src: fix potential segmentation fault in SQLite

The Local<Value> returned from ColumnToValue() and ColumnNameToValue() may be empty (if a JavaScript exception is pending), in which case a segmentation fault may occur at the call sites, which do not check if the Local<Value> is empty. Fix this bug returning early if an exception is pending (as indicated by the Local being empty). In the long term, these functions should return MaybeLocal instead of Local, but this patch is supposed to be a minimal bug fix only. PR-URL: #53850 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Yagiz Nizipli <[email protected]>
nodejs · Jul 28, 2024 · bac3a48 · bac3a48
1 parent 97da7ca
commit bac3a48
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/src/node_sqlite.cc b/src/node_sqlite.cc
@@ -441,7 +441,9 @@ void StatementSync::All(const FunctionCallbackInfo<Value>& args) {
 
     for (int i = 0; i < num_cols; ++i) {
       Local<Value> key = stmt->ColumnNameToValue(i);
+      if (key.IsEmpty()) return;
       Local<Value> val = stmt->ColumnToValue(i);
+      if (val.IsEmpty()) return;
 
       if (row->Set(env->context(), key, val).IsNothing()) {
         return;
@@ -483,7 +485,9 @@ void StatementSync::Get(const FunctionCallbackInfo<Value>& args) {
 
   for (int i = 0; i < num_cols; ++i) {
     Local<Value> key = stmt->ColumnNameToValue(i);
+    if (key.IsEmpty()) return;
     Local<Value> val = stmt->ColumnToValue(i);
+    if (val.IsEmpty()) return;
 
     if (result->Set(env->context(), key, val).IsNothing()) {
       return;