[Webkit-unassigned] [Bug 256404] Document leak on pages with text input forms such as google.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 9 19:36:31 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=256404

--- Comment #6 from Ryan Reno <rreno at apple.com> ---
Yes, seems related to undo stack.

WebPage holds a RefPtr to a WebUndoStep in a map. WebUndoStep holds a strong Ref to an UndoStep. In this case an EditCommandComposition derived class. The EditCommandComposition holds a RefPtr to the Document.

The EditCommandComposition also has a Vector of RefPtrs to EditCommands. These edit commands also hold strong Refs to the Document.

It looks like the UndoStep is never cleared out of the WebPage's map and so there are TypingCommand objects refing the Document which are stuck in a command list. I think if the (Web)UndoStep were destroyed the document wouldn't have refs remaining.

Here's the creation stack trace of that WebUndoStep:

RefTracker: Backtrace for token 13711 (EditCommandComposition)
1   0x1344beef8 WTF::RefTracker::trackRef(WTF::String const&)
2   0x14e670a08 WebCore::EditCommandComposition::trackRef() const
3   0x1184a64d0 void WTF::RefTrackingTraits::ref<WebCore::UndoStep>(WebCore::UndoStep&)
4   0x1184a6444 WTF::Ref<WebCore::UndoStep, WTF::RawPtrTraits<WebCore::UndoStep>, WTF::RefDerefTraits>::Ref(WebCore::UndoStep&)
5   0x11849524c WTF::Ref<WebCore::UndoStep, WTF::RawPtrTraits<WebCore::UndoStep>, WTF::RefDerefTraits>::Ref(WebCore::UndoStep&)
6   0x118495128 WebKit::WebEditorClient::registerUndoStep(WebCore::UndoStep&)
7   0x14e6b28f4 WebCore::Editor::appliedEditing(WebCore::CompositeEditCommand&)
8   0x14e7421cc WebCore::TypingCommand::typingAddedToOpenCommand(WebCore::TypingCommand::ETypingCommand)
9   0x14e7424cc WebCore::TypingCommand::insertTextRunWithoutNewlines(WTF::String const&, bool)
10  0x14e764564 WebCore::TypingCommandLineOperation::operator()(unsigned long, unsigned long, bool) const
11  0x14e742370 void WebCore::forEachLineInString<WebCore::TypingCommandLineOperation>(WTF::String const&, WebCore::TypingCommandLineOperation const&)
12  0x14e74224c WebCore::TypingCommand::insertText(WTF::String const&, bool)
13  0x14e740de8 WebCore::TypingCommand::insertTextAndNotifyAccessibility(WTF::String const&, bool)
14  0x14e741998 WebCore::TypingCommand::doApply()
15  0x14e654b3c WebCore::CompositeEditCommand::apply()
16  0x14e72ec50 WebCore::TextInsertionBaseCommand::applyTextInsertionCommand(WebCore::LocalFrame*, WebCore::TextInsertionBaseCommand&, WebCore::VisibleSelection const&, WebCore::VisibleSelection const&)
17  0x14e740cb4 WebCore::TypingCommand::insertText(WebCore::Document&, WTF::String const&, WebCore::VisibleSelection const&, unsigned int, WebCore::TypingCommand::TextCompositionType)
18  0x14e6acba4 WebCore::Editor::insertTextWithoutSendingTextEvent(WTF::String const&, bool, WebCore::TextEvent*)
19  0x14e6ababc WebCore::Editor::handleTextEvent(WebCore::TextEvent&)
20  0x14f252d48 WebCore::EventHandler::defaultTextInputEventHandler(WebCore::TextEvent&)
21  0x14e52e2e8 WebCore::Node::defaultEventHandler(WebCore::Event&)
22  0x14e8cc004 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&)
23  0x14e48ccdc WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&)
24  0x14e48c438 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
25  0x14e52db80 WebCore::Node::dispatchEvent(WebCore::Event&)
26  0x14f252a80 WebCore::EventHandler::handleTextInputEvent(WTF::String const&, WebCore::Event*, WebCore::TextEventInputType)
27  0x14e6b4658 WebCore::Editor::insertText(WTF::String const&, WebCore::Event*, WebCore::TextEventInputType)
