0
0
mirror of https://github.com/phpv8/v8js.git synced 2024-12-22 14:01:53 +00:00

Merge pull request #479 from stesie/issue-472

hold extra reference on v8 instance as long as we call into V8
This commit is contained in:
Stefan Siegl 2022-05-29 23:24:38 +02:00 committed by GitHub
commit 362868888f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 159 additions and 109 deletions

View File

@ -0,0 +1,30 @@
--TEST--
Test V8::executeString() : Issue #472 Destroy V8Js object which V8 isolate entered
--SKIPIF--
<?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
--FILE--
<?php
class myjs extends \V8Js
{
public function bosh()
{
$GLOBALS['v8test'] = null;
unset($GLOBALS['v8test']);
}
}
$GLOBALS['v8test'] = new myjs('myjs');
$ret = $GLOBALS['v8test']->executeString('
(() => {
myjs.bosh()
})
');
$ret();
var_dump($ret);
?>
===EOF===
--EXPECTF--
object(V8Function)#%d (0) {
}
===EOF===

View File

@ -83,6 +83,10 @@ static inline struct v8js_ctx *v8js_ctx_fetch_object(zend_object *obj) {
return (struct v8js_ctx *)((char *)obj - XtOffsetOf(struct v8js_ctx, std)); return (struct v8js_ctx *)((char *)obj - XtOffsetOf(struct v8js_ctx, std));
} }
static inline zend_object *v8js_ctx_to_zend_object(struct v8js_ctx *ctx) {
return (zend_object *)((char *)ctx + XtOffsetOf(struct v8js_ctx, std));
}
#define Z_V8JS_CTX_OBJ_P(zv) v8js_ctx_fetch_object(Z_OBJ_P(zv)); #define Z_V8JS_CTX_OBJ_P(zv) v8js_ctx_fetch_object(Z_OBJ_P(zv));

