diff options
| author | Santiago Gimeno <santiago.gimeno@gmail.com> | 2022-07-09 15:00:37 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-09 15:00:37 +0300 |
| commit | 92d26e703940a8ea687a9ebfe9184109af4e72be (patch) | |
| tree | 7a6d3e14d7c44b2d8b42df2e62efa41745474317 /src/node_file-inl.h | |
| parent | e3bf5e620bd465df4085df074d40127af3f4b4d8 (diff) | |
src: fix crash on FSReqPromise destructor
We are deciding whether to end `fs` promises by checking
`can_call_into_js()` whereas in the `FSReqPromise` destructor we're
using the `is_stopping()` check. Though this may look as semantically
correct it has issues because though both values are modified before
termination on `Environment::ExitEnv()` and both are atomic they are not
syncronized together so it may happen that when reaching the destructor
`call_into_js` may be set to `false` whereas `is_stopping` remains
`false` causing the crash. Fix this by checking with
`can_call_into_js()` also in the destructor.
Fixes: https://github.com/nodejs/node/issues/43499
PR-URL: https://github.com/nodejs/node/pull/43533
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src/node_file-inl.h')
| -rw-r--r-- | src/node_file-inl.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/node_file-inl.h b/src/node_file-inl.h index 28d4d9ab8c8..351f3df809d 100644 --- a/src/node_file-inl.h +++ b/src/node_file-inl.h @@ -159,7 +159,7 @@ FSReqPromise<AliasedBufferT>::~FSReqPromise() { // Validate that the promise was explicitly resolved or rejected but only if // the Isolate is not terminating because in this case the promise might have // not finished. - if (!env()->is_stopping()) CHECK(finished_); + CHECK_IMPLIES(!finished_, !env()->can_call_into_js()); } template <typename AliasedBufferT> |