Speculative fix for #12079

2026-02-16 13:51:47 +00:00 · 2024-06-24 01:55:27 -07:00
parent 82c89bd8fc
commit 800ca865fb
1 changed files with 19 additions and 2 deletions
--- a/src/bun.js/bindings/sqlite/JSSQLStatement.cpp
+++ b/src/bun.js/bindings/sqlite/JSSQLStatement.cpp
@@ -174,7 +174,8 @@ static inline JSC::JSValue jsBigIntFromSQLite(JSC::JSGlobalObject* globalObject,
    if (UNLIKELY(!castedThis)) {                                                                                 \
        throwException(lexicalGlobalObject, scope, createError(lexicalGlobalObject, "Expected SQLStatement"_s)); \
        return JSValue::encode(jsUndefined());                                                                   \
-    }
+    }                                                                                                            \
+    auto thisAliveScope = EnsureStillAliveScope(castedThis);

 #define DO_REBIND(param)                                                                                                \
    if (param.isObject()) {                                                                                             \
@@ -1173,6 +1174,9 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementSerialize, (JSC::JSGlobalObject * lexical
        throwException(lexicalGlobalObject, scope, createError(lexicalGlobalObject, "Expected attached database name"_s));
        return JSValue::encode(JSC::jsUndefined());
    }
+
+    EnsureStillAliveScope thisAliveScope(thisObject);
+
    sqlite3_int64 length = -1;
    unsigned char* data = sqlite3_serialize(db, attachedName.utf8().data(), &length, 0);
    if (UNLIKELY(data == nullptr && length)) {
@@ -1221,6 +1225,8 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementLoadExtensionFunction, (JSC::JSGlobalObje
        return JSValue::encode(JSC::jsUndefined());
    }

+    EnsureStillAliveScope thisAliveScope(thisObject);
+
    auto entryPointStr = callFrame->argumentCount() > 2 && callFrame->argument(2).isString() ? callFrame->argument(2).toWTFString(lexicalGlobalObject) : String();
    const char* entryPoint = entryPointStr.length() == 0 ? NULL : entryPointStr.utf8().data();
    char* error;
@@ -1254,6 +1260,7 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementExecuteFunction, (JSC::JSGlobalObject * l
        throwException(lexicalGlobalObject, scope, createError(lexicalGlobalObject, "Expected SQL"_s));
        return JSValue::encode(JSC::jsUndefined());
    }
+    auto thisAliveScope = EnsureStillAliveScope(thisObject);

    if (callFrame->argumentCount() < 2) {
        throwException(lexicalGlobalObject, scope, createError(lexicalGlobalObject, "Expected at least 2 arguments"_s));
@@ -1274,8 +1281,8 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementExecuteFunction, (JSC::JSGlobalObject * l

    JSC::JSValue internalFlagsValue = callFrame->argument(1);
    JSC::JSValue diffValue = callFrame->argument(2);
-
    JSC::JSValue sqlValue = callFrame->argument(3);
+
    if (UNLIKELY(!sqlValue.isString())) {
        throwException(lexicalGlobalObject, scope, createError(lexicalGlobalObject, "Expected SQL string"_s));
        return JSValue::encode(JSC::jsUndefined());
@@ -1410,6 +1417,7 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementIsInTransactionFunction, (JSC::JSGlobalOb
        throwException(lexicalGlobalObject, scope, createError(lexicalGlobalObject, "Expected SQLStatement"_s));
        return JSValue::encode(JSC::jsUndefined());
    }
+    EnsureStillAliveScope thisAliveScope(thisObject);

    JSC::JSValue dbNumber = callFrame->argument(0);

@@ -1447,6 +1455,8 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementPrepareStatementFunction, (JSC::JSGlobalO
        return JSValue::encode(JSC::jsUndefined());
    }

+    EnsureStillAliveScope thisAliveScope(thisObject);
+
    JSC::JSValue dbNumber = callFrame->argument(0);
    JSC::JSValue sqlValue = callFrame->argument(1);
    JSC::JSValue bindings = callFrame->argument(2);
@@ -1548,6 +1558,7 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementOpenStatementFunction, (JSC::JSGlobalObje
        return JSValue::encode(jsUndefined());
    }

+    EnsureStillAliveScope thisAliveScope(constructor);
    if (callFrame->argumentCount() < 1) {
        throwException(lexicalGlobalObject, scope, createError(lexicalGlobalObject, "Expected 1 argument"_s));
        return JSValue::encode(jsUndefined());
@@ -1640,6 +1651,8 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementCloseStatementFunction, (JSC::JSGlobalObj
        return JSValue::encode(jsUndefined());
    }

+    EnsureStillAliveScope thisAliveScope(constructor);
+
    JSValue dbNumber = callFrame->argument(0);
    JSValue throwOnError = callFrame->argument(1);
    if (!dbNumber.isNumber()) {
@@ -1691,6 +1704,8 @@ JSC_DEFINE_HOST_FUNCTION(jsSQLStatementFcntlFunction, (JSC::JSGlobalObject * lex
        return JSValue::encode(jsUndefined());
    }

+    EnsureStillAliveScope thisAliveScope(thisObject);
+
    JSValue dbNumber = callFrame->argument(0);
    JSValue databaseFileName = callFrame->argument(1);
    JSValue opNumber = callFrame->argument(2);
@@ -2080,6 +2095,8 @@ JSC_DEFINE_JIT_OPERATION(jsSQLStatementExecuteStatementFunctionGetWithoutTypeChe
    auto* stmt = castedThis->stmt;
    CHECK_PREPARED

+    EnsureStillAliveScope thisAliveScope(castedThis);
+
    int statusCode = sqlite3_reset(stmt);
    if (UNLIKELY(statusCode != SQLITE_OK)) {
        throwException(lexicalGlobalObject, scope, createSQLiteError(lexicalGlobalObject, castedThis->version_db->db));