[Webkit-unassigned] [Bug 112521] New: ScriptProcessorNode is garbage collected while still active if unreachable

Sun Mar 17 14:07:34 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=112521

           Summary: ScriptProcessorNode is garbage collected while still
                    active if unreachable
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Web Audio
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: russell.mcclellan at gmail.com
                CC: crogers at google.com

When garbage collection runs, any ScriptProcessorNode's bindings are garbage collected if the JS binding is unreachable.  This can happen for instance if the ScriptProcessorNode is created inside a function.  Garbage collecting the binding will cause any event listeners to also be garbage collected, which will mean they won't be able to process any more audio.

Steps to reproduce:
1) create a ScriptProcessorNode from inside a function
2) attach an onaudioprocess handler
3) attach the script processor node to the audio graph
4) leave the function
5) trigger garbage collection

After garbage collection occurs, the onaudioprocess handler will be deleted and will never be called again.

This was reported in chrome as issue 82795: https://code.google.com/p/chromium/issues/detail?id=82795, but it's bug in webkit.  It happens in every version since it's a problem with the garbage collection scheme.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.