From 3939bba723fbbbb98d0c1bfc76f37c5bf146c280 Mon Sep 17 00:00:00 2001 From: Michael Dawson Date: Fri, 30 Apr 2021 17:51:11 -0400 Subject: [PATCH] node-api: fix shutdown crashes Refs: https://github.com/nodejs/node-addon-api/issues/906 Ensure that finalization is not defered during shutdown. The env for the addon is deleted immediately after iterating the list of finalizers to be run. Defering causes crashes as the finalization uses the already deleted env. Signed-off-by: Michael Dawson PR-URL: https://github.com/nodejs/node/pull/38492 Reviewed-By: Anna Henningsen Reviewed-By: Chengzhong Wu Reviewed-By: Gabriel Schulhof --- src/js_native_api_v8.h | 31 +++++++++++++++++++++++++++++++ src/node_api.cc | 9 +++++++-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/src/js_native_api_v8.h b/src/js_native_api_v8.h index 06b8049ec46db0..95f390b58287e8 100644 --- a/src/js_native_api_v8.h +++ b/src/js_native_api_v8.h @@ -122,6 +122,37 @@ struct napi_env__ { void* instance_data = nullptr; }; +// This class is used to keep a napi_env live in a way that +// is exception safe versus calling Ref/Unref directly +class EnvRefHolder { + public: + explicit EnvRefHolder(napi_env env) : _env(env) { + _env->Ref(); + } + + explicit EnvRefHolder(const EnvRefHolder& other): _env(other.env()) { + _env->Ref(); + } + + EnvRefHolder(EnvRefHolder&& other) { + _env = other._env; + other._env = nullptr; + } + + ~EnvRefHolder() { + if (_env != nullptr) { + _env->Unref(); + } + } + + napi_env env(void) const { + return _env; + } + + private: + napi_env _env; +}; + static inline napi_status napi_clear_last_error(napi_env env) { env->last_error.error_code = napi_ok; diff --git a/src/node_api.cc b/src/node_api.cc index 211386ba6d502d..a153e5dfcd204d 100644 --- a/src/node_api.cc +++ b/src/node_api.cc @@ -35,8 +35,13 @@ struct node_napi_env__ : public napi_env__ { } void CallFinalizer(napi_finalize cb, void* data, void* hint) override { - napi_env env = static_cast(this); - node_env()->SetImmediate([=](node::Environment* node_env) { + // we need to keep the env live until the finalizer has been run + // EnvRefHolder provides an exception safe wrapper to Ref and then + // Unref once the lamba is freed + EnvRefHolder liveEnv(static_cast(this)); + node_env()->SetImmediate([=, liveEnv = std::move(liveEnv)] + (node::Environment* node_env) { + napi_env env = liveEnv.env(); v8::HandleScope handle_scope(env->isolate); v8::Context::Scope context_scope(env->context()); env->CallIntoModule([&](napi_env env) {