Browse Source

tls_wrap: fix use after free

Do not free TLSCallbacks from StreamWrap. TLSCallbacks is bound to a V8
object and should be collected by V8's GC.
v0.11.14-release
Fedor Indutny 10 years ago
parent
commit
7343c77cdb
  1. 3
      src/stream_wrap.cc
  2. 8
      src/stream_wrap.h
  3. 2
      src/tls_wrap.cc

3
src/stream_wrap.cc

@ -63,7 +63,8 @@ StreamWrap::StreamWrap(Environment* env,
: HandleWrap(env, object, reinterpret_cast<uv_handle_t*>(stream), provider),
stream_(stream),
default_callbacks_(this),
callbacks_(&default_callbacks_) {
callbacks_(&default_callbacks_),
callbacks_gc_(false) {
}

8
src/stream_wrap.h

@ -105,9 +105,10 @@ class StreamWrapCallbacks {
class StreamWrap : public HandleWrap {
public:
void OverrideCallbacks(StreamWrapCallbacks* callbacks) {
void OverrideCallbacks(StreamWrapCallbacks* callbacks, bool gc) {
StreamWrapCallbacks* old = callbacks_;
callbacks_ = callbacks;
callbacks_gc_ = gc;
if (old != &default_callbacks_)
delete old;
}
@ -160,10 +161,10 @@ class StreamWrap : public HandleWrap {
AsyncWrap::ProviderType provider);
~StreamWrap() {
if (callbacks_ != &default_callbacks_) {
if (!callbacks_gc_ && callbacks_ != &default_callbacks_) {
delete callbacks_;
callbacks_ = NULL;
}
callbacks_ = NULL;
}
void StateChange() { }
@ -191,6 +192,7 @@ class StreamWrap : public HandleWrap {
uv_stream_t* const stream_;
StreamWrapCallbacks default_callbacks_;
StreamWrapCallbacks* callbacks_; // Overridable callbacks
bool callbacks_gc_;
friend class StreamWrapCallbacks;
};

2
src/tls_wrap.cc

@ -225,7 +225,7 @@ void TLSCallbacks::Wrap(const FunctionCallbackInfo<Value>& args) {
TLSCallbacks* callbacks = NULL;
WITH_GENERIC_STREAM(env, stream, {
callbacks = new TLSCallbacks(env, kind, sc, wrap->callbacks());
wrap->OverrideCallbacks(callbacks);
wrap->OverrideCallbacks(callbacks, true);
});
if (callbacks == NULL) {

Loading…
Cancel
Save