From 991f4060adf1800ef50eaaf8bd84ef42e7587f08 Mon Sep 17 00:00:00 2001 From: Gabriel Schulhof Date: Mon, 4 Jun 2018 19:20:54 -0400 Subject: n-api: back up env before async work finalize We must back up the value of `_env` before calling the async work complete callback, because the complete callback may delete the instance in which `_env` is stored by calling `napi_delete_async_work`, and because we need to use it after the complete callback has completed. Fixes: https://github.com/nodejs/node/issues/20966 PR-URL: https://github.com/nodejs/node/pull/21129 Reviewed-By: Anatoli Papirovski Reviewed-By: Refael Ackermann Reviewed-By: Michael Dawson --- src/node_api.cc | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'src/node_api.cc') diff --git a/src/node_api.cc b/src/node_api.cc index a83244131f..fdd12afc22 100644 --- a/src/node_api.cc +++ b/src/node_api.cc @@ -3393,13 +3393,19 @@ class Work : public node::AsyncResource, public node::ThreadPoolWork { CallbackScope callback_scope(this); - NAPI_CALL_INTO_MODULE(_env, + // We have to back up the env here because the `NAPI_CALL_INTO_MODULE` macro + // makes use of it after the call into the module completes, but the module + // may have deallocated **this**, and along with it the place where _env is + // stored. + napi_env env = _env; + + NAPI_CALL_INTO_MODULE(env, _complete(_env, ConvertUVErrorCode(status), _data), - [this] (v8::Local local_err) { + [env] (v8::Local local_err) { // If there was an unhandled exception in the complete callback, // report it as a fatal exception. (There is no JavaScript on the // callstack that can possibly handle it.) - v8impl::trigger_fatal_exception(_env, local_err); + v8impl::trigger_fatal_exception(env, local_err); }); // Note: Don't access `work` after this point because it was -- cgit v1.2.3