1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

n-api: fix use-after-free with napi_remove_async_cleanup_hook

Browse Source 
Fixes: https://github.com/nodejs/node/issues/34657
Refs: https://github.com/nodejs/node/pull/34572

PR-URL: https://github.com/nodejs/node/pull/34662
Reviewed-By: Gabriel Schulhof <gabriel.schulhof@intel.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit is contained in:
Anna Henningsen 2020-08-07 12:48:45 +02:00 committed by James M Snell
parent 09c5942bfd
commit 262d0d0482
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/node_api.cc
View File

@ -533,6 +533,7 @@ napi_status napi_add_async_cleanup_hook(
auto handle = node::AddEnvironmentCleanupHook(env->isolate, fun, arg);
if (remove_handle != nullptr) {
*remove_handle = new napi_async_cleanup_hook_handle__ { std::move(handle) };
env->Ref();
}
return napi_clear_last_error(env);
@ -547,6 +548,11 @@ napi_status napi_remove_async_cleanup_hook(
node::RemoveEnvironmentCleanupHook(std::move(remove_handle->handle));
delete remove_handle;
// Release the `env` handle asynchronously since it would be surprising if
// a call to a N-API function would destroy `env` synchronously.
static_cast<node_napi_env>(env)->node_env()
->SetImmediate([env](node::Environment*) { env->Unref(); });
return napi_clear_last_error(env);
}