From 120ac7435255a158117feb03be654717a3fb431c Mon Sep 17 00:00:00 2001
From: legendecas <legendecas@gmail.com>
Date: Tue, 9 May 2023 01:29:16 +0800
Subject: [PATCH] src: remove aliased buffer weak callback

An AliasedBuffer can be nested in a BaseObject and their weak callbacks
invoke order are not guaranteed. Prevent aliased buffer from being
accessed in its weak callback as its validness can be checked with the
emptiness of the persistent handle.

PR-URL: https://github.com/nodejs/node/pull/47688
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
---
 src/aliased_buffer-inl.h | 15 +++------------
 src/aliased_buffer.h     |  3 ---
 2 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/src/aliased_buffer-inl.h b/src/aliased_buffer-inl.h
index 782a125570d06d..f04fb7c2667016 100644
--- a/src/aliased_buffer-inl.h
+++ b/src/aliased_buffer-inl.h
@@ -70,8 +70,8 @@ AliasedBufferBase<NativeT, V8T>::AliasedBufferBase(
       count_(that.count_),
       byte_offset_(that.byte_offset_),
       buffer_(that.buffer_) {
-  DCHECK(is_valid());
   js_array_ = v8::Global<V8T>(that.isolate_, that.GetJSArray());
+  DCHECK(is_valid());
 }
 
 template <typename NativeT, typename V8T>
@@ -126,19 +126,10 @@ void AliasedBufferBase<NativeT, V8T>::Release() {
   js_array_.Reset();
 }
 
-template <typename NativeT, typename V8T>
-inline void AliasedBufferBase<NativeT, V8T>::WeakCallback(
-    const v8::WeakCallbackInfo<AliasedBufferBase<NativeT, V8T>>& data) {
-  AliasedBufferBase<NativeT, V8T>* buffer = data.GetParameter();
-  DCHECK(buffer->is_valid());
-  buffer->cleared_ = true;
-  buffer->js_array_.Reset();
-}
-
 template <typename NativeT, typename V8T>
 inline void AliasedBufferBase<NativeT, V8T>::MakeWeak() {
   DCHECK(is_valid());
-  js_array_.SetWeak(this, WeakCallback, v8::WeakCallbackType::kParameter);
+  js_array_.SetWeak();
 }
 
 template <typename NativeT, typename V8T>
@@ -223,7 +214,7 @@ void AliasedBufferBase<NativeT, V8T>::reserve(size_t new_capacity) {
 
 template <typename NativeT, typename V8T>
 inline bool AliasedBufferBase<NativeT, V8T>::is_valid() const {
-  return index_ == nullptr && !cleared_;
+  return index_ == nullptr && !js_array_.IsEmpty();
 }
 
 template <typename NativeT, typename V8T>
diff --git a/src/aliased_buffer.h b/src/aliased_buffer.h
index 4c4f8ac21dfc4a..b847641f8faa15 100644
--- a/src/aliased_buffer.h
+++ b/src/aliased_buffer.h
@@ -173,14 +173,11 @@ class AliasedBufferBase : public MemoryRetainer {
 
  private:
   inline bool is_valid() const;
-  static inline void WeakCallback(
-      const v8::WeakCallbackInfo<AliasedBufferBase<NativeT, V8T>>& data);
   v8::Isolate* isolate_ = nullptr;
   size_t count_ = 0;
   size_t byte_offset_ = 0;
   NativeT* buffer_ = nullptr;
   v8::Global<V8T> js_array_;
-  bool cleared_ = false;
 
   // Deserialize data
   const AliasedBufferIndex* index_ = nullptr;