[Webkit-unassigned] [Bug 152759] New: SVG polyline and polygon leak page

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jan 5 14:18:14 PST 2016


https://bugs.webkit.org/show_bug.cgi?id=152759

            Bug ID: 152759
           Summary: SVG polyline and polygon leak page
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: PC
                OS: Windows 7
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: chris.vno at outlook.com
                CC: zimmermann at kde.org

The source of the leak appears to come from the below callstack.  A cache of animation points is being created in SVGAnimatedProperty(SVGElement* contextElement, const QualifiedName& attributeName, AnimatedPropertyType animatedPropertyType), however the destructor for SVGAnimatedProperty is never called.  The passed in contextElement gains a ref when the SVGAnimatedProperty is created, however I’m not seeing a code path where the animation points should be destroyed.  This effects both svg polyline and polygon, and results in leaking the whole page.  Note that i'm using code based off of change 188436.

Thanks for any help you can provide,

Chris Vienneau


\WebCore\svg\properties\SVGAnimatedProperty.cpp
SVGAnimatedProperty::SVGAnimatedProperty(SVGElement* contextElement, const QualifiedName& attributeName, AnimatedPropertyType animatedPropertyType)
    : m_contextElement(contextElement)
    , m_attributeName(attributeName)
    , m_animatedPropertyType(animatedPropertyType)
    , m_isAnimating(false)
    , m_isReadOnly(false)
{
}

