diff options
author | Joyee Cheung <joyeec9h3@gmail.com> | 2019-04-15 10:09:21 +0800 |
---|---|---|
committer | Joyee Cheung <joyeec9h3@gmail.com> | 2019-04-17 18:00:42 +0800 |
commit | cdba9f23ec301f834ac686df7e6adcc3ecf59db6 (patch) | |
tree | c118080bea41e985a4072e1803da19f1d51dc0e7 /doc | |
parent | 83d1ca7de95b884bcf188ed399056358e1d9d063 (diff) | |
download | android-node-v8-cdba9f23ec301f834ac686df7e6adcc3ecf59db6.tar.gz android-node-v8-cdba9f23ec301f834ac686df7e6adcc3ecf59db6.tar.bz2 android-node-v8-cdba9f23ec301f834ac686df7e6adcc3ecf59db6.zip |
src: handle fatal error when Environment is not assigned to context
Previously when an uncaught JS error is thrown before Environment was
assigned to the context (e.g. a SyntaxError in a per-context script),
it triggered an infinite recursion:
1. The error message listener `node::OnMessage()` triggered
`node::FatalException()`
2. `node::FatalException()` attempted to get the Environment
assigned to the context entered using `Environment::GetCurrent()`
3. `Environment::GetCurrent()` previously incorrectly accepted
out-of-bound access with the length of the embedder data array
as index, and called `context->GetAlignedPointerFromEmbedderData()`
4. The out-of-bound access in `GetAlignedPointerFromEmbedderData()`
triggered a fatal error, which was handled by `node::FatalError()`
5. `node::FatalError()` called `Environment::GetCurrent()`, then
we went back to 3.
This patch fixes the incorrect guard in 3. When
`Environment::GetCurrent()` returns nullptr (when Environment is not
yet assigned to the context) in 2, it now prints the JS stack trace
and crashes directly.
PR-URL: https://github.com/nodejs/node/pull/27236
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions