From 2fdb78ca1f8134170384dcfa9df688909b0647e3 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Sun, 16 Dec 2018 14:34:37 +0100 Subject: [PATCH] worker: fix nullptr deref after MessagePort deser failure This would previously always have crashed when deserializing a `MessagePort` fails, because there was always at least one `nullptr` entry in the vector. PR-URL: https://github.com/nodejs/node/pull/25076 Reviewed-By: Richard Lau Reviewed-By: James M Snell Reviewed-By: Gireesh Punathil --- src/node_messaging.cc | 3 ++- ...st-worker-messageport-transfer-terminate.js | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-worker-messageport-transfer-terminate.js diff --git a/src/node_messaging.cc b/src/node_messaging.cc index c9b5e324479975..ae60187b6f3ec2 100644 --- a/src/node_messaging.cc +++ b/src/node_messaging.cc @@ -90,7 +90,8 @@ MaybeLocal Message::Deserialize(Environment* env, if (ports[i] == nullptr) { for (MessagePort* port : ports) { // This will eventually release the MessagePort object itself. - port->Close(); + if (port != nullptr) + port->Close(); } return MaybeLocal(); } diff --git a/test/parallel/test-worker-messageport-transfer-terminate.js b/test/parallel/test-worker-messageport-transfer-terminate.js new file mode 100644 index 00000000000000..13a30b5c54c6c3 --- /dev/null +++ b/test/parallel/test-worker-messageport-transfer-terminate.js @@ -0,0 +1,18 @@ +// Flags: --experimental-worker +'use strict'; +require('../common'); +const { Worker, MessageChannel } = require('worker_threads'); + +// Check the interaction of calling .terminate() while transferring +// MessagePort objects; in particular, that it does not crash the process. + +for (let i = 0; i < 10; ++i) { + const w = new Worker( + "require('worker_threads').parentPort.on('message', () => {})", + { eval: true }); + setImmediate(() => { + const port = new MessageChannel().port1; + w.postMessage({ port }, [ port ]); + w.terminate(); + }); +}