diff --git a/CHANGELOG.md b/CHANGELOG.md
index 58546a4344e..095e3af8ecf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,11 @@
 * Deprecate `wasm_bindgen_test_configure!`s `run_in_worker` in favor of `run_in_dedicated_worker`.
   [#3804](https://github.com/rustwasm/wasm-bindgen/pull/3804)
 
+### Fixed
+
+* Fixed UB when freeing strings received from JS if not using the default allocator.
+  [#3808](https://github.com/rustwasm/wasm-bindgen/pull/3808)
+
 ## [0.2.90](https://github.com/rustwasm/wasm-bindgen/compare/0.2.89...0.2.90)
 
 Released 2024-01-06
diff --git a/crates/cli-support/src/js/mod.rs b/crates/cli-support/src/js/mod.rs
index ee1c4790ff8..5a5ebfee527 100644
--- a/crates/cli-support/src/js/mod.rs
+++ b/crates/cli-support/src/js/mod.rs
@@ -1296,11 +1296,6 @@ impl<'a> Context<'a> {
             mem = mem,
         );
 
-        // TODO:
-        // When converting a JS string to UTF-8, the maximum size is `arg.length * 3`,
-        // so we just allocate that. This wastes memory, so we should investigate
-        // looping over the string to calculate the precise size, or perhaps using
-        // `shrink_to_fit` on the Rust side.
         self.global(&format!(
             "function {name}(arg, malloc, realloc) {{
                 {debug}
@@ -1314,6 +1309,7 @@ impl<'a> Context<'a> {
                     const ret = encodeString(arg, view);
                     {debug_end}
                     offset += ret.written;
+                    ptr = realloc(ptr, len, offset, 1) >>> 0;
                 }}
 
                 WASM_VECTOR_LEN = offset;
diff --git a/crates/cli/tests/reference/string-arg.js b/crates/cli/tests/reference/string-arg.js
index 8c006997f9d..7ce1a4db2f3 100644
--- a/crates/cli/tests/reference/string-arg.js
+++ b/crates/cli/tests/reference/string-arg.js
@@ -75,6 +75,7 @@ function passStringToWasm0(arg, malloc, realloc) {
         const ret = encodeString(arg, view);
 
         offset += ret.written;
+        ptr = realloc(ptr, len, offset, 1) >>> 0;
     }
 
     WASM_VECTOR_LEN = offset;