[Webkit-unassigned] [Bug 251835] The Document object is leaked on some pages using media (like YouTube.com)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Apr 30 20:16:37 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=251835
--- Comment #7 from Ryan Reno <rreno at apple.com> ---
Ok it's not event listeners on the MediaQueryList. I added a call to removeAllEventListeners when the MediaQueryList is detached from the MediaQueryMatcher and the leak persisted.
I re-ran the reproducing steps with Ref Tracking again and found some underef-ed source buffers originating from calls to MedaiSource.addSourceBuffer in JS. Looking at the GCHeapInspector there are three MediaSource objects alive, one of which has the YouTube URL. I clicked "Show all paths" (of which there are over 16k). The four roots tied for shortest path (36) are all JS Function objects which are held by Strong<> handles.
These four functions are also roots of the leaked document (only 11 steps away)!
I'm not sure if it's a coincidence or not but MediaSource and the leaked HTMLDocument happen to have the exact same number of paths from all roots to them - 16,626
I'm going to go looking for Strong<> handles that don't belong or should have otherwise been released. I wonder if some of the concepts from RefTracking can be applied to those handles without blowing anything up. Getting tattle tale stack traces would be helpful.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230501/7edd58f2/attachment.htm>
More information about the webkit-unassigned
mailing list