2 files changed, 3 insertions, 3 deletions

diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITArithmetic.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITArithmetic.cpp
index feee8d2..edd7d2b 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITArithmetic.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITArithmetic.cpp
@@ -56,8 +56,7 @@ void JIT::emit_op_negate(Instruction* currentInstruction)
 
     Jump srcNotInt = branch32(NotEqual, regT1, Imm32(JSValue::Int32Tag));
     addSlowCase(branch32(Equal, regT0, Imm32(0)));
-
-    neg32(regT0);
+    addSlowCase(branchNeg32(Overflow, regT0));
     emitStoreInt32(dst, regT0, (dst == src));
 
     Jump end = jump();
@@ -78,6 +77,7 @@ void JIT::emitSlow_op_negate(Instruction* currentInstruction, Vector<SlowCaseEnt
     unsigned dst = currentInstruction[1].u.operand;
 
     linkSlowCase(iter); // 0 check
+    linkSlowCase(iter); // overflow check
     linkSlowCase(iter); // double check
 
     JITStubCall stubCall(this, cti_op_negate);
diff --git a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp
index 91b9401..022689b 100644
--- a/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp
+++ b/src/3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp
@@ -608,7 +608,7 @@ SYMBOL_STRING(ctiOpThrowNotCaught) ":" "\n"
     "ldr r5, [sp, #0x28]" "\n"
     "ldr r4, [sp, #0x24]" "\n"
     "ldr lr, [sp, #0x20]" "\n"
-    "add sp, sp, #0x3c" "\n"
+    "add sp, sp, #0x40" "\n"
     "bx lr" "\n"
 );