njs - njs mirror

about summary refs log tree commit diff

path: root/test/js/async_recursive_mid.t.js

	Commit message (Collapse)	Author	Age
*	Fixed frame allocation from an awaited frame.	Dmitry Volyntsev	2022-02-21
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	njs_function_frame_save() is used to save the awaited frame when "await" instruction is encountered. The saving was done as a memcpy() of existing runtime frame. njs_function_frame_alloc() is used to alloc a new function frame, this function tries to use a spare preallocated memory from the previous frame first. Previously, this function might result in "use-after-free" when invoked from a restored frame saved with njs_function_frame_save(). Because njs_function_frame_save() left pointers to the spare memory of the original frame which may be already free when saved frame is restored. The fix is to erase fields for the spare memory from the saved frame. This closes #469 issue on Github.
*	Fixed recursive async function calls.	Dmitry Volyntsev	2022-01-21
	Previously, PromiseCapability record was stored (function->context) directly in function object during a function invocation. This is not correct, because PromiseCapability record should be linked to current execution context. As a result, function->context is overwritten with consecutive recursive calls which results in use-after-free. This closes #451 issue on Github.