Bug 247618

Summary: ReadableStream::pipeTo memory leak
Product: WebKit Reporter: Gil Pedersen <bugzilla>
Component: WebCore Misc.Assignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   

Description Gil Pedersen 2022-11-08 07:22:42 PST 
When a ReadableStream is piped to a WritableStream using pipeTo() with the signal option, the pipeState object will be retained indefinitely unless the signal is aborted.

Specifically, the algorithm() method passed as the abort signal handler references the pipeState.finalized property, causing it to be referenced as along as the abort has not been triggered:

https://github.com/WebKit/WebKit/blob/bdb44a70527586f1b1b746cfda75a2b0ae00c7f6/Source/WebCore/Modules/streams/ReadableStreamInternals.js#L167-L196

The issue was introduced in Bug 215448.

FYI, according to this comment, the spec was disregarded and a non-compliant solution was implemented instead: https://github.com/WebKit/WebKit/blob/bdb44a70527586f1b1b746cfda75a2b0ae00c7f6/Source/WebCore/Modules/streams/ReadableStreamInternals.js#L380
Comment 1 Radar WebKit Bug Importer 2022-11-15 07:23:14 PST 
<rdar://problem/102366716>
Comment 2 youenn fablet 2022-11-23 02:43:00 PST 
Pull request: https://github.com/WebKit/WebKit/pull/6759
Comment 3 EWS 2022-11-29 01:39:44 PST 
Committed 257109@main (cb01f4ca942d): <https://commits.webkit.org/257109@main>

Reviewed commits have been landed. Closing PR #6759 and removing active labels.