From 18571341e5556db39a77433d897c049339346c84 Mon Sep 17 00:00:00 2001
From: Brian Hackett <bhackett1024@gmail.com>
Date: Thu, 10 Mar 2011 08:25:22 -0800
Subject: [PATCH] [INFER] FrameState::isEntryCopied shouldn't look at entries
 not on the stack, bug 640102.

---
 js/src/jit-test/tests/jaeger/bug640102.js | 3 +++
 js/src/methodjit/FrameState.cpp           | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 js/src/jit-test/tests/jaeger/bug640102.js

diff --git a/js/src/jit-test/tests/jaeger/bug640102.js b/js/src/jit-test/tests/jaeger/bug640102.js
new file mode 100644
index 00000000000..e3ad9fbc014
--- /dev/null
+++ b/js/src/jit-test/tests/jaeger/bug640102.js
@@ -0,0 +1,3 @@
+try {
+  eval("v>>([]=x)")
+} catch (e) {}
diff --git a/js/src/methodjit/FrameState.cpp b/js/src/methodjit/FrameState.cpp
index 95caea6194b..2e8e330f8ff 100644
--- a/js/src/methodjit/FrameState.cpp
+++ b/js/src/methodjit/FrameState.cpp
@@ -216,7 +216,7 @@ FrameState::isEntryCopied(FrameEntry *fe) const
 
     for (uint32 i = fe->trackerIndex() + 1; i < tracker.nentries; i++) {
         FrameEntry *nfe = tracker[i];
-        if (nfe->isCopy() && nfe->copyOf() == fe)
+        if (nfe < sp && nfe->isCopy() && nfe->copyOf() == fe)
             return true;
     }