23372 2009-01-15 18:32:02 -0800 Repeatedly overwriting img.src can cause memory exhaustion 2010-12-02 05:02:49 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC OS X 10.5 NEW InRadar P2 Normal --- 1 eroman webkit-unassigned ap doncodes thakis thomas oldest_to_newest 106005 0 eroman 2009-01-15 18:32:02 -0800 It doesn't seem like subresource loading is getting throttled, so if a script changes the 'src' attribute on an image repeatedly, it chews through memory and eventually crashes. Test case will follow. 106006 1 26780 eroman 2009-01-15 18:35:05 -0800 Created attachment 26780 Causes unbounded memory growth This test burns through memory (then crashes) in safari. In IE7 and FF3, the memory consumption levels off. 106025 2 mrowe 2009-01-15 22:52:45 -0800 <rdar://problem/6501813> 107107 3 jon 2009-01-26 16:02:22 -0800 See http://code.google.com/p/chromium/issues/detail?id=5688 273493 4 doncodes 2010-09-02 12:14:21 -0700 This is also the cause of a significant Chromium memory leak and crash: http://code.google.com/p/chromium/issues/detail?id=36142 292409 5 thakis 2010-10-10 21:21:18 -0700 See also https://bugs.webkit.org/show_bug.cgi?id=31253 26780 2009-01-15 18:35:05 -0800 2009-01-15 18:35:05 -0800 Causes unbounded memory growth many-requests-img-src.html text/html 2113 eroman PGh0bWw+CjxoZWFkPgogIDx0aXRsZT5EZWF0aCBieSBwYXBlcmN1dHM8L3RpdGxlPgogIDxzY3Jp cHQ+CiAgICAvLyBUaGUgbnVtYmVyIG9mIDxpbWc+IGVsZW1lbnRzIHRoYXQgd2lsbCBnZXQgYSBu ZXcgJ3NyYycgZWFjaAogICAgLy8gfENIQU5HRV9QRVJJT0RfTVN8IG1pbGxpc2Vjb25kcy4KICAg IHZhciBOVU1fSU1BR0VTID0gNTAwOwoKICAgIC8vIFRoZSBpbnRlcnZhbCBiZXR3ZWVuIHVwZGF0 aW5nIGVhY2ggPGltZz4gc3JjLCBpbiBtaWxsaXNlY29uZHMuCiAgICB2YXIgQ0hBTkdFX1BFUklP RF9NUyA9IDIwMDsKCiAgICAvLyBUaGUgbWF4aW11bSBudW1iZXIgb2YgPGltZz4gJ3NyYycgdXBk YXRlcyB0byBkby4KICAgIHZhciBNQVhfTlVNX1JFUVVFU1RTID0gMTAwMDAwMDsKCiAgICAvLyBS YW5kb20gaW1hZ2UgdGhlIHRlc3Qgd2lsbCByZXF1ZXN0LCBhcHBlbmRpbmcgYSBjb3VudCBhdCB0 aGUgZW5kCiAgICAvLyAodG8gYnlwYXNzIGNhY2hlKS4KICAgIHZhciBJTUdfU1JDX1RFTVBMQVRF ID0KICAgICAgICAiaHR0cDovL3d3dy5nb29nbGUuY29tL2Nocm9tZS9pbnRsL2VuL2ltYWdlcy9s