Fix null dereference in BindPidRefsInScope

Fixes #6239

Author: boingoing

lib/Parser/Parse.cpp

@@ -1979,10 +1979,10 @@ void Parser::BindPidRefsInScope(IdentPtr pid, Symbol *sym, int blockId, uint max
             Assert(funcExprScope->GetScopeType() == ScopeType_FuncExpr);
 
             ParseNodeBlock* bodyScope = m_currentNodeFunc->pnodeBodyScope;
-            Assert(bodyScope->blockType == PnodeBlockType::Function);
 
-            if (ref->GetScopeId() < bodyScope->blockId && ref->GetScopeId() > blockId)
+            if (bodyScope && ref->GetScopeId() < bodyScope->blockId && ref->GetScopeId() > blockId)
             {
+                Assert(bodyScope->blockType == PnodeBlockType::Function);
                 funcExprScope->SetIsObject();
             }
         }

test/Bugs/bug_6239.js

@@ -0,0 +1,24 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+// force:deferparse
+
+(function v2(a = function v2(){ +v2; }) {
+    a();
+    console.log('pass');
+})();
+
+(function v2(a = function v3(){ function v4(b = (function v4() {v4; console.log('pass');})()){}; v4(); }) {
+    a();
+    console.log('pass');
+})();
+
+(function a() {
+    a = function a(a=function(a){}){}
+    function a(){
+        var a = "a";
+    }
+    console.log('pass');
+})();

test/Bugs/rlexe.xml

@@ -612,4 +612,10 @@
       <compile-flags>-maxinterpretcount:1 -maxsimplejitruncount:2 -args summary -endargs</compile-flags>
     </default>
   </test>
+  <test>
+    <default>
+      <files>bug_6239.js</files>
+      <compile-flags>-force:deferparse</compile-flags>
+    </default>
+  </test>
 </regress-exe>