File: test_reference_double_free.c

package info (click to toggle)
nodejs 22.14.0%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: experimental
  • size: 246,928 kB
  • sloc: cpp: 1,582,349; javascript: 582,017; ansic: 82,400; python: 60,561; sh: 4,009; makefile: 2,263; asm: 1,732; pascal: 1,565; perl: 248; lisp: 222; xml: 42
file content (90 lines) | stat: -rw-r--r-- 2,953 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
#include <js_native_api.h>
#include <stdlib.h>
#include "../common.h"
#include "../entry_point.h"

static size_t g_call_count = 0;

static void Destructor(napi_env env, void* data, void* nothing) {
  napi_ref* ref = data;
  NODE_API_CALL_RETURN_VOID(env, napi_delete_reference(env, *ref));
  free(ref);
}

static void NoDeleteDestructor(napi_env env, void* data, void* hint) {
  napi_ref* ref = data;
  size_t* call_count = hint;

  // This destructor must be called exactly once.
  if ((*call_count) > 0) abort();
  *call_count = ((*call_count) + 1);
  free(ref);
}

static napi_value New(napi_env env, napi_callback_info info) {
  size_t argc = 1;
  napi_value js_this, js_delete;
  bool delete;
  napi_ref* ref = malloc(sizeof(*ref));

  NODE_API_CALL(env,
      napi_get_cb_info(env, info, &argc, &js_delete, &js_this, NULL));
  NODE_API_CALL(env, napi_get_value_bool(env, js_delete, &delete));

  if (delete) {
    NODE_API_CALL(env,
        napi_wrap(env, js_this, ref, Destructor, NULL, ref));
  } else {
    NODE_API_CALL(env,
        napi_wrap(env, js_this, ref, NoDeleteDestructor, &g_call_count, ref));
  }
  NODE_API_CALL(env, napi_reference_ref(env, *ref, NULL));

  return js_this;
}

static void NoopDeleter(napi_env env, void* data, void* hint) {}

// Tests that calling napi_remove_wrap and napi_delete_reference consecutively
// doesn't crash the process.
// This is analogous to the test https://github.com/nodejs/node-addon-api/blob/main/test/objectwrap_constructor_exception.cc.
// In which the Napi::ObjectWrap<> is being destructed immediately after napi_wrap.
// As Napi::ObjectWrap<> is a subclass of Napi::Reference<>, napi_remove_wrap
// in the destructor of Napi::ObjectWrap<> is called before napi_delete_reference
// in the destructor of Napi::Reference<>.
static napi_value DeleteImmediately(napi_env env, napi_callback_info info) {
  size_t argc = 1;
  napi_value js_obj;
  napi_ref ref;
  napi_valuetype type;

  NODE_API_CALL(env, napi_get_cb_info(env, info, &argc, &js_obj, NULL, NULL));

  NODE_API_CALL(env, napi_typeof(env, js_obj, &type));
  NODE_API_ASSERT(env, type == napi_object, "Expected object parameter");

  NODE_API_CALL(env, napi_wrap(env, js_obj, NULL, NoopDeleter, NULL, &ref));
  NODE_API_CALL(env, napi_remove_wrap(env, js_obj, NULL));
  NODE_API_CALL(env, napi_delete_reference(env, ref));

  return NULL;
}

EXTERN_C_START
napi_value Init(napi_env env, napi_value exports) {
  napi_value myobj_ctor;
  NODE_API_CALL(env,
      napi_define_class(
          env, "MyObject", NAPI_AUTO_LENGTH, New, NULL, 0, NULL, &myobj_ctor));
  NODE_API_CALL(env,
      napi_set_named_property(env, exports, "MyObject", myobj_ctor));

  napi_property_descriptor descriptors[] = {
    DECLARE_NODE_API_PROPERTY("deleteImmediately", DeleteImmediately),
  };
  NODE_API_CALL(env, napi_define_properties(
      env, exports, sizeof(descriptors) / sizeof(*descriptors), descriptors));

  return exports;
}
EXTERN_C_END