diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2013-04-16 23:17:50 +0200 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2013-04-16 23:17:50 +0200 |
commit | 0801a1889076f1fe930bfac78097859bb83441d6 (patch) | |
tree | 453d7ba48343b49ce2dc2438e104a2a3360b31e2 | |
parent | 49dcab933bd99fcdd64c77e6e8df9ead0632b7e8 (diff) | |
download | node-0801a1889076f1fe930bfac78097859bb83441d6.tar.gz |
handle_wrap: fix NULL pointer dereference
Fix a NULL pointer dereference in src/handle_wrap.cc which is really a
use-after-close bug.
The test checks that unref() after close() works on process.stdout but
this bug affects everything that derives from HandleWrap. I discovered
it because child processes would sometimes quit for no reason (that is,
no reason until I turned on core dumps.)
This is a back-port of commit ccd3722 from the v0.10 branch.
-rw-r--r-- | src/handle_wrap.cc | 12 | ||||
-rw-r--r-- | test/simple/test-stdout-close-unref.js | 23 |
2 files changed, 31 insertions, 4 deletions
diff --git a/src/handle_wrap.cc b/src/handle_wrap.cc index ead7da1f7..c2331b736 100644 --- a/src/handle_wrap.cc +++ b/src/handle_wrap.cc @@ -55,8 +55,10 @@ Handle<Value> HandleWrap::Ref(const Arguments& args) { UNWRAP(HandleWrap) - uv_ref(wrap->handle__); - wrap->unref_ = false; + if (wrap != NULL && wrap->handle__ != NULL) { + uv_ref(wrap->handle__); + wrap->unref_ = false; + } return v8::Undefined(); } @@ -67,8 +69,10 @@ Handle<Value> HandleWrap::Unref(const Arguments& args) { UNWRAP(HandleWrap) - uv_unref(wrap->handle__); - wrap->unref_ = true; + if (wrap != NULL && wrap->handle__ != NULL) { + uv_unref(wrap->handle__); + wrap->unref_ = true; + } return v8::Undefined(); } diff --git a/test/simple/test-stdout-close-unref.js b/test/simple/test-stdout-close-unref.js new file mode 100644 index 000000000..533a00593 --- /dev/null +++ b/test/simple/test-stdout-close-unref.js @@ -0,0 +1,23 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +process.stdout._handle.close(); +process.stdout._handle.unref(); // Should not segfault. |