Bug 664159 - Fix eval-in-frame crash (r=waldo)

js/src/jit-test/tests/basic/testStackIterDebug.js

@@ -50,3 +50,13 @@ function assertStackIs(s1) {
 
 (function f() { var o = { toString:function() { evalInFrame(1, "assertStackIs(['eval-code', f, 'global-code'])"); }}; [o,o].sort() })();
 (function f() { var o = { toString:function() { evalInFrame(1, "assertStackIs(['eval-code', f, 'global-code'])", true); }}; [o,o].sort() })();
+
+function inner() {
+    (function puppies() {
+        evalInFrame(1, "assertStackIs(['eval-code', inner, String.prototype.replace, outer, String.prototype.replace, 'global-code'])");
+    })();
+}
+function outer() {
+    "bbb".replace(/b/g, inner);
+}
+"aaa".replace(/a/g, outer);

js/src/vm/Stack.cpp

@@ -287,6 +287,12 @@ StackSegment::pushCall(CallArgsList &callList)
     calls_ = &callList;
 }
 
+void
+StackSegment::pointAtCall(CallArgsList &callList)
+{
+    calls_ = &callList;
+}
+
 void
 StackSegment::popCall()
 {
@@ -647,7 +653,7 @@ ContextStack::pushExecuteFrame(JSContext *cx, JSScript *script, const Value &thi
 
     /* pushRegs() below links the prev-frame; manually link the prev-call. */
     if (evalInFrame && evalInFrameCalls)
-        seg_->pushCall(*evalInFrameCalls);
+        seg_->pointAtCall(*evalInFrameCalls);
 
     efg->prevRegs_ = seg_->pushRegs(efg->regs_);
     JS_ASSERT(space().firstUnused() == efg->regs_.sp);

js/src/vm/Stack.h

@@ -1272,6 +1272,7 @@ class StackSegment
     FrameRegs *pushRegs(FrameRegs &regs);
     void popRegs(FrameRegs *regs);
     void pushCall(CallArgsList &callList);
+    void pointAtCall(CallArgsList &callList);
     void popCall();
 
     /* For jit access: */