[Webkit-unassigned] [Bug 55017] New: ResourceLoader leaks with an empty EmptyFrameLoaderClient and an empty URL

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 22 19:58:02 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=55017

           Summary: ResourceLoader leaks with an empty
                    EmptyFrameLoaderClient and an empty URL
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P1
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: wangxianzhu at google.com


The following code (in WebCore/svg/graphics/SVGImage.cpp) causes ResourceLoader leak:

        RefPtr<Frame> frame = Frame::create(m_page.get(), 0, dummyFrameLoaderClient);
        frame->setView(FrameView::create(frame.get()));
        frame->init();
        ResourceRequest fakeRequest(KURL(ParsedURLString, ""));
        FrameLoader* loader = frame->loader();
        loader->setForcedSandboxFlags(SandboxAll);
        loader->load(fakeRequest, false); // Make sure the DocumentLoader is created

didFinishLoading() of the newly created ResourceLoader will be never called, causing the ResourceLoader stay in the list of loading loaders list of ResourceLoaderScheduler forever. When the number of leaked ResourceLoaderScheduler reaches 20, no more new loaders will be executed and the whole browser will stop working.

I reproduced the issue in chromium-linux environment running the following layout tests with single process mode (new-run-webkit-tests --no-retry-failures --no-pixel-tests --child-processes=1 --test-list=a_file_containing_the_following_lines):

svg/W3C-SVG-1.1/struct-use-01-t.svg
svg/W3C-SVG-1.1/struct-image-07-t.svg
svg/W3C-SVG-1.1/struct-image-05-b.svg
svg/W3C-SVG-1.1/struct-image-05-b.svg
svg/W3C-SVG-1.1/filters-light-01-f.svg
svg/W3C-SVG-1.1/color-prof-01-f.svg
svg/W3C-SVG-1.1/filters-diffuse-01-f.svg
svg/W3C-SVG-1.1/struct-image-03-t.svg
svg/W3C-SVG-1.1/struct-image-10-t.svg
svg/W3C-SVG-1.1/struct-symbol-01-b.svg
svg/W3C-SVG-1.1/struct-image-02-b.svg
svg/W3C-SVG-1.1/struct-image-06-t.svg
svg/W3C-SVG-1.1/struct-image-01-t.svg
svg/W3C-SVG-1.1/filters-conv-01-f.svg
svg/W3C-SVG-1.1/render-groups-03-t.svg
svg/W3C-SVG-1.1/struct-image-09-t.svg
svg/W3C-SVG-1.1/render-groups-01-b.svg
svg/W3C-SVG-1.1/struct-image-08-t.svg
svg/W3C-SVG-1.1/masking-path-04-b.svg
svg/W3C-SVG-1.1/filters-specular-01-f.svg
svg/animations/animVal-basics.html

The last test will timeout.

I'll provide a patch today.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list