[Webkit-unassigned] [Bug 240274] New: [GPU Process] [Filters] FilterImages are leaked

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 10 02:09:57 PDT 2022 

https://bugs.webkit.org/show_bug.cgi?id=240274

            Bug ID: 240274
           Summary: [GPU Process] [Filters] FilterImages are leaked
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com
                CC: bfulgham at webkit.org, simon.fraser at apple.com,
                    zalan at apple.com

Created attachment 459104

  --> https://bugs.webkit.org/attachment.cgi?id=459104&action=review

test case

Open the attached test case and watch the memory taken by WebKit. The memory allocation will climb very quickly. Getting the memgraph of WebKit will show the following allocations:

  28625 (3251M) << TOTAL >>
      1016 (3238M) CONTENT:  malloc<3342336>
      + 1016 (3238M) _malloc_zone_malloc  (in libsystem_malloc.dylib) + 0  [0x7ff81af62a0b]
      +   1016 (3238M) bmalloc_heap_config_specialized_try_allocate_common_impl_slow  (in JavaScriptCore) + 882  [0x10b4f4432]  bmalloc_heap_config.c:43
      +     1016 (3238M) bmalloc_try_allocate_auxiliary_impl_impl_slow  (in JavaScriptCore) + 45  [0x10b4e7dcd]  bmalloc_heap_inlines.h:458
      +       1016 (3238M) bmalloc_try_allocate_auxiliary_impl_casual_case  (in JavaScriptCore) + 401  [0x10b4e6ae1]  bmalloc_heap_inlines.h:458
      +         1016 (3238M) Gigacage::tryMalloc(Gigacage::Kind, unsigned long)  (in JavaScriptCore) + 318  [0x10b4674ee]  Gigacage.cpp:94
      +           1016 (3238M) JSC::ArrayBufferContents::tryAllocate(unsigned long, unsigned int, JSC::ArrayBufferContents::InitializationPolicy)  (in JavaScriptCore) + 79  [0x10bd69cdf]  ArrayBuffer.cpp:125
      +             1016 (3238M) JSC::ArrayBuffer::tryCreate(unsigned long, unsigned int, JSC::ArrayBufferContents::InitializationPolicy)  (in JavaScriptCore) + 61  [0x10bd6a35d]  ArrayBuffer.cpp:280
      +               1016 (3238M) JSC::ArrayBuffer::tryCreateUninitialized(unsigned long, unsigned int)  (in JavaScriptCore) + 17  [0x10c41aad1]  ArrayBuffer.cpp:256
      +                 1016 (3238M) JSC::GenericTypedArrayView<JSC::Uint8ClampedAdaptor>::tryCreateUninitialized(unsigned long)  (in WebCore) + 38  [0x111081bd6]  GenericTypedArrayViewInlines.h:116
      +                   1016 (3238M) WebCore::PixelBuffer::tryCreate(WebCore::PixelBufferFormat const&, WebCore::IntSize const&)  (in WebCore) + 88  [0x1111de4f8]  PixelBuffer.cpp:79
      +                     1016 (3238M) WebCore::FilterImage::pixelBuffer(WebCore::AlphaPremultiplication)  (in WebCore) + 112  [0x1123ac5f0]  FilterImage.cpp:235
      +                       1016 (3238M) WebCore::FETurbulenceSoftwareApplier::apply(WebCore::Filter const&, WTF::Vector<WTF::Ref<WebCore::FilterImage, WTF::RawPtrTraits<WebCore::FilterImage> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FilterImage&) const  (in WebCore) + 48  [0x1123b9150]  FETurbulenceSoftwareApplier.cpp:344
      +                         1016 (3238M) WebCore::FilterEffect::apply(WebCore::Filter const&, WTF::Vector<WTF::Ref<WebCore::FilterImage, WTF::RawPtrTraits<WebCore::FilterImage> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebCore::FilterResults&, std::__1::optional<WebCore::FilterEffectGeometry> const&)  (in WebCore) + 803  [0x111211093]  FilterEffect.cpp:152
      +                           1016 (3238M) WebCore::SVGFilter::apply(WebCore::FilterImage*, WebCore::FilterResults&)  (in WebCore) + 143  [0x11138a03f]  SVGFilter.cpp:138
      +                             1016 (3238M) WebCore::Filter::apply(WebCore::ImageBuffer*, WebCore::FloatRect const&, WebCore::FilterResults&)  (in WebCore) + 242  [0x111210ad2]  Filter.cpp:95
      +                               1016 (3238M) WebCore::GraphicsContext::drawFilteredImageBuffer(WebCore::ImageBuffer*, WebCore::FloatRect const&, WebCore::Filter&, WebCore::FilterResults&)  (in WebCore) + 44  [0x1111d259c]  GraphicsContext.cpp:345


This means the FilterImages are leaked when clearing the FilterResults while doing the animation dynamic update.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220510/783b692a/attachment.htm>

More information about the webkit-unassigned mailing list