summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NEWS1
-rw-r--r--Zend/zend_opcode.c15
2 files changed, 11 insertions, 5 deletions
diff --git a/NEWS b/NEWS
index 861a948d92..d9dcac91a5 100644
--- a/NEWS
+++ b/NEWS
@@ -3,6 +3,7 @@ PHP NEWS
?? ??? 2013, PHP 5.5.8
- Core:
+ . Disallowed JMP into a finally block. (Laruence)
. Added validation of class names in the autoload process. (Dmitry)
. Fixed invalid C code in zend_strtod.c. (Lior Kaplan)
. Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c
index 41b4bd2571..c47168757d 100644
--- a/Zend/zend_opcode.c
+++ b/Zend/zend_opcode.c
@@ -489,17 +489,22 @@ static void zend_check_finally_breakout(zend_op_array *op_array, zend_uint op_nu
zend_uint i;
for (i = 0; i < op_array->last_try_catch; i++) {
- if (op_array->try_catch_array[i].try_op > op_num) {
- break;
- }
- if ((op_num >= op_array->try_catch_array[i].finally_op
+ if ((op_num < op_array->try_catch_array[i].finally_op ||
+ op_num >= op_array->try_catch_array[i].finally_end)
+ && (dst_num >= op_array->try_catch_array[i].finally_op &&
+ dst_num <= op_array->try_catch_array[i].finally_end)) {
+ CG(in_compilation) = 1;
+ CG(active_op_array) = op_array;
+ CG(zend_lineno) = op_array->opcodes[op_num].lineno;
+ zend_error(E_COMPILE_ERROR, "jump into a finally block is disallowed");
+ } else if ((op_num >= op_array->try_catch_array[i].finally_op
&& op_num <= op_array->try_catch_array[i].finally_end)
&& (dst_num > op_array->try_catch_array[i].finally_end
|| dst_num < op_array->try_catch_array[i].finally_op)) {
CG(in_compilation) = 1;
CG(active_op_array) = op_array;
CG(zend_lineno) = op_array->opcodes[op_num].lineno;
- zend_error(E_COMPILE_ERROR, "jump out of a finally block is disallowed");
+ zend_error_noreturn(E_COMPILE_ERROR, "jump out of a finally block is disallowed");
}
}
}