Wasmtime GitHub notifications bot (Apr 12 2026 at 13:15): Wasmtime GitHub notifications bot (Apr 12 2026 at 13:15):jedisct1 requested fitzgen for a review on PR #13062.
Wasmtime GitHub notifications bot (Apr 12 2026 at 13:15):jedisct1 opened PR #13062 from dip-proto:jit-free-memory-leak to bytecodealliance:main:
SUMMARY
JITModule::free_memorydelegates toSystemMemoryProvider::free_memory, but the implementation leaves the active allocation incurrentintact and, on Windows, never deallocates anyPtrLenat all.PROVENANCE
This exploration and report were automatically generated by the Swival Security Scanner (https://swival.dev).PRECONDITIONS
- A caller uses the documented
JITModule::free_memoryAPI to free JIT code/data memory after the module is no longer in use.- The module was allocated through
SystemMemoryProvider, which is the concrete provider implemented incranelift/jit/src/memory/system.rs.PROOF
JITModule::free_memorycallsself.memory.free_memory()incranelift/jit/src/backend.rs:192.- The trait contract for this operation is
JITMemoryProvider::free_memoryincranelift/jit/src/memory/mod.rs:33.SystemMemoryProvider::free_memoryforwards toMemory::free_memoryfor each region kind incranelift/jit/src/memory/system.rs:254.Memory::allocatekeeps the most recent allocation inself.current; older segments are only moved intoself.allocationswhen a new segment is started incranelift/jit/src/memory/system.rs:157.Memory::free_memoryonly clearsself.allocationsincranelift/jit/src/memory/system.rs:216, so the still-liveself.currentallocation is never freed andself.positionis not reset.- On Windows,
PtrLen::with_sizeallocates withVirtualAllocincranelift/jit/src/memory/system.rs:71, but the file has no WindowsDropimplementation forPtrLenatcranelift/jit/src/memory/system.rs:112, so even cleared historical allocations are not released.- Therefore the documented free operation is observably incomplete in the current code.
WHY THIS IS A REAL BUG
This is a direct contract violation in a public deallocation path, not a speculative hardening idea. A caller that follows the API documentation to release compiled code/data memory does not actually get that behavior.PATCH RATIONALE
The patch is minimal: it adds the missing WindowsDropimplementation forPtrLen, explicitly drops the activecurrentallocation duringfree_memory, and resets the position state. It changes only the broken deallocation logic and leaves allocation/finalization behavior untouched.RESIDUAL RISK
None<!--
Please make sure you include the following information:
If this work has been discussed elsewhere, please include a link to that
conversation. If it was discussed in an issue, just mention "issue #...".Explain why this change is needed. If the details are in an issue already,
this can be brief.Our development process is documented in the Wasmtime book:
https://docs.wasmtime.dev/contributing-development-process.htmlPlease ensure all communication follows the code of conduct:
https://github.com/bytecodealliance/wasmtime/blob/main/CODE_OF_CONDUCT.md
-->
Wasmtime GitHub notifications bot (Apr 12 2026 at 13:15):jedisct1 requested wasmtime-compiler-reviewers for a review on PR #13062.
Wasmtime GitHub notifications bot (Apr 12 2026 at 14:15):bjorn3 submitted PR review.
Wasmtime GitHub notifications bot (Apr 12 2026 at 14:15):bjorn3 created PR review comment:
You did also have to leak
currentin theDropimpl ofMemory.
Wasmtime GitHub notifications bot (Apr 12 2026 at 14:52):jedisct1 updated PR #13062.
Wasmtime GitHub notifications bot (Apr 12 2026 at 14:52):jedisct1 submitted PR review.
Wasmtime GitHub notifications bot (Apr 12 2026 at 14:52):jedisct1 created PR review comment:
Updated
Drop for Memoryto also leakcurrent.
Wasmtime GitHub notifications bot (Apr 12 2026 at 17:40):jedisct1 closed without merge PR #13062.
Last updated: Apr 13 2026 at 00:25 UTC