From 9f0f50a5a503895efb96a20545e4d06c7aaf0dce Mon Sep 17 00:00:00 2001
From: ndossche <nora.dossche@ugent.be>
Date: Fri, 29 May 2026 12:06:49 +0200
Subject: [PATCH] sqlite: fix stack-use-after-scope with function callback

The `hasIt` block has `Local<Function>`s, but it's capture in the
lambda, yet the lambda is used after the locals go out of scope.

Signed-off-by: ndossche <nora.dossche@ugent.be>
---
 src/node_sqlite.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/node_sqlite.cc b/src/node_sqlite.cc
index 522d3c24cfba70..3e9894608b3791 100644
--- a/src/node_sqlite.cc
+++ b/src/node_sqlite.cc
@@ -2254,6 +2254,8 @@ void DatabaseSync::ApplyChangeset(const FunctionCallbackInfo<Value>& args) {
     return;
   }
 
+  Local<Function> conflictFunc;
+  Local<Function> filterFunc;
   if (args.Length() > 1 && !args[1]->IsUndefined()) {
     if (!args[1]->IsObject()) {
       THROW_ERR_INVALID_ARG_TYPE(env->isolate(),
@@ -2276,7 +2278,7 @@ void DatabaseSync::ApplyChangeset(const FunctionCallbackInfo<Value>& args) {
             "The \"options.onConflict\" argument must be a function.");
         return;
       }
-      Local<Function> conflictFunc = conflictValue.As<Function>();
+      conflictFunc = conflictValue.As<Function>();
       context.conflictCallback = [env, conflictFunc](int conflictType) -> int {
         Local<Value> argv[] = {Integer::New(env->isolate(), conflictType)};
         TryCatch try_catch(env->isolate());
@@ -2313,7 +2315,7 @@ void DatabaseSync::ApplyChangeset(const FunctionCallbackInfo<Value>& args) {
         return;
       }
 
-      Local<Function> filterFunc = filterValue.As<Function>();
+      filterFunc = filterValue.As<Function>();
 
       context.filterCallback =
           [env, db, filterFunc](std::string_view item) -> bool {