node-addon-api: Access violation in TypedArrayOf

When I build zmq.js with address sanitizer, and I attach my debugger to the node process that runs the tests (./node_modules/.bin/mocha), I get this error from the following location:

https://github.com/nodejs/node-addon-api/blob/77350eee98957f471a355a4cf12f6ee05262fa5b/napi-inl.h#L1892-1904

template <typename T>
inline TypedArrayOf<T>::TypedArrayOf(napi_env env, napi_value value)
  : TypedArray(env, value), _data(nullptr) {
  napi_status status = napi_ok;
  if (value != nullptr) {
    status = napi_get_typedarray_info(
      _env, _value, &_type, &_length, reinterpret_cast<void**>(&_data), nullptr, nullptr); // happens here 
  } else {
    _type = TypedArrayTypeForPrimitiveType<T>();
    _length = 0;
  }
  NAPI_THROW_IF_FAILED_VOID(_env, status);

Exception thrown at 0x0000000000000000 in node.exe: 0xC0000005: Access violation executing location 0x0000000000000000.

The undefined behaviour of reintrepret_cast can be the reason why this happens. https://www.youtube.com/watch?v=L06nbZXD2D0

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 16 (8 by maintainers)

Most upvoted comments

In a quick look, this seems similar to https://github.com/nodejs/node/issues/32463, in which v8 asserts that no backing store should be created on the same buffer.

However I found that the 4th frame v8::internal::BackingStore::Reallocate is not what I expect as v8::internal::GlobalBackingStoreRegistry::Register, can you share your Node.js version you are testing against so that I can take a deep look into it?

+1
legendecas on Apr 14, 2021
Read more comments on GitHub
← nan: Weird and inexplicable crashes when using TypedArrayContents
node-addon-api: [BUG] node REPL crashes creating ObjectWrap in getter →