From 9ce1a36af2295a75e4244eac3085f82d0c25105d Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Sat, 19 Jul 2014 15:30:50 +0800 Subject: [PATCH] Fixed segfault with empty break --- Zend/tests/try_finally_011.phpt | 15 +++++++++++++++ Zend/zend_opcode.c | 19 ++++++++++--------- 2 files changed, 25 insertions(+), 9 deletions(-) create mode 100644 Zend/tests/try_finally_011.phpt diff --git a/Zend/tests/try_finally_011.phpt b/Zend/tests/try_finally_011.phpt new file mode 100644 index 0000000000..7aa3f35fee --- /dev/null +++ b/Zend/tests/try_finally_011.phpt @@ -0,0 +1,15 @@ +--TEST-- +Try finally (segfault with empty break) +--FILE-- + +--EXPECTF-- +Fatal error: Cannot break/continue 1 level in %stry_finally_011.php on line %d diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c index 80ec632f50..b3fb11f00f 100644 --- a/Zend/zend_opcode.c +++ b/Zend/zend_opcode.c @@ -643,15 +643,16 @@ static void zend_resolve_finally_calls(zend_op_array *op_array TSRMLS_DC) zend_brk_cont_element *jmp_to; nest_levels = Z_LVAL(op_array->literals[opline->op2.constant].constant); - array_offset = opline->op1.opline_num; - do { - jmp_to = &op_array->brk_cont_array[array_offset]; - if (nest_levels > 1) { - array_offset = jmp_to->parent; - } - } while (--nest_levels > 0); - zend_resolve_finally_call(op_array, i, opline->opcode == ZEND_BRK ? jmp_to->brk : jmp_to->cont TSRMLS_CC); - break; + if ((array_offset = opline->op1.opline_num) != -1) { + do { + jmp_to = &op_array->brk_cont_array[array_offset]; + if (nest_levels > 1) { + array_offset = jmp_to->parent; + } + } while (--nest_levels > 0); + zend_resolve_finally_call(op_array, i, opline->opcode == ZEND_BRK ? jmp_to->brk : jmp_to->cont TSRMLS_CC); + break; + } } case ZEND_GOTO: if (Z_TYPE(op_array->literals[opline->op2.constant].constant) != IS_LONG) { -- 2.50.1