Fixed segfault with empty break

laruence · laruence · commit 9ce1a36af229 · 2014-07-19T15:30:50.000+08:00
diff --git a/Zend/tests/try_finally_011.phpt b/Zend/tests/try_finally_011.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Try finally (segfault with empty break)
+--FILE--
+<?php
+function foo () {
+	try {
+		break;
+	} finally {
+	}
+}
+
+foo();
+?>
+--EXPECTF--
+Fatal error: Cannot break/continue 1 level in %stry_finally_011.php on line %d
diff --git a/Zend/zend_opcode.c b/Zend/zend_opcode.c
@@ -643,15 +643,16 @@ static void zend_resolve_finally_calls(zend_op_array *op_array TSRMLS_DC)
 				zend_brk_cont_element *jmp_to;
 
 				nest_levels = Z_LVAL(op_array->literals[opline->op2.constant].constant);
-				array_offset = opline->op1.opline_num;
-				do {
-					jmp_to = &op_array->brk_cont_array[array_offset];
-					if (nest_levels > 1) {
-						array_offset = jmp_to->parent;
-					}
-				} while (--nest_levels > 0);
-				zend_resolve_finally_call(op_array, i, opline->opcode == ZEND_BRK ? jmp_to->brk : jmp_to->cont TSRMLS_CC);
-				break;
+				if ((array_offset = opline->op1.opline_num) != -1) {
+					do {
+						jmp_to = &op_array->brk_cont_array[array_offset];
+						if (nest_levels > 1) {
+							array_offset = jmp_to->parent;
+						}
+					} while (--nest_levels > 0);
+					zend_resolve_finally_call(op_array, i, opline->opcode == ZEND_BRK ? jmp_to->brk : jmp_to->cont TSRMLS_CC);
+					break;
+				}
 			}
 			case ZEND_GOTO:
 				if (Z_TYPE(op_array->literals[opline->op2.constant].constant) != IS_LONG) {
