Skip to content

JS constants not initialised properly causing JsValue::null() to leak memory #4490

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
J-Cake opened this issue Apr 25, 2025 · 0 comments
Open

JS constants not initialised properly causing JsValue::null() to leak memory #4490

J-Cake opened this issue Apr 25, 2025 · 0 comments
Labels
bug

Comments

@J-Cake
Copy link

J-Cake commented Apr 25, 2025
edited
Loading

Describe the Bug

A wasm-bindgen - generated module returns bindings which initialise tables used to allow Rust to generate JS values. The emitted bindings (usually the *_js_bg.js file) contains a __wbindgen_init_externref_table() function which correctly initialises these constants. However, the current system does not call this function.

Steps to Reproduce

  1. Generate a wasm-bindgen module which calls JsValue::null()
  2. Load the bindings using the code:
import mod from '#mod/main.wasm';
import * as util from '#mod/util.js';

const wasm = new WebAssembly.Instance(new WebAssembly.Module(mod), {
    "./mod_js_bg.js": util as any,
});

util.__wbg_set_wasm(wasm.exports);

export * from '#mod/util.js';
  1. This can be observed more reliably by "doing something" before printing out null values because the uninitialised constants table will leak memory. For example, I was implementing a REPL for a parser I implemented in Rust. When the expression returned a null value, it is cast back to a JsValue::null(). Before the initialisation, this call would print out the value I typed into the REPL which first caused it to return null. If that were a password for example, that could be a major security issue.

If applicable, add a link to a test case (as a zip file or link to a repository we can clone).

Expected Behavior

The utility module's __wbg_set_wasm() function should also initialise the wasm context by calling the necessary initialisation functions.

Actual Behavior

A clear and concise description of what actually happened.

If applicable, add screenshots to help explain your problem.

Negative Positive
Image Image

The two screenshots show the results of enabling/disabling the initialisation. In both cases, the query {a:0} returns a null value (represented by the keyword nothing).

The left screenshot shows the conversion of a Nothing to a JsValue("{a:0}") while the right shows the correct transformation into a JsValue(null)

Additional Context

A non-functional real-life example can be found here.

clone that exact tag, build the module and run the example repl.ts. Enter {a:0} to observe error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@J-Cake