[Webkit-unassigned] [Bug 150728] New: CSSParserValueList leaks seen in fast/css/variables tests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 30 12:41:31 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=150728

            Bug ID: 150728
           Summary: CSSParserValueList leaks seen in fast/css/variables
                    tests
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: joepeck at webkit.org
                CC: hyatt at apple.com

* SUMMARY
CSSParserValueList leaks seen in fast/css/variables tests.

* STEPS TO REPRODUCE
shell> run-webkit-tests --leaks -1 fast/css/variables

* NOTES
- Debug build will probably get you better allocation stacks then what I got.

* LEAK
Leak: 0x7f85e0c30b60  size=160  zone: DefaultMallocZone_0x10bf86000
    0x00000000 0x00000000 0xe0c30b78 0x00007f85     ........x.......
    0x00000004 0x00000001 0x00000000 0x3ff00000     ...............?
    0x00000000 0x3ff00000 0x74b29a50 0x00007fff     .......?P..t....
    0x00000005 0x00007fff 0x00000010 0x005a000f     ..............Z.
    0x00000000 0x00000000 0x5e0c2ffb 0x000507f8     ........./.^....
    0x00000002 0x00000011 0xe0c30bc4 0x00007f85     ................
    0x0164d908 0x706d7564 0x656c6553 0x6f697463     ..d.dumpSelectio
    0x6365526e 0x00000074 0xe0c30be4 0x00007f85     nRect...........
    ...
    Call stack: [thread 0x7fff733f9000]: 
        | 0x2 
        | start 
        | DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1430 
        | dumpRenderTree(int, char const**) DumpRenderTree.mm:1294 
        | runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2037 
        | CFRunLoopRunSpecific 
        | __CFRunLoopRun 
        | __CFRunLoopDoSources0 
        | __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ 
        | MultiplexerSource::_perform(void*) 
        | MultiplexerSource::perform() 
        | RunloopBlockContext::perform() 
        | CFArrayApplyFunction 
        | RunloopBlockContext::_invoke_block(void const*, void*) 
        | _dispatch_block_invoke 
        | _dispatch_client_callout 
        | ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 
        | ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke 
        | -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] 
        | -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] 
        | __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke 
        | WebCore::SubresourceLoader::didFinishLoading(double) ResourceLoader.h:154 
        | WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) CachedRawResource.cpp:104 
        | WebCore::CachedResource::checkNotify() CachedResourceClientWalker.h:51 
        | WebCore::DocumentLoader::finishedLoading(double) ResourceErrorBase.h:42 
        | WebCore::DocumentWriter::end() RefPtr.h:71 
        | WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) StdLibExtras.h:358 
        | WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) DocumentParser.h:71 
        | WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) HTMLTokenizer.h:245 
        | WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) HTMLDocumentParser.cpp:321 
        | WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&) HTMLTreeBuilder.cpp:343 
        | WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken&) HTMLTreeBuilder.cpp:2144 
        | WebCore::HTMLElementStack::pop() memory:2636 
        | WebCore::HTMLStyleElement::finishParsingChildren() HTMLStyleElement.cpp:90 
        | WebCore::InlineStyleSheetOwner::finishParsingChildren(WebCore::Element&) StdLibExtras.h:358 
        | WebCore::InlineStyleSheetOwner::createSheet(WebCore::Element&, WTF::String const&) InlineStyleSheetOwner.cpp:157 
        | WebCore::StyleSheetContents::parseStringAtPosition(WTF::String const&, WTF::TextPosition const&, bool) StyleSheetContents.cpp:338 
        | WebCore::CSSParser::parseSheet(WebCore::StyleSheetContents*, WTF::String const&, WTF::TextPosition const&, WTF::Vector<WTF::RefPtr<WebCore::CSSRuleSourceData>, 0ul, WTF::CrashOnOverflow, 16ul>*, bool) CSSParser.cpp:462 
        | cssyyparse(WebCore::CSSParser*) CSSParserValues.h:141 
        | malloc 
        | malloc_zone_malloc 

* NOTES
You may consider looking at:

    CSSValueList::buildParserValueSubstitutingVariables
    CSSValueList::buildParserValueListSubstitutingVariables

I think in error cases a CSSParserValueList may not be getting deleted properly. But there may be other issues.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151030/0f2924a4/attachment.html>

More information about the webkit-unassigned mailing list