Fix use-after-free and add a timeout

Author: timfish

module.cc

@@ -43,7 +43,9 @@ struct ThreadInfo {
   // Last time this thread was seen in milliseconds since epoch
   milliseconds last_seen;
   // Optional async local storage associated with this thread
-  std::optional<AsyncLocalStorageLookup> async_store;
+  // Using shared_ptr to safely share with async tasks even if ThreadInfo is
+  // erased
+  std::shared_ptr<std::optional<AsyncLocalStorageLookup>> async_store;
   // Some JSON serialized state sent via threadPoll
   std::string poll_state;
 };
@@ -360,6 +362,12 @@ CaptureStackTrace(Isolate *isolate,
   isolate->RequestInterrupt(ExecutionInterrupted,
                             new InterruptArgs{std::move(promise), &store});
 
+  // Wait with timeout to prevent infinite hang if isolate never processes
+  // interrupt (e.g., stuck in native code or terminating)
+  if (future.wait_for(std::chrono::seconds(5)) == std::future_status::timeout) {
+    return JsStackTrace{{}, ""};
+  }
+
   return future.get();
 }
 
@@ -381,17 +389,19 @@ void CaptureStackTraces(const FunctionCallbackInfo<Value> &args) {
 
       auto thread_name = thread_info.thread_name;
       auto poll_state = thread_info.poll_state;
-
-      futures.emplace_back(std::async(
-          std::launch::async,
-          [thread_isolate, thread_name, poll_state](
-              const std::optional<AsyncLocalStorageLookup> &async_store)
-              -> ThreadResult {
-            return ThreadResult{thread_name,
-                                CaptureStackTrace(thread_isolate, async_store),
-                                poll_state};
-          },
-          std::cref(thread_info.async_store)));
+      // Capture shared_ptr to keep async_store alive even if thread is removed
+      // from map
+      auto async_store_ptr = thread_info.async_store;
+
+      futures.emplace_back(
+          std::async(std::launch::async,
+                     [thread_isolate, thread_name, poll_state,
+                      async_store_ptr]() -> ThreadResult {
+                       return ThreadResult{
+                           thread_name,
+                           CaptureStackTrace(thread_isolate, *async_store_ptr),
+                           poll_state};
+                     }));
     }
   }
 
@@ -516,8 +526,12 @@ void RegisterThreadInternal(
   std::lock_guard<std::mutex> lock(threads_mutex);
   auto found = threads.find(isolate);
   if (found == threads.end()) {
-    threads.emplace(isolate, ThreadInfo{thread_name, milliseconds::zero(),
-                                        std::move(async_store), ""});
+    threads.emplace(
+        isolate,
+        ThreadInfo{thread_name, milliseconds::zero(),
+                   std::make_shared<std::optional<AsyncLocalStorageLookup>>(
+                       std::move(async_store)),
+                   ""});
     // Register a cleanup hook to remove this thread when the isolate is
     // destroyed
     node::AddEnvironmentCleanupHook(isolate, Cleanup, isolate);