Skip to content
This repository was archived by the owner on May 7, 2026. It is now read-only.

fix(record): guard undefined slots in findAndRemoveIframeBuffer#174

Draft
posthog[bot] wants to merge 1 commit into
mainfrom
posthog-code/fix-iframe-buffer-undefined-guard
Draft

fix(record): guard undefined slots in findAndRemoveIframeBuffer#174
posthog[bot] wants to merge 1 commit into
mainfrom
posthog-code/fix-iframe-buffer-undefined-guard

Conversation

@posthog
Copy link
Copy Markdown
Contributor

@posthog posthog Bot commented Apr 27, 2026

Summary

Cross-origin iframes (reCAPTCHA, PDFTron WebViewer) were crashing the session-replay recorder on pagehide with:

TypeError: Cannot read properties of undefined (reading 'bufferBelongsToIframe')

findAndRemoveIframeBuffer in packages/rrweb/src/record/observer.ts iterated mutationBuffers from the tail and dereferenced buf.bufferBelongsToIframe(iframeEl) without checking that buf was defined. The function is invoked from the iframe pagehide listener, which can race with other code paths that splice mutationBuffers (e.g. shadow-dom-manager.ts, observer.ts); when a slot is undefined, the property access throws.

findAndRemoveIframeBuffer and MutationBuffer.bufferBelongsToIframe were introduced together in #157 (adopting upstream rrweb #1755). The follow-up #167 only patched a sibling null-deref in iframe-manager.ts:119, leaving this loop unguarded.

Fix

  • Add an optional-chain guard (buf?.bufferBelongsToIframe(iframeEl)) so undefined slots are skipped instead of throwing.
  • Add a regression test in packages/rrweb/test/record/memory-leaks.test.ts that seeds mutationBuffers with an undefined slot and verifies findAndRemoveIframeBuffer does not throw and still removes the matching buffer.

Verified the new test reproduces the original TypeError when the guard is removed.

Test plan

  • pnpm vitest run test/record/memory-leaks.test.ts — all 23 tests pass
  • Confirmed regression test fails on the unpatched code
  • tsc -noEmit passes

Created with PostHog Code

fix(record): guard undefined slots in findAndRemoveIframeBuffer
c95382d 
A cross-origin iframe pagehide (reCAPTCHA, PDFTron WebViewer) was
crashing the recorder with "Cannot read properties of undefined
(reading 'bufferBelongsToIframe')" because findAndRemoveIframeBuffer
iterated mutationBuffers with no nullish guard while sibling code
paths can splice the same array.

Generated-By: PostHog Code
Task-Id: e6152cf5-3de7-42db-863f-35da4aff0e45
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 27, 2026

Size Change: +234 B (0%)

