[Webkit-unassigned] [Bug 247618] New: ReadableStream::pipeTo memory leak

Tue Nov 8 07:22:42 PST 2022

https://bugs.webkit.org/show_bug.cgi?id=247618

            Bug ID: 247618
           Summary: ReadableStream::pipeTo memory leak
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: bugzilla at gpost.dk

When a ReadableStream is piped to a WritableStream using pipeTo() with the signal option, the pipeState object will be retained indefinitely unless the signal is aborted.

Specifically, the algorithm() method passed as the abort signal handler references the pipeState.finalized property, causing it to be referenced as along as the abort has not been triggered:

https://github.com/WebKit/WebKit/blob/bdb44a70527586f1b1b746cfda75a2b0ae00c7f6/Source/WebCore/Modules/streams/ReadableStreamInternals.js#L167-L196

The issue was introduced in Bug 215448.

FYI, according to this comment, the spec was disregarded and a non-compliant solution was implemented instead: https://github.com/WebKit/WebKit/blob/bdb44a70527586f1b1b746cfda75a2b0ae00c7f6/Source/WebCore/Modules/streams/ReadableStreamInternals.js#L380

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221108/7b9b763b/attachment.htm>