diff --git a/js/src/jit-test/tests/ion/bug980119.js b/js/src/jit-test/tests/ion/bug980119.js
new file mode 100644
index 000000000000..b6778164b169
--- /dev/null
+++ b/js/src/jit-test/tests/ion/bug980119.js
@@ -0,0 +1,9 @@
+
+s = newGlobal()
+evalcx("\
+    x = new Uint8ClampedArray;\
+    x.__proto__ = [];\
+", s);
+evalcx("\
+    x[0]\
+", s);
diff --git a/js/src/jit/IonBuilder.cpp b/js/src/jit/IonBuilder.cpp
index 73921f18557d..542dbc5dc338 100644
--- a/js/src/jit/IonBuilder.cpp
+++ b/js/src/jit/IonBuilder.cpp
@@ -7181,10 +7181,12 @@ IonBuilder::getTypedArrayElements(MDefinition *obj)
             // The 'data' pointer can change in rare circumstances
             // (ArrayBufferObject::changeContents).
             types::TypeObjectKey *tarrType = types::TypeObjectKey::get(tarr);
-            tarrType->watchStateChangeForTypedArrayBuffer(constraints());
+            if (!tarrType->unknownProperties()) {
+                tarrType->watchStateChangeForTypedArrayBuffer(constraints());
 
-            obj->setImplicitlyUsedUnchecked();
-            return MConstantElements::New(alloc(), data);
+                obj->setImplicitlyUsedUnchecked();
+                return MConstantElements::New(alloc(), data);
+            }
         }
     }
     return MTypedArrayElements::New(alloc(), obj);