[Webkit-unassigned] [Bug 257371] New: Revoking with URL.revokeObjectURL() does not adequately free memory

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 26 02:17:02 PDT 2023 

https://bugs.webkit.org/show_bug.cgi?id=257371

            Bug ID: 257371
           Summary: Revoking with URL.revokeObjectURL() does not
                    adequately free memory
           Product: WebKit
           Version: Safari 16
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: nathan at shareup.app

URL.revokeObjectURL() does not appear to free the associated memory. A window/tab will eventually crash from memory exhaustion after navigating through of an SPA that creates and revokes object URLs. 

We've created a demo which can reproduce the memory leak and cause a tab to crash in iOS Safari, and cause memory consumption to climb to great heights in macOS Safari:

https://github.com/shareup/blob-url-memory-leak-demo

The demo creates and revokes 100 object URLs each iteration, to emulate paginating through screens of images in an SPA. The demo consistently shows the memory increasing and the tab will crash after enough iterations on all the iOS devices we've tested. There are screenshots in linked README of the memory timeline during a couple demo test runs.

It is not required to display the images – and the demo does not render anything by default – just creating (and attempting to revoke) the object URLs will show memory forever increasing in the Timelines tab of the devtools and will eventually cause the tab to crash when memory consumption gets too high. 

We have not found a workaround for how to free the memory, so any long-lived tab for an SPA will eventually crash when enough object URLs have been created and allocated. Neither Chrome nor Firefox on macOS show a similar memory leak.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230526/ffaa3ab0/attachment.htm>

More information about the webkit-unassigned mailing list