Skip to content

WASM memory corruption after freeing terminal that processed multi-codepoint grapheme clusters #141

New issue
New issue
Open
Open
WASM memory corruption after freeing terminal that processed multi-codepoint grapheme clusters#141
@beorn

Description

@beorn
beorn
opened on Mar 15, 2026

Environment

  • OS: macOS 15.4 (Darwin 25.2.0, arm64)
  • Package: ghostty-web@0.4.0
  • Runtime: Bun 1.3.9

Description

Calling terminal.free() after writing any multi-codepoint grapheme cluster (flag emoji, skin tone modifiers, ZWJ sequences, keycap sequences) corrupts the shared WASM memory. All subsequent createTerminal() + write() calls crash with an out-of-bounds memory access.

Single-codepoint characters (ASCII, CJK, simple emoji like 😀) do not trigger the bug.

Reproduction

import { Ghostty } from "ghostty-web";

const ghostty = await Ghostty.load();

const term1 = ghostty.createTerminal(80, 24);
term1.write("👋🏽");  // Any multi-codepoint grapheme cluster
term1.free();         // ← corrupts WASM memory

const term2 = ghostty.createTerminal(80, 24);
term2.write("Hello"); // ← crashes

Save as repro.ts and run with bun run repro.ts.

Characters that trigger the bug

All multi-codepoint grapheme clusters:

  • Flag emoji: 🇺🇸 🇬🇧 🇯🇵 (regional indicator pairs)
  • Skin tone: 👋🏽 (base + Fitzpatrick modifier)
  • ZWJ families: 👨‍👩‍👧 (ZWJ sequences)
  • Keycap: 1️⃣ (digit + VS16 + combining enclosing keycap)

Characters that do NOT trigger the bug

Single-codepoint characters:

  • ASCII: Hello
  • CJK: 漢字
  • Simple emoji: 😀 (single codepoint, no modifiers)

Error Output

RuntimeError: Out of bounds memory access (evaluating 'this.exports.ghostty_terminal_write(this.handle, g, B.length)')
    at write (ghostty-web.js:145:64)

The crash is in ghostty_terminal_write — the WASM linear memory has been corrupted by the preceding free(), so the next write() accesses invalid memory.

Impact

This blocks using ghostty-web for multi-terminal workflows (test suites, terminal pools, tab management) where terminals are created, used, and freed in sequence. If any terminal processes grapheme clusters before being freed, all subsequent terminals in the same WASM instance are broken.

Workaround

Don't free terminals that have processed multi-codepoint grapheme clusters. Leak them instead:

// Instead of term.free(), just abandon the reference
// term.free()  // ← skip this
term = null;

Or use one process per terminal (expensive but avoids shared WASM state).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions