src: fix async hooks crashing when there is no node context

PR-URL: https://github.com/nodejs/node/pull/19134
Fixes: https://github.com/nodejs/node/issues/19104
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>

4 files changed, 34 insertions, 1 deletions

diff --git a/src/env-inl.h b/src/env-inl.h
index fccd45070c..a294066bb5 100644
--- a/src/env-inl.h
+++ b/src/env-inl.h
@@ -282,6 +282,9 @@ inline void Environment::AssignToContext(v8::Local<v8::Context> context,
                                          const ContextInfo& info) {
   context->SetAlignedPointerInEmbedderData(
       ContextEmbedderIndex::kEnvironment, this);
+  // Used by EnvPromiseHook to know that we are on a node context.
+  context->SetAlignedPointerInEmbedderData(
+    ContextEmbedderIndex::kContextTag, Environment::kNodeContextTagPtr);
 #if HAVE_INSPECTOR
   inspector_agent()->ContextCreated(context, info);
 #endif  // HAVE_INSPECTOR
diff --git a/src/env.cc b/src/env.cc
index 5a6e765681..8362ce85c7 100644
--- a/src/env.cc
+++ b/src/env.cc
@@ -4,6 +4,7 @@
 #include "node_buffer.h"
 #include "node_platform.h"
 #include "node_file.h"
+#include "node_context_data.h"
 #include "node_worker.h"
 #include "tracing/agent.h"
 
@@ -30,6 +31,10 @@ using v8::TryCatch;
 using v8::Value;
 using worker::Worker;
 
+int const Environment::kNodeContextTag = 0x6e6f64;
+void* Environment::kNodeContextTagPtr = const_cast<void*>(
+    static_cast<const void*>(&Environment::kNodeContextTag));
+
 IsolateData::IsolateData(Isolate* isolate,
                          uv_loop_t* event_loop,
                          MultiIsolatePlatform* platform,
@@ -439,7 +444,20 @@ bool Environment::RemovePromiseHook(promise_hook_func fn, void* arg) {
 void Environment::EnvPromiseHook(v8::PromiseHookType type,
                                  v8::Local<v8::Promise> promise,
                                  v8::Local<v8::Value> parent) {
-  Environment* env = Environment::GetCurrent(promise->CreationContext());
+  Local<v8::Context> context = promise->CreationContext();
+
+  // Grow the embedder data if necessary to make sure we are not out of bounds
+  // when reading the magic number.
+  context->SetAlignedPointerInEmbedderData(
+      ContextEmbedderIndex::kContextTagBoundary, nullptr);
+  int* magicNumberPtr = reinterpret_cast<int*>(
+      context->GetAlignedPointerFromEmbedderData(
+          ContextEmbedderIndex::kContextTag));
+  if (magicNumberPtr != Environment::kNodeContextTagPtr) {
+    return;
+  }
+
+  Environment* env = Environment::GetCurrent(context);
   for (const PromiseHookCallback& hook : env->promise_hooks_) {
     hook.cb_(type, promise, parent, hook.arg_);
   }
diff --git a/src/env.h b/src/env.h
index 120048fe00..acbdd01328 100644
--- a/src/env.h
+++ b/src/env.h
@@ -905,6 +905,8 @@ class Environment {
   uint64_t thread_id_ = 0;
   std::unordered_set<worker::Worker*> sub_worker_contexts_;
 
+  static void* kNodeContextTagPtr;
+  static int const kNodeContextTag;
 
 #if HAVE_INSPECTOR
   std::unique_ptr<inspector::Agent> inspector_agent_;
diff --git a/src/node_context_data.h b/src/node_context_data.h
index 522ce292d2..3892b31354 100644
--- a/src/node_context_data.h
+++ b/src/node_context_data.h
@@ -19,10 +19,20 @@ namespace node {
 #define NODE_CONTEXT_ALLOW_WASM_CODE_GENERATION_INDEX 34
 #endif
 
+#ifndef NODE_CONTEXT_TAG
+#define NODE_CONTEXT_TAG 35
+#endif
+
+#ifndef NODE_CONTEXT_TAG_BOUNDARY
+#define NODE_CONTEXT_TAG_BOUNDARY 36
+#endif
+
 enum ContextEmbedderIndex {
   kEnvironment = NODE_CONTEXT_EMBEDDER_DATA_INDEX,
   kSandboxObject = NODE_CONTEXT_SANDBOX_OBJECT_INDEX,
   kAllowWasmCodeGeneration = NODE_CONTEXT_ALLOW_WASM_CODE_GENERATION_INDEX,
+  kContextTag = NODE_CONTEXT_TAG,
+  kContextTagBoundary = NODE_CONTEXT_TAG_BOUNDARY,
 };
 
 }  // namespace node