src: remove aliased buffer weak callback

legendecas · RafaelGSS · commit 120ac7435255 · 2023-07-03T10:36:49.000-03:00
An AliasedBuffer can be nested in a BaseObject and their weak callbacks invoke order are not guaranteed. Prevent aliased buffer from being accessed in its weak callback as its validness can be checked with the emptiness of the persistent handle. PR-URL: #47688 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
diff --git a/src/aliased_buffer-inl.h b/src/aliased_buffer-inl.h
@@ -70,8 +70,8 @@ AliasedBufferBase<NativeT, V8T>::AliasedBufferBase(
       count_(that.count_),
       byte_offset_(that.byte_offset_),
       buffer_(that.buffer_) {
-  DCHECK(is_valid());
   js_array_ = v8::Global<V8T>(that.isolate_, that.GetJSArray());
+  DCHECK(is_valid());
 }
 
 template <typename NativeT, typename V8T>
@@ -126,19 +126,10 @@ void AliasedBufferBase<NativeT, V8T>::Release() {
   js_array_.Reset();
 }
 
-template <typename NativeT, typename V8T>
-inline void AliasedBufferBase<NativeT, V8T>::WeakCallback(
-    const v8::WeakCallbackInfo<AliasedBufferBase<NativeT, V8T>>& data) {
-  AliasedBufferBase<NativeT, V8T>* buffer = data.GetParameter();
-  DCHECK(buffer->is_valid());
-  buffer->cleared_ = true;
-  buffer->js_array_.Reset();
-}
-
 template <typename NativeT, typename V8T>
 inline void AliasedBufferBase<NativeT, V8T>::MakeWeak() {
   DCHECK(is_valid());
-  js_array_.SetWeak(this, WeakCallback, v8::WeakCallbackType::kParameter);
+  js_array_.SetWeak();
 }
 
 template <typename NativeT, typename V8T>
@@ -223,7 +214,7 @@ void AliasedBufferBase<NativeT, V8T>::reserve(size_t new_capacity) {
 
 template <typename NativeT, typename V8T>
 inline bool AliasedBufferBase<NativeT, V8T>::is_valid() const {
-  return index_ == nullptr && !cleared_;
+  return index_ == nullptr && !js_array_.IsEmpty();
 }
 
 template <typename NativeT, typename V8T>
diff --git a/src/aliased_buffer.h b/src/aliased_buffer.h
@@ -173,14 +173,11 @@ class AliasedBufferBase : public MemoryRetainer {
 
  private:
   inline bool is_valid() const;
-  static inline void WeakCallback(
-      const v8::WeakCallbackInfo<AliasedBufferBase<NativeT, V8T>>& data);
   v8::Isolate* isolate_ = nullptr;
   size_t count_ = 0;
   size_t byte_offset_ = 0;
   NativeT* buffer_ = nullptr;
   v8::Global<V8T> js_array_;
-  bool cleared_ = false;
 
   // Deserialize data
   const AliasedBufferIndex* index_ = nullptr;
