[njs] Catching in runtime invalid JUMP offsets at FINALLY instruction.

[Dmitry Volyntsev]

details:   https://hg.nginx.org/njs/rev/116b09a57817
branches:  
changeset: 1901:116b09a57817
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Tue Jun 28 22:36:38 2022 -0700
description:
Catching in runtime invalid JUMP offsets at FINALLY instruction.

diffstat:

 src/njs_vmcode.c |  17 ++++++++++++++---
 1 files changed, 14 insertions(+), 3 deletions(-)

diffs (34 lines):

diff -r 0cdbc3d35a2a -r 116b09a57817 src/njs_vmcode.c
--- a/src/njs_vmcode.c	Tue Jun 28 22:36:37 2022 -0700
+++ b/src/njs_vmcode.c	Tue Jun 28 22:36:38 2022 -0700
@@ -2122,6 +2122,7 @@ njs_vmcode_finally(njs_vm_t *vm, njs_val
     u_char *pc)
 {
     njs_value_t           *exception_value, *exit_value;
+    njs_jump_off_t        offset;
     njs_vmcode_finally_t  *finally;
 
     exception_value = njs_scope_value(vm, (njs_index_t) retval);
@@ -2148,9 +2149,19 @@ njs_vmcode_finally(njs_vm_t *vm, njs_val
         return njs_vmcode_return(vm, NULL, exit_value);
 
     } else if (njs_number(exit_value) != 0) {
-        return (njs_jump_off_t) (njs_number(exit_value) > 0)
-                                ? finally->break_offset
-                                : finally->continue_offset;
+        offset = (njs_number(exit_value) > 0) ? finally->break_offset
+                                              : finally->continue_offset;
+
+        if (njs_slow_path(offset
+                          < (njs_jump_off_t) sizeof(njs_vmcode_finally_t)))
+        {
+            njs_internal_error(vm, "unset %s offset for FINALLY block",
+                               (njs_number(exit_value) > 0) ? "exit"
+                                                            : "continuaion");
+            return NJS_ERROR;
+        }
+
+        return offset;
     }
 
     return sizeof(njs_vmcode_finally_t);