[Webkit-unassigned] [Bug 256404] Document leak from google.com search results

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun May 7 17:51:12 PDT 2023


https://bugs.webkit.org/show_bug.cgi?id=256404

Ryan Reno <rreno at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cdumez at apple.com,
                   |                            |wenson_hsieh at apple.com
          Component|DOM                         |Forms

--- Comment #3 from Ryan Reno <rreno at apple.com> ---
This isn't google-specific. Any page with an input type=text element on it that has text typed in will leak.

>index.html
<!DOCTYPE html>
<form action="/simple.html" autocomplete="off" method="GET">
    <input type="text" name="text"/>
    <input type="submit"/>
</form>

>simple.html
<!DOCTYPE html>
This is a simple page


If you type any text into the form on index.html then click submit and then issue a low memory warning and showAllDocuments you will see the index.html document leaked.

According to this backtrace we're keeping an EditCommand around which holds a strong reference to the Document. More investigation is needed to figure out what's holding the EditCommand.

RefTracker: Backtrace for token 29180 (http://localhost:14014/)
1   0x136b84738 WTF::RefTracker::trackRef(WTF::String const&)
2   0x28388d544 WebCore::Document::trackRef()
3   0x2830cb32c void WTF::RefTrackingTraits::ref<WebCore::Document>(WebCore::Document&)
4   0x2830cb2c8 WTF::Ref<WebCore::Document, WTF::RawPtrTraits<WebCore::Document>, WTF::RefDerefTraits>::Ref(WebCore::Document&)
5   0x280e0d988 WTF::Ref<WebCore::Document, WTF::RawPtrTraits<WebCore::Document>, WTF::RefDerefTraits>::Ref(WebCore::Document&)
6   0x283bfd374 WebCore::EditCommand::EditCommand(WebCore::Document&, WebCore::EditAction)
7   0x283bf3c0c WebCore::SimpleEditCommand::SimpleEditCommand(WebCore::Document&, WebCore::EditAction)
8   0x283c66b2c WebCore::InsertIntoTextNodeCommand::InsertIntoTextNodeCommand(WTF::Ref<WebCore::Text, WTF::RawPtrTraits<WebCore::Text>, WTF::RefDerefTraits>&&, unsigned int, WTF::String const&, WebCore::EditAction)
9   0x283c66ca4 WebCore::InsertIntoTextNodeCommand::InsertIntoTextNodeCommand(WTF::Ref<WebCore::Text, WTF::RawPtrTraits<WebCore::Text>, WTF::RefDerefTraits>&&, unsigned int, WTF::String const&, WebCore::EditAction)
10  0x283bd9bfc WebCore::InsertIntoTextNodeCommand::create(WTF::Ref<WebCore::Text, WTF::RawPtrTraits<WebCore::Text>, WTF::RefDerefTraits>&&, unsigned int, WTF::String const&, WebCore::EditAction)
11  0x283bd37c8 WebCore::CompositeEditCommand::insertTextIntoNode(WebCore::Text&, unsigned int, WTF::String const&)
12  0x283c6e1bc WebCore::InsertTextCommand::doApply()
13  0x283bd800c WebCore::CompositeEditCommand::applyCommandToComposite(WTF::Ref<WebCore::CompositeEditCommand, WTF::RawPtrTraits<WebCore::CompositeEditCommand>, WTF::RefDerefTraits>&&, WebCore::VisibleSelection const&)
14  0x283caf25c WebCore::TypingCommand::insertTextRunWithoutNewlines(WTF::String const&, bool)
15  0x283cd140c WebCore::TypingCommandLineOperation::operator()(unsigned long, unsigned long, bool) const
16  0x283caf114 void WebCore::forEachLineInString<WebCore::TypingCommandLineOperation>(WTF::String const&, WebCore::TypingCommandLineOperation const&)
17  0x283caeff0 WebCore::TypingCommand::insertText(WTF::String const&, bool)
18  0x283cadb8c WebCore::TypingCommand::insertTextAndNotifyAccessibility(WTF::String const&, bool)
19  0x283cad9d8 WebCore::TypingCommand::insertText(WebCore::Document&, WTF::String const&, WebCore::VisibleSelection const&, unsigned int, WebCore::TypingCommand::TextCompositionType)
20  0x283c1a078 WebCore::Editor::insertTextWithoutSendingTextEvent(WTF::String const&, bool, WebCore::TextEvent*)
21  0x283c18fa8 WebCore::Editor::handleTextEvent(WebCore::TextEvent&)
22  0x2847bb050 WebCore::EventHandler::defaultTextInputEventHandler(WebCore::TextEvent&)
23  0x283a9d920 WebCore::Node::defaultEventHandler(WebCore::Event&)
24  0x283e38f40 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&)
25  0x2839fbf70 WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&)
