fix table update notifications use after free

stevensJourney · stevensJourney · commit f0e0e17c6063 · 2024-10-28T10:48:26.000+02:00
diff --git a/.changeset/stale-cups-grow.md b/.changeset/stale-cups-grow.md
@@ -0,0 +1,5 @@
+---
+'@journeyapps/wa-sqlite': patch
+---
+
+Fix bug where table change update notifications would access invalid memory locations under certain conditions.
diff --git a/src/sqlite-api.js b/src/sqlite-api.js
@@ -29,7 +29,7 @@ const async = true;
 
 const onTableChangeCallbacks = {};
 globalThis.__onTablesChanged = function(db, opType, tableName, rowId) {
-  setTimeout(() => onTableChangeCallbacks[db]?.(opType, tableName, rowId), 0);
+  onTableChangeCallbacks[db]?.(opType, tableName, rowId);
 };
 
 /**
@@ -914,7 +914,12 @@ export function Factory(Module) {
       const stringBytes = new Uint8Array(Module.HEAPU8.buffer, tableNamePtr, length);
       const tableName = new TextDecoder().decode(stringBytes);
 
-      return callback(opType, tableName, rowId);
+      /**
+       * Call the callback inside a setTimeout to avoid blocking SQLite.
+       * We use a setTimeout only after fetching data from the heap to avoid
+       * accessing memory which has been freed. 
+       */
+      setTimeout(() => callback(opType, tableName, rowId), 0)
     };
   };
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'@journeyapps/wa-sqlite': patch
 +---
++
 +Fix bug where table change update notifications would access invalid memory locations under certain conditions.