[Webkit-unassigned] [Bug 198964] New: Safari crashes after ~2028 OfflineAudioContext objects are created (they never get garbage collected, consuming a thread each)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 18 08:14:31 PDT 2019 

https://bugs.webkit.org/show_bug.cgi?id=198964

            Bug ID: 198964
           Summary: Safari crashes after ~2028 OfflineAudioContext objects
                    are created (they never get garbage collected,
                    consuming a thread each)
           Product: WebKit
           Version: Safari 12
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Audio
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: schngrg at gmail.com

Trying to create more than 2028 OfflineAudioContext (or AudioContext) crashes the Safari/WebKit page. In WebKit C++ code (AudioContext.cpp), it looks like every OfflineAudioContext takes a thread and the crash is forced when the total pool of 2048 threads is exhausted.

Possible solution: Fix garbage collection of OfflineAudioContexts. OfflineAudioContexts are never garbage collected. In WebKit C++ code, any code that could mark OfflineAudioContext as ready for garbage collection is not reached because of isOfflineContext() checks in AudioContext.cpp.

Background: WebPage gets small buffers of audio data, and wants to load it in audiobuffers to process with OfflineAudioContext. OfflineAudioContext can't be reused (https://github.com/WebAudio/web-audio-api/issues/346). For each small buffer of audio data received a new OfflineAudioContext needs to be created, but the total limit is soon exhausted because OfflineAudioContext never gets garbage collected.

Tried calling both stop() or close() etc but that didn't help because of isOfflineContext() checks in AudioContext.cpp.


Sample code:
    for (let i = 0; i < 3000; i++) { // Safari will crash at i 2026 or 2028, on both iOS and Mac
      let ctx = new OfflineAudioContext(1, 16384, 44100);
      console.log(i);
    }

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190618/90d1de65/attachment.html>

More information about the webkit-unassigned mailing list