diff options
| author | Trevor Norris <trev.norris@gmail.com> | 2016-04-13 13:16:42 -0600 |
|---|---|---|
| committer | Trevor Norris <trev.norris@gmail.com> | 2016-05-24 14:40:22 -0600 |
| commit | c0e6c668e6e6f0ba6a924a5b83ff1ca5434d14ad (patch) | |
| tree | 2f24e1329abb6b5432273246b4754ec44e7b3e8a /src/js_stream.cc | |
| parent | 13e5d4f32014e3426142580a699d0ffdf02db26a (diff) | |
| download | node-new-c0e6c668e6e6f0ba6a924a5b83ff1ca5434d14ad.tar.gz | |
src: no abort from getter if object isn't wrapped
v8::Object::GetAlignedPointerFromInternalField() returns a random value
if Wrap() hasn't been run on the object handle. Causing v8 to abort if
certain getters are accessed. It's possible to access these getters and
functions during class construction through the AsyncWrap init()
callback, and also possible in a subset of those scenarios while running
the persistent handle visitor.
Mitigate this issue by manually setting the internal aligned pointer
field to nullptr in the BaseObject constructor and add necessary logic
to return appropriate values when nullptr is encountered.
PR-URL: https://github.com/nodejs/node/pull/6184
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'src/js_stream.cc')
| -rw-r--r-- | src/js_stream.cc | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/src/js_stream.cc b/src/js_stream.cc index 6ebdb5a356..e51c4ae9b3 100644 --- a/src/js_stream.cc +++ b/src/js_stream.cc @@ -135,7 +135,8 @@ static void FreeCallback(char* data, void* hint) { void JSStream::DoAlloc(const FunctionCallbackInfo<Value>& args) { - JSStream* wrap = Unwrap<JSStream>(args.Holder()); + JSStream* wrap; + ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); uv_buf_t buf; wrap->OnAlloc(args[0]->Int32Value(), &buf); @@ -150,7 +151,8 @@ void JSStream::DoAlloc(const FunctionCallbackInfo<Value>& args) { void JSStream::DoRead(const FunctionCallbackInfo<Value>& args) { - JSStream* wrap = Unwrap<JSStream>(args.Holder()); + JSStream* wrap; + ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); CHECK(Buffer::HasInstance(args[1])); uv_buf_t buf = uv_buf_init(Buffer::Data(args[1]), Buffer::Length(args[1])); @@ -159,8 +161,11 @@ void JSStream::DoRead(const FunctionCallbackInfo<Value>& args) { void JSStream::DoAfterWrite(const FunctionCallbackInfo<Value>& args) { - JSStream* wrap = Unwrap<JSStream>(args.Holder()); - WriteWrap* w = Unwrap<WriteWrap>(args[0].As<Object>()); + JSStream* wrap; + CHECK(args[0]->IsObject()); + WriteWrap* w; + ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); + ASSIGN_OR_RETURN_UNWRAP(&w, args[0].As<Object>()); wrap->OnAfterWrite(w); } @@ -168,14 +173,17 @@ void JSStream::DoAfterWrite(const FunctionCallbackInfo<Value>& args) { template <class Wrap> void JSStream::Finish(const FunctionCallbackInfo<Value>& args) { - Wrap* w = Unwrap<Wrap>(args[0].As<Object>()); + Wrap* w; + CHECK(args[0]->IsObject()); + ASSIGN_OR_RETURN_UNWRAP(&w, args[0].As<Object>()); w->Done(args[1]->Int32Value()); } void JSStream::ReadBuffer(const FunctionCallbackInfo<Value>& args) { - JSStream* wrap = Unwrap<JSStream>(args.Holder()); + JSStream* wrap; + ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); CHECK(Buffer::HasInstance(args[0])); char* data = Buffer::Data(args[0]); @@ -197,7 +205,8 @@ void JSStream::ReadBuffer(const FunctionCallbackInfo<Value>& args) { void JSStream::EmitEOF(const FunctionCallbackInfo<Value>& args) { - JSStream* wrap = Unwrap<JSStream>(args.Holder()); + JSStream* wrap; + ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); wrap->OnRead(UV_EOF, nullptr); } |