[Webkit-unassigned] [Bug 256262] New: HTMLCanvasElement is orphaned causing a HTMLDocument leak on YouTube video pages
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 3 09:56:50 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=256262
Bug ID: 256262
Summary: HTMLCanvasElement is orphaned causing a HTMLDocument
leak on YouTube video pages
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Canvas
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rreno at apple.com
CC: dino at apple.com, webkit-bug-importer at group.apple.com
See also https://webkit.org/b/251835
Quoting Simon from that bug:
>Launch a recent Safari or MiniBrowser build from terminal (so you can see the output), and visit a YouTube.com video page (or a page with YouTube.com in a subframe). In that tab, navigate to about:blank, then trigger the low memory >handler (to clear caches):
>> notifyutil -p "org.WebKit.lowMemory"
>
>then dump the list of live documents:
>> notifyutil -p "com.apple.WebKit.showAllDocuments"
As of 263633 at main you will likely see the YouTube document with ref count > 10 and referencingNodeCount anywhere from about 7500 - 15000 depending on when you navigated away from the page. If you apply the patch in the PR in 251835 then you will see the HTMLDocument has refCount 0 and referencingNodeCount 1. That 1 node is an HTMLCanvasElement.
>From preliminary testing (adding Ref tracking to HTMLCanvasElement and to the Node ctor and dtors) it appears the pointer to the element may have been leaked from the smart pointer and never derefed.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230503/2f79f33d/attachment-0001.htm>
More information about the webkit-unassigned
mailing list