git.kaiwu.me - njs.git/commit

author	Dmitry Volyntsev <xeioex@nginx.com>
	Tue, 30 Sep 2025 01:30:15 +0000 (18:30 -0700)
committer	Dmitry Volyntsev <xeioexception@gmail.com>
	Thu, 2 Oct 2025 23:15:40 +0000 (16:15 -0700)
commit	e9649164dd5622d644f35067adf49d0a490efb2c
tree	d5b871df890509c32424798336a36aecf86a944c	tree \| snapshot
parent	243347edc86d9dc1ee0e35f86acc839d50db1d9d	commit \| diff

Fixed heap-use-after-free in js_set handler.

The issue was introduced in commit 04f6dfb (0.9.2) by moving VM
destruction from the pool cleanup handler to the http cleanup handler.

Moving VM destruction to the http cleanup handler broke js_set variable
usage during the log phase, because these variables are called after the
VM has been destroyed.

The fix is to move VM destruction back to the pool cleanup handler, but
use a temporary pool while njs.on('exit', ...) is executing.

This fixes #969 and #971 issues on Github.

nginx/ngx_http_js_module.c		diff \| blob \| history
nginx/t/js_exit.t		diff \| blob \| history
nginx/t/js_shared_dict_exit.t	[new file with mode: 0644]	blob