fix(statement): add strong reference to database object to prevent use-after-free

Author: mceachen

src/sqlite_impl.cpp

@@ -1439,6 +1439,11 @@ void StatementSync::InitStatement(DatabaseSync *database,
   }
 
   database_ = database;
+  // Create a strong reference to the database object to prevent it from being
+  // garbage collected while this statement exists. This fixes use-after-free
+  // when the database is GC'd before its statements.
+  // See: https://github.com/nodejs/node/pull/56840
+  database_ref_ = Napi::Persistent(database->Value());
   source_sql_ = sql;
 
   // Apply database-level defaults
@@ -1470,6 +1475,10 @@ StatementSync::~StatementSync() {
   if (statement_ && !finalized_) {
     sqlite3_finalize(statement_);
   }
+  // Release the strong reference to the database object
+  if (!database_ref_.IsEmpty()) {
+    database_ref_.Reset();
+  }
 }
 
 Napi::Value StatementSync::Run(const Napi::CallbackInfo &info) {

src/sqlite_impl.h

@@ -267,7 +267,11 @@ class StatementSync : public Napi::ObjectWrap<StatementSync> {
   Napi::Value CreateResult();
   void Reset();
 
-  DatabaseSync *database_;
+  DatabaseSync *database_ = nullptr;
+  // Strong reference to database object to prevent GC while statement exists.
+  // This fixes use-after-free when database is GC'd before its statements.
+  // See: https://github.com/nodejs/node/pull/56840
+  Napi::ObjectReference database_ref_;
   sqlite3_stmt *statement_ = nullptr;
   std::string source_sql_;
   bool finalized_ = false;