Skip to content

Commit

Permalink
src: fix potential segmentation fault in SQLite
Browse files Browse the repository at this point in the history
The Local<Value> returned from ColumnToValue() and ColumnNameToValue()
may be empty (if a JavaScript exception is pending), in which case a
segmentation fault may occur at the call sites, which do not check if
the Local<Value> is empty. Fix this bug returning early if an exception
is pending (as indicated by the Local being empty).

In the long term, these functions should return MaybeLocal instead of
Local, but this patch is supposed to be a minimal bug fix only.
  • Loading branch information
tniessen committed Jul 14, 2024
1 parent 38b7ce3 commit b776bbd
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/node_sqlite.cc
Original file line number Diff line number Diff line change
Expand Up @@ -441,7 +441,9 @@ void StatementSync::All(const FunctionCallbackInfo<Value>& args) {

for (int i = 0; i < num_cols; ++i) {
Local<Value> key = stmt->ColumnNameToValue(i);
if (key.IsEmpty()) return;
Local<Value> val = stmt->ColumnToValue(i);
if (val.IsEmpty()) return;

if (row->Set(env->context(), key, val).IsNothing()) {
return;
Expand Down Expand Up @@ -483,7 +485,9 @@ void StatementSync::Get(const FunctionCallbackInfo<Value>& args) {

for (int i = 0; i < num_cols; ++i) {
Local<Value> key = stmt->ColumnNameToValue(i);
if (key.IsEmpty()) return;
Local<Value> val = stmt->ColumnToValue(i);
if (val.IsEmpty()) return;

if (result->Set(env->context(), key, val).IsNothing()) {
return;
Expand Down

0 comments on commit b776bbd

Please sign in to comment.