>             EAWebKitd.dll!WebCore::SVGAnimatedProperty::SVGAnimatedProperty(WebCore::SVGElement * contextElement, const WebCore::QualifiedName & attributeName, WebCore::AnimatedPropertyType animatedPropertyType) Line 29                C++
                EAWebKitd.dll!WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>(WebCore::SVGElement * contextElement, const WebCore::QualifiedName & attributeName, WebCore::AnimatedPropertyType animatedPropertyType, WebCore::SVGPointList & values) Line 166         C++
                EAWebKitd.dll!WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>::create(WebCore::SVGElement * contextElement, const WebCore::QualifiedName & attributeName, WebCore::AnimatedPropertyType animatedPropertyType, WebCore::SVGPointList & values) Line 159         C++
                EAWebKitd.dll!WebCore::SVGAnimatedProperty::lookupOrCreateWrapper<WebCore::SVGPolyElement,WebCore::SVGAnimatedListPropertyTearOff<WebCore::SVGPointList>,WebCore::SVGPointList>(WebCore::SVGPolyElement * element, const WebCore::SVGPropertyInfo * info, WebCore::SVGPointList & property) Line 57             C++
               EAWebKitd.dll!WebCore::SVGPolyElement::lookupOrCreatePointsWrapper(WebCore::SVGElement * contextElement) Line 117            C++
               EAWebKitd.dll!WebCore::SVGPolyElement::animatedPoints() Line 130  C++
               EAWebKitd.dll!WebCore::updatePathFromPolylineElement(WebCore::SVGElement * element, WebCore::Path & path) Line 106               C++
               EAWebKitd.dll!WebCore::updatePathFromGraphicsElement(WebCore::SVGElement * element, WebCore::Path & path) Line 172               C++
               EAWebKitd.dll!WebCore::RenderSVGShape::updateShapeFromElement() Line 84           C++
               EAWebKitd.dll!WebCore::RenderSVGPath::updateShapeFromElement() Line 48              C++
               EAWebKitd.dll!WebCore::RenderSVGShape::layout() Line 164   C++
               EAWebKitd.dll!WebCore::SVGRenderSupport::layoutChildren(WebCore::RenderElement & start, bool selfNeedsLayout) Line 281           C++
               EAWebKitd.dll!WebCore::RenderSVGRoot::layout() Line 181      C++
               EAWebKitd.dll!WebCore::RenderElement::layoutIfNeeded() Line 135    C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutLineBoxes(bool relayoutChildren, WebCore::LayoutUnit & repaintLogicalTop, WebCore::LayoutUnit & repaintLogicalBottom) Line 1621   C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutInlineChildren(bool relayoutChildren, WebCore::LayoutUnit & repaintLogicalTop, WebCore::LayoutUnit & repaintLogicalBottom) Line 652        C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 484        C++
               EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930              C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 712            C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633            C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488        C++
               EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930              C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 712            C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633            C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488        C++
               EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930              C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox & child, WebCore::RenderBlockFlow::MarginInfo & marginInfo, WebCore::LayoutUnit & previousFloatLogicalBottom, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 712            C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlockChildren(bool relayoutChildren, WebCore::LayoutUnit & maxFloatLogicalBottom) Line 633            C++
               EAWebKitd.dll!WebCore::RenderBlockFlow::layoutBlock(bool relayoutChildren, WebCore::LayoutUnit pageLogicalHeight) Line 488        C++
               EAWebKitd.dll!WebCore::RenderBlock::layout() Line 930              C++
               EAWebKitd.dll!WebCore::RenderView::layoutContent(const WebCore::LayoutState & state) Line 256   C++
               EAWebKitd.dll!WebCore::RenderView::layout() Line 382              C++
               EAWebKitd.dll!WebCore::FrameView::layout(bool allowSubtree) Line 1426         C++
               EAWebKitd.dll!WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() Line 4153    C++
               EAWebKitd.dll!EA::WebKit::View::Paint() Line 278            C++
               EAWebKitDemoUTFWin.exe!EA::Browser::BrowserWinView::OnTick() Line 1039              C++
               EAWebKitDemoUTFWin.exe!EA::UTFWin::CustomWindow::DoMessage(const EA::UTFWin::Message & msg) Line 46  C++
               EAWebKitDemoUTFWin.exe!EA::Browser::BrowserWinView::DoMessage(const EA::UTFWin::Message & msg) Line 649     C++
               EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::DispatchMsgToWindow(EA::UTFWin::Window * target, const EA::UTFWin::Message & msg, bool outbound) Line 2120     C++
               EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::SendMsg(EA::UTFWin::IWindow * src, EA::UTFWin::IWindow * dst0, const EA::UTFWin::Message & msg, bool inheritable, bool reversePriority) Line 249                C++
               EAWebKitDemoUTFWin.exe!EA::UTFWin::WindowMgr::ProcessMessages() Line 451     C++
               EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::TickEAWebKitThread() Line 781              C++
               EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::RunEAWebKit(void * instance) Line 838              C++
                EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::ExecuteUserFunction(EA::Debug::ExceptionHandler::UserFunctionUnion userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType userFunctionType, void * pContext) Line 900                C++
                EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandlerWin32::RunTrapped(EA::Debug::ExceptionHandler::UserFunctionUnion userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType userFunctionType, void * pContext, bool & exceptionCaught) Line 529          C++
                EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::RunTrappedInternal(EA::Debug::ExceptionHandler::UserFunctionUnion userFunctionUnion, EA::Debug::ExceptionHandler::UserFunctionType userFunctionType, void * pContext, bool & exceptionCaught) Line 881          C++
               EAWebKitDemoUTFWin.exe!EA::Debug::ExceptionHandler::RunTrapped(void (void *) * userFunction, void * pContext) Line 925          C++
               EAWebKitDemoUTFWin.exe!EA::Browser::BrowserApp::Run(void * __formal) Line 855 C++
               EAWebKitDemoUTFWin.exe!RunnableObjectInternal(void * pContext) Line 608               C++
               EAWebKitDemoUTFWin.exe!invoke_thread_procedure(unsigned int (void *) * const procedure, void * const context) Line 92    C++
               EAWebKitDemoUTFWin.exe!thread_start<unsigned int (__cdecl*)(void * __ptr64)>(void * const parameter) Line 115       C++
               [External Code]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160105/39175e4a/attachment.html>


More information about the webkit-unassigned mailing list