From 88901182b830525ccb471351f39b6cdf5e5d9ab6 Mon Sep 17 00:00:00 2001
From: Luke Wilde <lukew@serenityos.org>
Date: Sun, 27 Mar 2022 18:46:25 +0100
Subject: [PATCH] LibJS: Generate update Jump in for/in/of only if block is not
 terminated

The body of for/in/of can contain an unconditional block terminator
(e.g. return, throw), so we have to check for that before generating
the Jump to the loop update block.
---
 Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp b/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
index 49001ab8de..93a1b58b4d 100644
--- a/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
+++ b/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
@@ -1999,7 +1999,11 @@ static Bytecode::CodeGenerationErrorOr<void> for_in_of_body_evaluation(Bytecode:
     //         3. If iteratorKind is async, return ? AsyncIteratorClose(iteratorRecord, status).
     //         4. Return ? IteratorClose(iteratorRecord, status).
     // o. If result.[[Value]] is not empty, set V to result.[[Value]].
-    generator.emit<Bytecode::Op::Jump>().set_targets(Bytecode::Label { loop_update }, {});
+
+    // The body can contain an unconditional block terminator (e.g. return, throw), so we have to check for that before generating the Jump.
+    if (!generator.is_current_block_terminated())
+        generator.emit<Bytecode::Op::Jump>().set_targets(Bytecode::Label { loop_update }, {});
+
     generator.switch_to_basic_block(loop_end);
     return {};
 }