View File

@ -120,135 +120,151 @@ void v8js_v8_call(v8js_ctx *c, zval **return_value,
{ {
char *tz = NULL; char *tz = NULL;
V8JS_CTX_PROLOGUE(c); // hold extra reference on v8 instance as long as we call into V8 (issue #472)
zend_object *obj = v8js_ctx_to_zend_object(c);
zval zv_v8inst;
ZVAL_OBJ(&zv_v8inst, obj);
Z_ADDREF_P(&zv_v8inst);
V8JSG(timer_mutex).lock(); {
c->time_limit_hit = false; V8JS_CTX_PROLOGUE(c);
c->memory_limit_hit = false;
V8JSG(timer_mutex).unlock();
/* Catch JS exceptions */ V8JSG(timer_mutex).lock();
v8::TryCatch try_catch(isolate); c->time_limit_hit = false;
c->memory_limit_hit = false;
V8JSG(timer_mutex).unlock();
/* Set flags for runtime use */ /* Catch JS exceptions */
c->flags = flags; v8::TryCatch try_catch(isolate);
/* Check if timezone has been changed and notify V8 */ /* Set flags for runtime use */
tz = getenv("TZ"); c->flags = flags;
if (tz != NULL) { /* Check if timezone has been changed and notify V8 */
if (c->tz == NULL) { tz = getenv("TZ");
c->tz = strdup(tz);
}
else if (strcmp(c->tz, tz) != 0) {
c->isolate->DateTimeConfigurationChangeNotification();
free(c->tz); if (tz != NULL) {
c->tz = strdup(tz); if (c->tz == NULL) {
} c->tz = strdup(tz);
} }
else if (strcmp(c->tz, tz) != 0) {
c->isolate->DateTimeConfigurationChangeNotification();
if (time_limit > 0 || memory_limit > 0) { free(c->tz);
// If timer thread is not running then start it c->tz = strdup(tz);
if (!V8JSG(timer_thread)) { }
// If not, start timer thread
V8JSG(timer_thread) = new std::thread(v8js_timer_thread, ZEND_MODULE_GLOBALS_BULK(v8js));
}
}
/* Always pass the timer to the stack so there can be follow-up changes to
* the time & memory limit. */
v8js_timer_push(time_limit, memory_limit, c);
/* Execute script */
c->in_execution++;
v8::MaybeLocal<v8::Value> result = v8_call(c->isolate);
c->in_execution--;
/* Pop our context from the stack and read (possibly updated) limits
* into local variables. */
V8JSG(timer_mutex).lock();
v8js_timer_ctx *timer_ctx = V8JSG(timer_stack).front();
V8JSG(timer_stack).pop_front();
V8JSG(timer_mutex).unlock();
time_limit = timer_ctx->time_limit;
memory_limit = timer_ctx->memory_limit;
efree(timer_ctx);
if(!V8JSG(fatal_error_abort)) {
char exception_string[64];
if (c->time_limit_hit) {
// Execution has been terminated due to time limit
sprintf(exception_string, "Script time limit of %lu milliseconds exceeded", time_limit);
zend_throw_exception(php_ce_v8js_time_limit_exception, exception_string, 0);
return;
} }
if (memory_limit && !c->memory_limit_hit) { if (time_limit > 0 || memory_limit > 0) {
// Re-check memory limit (very short executions might never be hit by timer thread) // If timer thread is not running then start it
v8::HeapStatistics hs; if (!V8JSG(timer_thread)) {
isolate->GetHeapStatistics(&hs); // If not, start timer thread
V8JSG(timer_thread) = new std::thread(v8js_timer_thread, ZEND_MODULE_GLOBALS_BULK(v8js));
}
}
if (hs.used_heap_size() > memory_limit) { /* Always pass the timer to the stack so there can be follow-up changes to
isolate->LowMemoryNotification(); * the time & memory limit. */
v8js_timer_push(time_limit, memory_limit, c);
/* Execute script */
c->in_execution++;
v8::MaybeLocal<v8::Value> result = v8_call(c->isolate);
c->in_execution--;
/* Pop our context from the stack and read (possibly updated) limits
* into local variables. */
V8JSG(timer_mutex).lock();
v8js_timer_ctx *timer_ctx = V8JSG(timer_stack).front();
V8JSG(timer_stack).pop_front();
V8JSG(timer_mutex).unlock();
time_limit = timer_ctx->time_limit;
memory_limit = timer_ctx->memory_limit;
efree(timer_ctx);
if(!V8JSG(fatal_error_abort)) {
char exception_string[64];
if (c->time_limit_hit) {
// Execution has been terminated due to time limit
sprintf(exception_string, "Script time limit of %lu milliseconds exceeded", time_limit);
zend_throw_exception(php_ce_v8js_time_limit_exception, exception_string, 0);
zval_ptr_dtor(&zv_v8inst);
return;
}
if (memory_limit && !c->memory_limit_hit) {
// Re-check memory limit (very short executions might never be hit by timer thread)
v8::HeapStatistics hs;
isolate->GetHeapStatistics(&hs); isolate->GetHeapStatistics(&hs);
if (hs.used_heap_size() > memory_limit) { if (hs.used_heap_size() > memory_limit) {
c->memory_limit_hit = true; isolate->LowMemoryNotification();
} isolate->GetHeapStatistics(&hs);
}
}
if (c->memory_limit_hit) { if (hs.used_heap_size() > memory_limit) {
// Execution has been terminated due to memory limit c->memory_limit_hit = true;
sprintf(exception_string, "Script memory limit of %lu bytes exceeded", memory_limit); }
zend_throw_exception(php_ce_v8js_memory_limit_exception, exception_string, 0);
return;
}
if (!try_catch.CanContinue()) {
// At this point we can't re-throw the exception
return;
}
/* There was pending exception left from earlier executions -> throw to PHP */
if (Z_TYPE(c->pending_exception) == IS_OBJECT) {
zend_throw_exception_object(&c->pending_exception);
ZVAL_NULL(&c->pending_exception);
}
/* Handle runtime JS exceptions */
if (try_catch.HasCaught()) {
/* Pending exceptions are set only in outer caller, inner caller exceptions are always rethrown */
if (c->in_execution < 1) {
/* Report immediately if report_uncaught is true */
if (c->report_uncaught) {
v8js_throw_script_exception(c->isolate, &try_catch);
return;
}
/* Exception thrown from JS, preserve it for future execution */
if (result.IsEmpty()) {
v8js_create_script_exception(&c->pending_exception, c->isolate, &try_catch);
return;
} }
} }
/* Rethrow back to JS */ if (c->memory_limit_hit) {
try_catch.ReThrow(); // Execution has been terminated due to memory limit
return; sprintf(exception_string, "Script memory limit of %lu bytes exceeded", memory_limit);
} zend_throw_exception(php_ce_v8js_memory_limit_exception, exception_string, 0);
zval_ptr_dtor(&zv_v8inst);
return;
}
/* Convert V8 value to PHP value */ if (!try_catch.CanContinue()) {
if (return_value && !result.IsEmpty()) { // At this point we can't re-throw the exception
v8js_to_zval(result.ToLocalChecked(), *return_value, flags, c->isolate); zval_ptr_dtor(&zv_v8inst);
return;
}
/* There was pending exception left from earlier executions -> throw to PHP */
if (Z_TYPE(c->pending_exception) == IS_OBJECT) {
zend_throw_exception_object(&c->pending_exception);
ZVAL_NULL(&c->pending_exception);
}
/* Handle runtime JS exceptions */
if (try_catch.HasCaught()) {
/* Pending exceptions are set only in outer caller, inner caller exceptions are always rethrown */
if (c->in_execution < 1) {
/* Report immediately if report_uncaught is true */
if (c->report_uncaught) {
v8js_throw_script_exception(c->isolate, &try_catch);
zval_ptr_dtor(&zv_v8inst);
return;
}
/* Exception thrown from JS, preserve it for future execution */
if (result.IsEmpty()) {
v8js_create_script_exception(&c->pending_exception, c->isolate, &try_catch);
zval_ptr_dtor(&zv_v8inst);
return;
}
}
/* Rethrow back to JS */
try_catch.ReThrow();
zval_ptr_dtor(&zv_v8inst);
return;
}
/* Convert V8 value to PHP value */
if (return_value && !result.IsEmpty()) {
v8js_to_zval(result.ToLocalChecked(), *return_value, flags, c->isolate);
}
} }
} }
zval_ptr_dtor(&zv_v8inst);
} }
/* }}} */ /* }}} */