Bug 64176

Simply visiting bankrate.com (nearly always) causes a webkit crash in various JSC paths. Suspect r90598, r90601, r90602. Two different stack traces follow (from visiting bankrate.com): Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000100861715 JSC::JSCell::put(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::PutPropertySlot&) + 53 1 com.apple.JavaScriptCore 0x0000000100853bec cti_op_put_by_id + 108 2 ??? 0x00002e9b7dd754a1 0 + 51245366072481 3 com.apple.JavaScriptCore 0x0000000100810b41 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) + 1201 4 ??? 0x000000011bd7ca50 0 + 4762094160 5 ??? 0x00000001051e24f0 0 + 4380828912 6 com.apple.JavaScriptCore 0x0000000100873db0 JSC::JSFunction::~JSFunction() + 0 7 ??? 0x4810c083480015f8 0 + 5192862040439395832 Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 ??? 0x0000494c5f8a6fbc 0 + 80592369250236 1 com.apple.JavaScriptCore 0x0000000100810b41 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) + 1201 2 ??? 0x0000000119cc3550 0 + 4727780688 3 ??? 0x0000000117ee4e30 0 + 4696460848 4 com.apple.JavaScriptCore 0x0000000100873db0 JSC::JSFunction::~JSFunction() + 0 5 ??? 0x4810c083480015f8 0 + 5192862040439395832