Total Size: 10.9 MB

Filename Size Change
packages/all/dist/rrweb-all.cjs 610 kB +23 B (0%)
packages/all/dist/rrweb-all.js 610 kB +23 B (0%)
packages/all/dist/rrweb-all.umd.cjs 614 kB +23 B (0%)
packages/all/dist/rrweb-all.umd.min.cjs 290 kB +9 B (0%)
packages/record/dist/rrweb-record.cjs 172 kB +23 B (+0.01%)
packages/record/dist/rrweb-record.js 172 kB +23 B (+0.01%)
packages/record/dist/rrweb-record.umd.cjs 173 kB +23 B (+0.01%)
packages/record/dist/rrweb-record.umd.min.cjs 83.5 kB +9 B (+0.01%)
packages/rrweb/dist/rrweb.cjs 593 kB +23 B (0%)
packages/rrweb/dist/rrweb.js 593 kB +23 B (0%)
packages/rrweb/dist/rrweb.umd.cjs 594 kB +23 B (0%)
packages/rrweb/dist/rrweb.umd.min.cjs 281 kB +9 B (0%)
ℹ️ View Unchanged
Filename Size
packages/packer/dist/base.js 18.2 kB
packages/packer/dist/base.cjs 18.3 kB
packages/packer/dist/base.umd.cjs 19.4 kB
packages/packer/dist/base.umd.min.cjs 10.1 kB
packages/packer/dist/pack.cjs 347 B
packages/packer/dist/pack.js 285 B
packages/packer/dist/pack.umd.cjs 2.28 kB
packages/packer/dist/pack.umd.min.cjs 1.76 kB
packages/packer/dist/packer.cjs 257 B
packages/packer/dist/packer.js 136 B
packages/packer/dist/packer.umd.cjs 1.31 kB
packages/packer/dist/packer.umd.min.cjs 1.27 kB
packages/packer/dist/unpack.cjs 769 B
packages/packer/dist/unpack.js 702 B
packages/packer/dist/unpack.umd.cjs 1.82 kB
packages/packer/dist/unpack.umd.min.cjs 1.6 kB
packages/plugins/rrweb-plugin-canvas-webrtc-record/dist/rrweb-plugin-canvas-webrtc-record.cjs 37.6 kB
packages/plugins/rrweb-plugin-canvas-webrtc-record/dist/rrweb-plugin-canvas-webrtc-record.js 37.5 kB
packages/plugins/rrweb-plugin-canvas-webrtc-record/dist/rrweb-plugin-canvas-webrtc-record.umd.cjs 38.7 kB
packages/plugins/rrweb-plugin-canvas-webrtc-record/dist/rrweb-plugin-canvas-webrtc-record.umd.min.cjs 22.9 kB
packages/plugins/rrweb-plugin-canvas-webrtc-replay/dist/rrweb-plugin-canvas-webrtc-replay.cjs 34.3 kB
packages/plugins/rrweb-plugin-canvas-webrtc-replay/dist/rrweb-plugin-canvas-webrtc-replay.js 34.2 kB
packages/plugins/rrweb-plugin-canvas-webrtc-replay/dist/rrweb-plugin-canvas-webrtc-replay.umd.cjs 35.4 kB
packages/plugins/rrweb-plugin-canvas-webrtc-replay/dist/rrweb-plugin-canvas-webrtc-replay.umd.min.cjs 21.2 kB
packages/plugins/rrweb-plugin-console-record/dist/rrweb-plugin-console-record.cjs 14.9 kB
packages/plugins/rrweb-plugin-console-record/dist/rrweb-plugin-console-record.js 14.8 kB
packages/plugins/rrweb-plugin-console-record/dist/rrweb-plugin-console-record.umd.cjs 16 kB
packages/plugins/rrweb-plugin-console-record/dist/rrweb-plugin-console-record.umd.min.cjs 8 kB
packages/plugins/rrweb-plugin-console-replay/dist/rrweb-plugin-console-replay.cjs 5.01 kB
packages/plugins/rrweb-plugin-console-replay/dist/rrweb-plugin-console-replay.js 4.9 kB
packages/plugins/rrweb-plugin-console-replay/dist/rrweb-plugin-console-replay.umd.cjs 6.1 kB
packages/plugins/rrweb-plugin-console-replay/dist/rrweb-plugin-console-replay.umd.min.cjs 3.3 kB
packages/plugins/rrweb-plugin-sequential-id-record/dist/rrweb-plugin-sequential-id-record.cjs 681 B
