINT(regs.pc);
-                    if (entry
-                        ? !js_GetPropertyHelper(cx, aobj, id, &rval, &entry)
-                        : !OBJ_GET_PROPERTY(cx, obj, id, &rval)) {
-                        goto error;
-                    }
-                END_PC_HINT();
+                if (entry
+                    ? !js_GetPropertyHelper(cx, aobj, id, &rval, &entry)
+                    : !OBJ_GET_PROPERTY(cx, obj, id, &rval)) {
+                    goto error;
+                }
                 STORE_OPND(-1, OBJECT_TO_JSVAL(obj));
                 STORE_OPND(-2, rval);
             } else {
                 JS_ASSERT(obj->map->ops->getProperty == js_GetProperty);
-                BEGIN_PC_HINT(regs.pc);
-                    if (!js_GetPropertyHelper(cx, obj, id, &rval, &entry))
-                        goto error;
-                END_PC_HINT();
+                if (!js_GetPropertyHelper(cx, obj, id, &rval, &entry))
+                    goto error;
                 STORE_OPND(-1, lval);
                 STORE_OPND(-2, rval);
             }
diff --git a/js/src/jsobj.cpp b/js/src/jsobj.cpp
index 7e8b16994ea5..6407ba50032e 100644
--- a/js/src/jsobj.cpp
+++ b/js/src/jsobj.cpp
@@ -3904,7 +3904,7 @@ static jsbytecode*
 js_GetCurrentBytecodePC(JSContext* cx)
 {
     jsbytecode *pc = cx->pcHint;
-    if (!pc) {
+    if (!pc || !JS_ON_TRACE(cx)) {
         JSStackFrame* fp = js_GetTopStackFrame(cx);
         if (fp && fp->regs) {
             pc = fp->regs->pc;
@@ -3912,6 +3912,8 @@ js_GetCurrentBytecodePC(JSContext* cx)
             //        JSOP_GETELEM imacro (bug 476559).
             if (*pc == JSOP_CALL && fp->imacpc && *fp->imacpc == JSOP_GETELEM)
                 pc = fp->imacpc;
+        } else {
+            pc = NULL;
         }
     }
     return pc;