[Webkit-unassigned] [Bug 98498] New: REGRESSION: Rapid memory growth calling DOM APIs with large strings

Fri Oct 5 01:50:29 PDT 2012

https://bugs.webkit.org/show_bug.cgi?id=98498

           Summary: REGRESSION: Rapid memory growth calling DOM APIs with
                    large strings
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: HasReduction, Regression
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: esprehn at chromium.org
                CC: abarth at webkit.org, rniwa at webkit.org,
                    morrita at google.com, haraken at chromium.org

Calling DOM APIs like querySelector, querySelectorAll or getElementsByTagName cause rapid memory growth when called with ever increasingly large strings.

getElementsByTagName: Reproduces in Chrome Canary and all the way back to Chrome 22, but not in Chrome 20. I don't have Chrome 21. Does *not* reproduce in WebKit nightly (r130451 ) or Safari (6.0.1 (8536.26.14)).

querySelectorAll: Reproduces in Chrome Canary all the way back to Chrome 22, but not Chrome 20 *and* WebKit Nightly r130451.

I don't know why WebKit nightly sees this on QSA but not getElementsByTagName.

Reproduction:
1) Open Activity Monitor.app
2) Load the test case.
3) Watch the memory grow really fast.

Chrome's render process crashes rather quickly with:
Google Chrome Helper(26560,0xacca1a28) malloc: *** mmap(size=8388608) failed (error code=12)
*** error: can't allocate region securely
*** set a breakpoint in malloc_error_break to debug

WebKit nightly seems to flatten out around 2.3GB for me and doesn't crash??

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.