From 8310739d758cb3bc4df21f61922f24f019c682b3 Mon Sep 17 00:00:00 2001 From: Santiago Gimeno Date: Wed, 22 Jun 2022 15:48:02 +0200 Subject: [PATCH] src: fix crash on FSReqPromise destructor We are deciding whether to end `fs` promises by checking `can_call_into_js()` whereas in the `FSReqPromise` destructor we're using the `is_stopping()` check. Though this may look as semantically correct it has issues because though both values are modified before termination on `Environment::ExitEnv()` and both are atomic they are not syncronized together so it may happen that when reaching the destructor `call_into_js` may be set to `false` whereas `is_stopping` remains `false` causing the crash. Fix this by checking with `can_call_into_js()` also in the destructor. Fixes: https://github.com/nodejs/node/issues/43499 --- src/node_file-inl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/node_file-inl.h b/src/node_file-inl.h index 28d4d9ab8c8903..351f3df809d94a 100644 --- a/src/node_file-inl.h +++ b/src/node_file-inl.h @@ -159,7 +159,7 @@ FSReqPromise::~FSReqPromise() { // Validate that the promise was explicitly resolved or rejected but only if // the Isolate is not terminating because in this case the promise might have // not finished. - if (!env()->is_stopping()) CHECK(finished_); + CHECK_IMPLIES(!finished_, !env()->can_call_into_js()); } template