Issue details assume #319 is merged.
Import return buffers allocated via cabi_realloc in the splicer are never freed. The old free_list bulk free in post_call was the only mechanism reclaiming them, but it also caused use-after-free (#224, fixed by #319).
The retptr is returned to JS as a pointer, and JS reads from it after the WASM glue returns, so there's no obvious place to insert a free in the current architecture. This is an unbounded leak for components that make repeated import calls returning strings or lists.
Separately, I noticed the bindgen sets post_return: None so ComponentizeJS never generates post-return functions for exports. The canonical ABI expects the host to call post-return so the guest can free export return buffers. I haven't investigated whether post_call covers this already.
Issue details assume #319 is merged.
Import return buffers allocated via
cabi_reallocin the splicer are never freed. The oldfree_listbulk free inpost_callwas the only mechanism reclaiming them, but it also caused use-after-free (#224, fixed by #319).The retptr is returned to JS as a pointer, and JS reads from it after the WASM glue returns, so there's no obvious place to insert a free in the current architecture. This is an unbounded leak for components that make repeated import calls returning strings or lists.
Separately, I noticed the bindgen sets
post_return: Noneso ComponentizeJS never generates post-return functions for exports. The canonical ABI expects the host to call post-return so the guest can free export return buffers. I haven't investigated whetherpost_callcovers this already.