[Webkit-unassigned] [Bug 138226] New: XSSAuditor memory leak when posting large form

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=138226

            Bug ID: 138226
           Summary: XSSAuditor memory leak when posting large form
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: iOS
                OS: iOS 7.0
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mofakhre at microsoft.com

Created attachment 240690
  --> https://bugs.webkit.org/attachment.cgi?id=240690&action=review
HTML file that causes Mobile Safari to crash.

Submitting certain forms to any endpoint that returns any response will cause XSSAuditor and JavaScriptCore to allocate hundreds of MB in memory until the process crashes, even when the form is just 6 MB in size. Attached is a sample message. Change the form target to anything that returns any response, or return a dummy response in Fiddler.

Profiling in instruments shows thousands of allocations of 528 Bytes by:
WTF::MallocHook::recordAllocation
WTF::fastMalloc
WebCore::SuffixTree
WebCore::XSSAuditor
WebCore::HTMLDocumentParser
...

I can send the trace if requested (it seems I'm only allowed one attachment here).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141030/b9e41e7e/attachment-0002.html>