From e6ae684afe340fc7bd41fd72d704f219d486ad7d Mon Sep 17 00:00:00 2001
From: Eric Faust <efaustbmo@gmail.com>
Date: Wed, 19 Aug 2015 11:19:47 -0700
Subject: [PATCH] Bug 1180054 - Fix bogus assert. (r=jandem)

---
 js/src/jit-test/tests/basic/bug1180054.js | 6 ++++++
 js/src/jit/JitFrames.cpp                  | 4 +++-
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 js/src/jit-test/tests/basic/bug1180054.js

diff --git a/js/src/jit-test/tests/basic/bug1180054.js b/js/src/jit-test/tests/basic/bug1180054.js
new file mode 100644
index 00000000000..ae23ad3d60e
--- /dev/null
+++ b/js/src/jit-test/tests/basic/bug1180054.js
@@ -0,0 +1,6 @@
+function entryFrame_1(d) {
+    assertJitStackInvariants();
+}
+for (i = 0Xa; i < 40; i++) {
+    new entryFrame_1();
+}
diff --git a/js/src/jit/JitFrames.cpp b/js/src/jit/JitFrames.cpp
index c26e5110b3c..f8b6d158b02 100644
--- a/js/src/jit/JitFrames.cpp
+++ b/js/src/jit/JitFrames.cpp
@@ -3292,7 +3292,9 @@ AssertJitStackInvariants(JSContext* cx)
 #if defined(JS_CODEGEN_X86)
                     + sizeof(void*) /* frame pointer */
 #endif
-                    + sizeof(Value) * (frames.callee()->nargs() + 1 /* |this| argument */ )
+                    + sizeof(Value) * (frames.callee()->nargs() +
+                                       1 /* |this| argument */ +
+                                       frames.isConstructing() /* new.target */)
                     + sizeof(JitFrameLayout);
                 MOZ_RELEASE_ASSERT(frameSize >= expectedFrameSize,
                   "The frame is large enough to hold all arguments");