[Webkit-unassigned] [Bug 29093] New: [V8] HTML attribute listeners leak memory.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 9 10:29:58 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=29093
Summary: [V8] HTML attribute listeners leak memory.
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: vitalyr at chromium.org
CC: dglazkov at chromium.org
[V8] HTML attribute listeners leak memory.
Creating DOM elements using innerHTML with listeners will leak memory in case
these listeners are invoked at least once.
function leak() {
var node = document.createElement("span");
node.innerHTML = "<span onclick=''></span>";
node.childNodes[0].onclick(); // (*)
}
If you remove (*) line everything is back to normal. The cycle looks like this:
C++ Span Element <---------------------- JS node wrapper
| ^
v |
V8LazyEventListener --[strong handle]--> JS function (onclick)
The reference between JS function and JS wrapper gets created in
V8LazyEventListener when it lazily compiles the function. This is very similar
to http://crbug.com/17400 but with a different C++ listener type.
This can be fixed like http://crbug.com/17400 by making the handle in
V8LazyEventListener weak and adding a hidden dependency from JS wrapper to JS
function to prevent the function from being collected.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list