]> granicus.if.org Git - php/commitdiff
projects / php / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 629c1ec)
Fixed segfault with empty break
authorXinchen Hui <laruence@php.net>
Sat, 19 Jul 2014 07:30:50 +0000 (15:30 +0800)
committerXinchen Hui <laruence@php.net>
Sat, 19 Jul 2014 07:30:50 +0000 (15:30 +0800)
Zend/tests/try_finally_011.phpt [new file with mode: 0644] patch | blob
Zend/zend_opcode.c patch | blob | history

diff --git a/Zend/tests/try_finally_011.phpt b/Zend/tests/try_finally_011.phpt
new file mode 100644 (file)
index 0000000..7aa3f35
--- /dev/null
+++ b/Zend/tests/try_finally_011.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Try finally (segfault with empty break)
+--FILE--
+<?php
+function foo () {
+       try {
+               break;
+       } finally {
+       }
+}
+
+foo();
+?>
+--EXPECTF--
+Fatal error: Cannot break/continue 1 level in %stry_finally_011.php on line %d
diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c
index 80ec632f50e9df66100edd422c76259664b5fcee..b3fb11f00f63e4085e1c5e19033093aa91dfc78e 100644 (file)
--- a/Zend/zend_opcode.c
+++ b/Zend/zend_opcode.c
@@ -643,15 +643,16 @@ static void zend_resolve_finally_calls(zend_op_array *op_array TSRMLS_DC)
                                zend_brk_cont_element *jmp_to;
 
                                nest_levels = Z_LVAL(op_array->literals[opline->op2.constant].constant);
-                               array_offset = opline->op1.opline_num;
-                               do {
-                                       jmp_to = &op_array->brk_cont_array[array_offset];
-                                       if (nest_levels > 1) {
-                                               array_offset = jmp_to->parent;
-                                       }
-                               } while (--nest_levels > 0);
-                               zend_resolve_finally_call(op_array, i, opline->opcode == ZEND_BRK ? jmp_to->brk : jmp_to->cont TSRMLS_CC);
-                               break;
+                               if ((array_offset = opline->op1.opline_num) != -1) {
+                                       do {
+                                               jmp_to = &op_array->brk_cont_array[array_offset];
+                                               if (nest_levels > 1) {
+                                                       array_offset = jmp_to->parent;
+                                               }
+                                       } while (--nest_levels > 0);
+                                       zend_resolve_finally_call(op_array, i, opline->opcode == ZEND_BRK ? jmp_to->brk : jmp_to->cont TSRMLS_CC);
+                                       break;
+                               }
                        }
                        case ZEND_GOTO:
                                if (Z_TYPE(op_array->literals[opline->op2.constant].constant) != IS_LONG) {
Unnamed repository; edit this file 'description' to name the repository.