src: don't SetInternalField() in ObjectWrap dtor

bnoordhuis · bnoordhuis · commit cd96f0aba8fc · 2013-04-10T15:37:30.000+02:00
Call SetPointerInInternalField(0, NULL) rather than SetInternalField(0, Undefined()). Fixes the following spurious NULL pointer dereference in debug builds: #0 0x03ad2821 in v8::internal::FixedArrayBase::length () nodejs#1 0x03ad1dfc in v8::internal::FixedArray::get () nodejs#2 0x03ae05dd in v8::internal::Context::global_object () nodejs#3 0x03b6b87d in v8::internal::Context::builtins () nodejs#4 0x03ae1871 in v8::internal::Isolate::js_builtins_object () nodejs#5 0x03ab4fab in v8::CallV8HeapFunction () nodejs#6 0x03ab4d4a in v8::Value::Equals () nodejs#7 0x03b4f38b in CheckEqualsHelper () nodejs#8 0x03ac0f4b in v8::Object::SetInternalField () nodejs#9 0x06a99ddd in node::ObjectWrap::~ObjectWrap () nodejs#10 0x06a8b051 in node::Buffer::~Buffer () nodejs#11 0x06a8afbb in node::Buffer::~Buffer () nodejs#12 0x06a8af5e in node::Buffer::~Buffer () nodejs#13 0x06a9e569 in node::ObjectWrap::WeakCallback ()
diff --git a/src/node_object_wrap.h b/src/node_object_wrap.h
@@ -48,7 +48,7 @@ class NODE_EXTERN ObjectWrap {
     if (!handle_.IsEmpty()) {
       assert(handle_.IsNearDeath());
       handle_.ClearWeak();
-      handle_->SetInternalField(0, v8::Undefined());
+      handle_->SetPointerInInternalField(0, 0);
       handle_.Dispose();
       handle_.Clear();
     }

Original file line number	Diff line number	Diff line change
`@@ -48,7 +48,7 @@ class NODE_EXTERN ObjectWrap {`
`48`	`48`	`if (!handle_.IsEmpty()) {`
`49`	`49`	`assert(handle_.IsNearDeath());`
`50`	`50`	`handle_.ClearWeak();`
`51`		`- handle_->SetInternalField(0, v8::Undefined());`
	`51`	`+ handle_->SetPointerInInternalField(0, 0);`
`52`	`52`	`handle_.Dispose();`
`53`	`53`	`handle_.Clear();`
`54`	`54`	`}`