details: https://hg.nginx.org/njs/rev/116b09a57817
branches:
changeset: 1901:116b09a57817
user: Dmitry Volyntsev <xei...@nginx.com>
date: Tue Jun 28 22:36:38 2022 -0700
description:
Catching in runtime invalid JUMP offsets at FINALLY instruction.
diffstat:
src/njs_vmcode.c | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
diffs (34 lines):
diff -r 0cdbc3d35a2a -r 116b09a57817 src/njs_vmcode.c
--- a/src/njs_vmcode.c Tue Jun 28 22:36:37 2022 -0700
+++ b/src/njs_vmcode.c Tue Jun 28 22:36:38 2022 -0700
@@ -2122,6 +2122,7 @@ njs_vmcode_finally(njs_vm_t *vm, njs_val
u_char *pc)
{
njs_value_t *exception_value, *exit_value;
+ njs_jump_off_t offset;
njs_vmcode_finally_t *finally;
exception_value = njs_scope_value(vm, (njs_index_t) retval);
@@ -2148,9 +2149,19 @@ njs_vmcode_finally(njs_vm_t *vm, njs_val
return njs_vmcode_return(vm, NULL, exit_value);
} else if (njs_number(exit_value) != 0) {
- return (njs_jump_off_t) (njs_number(exit_value) > 0)
- ? finally->break_offset
- : finally->continue_offset;
+ offset = (njs_number(exit_value) > 0) ? finally->break_offset
+ : finally->continue_offset;
+
+ if (njs_slow_path(offset
+ < (njs_jump_off_t) sizeof(njs_vmcode_finally_t)))
+ {
+ njs_internal_error(vm, "unset %s offset for FINALLY block",
+ (njs_number(exit_value) > 0) ? "exit"
+ : "continuaion");
+ return NJS_ERROR;
+ }
+
+ return offset;
}
return sizeof(njs_vmcode_finally_t);
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org
