From 088c0cefd0f8b5482cc227955cc3057d47ec24b6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Thu, 30 May 2024 05:02:01 +0200
Subject: Merging upstream version 126.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 js/src/jit/TrampolineNatives.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'js/src/jit/TrampolineNatives.cpp')

diff --git a/js/src/jit/TrampolineNatives.cpp b/js/src/jit/TrampolineNatives.cpp
index 0bde6d9985..e22023f8dd 100644
--- a/js/src/jit/TrampolineNatives.cpp
+++ b/js/src/jit/TrampolineNatives.cpp
@@ -86,6 +86,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) {
       -int32_t(FrameSize) + ArraySortData::offsetOfComparatorReturnValue();
   constexpr int32_t DescriptorOffset =
       -int32_t(FrameSize) + ArraySortData::offsetOfDescriptor();
+  constexpr int32_t ComparatorThisOffset =
+      -int32_t(FrameSize) + ArraySortData::offsetOfComparatorThis();
 
 #ifdef JS_USE_LINK_REGISTER
   masm.pushReturnAddress();
@@ -146,6 +148,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) {
   Label callDone, jitCallFast, jitCallSlow;
   masm.bind(&jitCallFast);
   {
+    masm.storeValue(UndefinedValue(),
+                    Address(FramePointer, ComparatorThisOffset));
     masm.storePtr(ImmWord(jitCallDescriptor),
                   Address(FramePointer, DescriptorOffset));
     masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0);
@@ -155,6 +159,8 @@ uint32_t JitRuntime::generateArraySortTrampoline(MacroAssembler& masm) {
   }
   masm.bind(&jitCallSlow);
   {
+    masm.storeValue(UndefinedValue(),
+                    Address(FramePointer, ComparatorThisOffset));
     masm.storePtr(ImmWord(jitCallDescriptor),
                   Address(FramePointer, DescriptorOffset));
     masm.loadPtr(Address(FramePointer, ComparatorOffset), temp0);
-- 
cgit v1.2.3