summaryrefslogtreecommitdiff
path: root/cli/napi/js_native_api.rs
diff options
context:
space:
mode:
Diffstat (limited to 'cli/napi/js_native_api.rs')
-rw-r--r--cli/napi/js_native_api.rs6
1 files changed, 4 insertions, 2 deletions
diff --git a/cli/napi/js_native_api.rs b/cli/napi/js_native_api.rs
index fad13ba62..fe6535446 100644
--- a/cli/napi/js_native_api.rs
+++ b/cli/napi/js_native_api.rs
@@ -127,13 +127,16 @@ impl Reference {
let finalize_hint = reference.finalize_hint;
reference.reset();
+ // copy this value before the finalize callback, since
+ // it might free the reference (which would be a UAF)
+ let ownership = reference.ownership;
if let Some(finalize_cb) = finalize_cb {
unsafe {
finalize_cb(reference.env as _, finalize_data, finalize_hint);
}
}
- if reference.ownership == ReferenceOwnership::Runtime {
+ if ownership == ReferenceOwnership::Runtime {
unsafe { drop(Reference::from_raw(reference)) }
}
}
@@ -3440,7 +3443,6 @@ fn napi_add_finalizer(
} else {
ReferenceOwnership::Userland
};
-
let reference = Reference::new(
env,
value.into(),
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-27 05:40:52 +0000