WebAVPlayerController leaks when playing a video in Safari one window and entering tab overview in another window on visionOS. In Bug 245940, a WebAVPlayerControllerForwarder_AVKitCompatible class was constructed at runtime as a subclass of AVPlayerController, but it was based on a local WebAVPlayerControllerForwarder class. However, because the _playerController instance variable was defined as RetainPtr<WebAVPlayerController>, that instance variable was dynamically added at runtime (but no -.cxx_destruct method was dynamically created to call the RetainPtr<WebAVPlayerController> destructor), and there was no -dealloc method defined that cleared _playerController, then the WebAVPlayerController leaked. Another bug caused by calling objc_registerClassPair() prior to class_addIvar() resulted in the _playerController instance variable never being created in the dynamic class, which caused the first instance variable of AVPlayerController (at offset 8) being overwritten by the RetainPtr<WebAVPlayerController> instance variable. (In practice this had no effect since the AVPlayerController class itself was only used as a superclass and its instance variables and methods were unused.) <rdar://121550335>