git.kaiwu.me - njs.git/commit

Fixed copying of closures for declared functions.

After 0a2a0b5a74f4 (0.6.0),  the referencing of a closure value inside of
a nested function may result in heap-use-after-free.  For this to happen
the closure value have to be referenced in a function invoked asynchronously.
For example if a closure value is referenced in r.subrequest() or setTimeout()
handler.

The problem was that closure values of nested function were assigned during
the function call and the memory shared between all the cloned VMs was used
to store temporary assignments until the moment the declared function was
referenced.  When two VMs executed concurrently, the first VM might see
the changed made by the second VM if the first one was suspended.

The fix is to copy all declared functions at the time of the call.

This closes #421 issue on GitHub.

author	Alexander Borisov <alexander.borisov@nginx.com>
	Mon, 11 Oct 2021 14:46:24 +0000 (17:46 +0300)
committer	Alexander Borisov <alexander.borisov@nginx.com>
	Mon, 11 Oct 2021 14:46:24 +0000 (17:46 +0300)
commit	648e89a6ac5106426edf8825790fa9c50d9caf3e
tree	50d45eadad139b2beec539c6e4fe0e3fb7a48083	tree \| snapshot
parent	058e98d99ce2d1967c0a12b3ef21051101e38b1b	commit \| diff

src/njs_function.c		diff \| blob \| history
src/njs_function.h		diff \| blob \| history
src/njs_parser.h		diff \| blob \| history
src/njs_variable.c		diff \| blob \| history
src/test/njs_unit_test.c		diff \| blob \| history