diff --git a/js/src/jit-test/tests/auto-regress/bug1266579.js b/js/src/jit-test/tests/auto-regress/bug1266579.js
new file mode 100644
index 000000000000..ff3f6986ccf5
--- /dev/null
+++ b/js/src/jit-test/tests/auto-regress/bug1266579.js
@@ -0,0 +1,28 @@
+function test1() {
+  do {
+    "8pan08pa8pan08pa".split("");
+  } while (!inIon());
+}
+
+function test2() {
+  do {
+    "abababababababababababababababab".split("a");
+  } while (!inIon());
+}
+
+function test3() {
+  do {
+    "abcabcabcabcabcabcabcabcabcabcabcabcabcabcabc".split("ab");
+  } while (!inIon());
+}
+
+function test4() {
+  do {
+    "".split("");
+  } while (!inIon());
+}
+
+test1();
+test2();
+test3();
+test4();
diff --git a/js/src/jit/MCallOptimize.cpp b/js/src/jit/MCallOptimize.cpp
index 6ea46eb2f63b..3eb594b388f7 100644
--- a/js/src/jit/MCallOptimize.cpp
+++ b/js/src/jit/MCallOptimize.cpp
@@ -1447,18 +1447,16 @@ IonBuilder::inlineConstantStringSplitString(CallInfo& callInfo)
     if (conversion == TemporaryTypeSet::AlwaysConvertToDoubles)
         return InliningStatus_NotInlined;
 
-    MConstant* templateConst = MConstant::NewConstraintlessObject(alloc(), templateObject);
-    current->add(templateConst);
+    if (!jsop_newarray(templateObject, initLength))
+        return InliningStatus_Error;
 
-    MNewArray* ins = MNewArray::New(alloc(), constraints(), initLength, templateConst,
-                                    templateObject->group()->initialHeap(constraints()), pc);
-
-    current->add(ins);
-    current->push(ins);
+    MDefinition* array = current->peek(-1);
 
     if (!initLength) {
-        if (!resumeAfter(ins))
-            return InliningStatus_Error;
+        if (!array->isResumePoint()) {
+            if (!resumeAfter(array->toNewArray()))
+                return InliningStatus_Error;
+        }
         return InliningStatus_Inlined;
     }
 
@@ -1471,11 +1469,11 @@ IonBuilder::inlineConstantStringSplitString(CallInfo& callInfo)
        MConstant* value = arrayValues[i];
        current->add(value);
 
-       if (!initializeArrayElement(ins, i, value, unboxedType, /* addResumePoint = */ false))
+       if (!initializeArrayElement(array, i, value, unboxedType, /* addResumePoint = */ false))
            return InliningStatus_Error;
     }
 
-    MInstruction* setLength = setInitializedLength(ins, unboxedType, initLength);
+    MInstruction* setLength = setInitializedLength(array, unboxedType, initLength);
     if (!resumeAfter(setLength))
         return InliningStatus_Error;