Catching in runtime invalid JUMP offsets at FINALLY instruction.

diff --git a/src/njs_vmcode.c b/src/njs_vmcode.c
index 0f851ea53e7fcd8f95ef3c32729778c3636f2d4d..84b8b92315afce09960aaee1230c34e70a811b86 100644 (file)
--- a/src/njs_vmcode.c
+++ b/src/njs_vmcode.c
@@ -2122,6 +2122,7 @@ njs_vmcode_finally(njs_vm_t *vm, njs_value_t *invld, njs_value_t *retval,
     u_char *pc)
 {
     njs_value_t           *exception_value, *exit_value;
+    njs_jump_off_t        offset;
     njs_vmcode_finally_t  *finally;
 
     exception_value = njs_scope_value(vm, (njs_index_t) retval);
@@ -2148,9 +2149,19 @@ njs_vmcode_finally(njs_vm_t *vm, njs_value_t *invld, njs_value_t *retval,
         return njs_vmcode_return(vm, NULL, exit_value);
 
     } else if (njs_number(exit_value) != 0) {
-        return (njs_jump_off_t) (njs_number(exit_value) > 0)
-                                ? finally->break_offset
-                                : finally->continue_offset;
+        offset = (njs_number(exit_value) > 0) ? finally->break_offset
+                                              : finally->continue_offset;
+
+        if (njs_slow_path(offset
+                          < (njs_jump_off_t) sizeof(njs_vmcode_finally_t)))
+        {
+            njs_internal_error(vm, "unset %s offset for FINALLY block",
+                               (njs_number(exit_value) > 0) ? "exit"
+                                                            : "continuaion");
+            return NJS_ERROR;
+        }
+
+        return offset;
     }
 
     return sizeof(njs_vmcode_finally_t);