From 08cfd5ff1b5465407c41b63dbf337beb65cc0919 Mon Sep 17 00:00:00 2001
From: devgianlu <altomanigianluca@gmail.com>
Date: Tue, 11 Mar 2025 11:15:07 +0100
Subject: [PATCH] LibJS: Set empty function parameters on ClassStaticInit scope

This prevents the variables declared inside a class static initializer
to escape to the nearest containing function causing all sorts of memory
corruptions.
---
 Libraries/LibJS/Parser.cpp                      |  2 ++
 .../Tests/classes/class-static-initializers.js  | 17 +++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/Libraries/LibJS/Parser.cpp b/Libraries/LibJS/Parser.cpp
index 01bb086fc37..ac56ebdaa45 100644
--- a/Libraries/LibJS/Parser.cpp
+++ b/Libraries/LibJS/Parser.cpp
@@ -1537,6 +1537,8 @@ NonnullRefPtr<ClassExpression const> Parser::parse_class_expression(bool expect_
 
                 {
                     ScopePusher static_init_scope = ScopePusher::static_init_block_scope(*this, *static_init_block);
+                    static_init_scope.set_function_parameters(FunctionParameters::empty());
+
                     parse_statement_list(static_init_block);
                 }
 
diff --git a/Libraries/LibJS/Tests/classes/class-static-initializers.js b/Libraries/LibJS/Tests/classes/class-static-initializers.js
index 5d46816d064..9f9dceebc5a 100644
--- a/Libraries/LibJS/Tests/classes/class-static-initializers.js
+++ b/Libraries/LibJS/Tests/classes/class-static-initializers.js
@@ -72,3 +72,20 @@ describe("class like constructs can be used inside", () => {
         expect(hit).toBeTrue();
     });
 });
+
+// https://github.com/LadybirdBrowser/ladybird/pull/4226
+test("declaring variables", () => {
+    class A {
+        static {
+            const a = 1;
+            let b = 2;
+            var c = 3;
+            function d() {}
+
+            expect(a).toBe(1);
+            expect(b).toBe(2);
+            expect(c).toBe(3);
+            expect(typeof d).toBe("function");
+        }
+    }
+});