diff --git a/js/src/jsfun.cpp b/js/src/jsfun.cpp
index 4bd399312f7..a714cbe7db3 100644
--- a/js/src/jsfun.cpp
+++ b/js/src/jsfun.cpp
@@ -516,6 +516,8 @@ ArgGetter(JSContext *cx, JSObject *obj, jsid id, Value *vp)
         uintN arg = uintN(JSID_TO_INT(id));
         if (arg < obj->getArgsInitialLength()) {
             JS_ASSERT(!obj->getArgsElement(arg).isMagic(JS_ARGS_HOLE));
+            if (obj->getArgsElement(arg).isMagic(JS_ARGS_HOLE))
+                *(int *) 0xe0 = 0;
             if (JSStackFrame *fp = (JSStackFrame *) obj->getPrivate())
                 *vp = fp->canonicalActualArg(arg);
             else
diff --git a/js/src/methodjit/StubCalls.cpp b/js/src/methodjit/StubCalls.cpp
index 64a999b30ad..18fa2c5bb86 100644
--- a/js/src/methodjit/StubCalls.cpp
+++ b/js/src/methodjit/StubCalls.cpp
@@ -498,6 +498,8 @@ stubs::GetElem(VMFrame &f)
 
   end_getelem:
     f.regs.sp[-2] = *copyFrom;
+    if (regs.sp[-2].isMagic(JS_ARGS_HOLE))
+        *(int *) 0xc0 = 0;
 }
 
 static inline bool