Summary
Remove incorrect Module._free(debugBuffer) call that passes a typed-array view instead of a pointer
Environment
- Product/Service: FeatureSET-Display — JavaScript API
- Files:
src/ARFset.js:144, js/arfset.api.js:114
Problem Description
Both src/ARFset.js:144 and js/arfset.api.js:114 call Module._free(debugBuffer) where debugBuffer is a Uint8ClampedArray view, not an integer heap pointer. Module._free expects a raw wasm memory address (integer). Passing a JS typed-array object is a no-op at best; if the JS engine coerces the object to a number that happens to land on a valid heap address, it silently corrupts the wasm heap.
The buffer itself is a view onto wasm memory owned and managed by the C++ side — JS must not free it.
Expected Behavior
No Module._free call is made from JS for this buffer. The C++ side manages its own memory.
Actual Behavior
Module._free is called with a Uint8ClampedArray object, which is either a silent no-op or a potential heap-corruption vector.
Tasks
Impact
Medium — Potential wasm heap corruption if the coercion produces a valid-looking pointer; at minimum a latent correctness bug.
Additional Context
Small, isolated fix with no API surface change. Good candidate for an early "easy win" alongside 2b and 2c.
Summary
Remove incorrect
Module._free(debugBuffer)call that passes a typed-array view instead of a pointerEnvironment
src/ARFset.js:144,js/arfset.api.js:114Problem Description
Both
src/ARFset.js:144andjs/arfset.api.js:114callModule._free(debugBuffer)wheredebugBufferis aUint8ClampedArrayview, not an integer heap pointer.Module._freeexpects a raw wasm memory address (integer). Passing a JS typed-array object is a no-op at best; if the JS engine coerces the object to a number that happens to land on a valid heap address, it silently corrupts the wasm heap.The buffer itself is a view onto wasm memory owned and managed by the C++ side — JS must not free it.
Expected Behavior
No
Module._freecall is made from JS for this buffer. The C++ side manages its own memory.Actual Behavior
Module._freeis called with aUint8ClampedArrayobject, which is either a silent no-op or a potential heap-corruption vector.Tasks
Module._free(debugBuffer)call fromsrc/ARFset.js:144Module._free(debugBuffer)call fromjs/arfset.api.js:114Impact
Medium — Potential wasm heap corruption if the coercion produces a valid-looking pointer; at minimum a latent correctness bug.
Additional Context
Small, isolated fix with no API surface change. Good candidate for an early "easy win" alongside 2b and 2c.