Mercurial > njs
changeset 2628:131276dd1294 default tip
QuickJS: fixed r.subrequest() to a location with JS handler.
Previously, when a subrequest location had a JS handler, an object of a
subrequest JS context was provided as an argument to a parent contexts.
This may cause all sorts of problems due to incorrect reference
counting.
After this change in bellard/quickjs@42eb2795 the bug became apparent.
| author | Dmitry Volyntsev <xeioex@nginx.com> |
|---|---|
| date | Mon, 13 Oct 2025 17:37:11 -0700 |
| parents | c15635f617e0 |
| children | |
| files | nginx/ngx_http_js_module.c |
| diffstat | 1 files changed, 5 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/nginx/ngx_http_js_module.c Wed Oct 08 18:42:16 2025 -0700 +++ b/nginx/ngx_http_js_module.c Mon Oct 13 17:37:11 2025 -0700 @@ -5843,17 +5843,11 @@ cx = ctx->engine->u.qjs.ctx; - if (!JS_IsObject(ngx_qjs_arg(sctx->args[0]))) { - reply = ngx_http_qjs_request_make(cx, NGX_QJS_CLASS_ID_HTTP_REQUEST, r); - if (JS_IsException(reply)) { - ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, - "js subrequest reply creation failed"); - return NGX_ERROR; - } - - - } else { - reply = JS_DupValue(cx, ngx_qjs_arg(sctx->args[0])); + reply = ngx_http_qjs_request_make(cx, NGX_QJS_CLASS_ID_HTTP_REQUEST, r); + if (JS_IsException(reply)) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "js subrequest reply creation failed"); + return NGX_ERROR; } rc = ngx_qjs_call(cx, event->function, &reply, 1);