mirrors/escargot
2
0
Fork 0
mirror of https://github.com/Samsung/escargot.git synced 2026-06-22 10:01:50 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix memory error when FinalizationRegistry cleanup callback throws

Browse source 
Signed-off-by: Seonghyun Kim <sh8281.kim@samsung.com>
This commit is contained in:
Seonghyun Kim 2026-05-06 13:35:47 +09:00
commit 89ffa15d0b
1 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
src/runtime/FinalizationRegistryObject.cpp
View file

@ -56,6 +56,9 @@ FinalizationRegistryObject::FinalizationRegistryObject(ExecutionState& state, Ob
cell->unregisterToken->removeFinalizer(finalizerUnregisterToken, cell);
}
}
// Set source to nullptr to indicate that FinalizationRegistryObject is being collected.
// This prevents the weakRefTarget's finalizer from accessing an invalid source pointer.
cell->source = nullptr;
}
s->m_cells.clear();
s->m_deletedCellCount = 0;
@ -186,7 +189,14 @@ void FinalizationRegistryObject::finalizer(PointerValue* self, void* data)
UNUSED_PARAMETER(self);
FinalizationRegistryObjectItem* item = (FinalizationRegistryObjectItem*)data;
ASSERT(!!item->source && !!item->source->m_cleanupCallback);
// Check if FinalizationRegistryObject is already being collected by GC.
// GC finalizers are not ordered, so the FinalizationRegistryObject may be collected
// before its registered targets. In that case, source will be nullptr.
if (!item->source) {
return;
}
ASSERT(!!item->source->m_cleanupCallback);
bool wasCallbackDeleted = false;
auto callback = item->source->m_cleanupCallback;
if (callback->isScriptFunctionObject()) {