Summary
Reclaim Rust-side allocations on encode error paths when token-to-C-string conversion fails.
Problem
The current Rust FFI layer can leak allocations in encode and encode_batch_pairs if CString::new(token.as_str()) fails while building token buffers.
This is separate from the Go lifecycle fix in PR #114. The Go-side EncodePairs cleanup is not the problem there; the real gap is inside the Rust allocation path before the FFI output is fully returned to Go.
Affected areas:
src/lib.rs encodesrc/lib.rs encode_batch_pairs
Scope
- Audit Rust allocation/error paths in
encode and encode_batch_pairs
- Ensure partially allocated IDs, type IDs, token strings, masks, and offsets are reclaimed before returning
ERROR_CSTRING_CONVERSION_FAILED
- Reuse or extend existing cleanup helpers where appropriate
- Add regression coverage for the failure path if practical
Acceptance criteria
- No Rust-owned allocations are leaked when token C-string conversion fails in
encode
- No Rust-owned allocations are leaked when token C-string conversion fails in
encode_batch_pairs
- Cleanup behavior is consistent with the existing two-phase buffer handoff model
- Any added tests fail before the fix and pass after it
Context: surfaced while reviewing PR #114.
Part of #104.
Summary
Reclaim Rust-side allocations on encode error paths when token-to-C-string conversion fails.
Problem
The current Rust FFI layer can leak allocations in
encodeandencode_batch_pairsifCString::new(token.as_str())fails while building token buffers.This is separate from the Go lifecycle fix in PR #114. The Go-side
EncodePairscleanup is not the problem there; the real gap is inside the Rust allocation path before the FFI output is fully returned to Go.Affected areas:
src/lib.rsencodesrc/lib.rsencode_batch_pairsScope
encodeandencode_batch_pairsERROR_CSTRING_CONVERSION_FAILEDAcceptance criteria
encodeencode_batch_pairsContext: surfaced while reviewing PR #114.
Part of #104.