Status

()

Core
SVG
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: tor, Unassigned)

Tracking

(4 keywords)

1.8 Branch
fixed1.8.0.12, fixed1.8.1.4, mlk, testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

10 years ago
Created attachment 260601 [details] [diff] [review]
remove extra addref

The branch has a bug where once you nest <svg:svg> to three levels, we will leak everything past the second level.  Example:

<svg xmlns="http://www.w3.org/2000/svg">
  <svg id="leaking">
     <svg>
     </svg>
  </svg>
</svg>

Everything at the id="leaking" level and below is leaked.

This is happening because the nsSVGInnerSVGFrame::GetCoordContextProvider is QIing its content to a type and raising the refcount before returning it as an already_AddRefed<>.  The manual refcount is not needed because the QI already does that.
Attachment #260601 - Flags: superreview?(roc)
Attachment #260601 - Flags: review?(jwatt)

Updated

10 years ago
Attachment #260601 - Flags: review?(jwatt) → review+
Attachment #260601 - Flags: superreview?(roc) → superreview+
(Reporter)

Comment 1

10 years ago
Comment on attachment 260601 [details] [diff] [review]
remove extra addref

This simple change fixes a large memory leak in SVG files with a deep (>2) nested structure, which is pretty easy to do with machine generated content.

Only affects SVG documents, so low risk from the point of view of what most content the browser deals with.  Change itself is also simple, just removing an extraneous addref.
Attachment #260601 - Flags: approval1.8.1.4?
Attachment #260601 - Flags: approval1.8.0.12?

Updated

10 years ago
Keywords: mlk, testcase
Comment on attachment 260601 [details] [diff] [review]
remove extra addref

approved for 1.8.0.12 and 1.8.1.4, a=dveditz for release-drivers
Attachment #260601 - Flags: approval1.8.1.4?
Attachment #260601 - Flags: approval1.8.1.4+
Attachment #260601 - Flags: approval1.8.0.12?
Attachment #260601 - Flags: approval1.8.0.12+
(Reporter)

Comment 3

10 years ago
Checked in on MOZILLA_1_8_BRANCH and MOZILLA_1_8_0_BRANCH.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Keywords: fixed1.8.0.12, fixed1.8.1.4
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.