-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
node_api: add napi_fatal_exception #19337
Conversation
a5ede72
to
7829f9c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Does this supersede #19336?
@cjihrig ya builds on that one |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I’m not sure – the “tests and/or benchmarks are included” checkbox shouldn’t be checked, should it?
doc/api/n-api.md
Outdated
@@ -541,6 +541,19 @@ This API returns true if an exception is pending. | |||
|
|||
This API can be called even if there is a pending JavaScript exception. | |||
|
|||
#### napi_fatal_exception | |||
<!-- YAML | |||
added: TBA |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
REPLACEME
is the magic word that gets picked up by the release tooling, please change to that :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice! i was offline and trying hard to remember what it was
src/node_api.h
Outdated
@@ -112,6 +112,8 @@ NAPI_EXTERN napi_status | |||
napi_get_last_error_info(napi_env env, | |||
const napi_extended_error_info** result); | |||
|
|||
NAPI_EXTERN void napi_fatal_exception(napi_env env); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I would prefer it if you could pass in the exception here, like the existing Node APIs do – you should be able to get a currently pending exception with napi_get_and_clear_last_exception
.
Actually passing the exception along to Node’s fatal exception handling seems orthogonal to that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
orthogonal? i'm ok with added a napi_value that is used as the exception yes
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mh, sorry – orthogonal ~= independent … basically, I’d suggest that we provide users with the smallest pieces that make sense to be exposed in the API, rather than exposing a function that actually does two operations masquerading as one (getting the last exception + passing it to the fatal exception handler)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For consistency, the subsystem should be n-api
.
7829f9c
to
a575495
Compare
@richardlau fixed |
@addaleax fixed all your comments! :D |
src/node_api.cc
Outdated
v8::Local<v8::Message> local_msg = v8::Exception::CreateMessage( \ | ||
env->isolate, (local_err)); \ | ||
node::FatalException((env)->isolate, (local_err), local_msg); \ | ||
} while (0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One final nit: We generally prefer inline
functions to preprocessor macros :)
@addaleax using an inline fn instead of macro now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This will partially help with this one as well nodejs/node-addon-api#233 |
There were failures in CI, I think they were unrelated so new CI here: https://ci.nodejs.org/job/node-test-pull-request/13736/ |
CI was good, this is ready to land. One thing I've realized is that we need to update the N-API version number, but should likely be a separate PR as it will need to be backported if any of the PRs (not that this will happen, but for example another PR with a new API could be backported and this one not be backported and the N-API version would still need to be updated) that N-API are backported to a particular version. Will update the NAPI version as a follow up PR. At a conference so can't land right now but will try to do it later unless somebody beats me to it. |
Add function to trigger and uncaught exception. Useful if an async callback throws an exception with no way to recover. PR-URL: #19337 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Notable changes: * cluster: - Add support for `NODE_OPTIONS="--inspect"` (Sameer Srivastava) #19165 * crypto: - Expose the public key of a certificate (Hannes Magnusson) #17690 * n-api: - Add `napi_fatal_exception` to trigger an `uncaughtException` in JavaScript (Mathias Buus) #19337 * path: - Fix regression in `posix.normalize` (Michaël Zasso) #19520 * stream: - Improve stream creation performance (Brian White) #19401 * Added new collaborators - [BethGriggs](https://github.com/BethGriggs) Beth Griggs
This is a security release. All Node.js users should consult the security release summary at: https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * CVE-2018-7158 * CVE-2018-7159 * CVE-2018-7160 Notable changes: * Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that are known to impact Node.js. * **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**: A malicious website could use a DNS rebinding attack to trick a web browser to bypass same-origin-policy checks and allow HTTP connections to localhost or to hosts on the local network, potentially to an open inspector port as a debugger, therefore gaining full code execution access. The inspector now only allows connections that have a browser `Host` value of `localhost` or `localhost6`. * **Fix for `'path'` module regular expression denial of service (CVE-2018-7158)**: A regular expression used for parsing POSIX an Windows paths could be used to cause a denial of service if an attacker were able to have a specially crafted path string passed through one of the impacted `'path'` module functions. * **Reject spaces in HTTP `Content-Length` header values (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside `Content-Length` header values. Such values now lead to rejected connections in the same way as non-numeric values. * **Update root certificates**: 5 additional root certificates have been added to the Node.js binary and 30 have been removed. * cluster: - Add support for `NODE_OPTIONS="--inspect"` (Sameer Srivastava) #19165 * crypto: - Expose the public key of a certificate (Hannes Magnusson) #17690 * n-api: - Add `napi_fatal_exception` to trigger an `uncaughtException` in JavaScript (Mathias Buus) #19337 * path: - Fix regression in `posix.normalize` (Michaël Zasso) #19520 * stream: - Improve stream creation performance (Brian White) #19401 * Added new collaborators - [BethGriggs](https://github.com/BethGriggs) Beth Griggs PR-URL: https://github.com/nodejs-private/node-private/pull/111
Add function to trigger and uncaught exception. Useful if an async callback throws an exception with no way to recover. PR-URL: nodejs#19337 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Add function to trigger and uncaught exception. Useful if an async callback throws an exception with no way to recover. PR-URL: nodejs#19337 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Add function to trigger and uncaught exception. Useful if an async callback throws an exception with no way to recover. Backport-PR-URL: #19447 PR-URL: #19337 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Add function to trigger and uncaught exception. Useful if an async callback throws an exception with no way to recover. Backport-PR-URL: #19265 PR-URL: #19337 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Any news on the backporting? We were using |
Which version are you looking for a backport? I believe it should be there for latest version of current LTS versions except for 8.x which is waiting on the next 8.x release. |
It's missing in 8.11.1: https://travis-ci.org/parro-it/libui-napi/jobs/376848346
Thank you, great news! |
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAdds
void napi_fatal_exception(napi_env env)
which triggers annode::FatalException
.Currently there is no way of doing this when using async callbacks, which makes error handling quite tricky