1661677 - Potential font-instance leaks from gfxFontGroup::FindFontForChar

Status: RESOLVED FIXED

(Core :: Layout: Text and Fonts, defect, P2)

Description

[Jonathan Kew [:jfkthame]]

Noticed a couple of potential leaks resulting from the patch in bug 1371386. gfxFontGroup::FindFontForChar returns a raw gfxFont pointer without addref'ing, because in the great majority of cases, the caller will compare it to an existing pointer and see they're the same, and no new reference is needed. Therefore, we don't want to always addref fonts early, within FindFontForChar, as this causes a huge amount of extra refcount churn.

However, if FindFontForChar creates a font instance and then decides not to return it, because it subsequently finds a better match for the request, then it does need to take and release a reference to the gfxFont, because decrementing the refcount to zero is what tells the global font cache to start tracking the object for deferred deletion. If we fail to do this, the created-but-unused font can leak because the cache doesn't yet know about it.

In most cases this is handled correctly (e.g. see the use of autoRefDeref(candidateFont) in the CheckCandidate lambda, to ensure we track a discarded candidate font for deletion, but there are a couple cases that were missed.

Comment 1

[Jonathan Kew [:jfkthame]]

Attachment: Bug 1661677 - Ensure that font instances we decide not to use in FindFontForChar get passed to the global cache for expiration tracking. r=m_kato

Depends on D88578

Comment 2

[BugBot [:suhaib / :marco/ :calixte]]

Set release status flags based on info from the regressing bug 1371386

Comment 3

[Pulsebot]

Pushed by jkew@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/aae1daf4c686
Ensure that font instances we decide not to use in FindFontForChar get passed to the global cache for expiration tracking. r=m_kato

Comment 4

[Bogdan Tara[:bogdan_tara | bogdant]]

https://hg.mozilla.org/mozilla-central/rev/aae1daf4c686