Bug 23372

Summary: Repeatedly overwriting img.src can cause memory exhaustion
Product: WebKit Reporter: Eric Roman <eroman>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ap, doncodes, thakis, thomas
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Causes unbounded memory growth none

Description Eric Roman 2009-01-15 18:32:02 PST
It doesn't seem like subresource loading is getting throttled, so if a script changes the 'src' attribute on an image repeatedly, it chews through memory and eventually crashes.

Test case will follow.
Comment 1 Eric Roman 2009-01-15 18:35:05 PST
Created attachment 26780 [details]
Causes unbounded memory growth

This test burns through memory (then crashes) in safari.

In IE7 and FF3, the memory consumption levels off.
Comment 2 Mark Rowe (bdash) 2009-01-15 22:52:45 PST
<rdar://problem/6501813>
Comment 3 Jon@Chromium 2009-01-26 16:02:22 PST
See http://code.google.com/p/chromium/issues/detail?id=5688
Comment 4 doncodes 2010-09-02 12:14:21 PDT
This is also the cause of a significant Chromium memory leak and crash:  http://code.google.com/p/chromium/issues/detail?id=36142
Comment 5 Nico Weber 2010-10-10 21:21:18 PDT
See also https://bugs.webkit.org/show_bug.cgi?id=31253