diff --git a/js/src/jit-test/tests/ion/recover-lambdas-bug1114566.js b/js/src/jit-test/tests/ion/recover-lambdas-bug1114566.js
new file mode 100644
index 00000000000..ada8e59f38c
--- /dev/null
+++ b/js/src/jit-test/tests/ion/recover-lambdas-bug1114566.js
@@ -0,0 +1,2 @@
+
+(new Function("return (function o() {}).caller;"))();
diff --git a/js/src/vm/Stack.cpp b/js/src/vm/Stack.cpp
index 7b57984d883..1a735d64e7b 100644
--- a/js/src/vm/Stack.cpp
+++ b/js/src/vm/Stack.cpp
@@ -1124,8 +1124,12 @@ FrameIter::matchCallee(JSContext *cx, HandleFunction fun) const
     // expect both functions to have the same JSScript. If so, and if they are
     // different, then they cannot be equal.
     bool useSameScript = CloneFunctionObjectUseSameScript(fun->compartment(), currentCallee);
-    if (useSameScript && currentCallee->nonLazyScript() != fun->nonLazyScript())
+    if (useSameScript &&
+        (currentCallee->hasScript() != fun->hasScript() ||
+         currentCallee->nonLazyScript() != fun->nonLazyScript()))
+    {
         return false;
+    }
 
     // If none of the previous filters worked, then take the risk of
     // invalidating the frame to identify the JSFunction.