WhereMatchExpression::shallowClone allocates a new javascript scope object and re-parses the javascript from the original WhereMatchExpression. Because the parsing involves entering the javascript engine, it may throw an exception to indicate that the operation has been interrupted. When this happens, the new match expression is leaked.

It is not sufficient to delete the new expression and propagate the exception, because if the where expression object is a subexpression (say of an "or" expression), the bubbling exception will cause the parent to be leaked. That is to say, shallowClone on match expressions is not exception safe.