From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Wed, 29 Jun 2022 05:36:38 +0000 (-0700)
Subject: Catching in runtime invalid JUMP offsets at FINALLY instruction.
X-Git-Tag: 0.7.6~11
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=6886970b7925c521dc7e835b1a3f2585b7190748;p=njs.git

Catching in runtime invalid JUMP offsets at FINALLY instruction.
---

diff --git a/src/njs_vmcode.c b/src/njs_vmcode.c
index 0f851ea5..84b8b923 100644
--- a/src/njs_vmcode.c
+++ b/src/njs_vmcode.c
@@ -2122,6 +2122,7 @@ njs_vmcode_finally(njs_vm_t *vm, njs_value_t *invld, njs_value_t *retval,
     u_char *pc)
 {
     njs_value_t           *exception_value, *exit_value;
+    njs_jump_off_t        offset;
     njs_vmcode_finally_t  *finally;
 
     exception_value = njs_scope_value(vm, (njs_index_t) retval);
@@ -2148,9 +2149,19 @@ njs_vmcode_finally(njs_vm_t *vm, njs_value_t *invld, njs_value_t *retval,
         return njs_vmcode_return(vm, NULL, exit_value);
 
     } else if (njs_number(exit_value) != 0) {
-        return (njs_jump_off_t) (njs_number(exit_value) > 0)
-                                ? finally->break_offset
-                                : finally->continue_offset;
+        offset = (njs_number(exit_value) > 0) ? finally->break_offset
+                                              : finally->continue_offset;
+
+        if (njs_slow_path(offset
+                          < (njs_jump_off_t) sizeof(njs_vmcode_finally_t)))
+        {
+            njs_internal_error(vm, "unset %s offset for FINALLY block",
+                               (njs_number(exit_value) > 0) ? "exit"
+                                                            : "continuaion");
+            return NJS_ERROR;
+        }
+
+        return offset;
     }
 
     return sizeof(njs_vmcode_finally_t);