26  0x2839fb6cc WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
27  0x283a9d1b8 WebCore::Node::dispatchEvent(WebCore::Event&)
28  0x2847bad88 WebCore::EventHandler::handleTextInputEvent(WTF::String const&, WebCore::Event*, WebCore::TextEventInputType)
29  0x283c21b04 WebCore::Editor::insertText(WTF::String const&, WebCore::Event*, WebCore::TextEventInputType)
30  0x11a267e2c WebKit::WebPage::executeKeypressCommandsInternal(WTF::Vector<WebCore::KeypressCommand, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::KeyboardEvent*)
31  0x11a268fb0 WebKit::WebPage::handleEditingKeyboardEvent(WebCore::KeyboardEvent&)
32  0x11a17c67c WebKit::WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent&)
33  0x283c18bd8 WebCore::Editor::handleKeyboardEvent(WebCore::KeyboardEvent&)
34  0x2847b96d4 WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent&)
35  0x283a9d7f4 WebCore::Node::defaultEventHandler(WebCore::Event&)
36  0x283e38b04 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&)
37  0x2839fbf70 WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&)
38  0x2839fb6cc WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
39  0x283a9d1b8 WebCore::Node::dispatchEvent(WebCore::Event&)
40  0x2847b8620 WebCore::EventHandler::internalKeyEvent(WebCore::PlatformKeyboardEvent const&)
41  0x2847b7968 WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&)
42  0x285731900 WebCore::UserInputBridge::handleKeyEvent(WebCore::PlatformKeyboardEvent const&, WebCore::InputSource)
43  0x11b0dfe1c WebKit::handleKeyEvent(WebKit::WebKeyboardEvent const&, WebCore::Page*)
44  0x11b0dfc14 WebKit::WebPage::keyEvent(WebKit::WebKeyboardEvent const&)
45  0x11b19ba14 auto void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...)::operator()<WebKit::WebKeyboardEvent>(auto&&...) const
46  0x11b19b92c decltype(std::declval<WebKit::WebPage>()(std::declval<WebKit::WebKeyboardEvent>())) std::__1::__invoke[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), WebKit::WebKeyboardEvent>(WebKit::WebPage&&, WebKit::WebKeyboardEvent&&)
47  0x11b19b8fc decltype(auto) std::__1::__apply_tuple_impl[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), std::__1::tuple<WebKit::WebKeyboardEvent>, 0ul>(WebKit::WebPage&&, WebKit::WebPage&&, std::__1::__tuple_indices<0ul>)
48  0x11b19b8bc decltype(auto) std::__1::apply[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage&&, WebKit::WebPage&&)
49  0x11b19b0fc void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)
50  0x11b15eb04 void IPC::handleMessage<Messages::WebPage::KeyEvent, WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&))
51  0x11b1572c8 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)
52  0x11b0ea820 WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
53  0x11b6c2a04 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
54  0x11a7ed8d8 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
55  0x11b6967ac IPC::Connection::dispatchMessage(IPC::Decoder&)
56  0x11b696c40 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)
57  0x11b696f7c IPC::Connection::dispatchOneIncomingMessage()
58  0x11b6b4e1c IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)::$_17::operator()() const
59  0x11b6b4d5c WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)::$_17, void>::call()
60  0x138968d2c WTF::Function<void ()>::operator()() const
61  0x136b8bfe0 WTF::RunLoop::performWork()
62  0x136b90560 WTF::RunLoop::performWork(void*)
63  0x18215bb54 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
64  0x18215bae8 __CFRunLoopDoSource0
65  0x18215b858 __CFRunLoopDoSources0
66  0x18215a460 __CFRunLoopRun
67  0x182159a70 CFRunLoopRunSpecific
68  0x1831c7168 -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
69  0x18323ee58 -[NSRunLoop(NSRunLoop) run]
70  0x181dadef0 _xpc_objc_main
71  0x181dbcb94 _xpc_main
72  0x181dada9c _xpc_copy_xpcservice_dictionary
73  0x1194c57cc WebKit::XPCServiceMain(int, char const**)
74  0x11b664e08 WKXPCServiceMain
75  0x102f53f9c main
76  0x181d02058 start

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230508/2aec363b/attachment.htm>


More information about the webkit-unassigned mailing list