Fix use after free issue

Fixes #443 This is a different approach on #442. Thank you @orgads for doing the legwork on tracking down the issue.
laverdet · Jan 19, 2024 · f6cc843 · f6cc843
1 parent 478815b
commit f6cc843
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 3 deletions.
diff --git a/src/external_copy/string.cc b/src/external_copy/string.cc
@@ -20,7 +20,10 @@ class ExternalString final : public v8::String::ExternalStringResource {
 		ExternalString(const ExternalString&) = delete;
 
 		~ExternalString() final {
-			IsolateEnvironment::GetCurrent().AdjustExtraAllocatedMemory(-static_cast<int>(this->value->size()));
+			auto* environment = Executor::GetCurrentEnvironment();
+			if (environment != nullptr) {
+				environment->AdjustExtraAllocatedMemory(-static_cast<int>(this->value->size()));
+			}
 		}
 
 		auto operator= (const ExternalString&) = delete;
@@ -46,7 +49,10 @@ class ExternalStringOneByte final : public v8::String::ExternalOneByteStringReso
 		ExternalStringOneByte(const ExternalStringOneByte&) = delete;
 
 		~ExternalStringOneByte() final {
-			IsolateEnvironment::GetCurrent().AdjustExtraAllocatedMemory(-static_cast<int>(this->value->size()));
+			auto* environment = Executor::GetCurrentEnvironment();
+			if (environment != nullptr) {
+				environment->AdjustExtraAllocatedMemory(-static_cast<int>(this->value->size()));
+			}
 		}
 
 		auto operator= (const ExternalStringOneByte&) = delete;

diff --git a/src/isolate/executor.cc b/src/isolate/executor.cc
@@ -17,6 +17,13 @@ Executor::Executor(IsolateEnvironment& env) :
 	default_executor{*(current_executor == nullptr ? (current_executor = this) : &current_executor->default_executor)},
 	default_thread{&default_executor == this ? std::this_thread::get_id() : default_executor.default_thread} {}
 
+Executor::~Executor() {
+	if (this == &default_executor) {
+		assert(current_executor == &default_executor);
+		current_executor = nullptr;
+	}
+}
+
 auto Executor::MayRunInlineTasks(IsolateEnvironment& env) -> bool {
 	if (current_executor == &env.executor) {
 		if (env.nodejs_isolate) {

diff --git a/src/isolate/executor.h b/src/isolate/executor.h
@@ -21,7 +21,7 @@ class Executor { // "En taro adun"
 	public:
 		explicit Executor(IsolateEnvironment& env);
 		Executor(const Executor&) = delete;
-		~Executor() = default;
+		~Executor();
 		auto operator= (const Executor&) = delete;
 
 		static auto GetCurrentEnvironment() -> IsolateEnvironment*;