packages/plugins/rrweb-plugin-sequential-id-record/dist/rrweb-plugin-sequential-id-record.js 548 B
packages/plugins/rrweb-plugin-sequential-id-record/dist/rrweb-plugin-sequential-id-record.umd.cjs 1.79 kB
packages/plugins/rrweb-plugin-sequential-id-record/dist/rrweb-plugin-sequential-id-record.umd.min.cjs 1.5 kB
packages/plugins/rrweb-plugin-sequential-id-replay/dist/rrweb-plugin-sequential-id-replay.cjs 933 B
packages/plugins/rrweb-plugin-sequential-id-replay/dist/rrweb-plugin-sequential-id-replay.js 820 B
packages/plugins/rrweb-plugin-sequential-id-replay/dist/rrweb-plugin-sequential-id-replay.umd.cjs 2.04 kB
packages/plugins/rrweb-plugin-sequential-id-replay/dist/rrweb-plugin-sequential-id-replay.umd.min.cjs 1.64 kB
packages/replay/dist/rrweb-replay.cjs 440 kB
packages/replay/dist/rrweb-replay.js 440 kB
packages/replay/dist/rrweb-replay.umd.cjs 443 kB
packages/replay/dist/rrweb-replay.umd.min.cjs 210 kB
packages/replay/dist/style.css 2.45 kB
packages/replay/dist/style.min.css 1.97 kB
packages/rrdom-nodejs/dist/rrdom-nodejs.cjs 150 kB
packages/rrdom-nodejs/dist/rrdom-nodejs.js 149 kB
packages/rrdom-nodejs/dist/rrdom-nodejs.umd.cjs 152 kB
packages/rrdom-nodejs/dist/rrdom-nodejs.umd.min.cjs 71.4 kB
packages/rrdom/dist/rrdom.cjs 174 kB
packages/rrdom/dist/rrdom.js 173 kB
packages/rrdom/dist/rrdom.umd.cjs 176 kB
packages/rrdom/dist/rrdom.umd.min.cjs 81.4 kB
packages/rrweb-player/dist/events.js 159 kB
packages/rrweb-player/dist/global.css 240 B
packages/rrweb-player/dist/rrweb-player.cjs 511 kB
packages/rrweb-player/dist/rrweb-player.js 511 kB
packages/rrweb-player/dist/rrweb-player.umd.cjs 514 kB
packages/rrweb-player/dist/rrweb-player.umd.min.cjs 239 kB
packages/rrweb-player/dist/style.css 5.57 kB
packages/rrweb-player/dist/style.min.css 5 kB
packages/rrweb-snapshot/dist/record.cjs 31.3 kB
packages/rrweb-snapshot/dist/record.js 30.3 kB
packages/rrweb-snapshot/dist/record.umd.cjs 53 kB
packages/rrweb-snapshot/dist/record.umd.min.cjs 25.8 kB
packages/rrweb-snapshot/dist/replay.cjs 137 kB
packages/rrweb-snapshot/dist/replay.js 137 kB
packages/rrweb-snapshot/dist/replay.umd.cjs 160 kB
packages/rrweb-snapshot/dist/replay.umd.min.cjs 74.2 kB
packages/rrweb-snapshot/dist/rrweb.cjs 2.13 kB
packages/rrweb-snapshot/dist/rrweb.js 1.32 kB
packages/rrweb-snapshot/dist/rrweb.umd.cjs 216 kB
packages/rrweb-snapshot/dist/rrweb.umd.min.cjs 91.6 kB
packages/rrweb-snapshot/dist/types.cjs 18.1 kB
packages/rrweb-snapshot/dist/types.umd.cjs 19.3 kB
packages/rrweb-snapshot/dist/types.umd.min.cjs 9.85 kB
packages/rrweb-snapshot/dist/types.js 17.7 kB
packages/rrweb/dist/style.css 2.45 kB
packages/rrweb/dist/style.min.css 1.97 kB
packages/types/dist/rrweb-types.cjs 5.64 kB
packages/types/dist/rrweb-types.js 5.38 kB
packages/types/dist/rrweb-types.umd.cjs 6.69 kB
packages/types/dist/rrweb-types.umd.min.cjs 3.44 kB
packages/utils/dist/rrweb-utils.cjs 6.41 kB
packages/utils/dist/rrweb-utils.js 5.95 kB
packages/utils/dist/rrweb-utils.umd.cjs 7.47 kB
packages/utils/dist/rrweb-utils.umd.min.cjs 4.16 kB

compressed-size-action

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants