node-api: fix shutdown crashes

mhdawson · richardlau · commit a7224c955951 · 2022-03-30T10:49:11.000-04:00
Refs: nodejs/node-addon-api#906 Ensure that finalization is not defered during shutdown. The env for the addon is deleted immediately after iterating the list of finalizers to be run. Defering causes crashes as the finalization uses the already deleted env. Signed-off-by: Michael Dawson <mdawson@devrus.com> PR-URL: #38492 Backport-PR-URL: #42512 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Gabriel Schulhof <gabrielschulhof@gmail.com>
diff --git a/src/js_native_api_v8.h b/src/js_native_api_v8.h
@@ -122,6 +122,37 @@ struct napi_env__ {
   void* instance_data = nullptr;
 };
 
+// This class is used to keep a napi_env live in a way that
+// is exception safe versus calling Ref/Unref directly
+class EnvRefHolder {
+ public:
+  explicit EnvRefHolder(napi_env env) : _env(env) {
+      _env->Ref();
+  }
+
+  explicit EnvRefHolder(const EnvRefHolder& other): _env(other.env()) {
+    _env->Ref();
+  }
+
+  EnvRefHolder(EnvRefHolder&& other) {
+    _env = other._env;
+    other._env = nullptr;
+  }
+
+  ~EnvRefHolder() {
+    if (_env != nullptr) {
+      _env->Unref();
+    }
+  }
+
+  napi_env env(void) const {
+    return _env;
+  }
+
+ private:
+  napi_env _env;
+};
+
 static inline napi_status napi_clear_last_error(napi_env env) {
   env->last_error.error_code = napi_ok;
 
diff --git a/src/node_api.cc b/src/node_api.cc
@@ -35,8 +35,13 @@ struct node_napi_env__ : public napi_env__ {
   }
 
   void CallFinalizer(napi_finalize cb, void* data, void* hint) override {
-    napi_env env = static_cast<napi_env>(this);
-    node_env()->SetImmediate([=](node::Environment* node_env) {
+    // we need to keep the env live until the finalizer has been run
+    // EnvRefHolder provides an exception safe wrapper to Ref and then
+    // Unref once the lamba is freed
+    EnvRefHolder liveEnv(static_cast<napi_env>(this));
+    node_env()->SetImmediate([=, liveEnv = std::move(liveEnv)]
+        (node::Environment* node_env) {
+      napi_env env = liveEnv.env();
       v8::HandleScope handle_scope(env->isolate);
       v8::Context::Scope context_scope(env->context());
       env->CallIntoModule([&](napi_env env) {
