mirror of
https://github.com/LadybirdBrowser/ladybird
synced 2026-04-26 01:35:08 +02:00
e5d4c5cce8
GetCalleeAndThisFromEnvironment treated a binding as initialized when its value slot was not <empty>. Declarative bindings do not encode TDZ in that slot, though: uninitialized bindings keep a separate initialized flag and their value starts as undefined. That let the first slow-path TDZ failure populate the environment cache, then a second call at the same site reused the cached coordinate and turned the required ReferenceError into a TypeError from calling undefined. Check Binding.initialized in the asm fast path instead and cover the cached second-hit case with a regression test.