Bug 23372

Summary: Repeatedly overwriting img.src can cause memory exhaustion
Product: WebKit Reporter: Eric Roman <eroman>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: ap, doncodes, thakis, thomas
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Causes unbounded memory growth none

Eric Roman
Reported 2009-01-15 18:32:02 PST
It doesn't seem like subresource loading is getting throttled, so if a script changes the 'src' attribute on an image repeatedly, it chews through memory and eventually crashes. Test case will follow.
Attachments
Causes unbounded memory growth (2.06 KB, text/html)
2009-01-15 18:35 PST, Eric Roman 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Eric Roman
Comment 1 2009-01-15 18:35:05 PST
Created attachment 26780 [details] Causes unbounded memory growth This test burns through memory (then crashes) in safari. In IE7 and FF3, the memory consumption levels off.
Mark Rowe (bdash)
Comment 2 2009-01-15 22:52:45 PST
<rdar://problem/6501813>
Jon@Chromium
Comment 3 2009-01-26 16:02:22 PST
See http://code.google.com/p/chromium/issues/detail?id=5688
doncodes
Comment 4 2010-09-02 12:14:21 PDT
This is also the cause of a significant Chromium memory leak and crash: http://code.google.com/p/chromium/issues/detail?id=36142
Nico Weber
Comment 5 2010-10-10 21:21:18 PDT
See also https://bugs.webkit.org/show_bug.cgi?id=31253
Note You need to log in before you can comment on or make changes to this bug.