From 8f8e71a387fd7bea482ac9062ffb9fc8b31901ff Mon Sep 17 00:00:00 2001
From: Santiago Gimeno <santiago.gimeno@gmail.com>
Date: Wed, 22 Jun 2022 15:48:02 +0200
Subject: [PATCH] src: fix crash on FSReqPromise destructor

We are deciding whether to end `fs` promises by checking
`can_call_into_js()` whereas in the `FSReqPromise` destructor we're
using the `is_stopping()` check. Though this may look as semantically
correct it has issues because though both values are modified before
termination on `Environment::ExitEnv()` and both are atomic they are not
syncronized together so it may happen that when reaching the destructor
`call_into_js` may be set to `false` whereas `is_stopping` remains
`false` causing the crash. Fix this by using the same checks everywhere.

Fixes: https://github.com/nodejs/node/issues/43499
---
 src/node_file.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/node_file.cc b/src/node_file.cc
index 5a3e54669049fb..546fbbb053b922 100644
--- a/src/node_file.cc
+++ b/src/node_file.cc
@@ -377,7 +377,7 @@ MaybeLocal<Promise> FileHandle::ClosePromise() {
     std::unique_ptr<CloseReq> close(CloseReq::from_req(req));
     CHECK_NOT_NULL(close);
     close->file_handle()->AfterClose();
-    if (!close->env()->can_call_into_js()) return;
+    if (close->env()->is_stopping()) return;
     Isolate* isolate = close->env()->isolate();
     if (req->result < 0) {
       HandleScope handle_scope(isolate);
@@ -651,7 +651,7 @@ void FSReqAfterScope::Reject(uv_fs_t* req) {
 }
 
 bool FSReqAfterScope::Proceed() {
-  if (!wrap_->env()->can_call_into_js()) {
+  if (wrap_->env()->is_stopping()) {
     return false;
   }