[Webkit-unassigned] [Bug 251835] The Document object is leaked on some pages using media (like YouTube.com)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Apr 26 15:10:00 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=251835
--- Comment #6 from Ryan Reno <rreno at apple.com> ---
The iron-media-query custom element seems to essentially be a wrapper over a MediaQueryList event listener. I added some instrumentation to EventListener RefPtrs and indeed they are left over after navigating away from a YouTube video. This isn't all that surprising given that the whole document is retained.
I put breakpoints in MediaQueryList::addListener and MediaQueryList::removeListener and they are (in hindsight unsurprisingly) called via custom element bindings. What is interesting is it seems like there are unpaired calls to add and remove - that is we are not calling removeListener as many times and we call addListener. So I added a global int32_t that checks balance by incrementing and decrementing in the appropriate functions. I found that after navigating away from the YouTube page and issuing the lowMemory notification the counter was at +10.
Since JSCEventListeners keep their function objects alive via marking when visited there's some strong evidence this imbalance in MediaQueryList addListener/removeListener is the source of the leaked document.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230426/6d721fde/attachment-0001.htm>
More information about the webkit-unassigned
mailing list