<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - CSSParserValueList leaks seen in fast/css/variables tests"
href="https://bugs.webkit.org/show_bug.cgi?id=150728">150728</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>CSSParserValueList leaks seen in fast/css/variables tests
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebCore Misc.
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>joepeck@webkit.org
</td>
</tr>
<tr>
<th>CC</th>
<td>hyatt@apple.com
</td>
</tr></table>
<p>
<div>
<pre>* SUMMARY
CSSParserValueList leaks seen in fast/css/variables tests.
* STEPS TO REPRODUCE
shell> run-webkit-tests --leaks -1 fast/css/variables
* NOTES
- Debug build will probably get you better allocation stacks then what I got.
* LEAK
Leak: 0x7f85e0c30b60 size=160 zone: DefaultMallocZone_0x10bf86000
0x00000000 0x00000000 0xe0c30b78 0x00007f85 ........x.......
0x00000004 0x00000001 0x00000000 0x3ff00000 ...............?
0x00000000 0x3ff00000 0x74b29a50 0x00007fff .......?P..t....
0x00000005 0x00007fff 0x00000010 0x005a000f ..............Z.
0x00000000 0x00000000 0x5e0c2ffb 0x000507f8 ........./.^....
0x00000002 0x00000011 0xe0c30bc4 0x00007f85 ................
0x0164d908 0x706d7564 0x656c6553 0x6f697463 ..d.dumpSelectio
0x6365526e 0x00000074 0xe0c30be4 0x00007f85 nRect...........
...
Call stack: [thread 0x7fff733f9000]:
| 0x2
| start
| DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1430
| dumpRenderTree(int, char const**) DumpRenderTree.mm:1294
| runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2037
| CFRunLoopRunSpecific
| __CFRunLoopRun
| __CFRunLoopDoSources0
| __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__
| MultiplexerSource::_perform(void*)
| MultiplexerSource::perform()
| RunloopBlockContext::perform()
| CFArrayApplyFunction
| RunloopBlockContext::_invoke_block(void const*, void*)
| _dispatch_block_invoke
| _dispatch_client_callout
| ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2
| ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke
| -[NSURLConnectionInternal _withActiveConnectionAndDelegate:]
| -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]
| __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke
| WebCore::SubresourceLoader::didFinishLoading(double) ResourceLoader.h:154
| WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) CachedRawResource.cpp:104
| WebCore::CachedResource::checkNotify() CachedResourceClientWalker.h:51
| WebCore::DocumentLoader::finishedLoading(double) ResourceErrorBase.h:42
| WebCore::DocumentWriter::end() RefPtr.h:71
| WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) StdLibExtras.h:358
| WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) DocumentParser.h:71
| WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) HTMLTokenizer.h:245
| WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) HTMLDocumentParser.cpp:321
| WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&) HTMLTreeBuilder.cpp:343
| WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken&) HTMLTreeBuilder.cpp:2144
| WebCore::HTMLElementStack::pop() memory:2636
| WebCore::HTMLStyleElement::finishParsingChildren() HTMLStyleElement.cpp:90
| WebCore::InlineStyleSheetOwner::finishParsingChildren(WebCore::Element&) StdLibExtras.h:358
| WebCore::InlineStyleSheetOwner::createSheet(WebCore::Element&, WTF::String const&) InlineStyleSheetOwner.cpp:157
| WebCore::StyleSheetContents::parseStringAtPosition(WTF::String const&, WTF::TextPosition const&, bool) StyleSheetContents.cpp:338
| WebCore::CSSParser::parseSheet(WebCore::StyleSheetContents*, WTF::String const&, WTF::TextPosition const&, WTF::Vector<WTF::RefPtr<WebCore::CSSRuleSourceData>, 0ul, WTF::CrashOnOverflow, 16ul>*, bool) CSSParser.cpp:462
| cssyyparse(WebCore::CSSParser*) CSSParserValues.h:141
| malloc
| malloc_zone_malloc
* NOTES
You may consider looking at:
CSSValueList::buildParserValueSubstitutingVariables
CSSValueList::buildParserValueListSubstitutingVariables
I think in error cases a CSSParserValueList may not be getting deleted properly. But there may be other issues.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>