Prevent use-after-free with vectors

Awhile back slices switched to being raw views into wasm memory, but this doens't work if we free the underlying memory unconditionally! Moving around a `Vec` is already moving a lot of data, so let's copy it onto the JS heap instead of leaving it in the wasm heap.
2025-06-16 14:31:22 +00:00 · 2018-05-21 11:23:46 -07:00
parent cfe7ebd463
commit dd76707ea1
3 changed files with 75 additions and 1 deletions
--- a/crates/cli-support/src/js/js2rust.rs
+++ b/crates/cli-support/src/js/js2rust.rs
@ -256,7 +256,7 @@ impl<'a, 'b> Js2Rust<'a, 'b> {
                const mem = getUint32Memory();\n\
                const ptr = mem[retptr / 4];\n\
                const len = mem[retptr / 4 + 1];\n\
-                const realRet = {}(ptr, len);\n\
+                const realRet = {}(ptr, len).slice();\n\
                wasm.__wbindgen_free(ptr, len * {});\n\
                return realRet;\n\
            ", f, ty.size());
--- a/crates/cli-support/src/js/rust2js.rs
+++ b/crates/cli-support/src/js/rust2js.rs
@ -90,6 +90,7 @@ impl<'a, 'b> Rust2Js<'a, 'b> {

            if !arg.is_by_ref() {
                self.prelude(&format!("\
+                    v{0} = v{0}.slice();\n\
                    wasm.__wbindgen_free({0}, {1} * {size});\
                ", abi, abi2, size = ty.size()));
                self.cx.require_internal_export("__wbindgen_free")?;