From b162c9117e266b7ee6a162e516b9a7b71b5739d5 Mon Sep 17 00:00:00 2001
From: Luke Wilde <lukew@serenityos.org>
Date: Sun, 25 Jun 2023 20:52:06 +0100
Subject: [PATCH] LibJS/Bytecode: Set accumulator to undefined at start of
 catch blocks

Otherwise we leak the error value through to the result.
---
 Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp b/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
index ac24932537..12eed837ec 100644
--- a/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
+++ b/Userland/Libraries/LibJS/Bytecode/ASTCodegen.cpp
@@ -2086,6 +2086,11 @@ Bytecode::CodeGenerationErrorOr<void> TryStatement::generate_bytecode(Bytecode::
                 return {};
             }));
 
+        // Set accumulator to undefined, otherwise we leak the error object through the accumulator.
+        // For example: `try { BigInt.call() } catch {}` would result in the error object. Note that
+        // the exception _is_ caught here, it just leaks the error object through to the result.
+        generator.emit<Bytecode::Op::LoadImmediate>(js_undefined());
+
         TRY(m_handler->body().generate_bytecode(generator));
         handler_target = Bytecode::Label { handler_block };
         generator.end_variable_scope();