shithub: libmujs

Download patch

ref: 5008105780c0b0182ea6eda83ad5598f225be3ee
parent: a5c747f1d40e8d6659a37a8d25f13fb5acf8e767
author: Tor Andersson <tor.andersson@artifex.com>
date: Wed Oct 26 10:31:53 EDT 2016

Fix 697172: degenerate labeled break/continue statement.

A labeled break statement will look for a matching label through
its chain of parent statements. We start looking at the break statement
though, so if the label is attached to the break, we'll return the break
statement itself as a break target.

Start looking for targets one level up instead.

--- a/jscompile.c
+++ b/jscompile.c
@@ -1102,11 +1102,11 @@
 
 	case STM_BREAK:
 		if (stm->a) {
-			target = breaktarget(J, F, stm, stm->a->string);
+			target = breaktarget(J, F, stm->parent, stm->a->string);
 			if (!target)
 				jsC_error(J, stm, "break label '%s' not found", stm->a->string);
 		} else {
-			target = breaktarget(J, F, stm, NULL);
+			target = breaktarget(J, F, stm->parent, NULL);
 			if (!target)
 				jsC_error(J, stm, "unlabelled break must be inside loop or switch");
 		}
@@ -1116,11 +1116,11 @@
 
 	case STM_CONTINUE:
 		if (stm->a) {
-			target = continuetarget(J, F, stm, stm->a->string);
+			target = continuetarget(J, F, stm->parent, stm->a->string);
 			if (!target)
 				jsC_error(J, stm, "continue label '%s' not found", stm->a->string);
 		} else {
-			target = continuetarget(J, F, stm, NULL);
+			target = continuetarget(J, F, stm->parent, NULL);
 			if (!target)
 				jsC_error(J, stm, "continue must be inside loop");
 		}
@@ -1133,7 +1133,7 @@
 			cexp(J, F, stm->a);
 		else
 			emit(J, F, OP_UNDEF);
-		target = returntarget(J, F, stm);
+		target = returntarget(J, F, stm->parent);
 		if (!target)
 			jsC_error(J, stm, "return not in function");
 		cexit(J, F, STM_RETURN, stm, target);