b2dvX3NtLmpwZz9VTklRVUVfQ09VTlQ9IjsKCiAgICAvLyBBcnJheSBvZiBhbGwgdGhlIGltYWdl cy4KICAgIHZhciBnSW1hZ2VzID0gW107CgogICAgLy8gTnVtYmVyIG9mIDxpbWc+ICdzcmMnIHVw ZGF0ZXMgZG9uZSBzbyBmYXIuCiAgICB2YXIgZ1JlcXVlc3RDb3VudCA9IDA7CgogICAgZnVuY3Rp b24gY3JlYXRlSW1hZ2VOb2Rlcyhjb3VudCkgewogICAgICB2YXIgcGFyZW50Tm9kZSA9IGRvY3Vt ZW50LmdldEVsZW1lbnRCeUlkKCdpbWFnZUJ1Y2tldCcpOwogICAgICBmb3IgKHZhciBpID0gMDsg aSA8IGNvdW50OyArK2kpIHsKICAgICAgICB2YXIgaW1nID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVu dCgnaW1nJyk7CiAgICAgICAgZ0ltYWdlcy5wdXNoKGltZyk7CiAgICAgICAgcGFyZW50Tm9kZS5h cHBlbmRDaGlsZChpbWcpOwogICAgICB9CiAgICB9CgogICAgZnVuY3Rpb24gc3RhcnRUZXN0KCkg ewogICAgICBjcmVhdGVJbWFnZU5vZGVzKE5VTV9JTUFHRVMpOwogICAgICBzZXRJbnRlcnZhbChj aGFuZ2VJbWFnZVNvdXJjZXMsIENIQU5HRV9QRVJJT0RfTVMpOwogICAgfQoKICAgIGZ1bmN0aW9u IGNoYW5nZUltYWdlU291cmNlcygpIHsKICAgICAgaWYgKGdSZXF1ZXN0Q291bnQgPCBNQVhfTlVN X1JFUVVFU1RTKSB7CiAgICAgICAgZm9yICh2YXIgaSA9IDA7IGkgPCBnSW1hZ2VzLmxlbmd0aDsg KytpKSB7CiAgICAgICAgICB2YXIgaW1nID0gZ0ltYWdlc1tpXTsKICAgICAgICAgIGltZy5zcmMg PSBJTUdfU1JDX1RFTVBMQVRFICsgZ1JlcXVlc3RDb3VudDsKICAgICAgICAgIGdSZXF1ZXN0Q291 bnQgKz0gMTsKICAgICAgICB9CiAgICAgIH0KICAgICAgLy8gVXBkYXRlIHRoZSBjb3VudGVyIG9u IHRoZSBwYWdlLgogICAgICBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgncmVxdWVzdHNDb3VudGVy JykuaW5uZXJIVE1MID0gZ1JlcXVlc3RDb3VudDsKICAgIH0KICA8L3NjcmlwdD4KCiAgPHN0eWxl PgogICAgI2ltYWdlQnVja2V0IHsKICAgICAgZGlzcGxheTogbm9uZTsKICAgIH0KICAgICNyZXF1 ZXN0c0NvdW50ZXIgewogICAgICBmb250LXdlaWdodDogYm9sZDsKICAgIH0KICA8L3N0eWxlPgo8 L2hlYWQ+CgogIDxib2R5IG9ubG9hZD0ic3RhcnRUZXN0KCkiPgogICAgPGgyPkRlYXRoIGJ5IGEg bWlsbGlvbiBwYXBlciBjdXRzITwvaDI+CgogICAgPHA+VGhpcyB0ZXN0IHJlcGVhdGVkbHkgdXBk YXRlcyB0aGUgJ3NyYycgcHJvcGVydHkgb24gaW1hZ2VzLCB0byBwb2ludCBhdCBhCiAgICBuZXcg dW5pcXVlIFVSTC48L3A+CiAgICA8cD5UaGUgcmVzdWx0IGluIHdlYmtpdCBpcyB0aGF0IGFuIHVu Ym91bmRlZCBudW1iZXIgb2YgbG9hZHMgCiAgICBhcmUgaW5pdGlhdGVkLCBjYXVzaW5nIG1lbW9y eSBleGhhdXN0aW9uIGFuZCBldmVudHVhbGx5IGEgY3Jhc2guPC9wPgoKICAgIDxwPk51bSB0aW1l cyAiaW1nLnNyYyIgd2FzIGNoYW5nZWQ6IDxzcGFuIGlkPXJlcXVlc3RzQ291bnRlcj4wPC9zcGFu PjwvcD4KICAgIAogICAgPGRpdiBpZD1pbWFnZUJ1Y2tldD48L2Rpdj4KCiAgPC9ib2R5Pgo8L2h0 bWw+Cg==