28  0x1179b99a0 WebKit::WebPage::executeKeypressCommandsInternal(WTF::Vector<WebCore::KeypressCommand, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::KeyboardEvent*)
29  0x1179bab24 WebKit::WebPage::handleEditingKeyboardEvent(WebCore::KeyboardEvent&)
30  0x1178cd2e0 WebKit::WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent&)
31  0x14e6ab6e8 WebCore::Editor::handleKeyboardEvent(WebCore::KeyboardEvent&)
32  0x14f2513cc WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent&)
33  0x14e52e1bc WebCore::Node::defaultEventHandler(WebCore::Event&)
34  0x14e8cbbc8 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&)
35  0x14e48ccdc WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&)
36  0x14e48c438 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&)
37  0x14e52db80 WebCore::Node::dispatchEvent(WebCore::Event&)
38  0x14f250318 WebCore::EventHandler::internalKeyEvent(WebCore::PlatformKeyboardEvent const&)
39  0x14f24f660 WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&)
40  0x1501c5dcc WebCore::UserInputBridge::handleKeyEvent(WebCore::PlatformKeyboardEvent const&, WebCore::InputSource)
41  0x11882cfc8 WebKit::handleKeyEvent(WebKit::WebKeyboardEvent const&, WebCore::Page*)
42  0x11882cdc0 WebKit::WebPage::keyEvent(WebKit::WebKeyboardEvent const&)
43  0x1188e9e30 auto void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...)::operator()<WebKit::WebKeyboardEvent>(auto&&...) const
44  0x1188e9d48 decltype(std::declval<WebKit::WebPage>()(std::declval<WebKit::WebKeyboardEvent>())) std::__1::__invoke[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), WebKit::WebKeyboardEvent>(WebKit::WebPage&&, WebKit::WebKeyboardEvent&&)
45  0x1188e9d18 decltype(auto) std::__1::__apply_tuple_impl[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), std::__1::tuple<WebKit::WebKeyboardEvent>, 0ul>(WebKit::WebPage&&, WebKit::WebPage&&, std::__1::__tuple_indices<0ul>)
46  0x1188e9cd8 decltype(auto) std::__1::apply[abi:v160002]<void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)::'lambda'(auto&&...), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage&&, WebKit::WebPage&&)
47  0x1188e9518 void IPC::callMemberFunction<WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>>(WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&), std::__1::tuple<WebKit::WebKeyboardEvent>&&)
48  0x1188ac370 void IPC::handleMessage<Messages::WebPage::KeyEvent, WebKit::WebPage, WebKit::WebPage, void (WebKit::WebKeyboardEvent const&)>(IPC::Connection&, IPC::Decoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&))
49  0x1188a4aac WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&)
50  0x118837a1c WebKit::WebPage::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
51  0x118e1144c IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&)
52  0x117f42b30 WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
53  0x118de5420 IPC::Connection::dispatchMessage(IPC::Decoder&)
54  0x118de58b4 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)
55  0x118de5bf0 IPC::Connection::dispatchOneIncomingMessage()
56  0x118e04028 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)::$_17::operator()() const
57  0x118e03f68 WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder>>)::$_17, void>::call()
58  0x134422750 WTF::Function<void ()>::operator()() const
59  0x1344c67c4 WTF::RunLoop::performWork()
60  0x1344cb180 WTF::RunLoop::performWork(void*)
[snip]

There are also a couple of stack traces of EditCommands being created which ref the document but that are never cleared out of the command list that this UndoStep derived class holds.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230510/fea353b5/attachment-0001.htm>

More information about the webkit-unassigned mailing list