Currently when doing a tail call we overwrite only the number of arguments present in the call frame. However, we could have performed an arity fixup and must use the CodeBlock's number of parameters instead if it is higher.
Created attachment 257840 [details] Patch
Comment on attachment 257840 [details] Patch r=me
Landed in r187618
This is missing the LLInt corresponding changes.
*** Bug 147491 has been marked as a duplicate of this bug. ***
Created attachment 257950 [details] Patch
Created attachment 257953 [details] Patch
Comment on attachment 257953 [details] Patch r=me
Committed r187676 <http://trac.webkit.org/changeset/187676>