diff --git a/js/src/jstracer.cpp b/js/src/jstracer.cpp
index 5f95196418f..d7b8e3588e5 100644
--- a/js/src/jstracer.cpp
+++ b/js/src/jstracer.cpp
@@ -2879,7 +2879,9 @@ TraceRecorder::snapshot(ExitType exitType)
     /* Capture the type map into a temporary location. */
     unsigned ngslots = treeInfo->globalSlots->length();
     unsigned typemap_size = (stackSlots + ngslots) * sizeof(JSTraceType);
-    JSTraceType* typemap = (JSTraceType*)alloca(typemap_size);
+    void *mark = JS_ARENA_MARK(&cx->tempPool);
+    JSTraceType* typemap;
+    JS_ARENA_ALLOCATE_CAST(typemap, JSTraceType*, &cx->tempPool, typemap_size);
 
     /*
      * Determine the type of a store by looking at the current type of the
@@ -2927,6 +2929,7 @@ TraceRecorder::snapshot(ExitType exitType)
                 ngslots == e->numGlobalSlots &&
                 !memcmp(getFullTypeMap(exits[n]), typemap, typemap_size)) {
                 AUDIT(mergedLoopExits);
+                JS_ARENA_RELEASE(&cx->tempPool, mark);
                 return e;
             }
         }
@@ -2943,6 +2946,7 @@ TraceRecorder::snapshot(ExitType exitType)
          */
         stackSlots = 0;
         ngslots = 0;
+        typemap_size = 0;
         trashSelf = true;
     }
 
@@ -2968,6 +2972,8 @@ TraceRecorder::snapshot(ExitType exitType)
     exit->nativeCalleeWord = 0;
     exit->lookupFlags = js_InferFlags(cx, 0);
     memcpy(getFullTypeMap(exit), typemap, typemap_size);
+
+    JS_ARENA_RELEASE(&cx->tempPool, mark);
     return exit;
 }