diff options
| author | Damien George <damien.p.george@gmail.com> | 2019-01-02 17:48:43 +1100 |
|---|---|---|
| committer | Damien George <damien.p.george@gmail.com> | 2019-03-05 16:05:05 +1100 |
| commit | e1fb03f3e2d1e99d0f745e9e17a963a036d34476 (patch) | |
| tree | 77b1ebd3235580367f73c60862a48881d36dc1b2 /py/emitbc.c | |
| parent | b5f33ac2cb6076468a77f36d69df6db16b62134a (diff) | |
py: Fix VM crash with unwinding jump out of a finally block.
This patch fixes a bug in the VM when breaking within a try-finally. The
bug has to do with executing a break within the finally block of a
try-finally statement. For example:
def f():
for x in (1,):
print('a', x)
try:
raise Exception
finally:
print(1)
break
print('b', x)
f()
Currently in uPy the above code will print:
a 1
1
1
segmentation fault (core dumped) micropython
Not only is there a seg fault, but the "1" in the finally block is printed
twice. This is because when the VM executes a finally block it doesn't
really know if that block was executed due to a fall-through of the try (no
exception raised), or because an exception is active. In particular, for
nested finallys the VM has no idea which of the nested ones have active
exceptions and which are just fall-throughs. So when a break (or continue)
is executed it tries to unwind all of the finallys, when in fact only some
may be active.
It's questionable whether break (or return or continue) should be allowed
within a finally block, because they implicitly swallow any active
exception, but nevertheless it's allowed by CPython (although almost never
used in the standard library). And uPy should at least not crash in such a
case.
The solution here relies on the fact that exception and finally handlers
always appear in the bytecode after the try body.
Note: there was a similar bug with a return in a finally block, but that
was previously fixed in b735208403a54774f9fd3d966f7c1a194c41870f
Diffstat (limited to 'py/emitbc.c')
| -rw-r--r-- | py/emitbc.c | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/py/emitbc.c b/py/emitbc.c index 6a46cfb59..65d650905 100644 --- a/py/emitbc.c +++ b/py/emitbc.c @@ -738,7 +738,6 @@ void mp_emit_bc_setup_block(emit_t *emit, mp_uint_t label, int kind) { } void mp_emit_bc_with_cleanup(emit_t *emit, mp_uint_t label) { - mp_emit_bc_pop_block(emit); mp_emit_bc_load_const_tok(emit, MP_TOKEN_KW_NONE); mp_emit_bc_label_assign(emit, label); emit_bc_pre(emit, 2); // ensure we have enough stack space to call the __exit__ method |