-
Notifications
You must be signed in to change notification settings - Fork 461
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
src: call
napi_remove_wrap()
in ObjectWrap
dtor
Currently, when the `ObjectWrap` constructor runs, it calls `napi_wrap()`, adding a finalize callback to the freshly created JS object. However, if the `ObjectWrap` instance is prematurely deleted, for example because a subclass constructor throws – which seems like a reasonable scenario – that finalize callback was not removed, possibly leading to a use-after-free crash. This commit adds a call `napi_remove_wrap()` from the `ObjectWrap` destructor, and a test for that scenario. This also changes the code to use the correct pointer type in `FinalizeCallback`, which may not match the incorretct one in cases of multiple inheritance. Fixes: node-ffi-napi/weak-napi#16 Co-authored-by: Gabriel Schulhof <[email protected]>
- Loading branch information
Showing
7 changed files
with
84 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
#include <napi.h> | ||
#include <assert.h> | ||
|
||
#ifdef NAPI_CPP_EXCEPTIONS | ||
namespace { | ||
|
||
static int dtor_called = 0; | ||
|
||
class DtorCounter { | ||
public: | ||
~DtorCounter() { | ||
assert(dtor_called == 0); | ||
dtor_called++; | ||
} | ||
}; | ||
|
||
Napi::Value GetDtorCalled(const Napi::CallbackInfo& info) { | ||
return Napi::Number::New(info.Env(), dtor_called); | ||
} | ||
|
||
class Test : public Napi::ObjectWrap<Test> { | ||
public: | ||
Test(const Napi::CallbackInfo& info) : Napi::ObjectWrap<Test>(info) { | ||
throw Napi::Error::New(Env(), "Some error"); | ||
} | ||
|
||
static void Initialize(Napi::Env env, Napi::Object exports) { | ||
exports.Set("Test", DefineClass(env, "Test", {})); | ||
exports.Set("getDtorCalled", Napi::Function::New(env, GetDtorCalled)); | ||
} | ||
|
||
private: | ||
DtorCounter dtor_ounter_; | ||
}; | ||
|
||
} // anonymous namespace | ||
#endif // NAPI_CPP_EXCEPTIONS | ||
|
||
Napi::Object InitObjectWrapRemoveWrap(Napi::Env env) { | ||
Napi::Object exports = Napi::Object::New(env); | ||
#ifdef NAPI_CPP_EXCEPTIONS | ||
Test::Initialize(env, exports); | ||
#endif | ||
return exports; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
'use strict'; | ||
const buildType = process.config.target_defaults.default_configuration; | ||
const assert = require('assert'); | ||
|
||
const test = (binding) => { | ||
const Test = binding.objectwrap_removewrap.Test; | ||
const getDtorCalled = binding.objectwrap_removewrap.getDtorCalled; | ||
|
||
assert.strictEqual(getDtorCalled(), 0); | ||
assert.throws(() => { | ||
new Test(); | ||
}); | ||
assert.strictEqual(getDtorCalled(), 1); | ||
global.gc(); // Does not crash. | ||
} | ||
|
||
test(require(`./build/${buildType}/binding.node`)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters