Potential fix for code scanning alert no. 6: Mismatching new/free or malloc/delete

[amikhail48]

Potential fix for https://github.com/RunEdgeAI/coreflow/security/code-scanning/6

In general, to fix a mismatched allocation/deallocation, you must pair malloc/calloc/realloc with free, and new/new[] with delete/delete[]. You should use the same mechanism for all allocations and deallocations of a given buffer.

For this specific case, data_addr is allocated via allocateScalarMemory(size). CodeQL reports that this ultimately uses new[], so deallocation must use delete[] instead of free. The logic in the VX_WRITE_ONLY case reallocates when data_len < size by saving the old pointer in tmp_addr, calling allocateScalarMemory(size) to allocate a new buffer, and if successful, freeing the old buffer. The only incorrect operation is using free(tmp_addr); to release that old buffer. We should replace it with delete[] tmp_addr;, performing the correct deallocation while preserving the rest of the behavior.

Concretely, in framework/src/vx_scalar.cpp, in the case VX_WRITE_ONLY: branch where data_len < size, change line 271 from free(tmp_addr); to delete[] static_cast<vx_uint8*>(tmp_addr); (or delete[] tmp_addr; if data_addr is known to be a vx_uint8* or similar array type). Since we only see void * here, a safe and explicit fix is to cast back to the element type used for allocation. Assuming data_addr/tmp_addr actually hold a vx_uint8[] (common for scalar storage), we can cast to vx_uint8* before deleting with delete[]. No new headers are needed; delete[] is built into C++.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.