Closed Bug 376509 Opened 17 years ago Closed 17 years ago

Leak of nested <svg:svg>

Categories

(Core :: SVG, defect)

Product:
Core
Component:
SVG
Version:
1.8 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: tor, Unassigned)

Details

(4 keywords)

Attachments

(1 file)

remove extra addref
1.03 KB, patch
jwatt
: review+
roc
: superreview+
dveditz
: approval1.8.1.4+
dveditz
: approval1.8.0.12+
Details | Diff | Splinter Review 
The branch has a bug where once you nest <svg:svg> to three levels, we will leak everything past the second level.  Example:

<svg xmlns="http://www.w3.org/2000/svg">
  <svg id="leaking">
     <svg>
     </svg>
  </svg>
</svg>

Everything at the id="leaking" level and below is leaked.

This is happening because the nsSVGInnerSVGFrame::GetCoordContextProvider is QIing its content to a type and raising the refcount before returning it as an already_AddRefed<>.  The manual refcount is not needed because the QI already does that.
Attachment #260601 - Flags: superreview?(roc)
Attachment #260601 - Flags: review?(jwatt)
Attachment #260601 - Flags: review?(jwatt) → review+
Attachment #260601 - Flags: superreview?(roc) → superreview+
Comment on attachment 260601 [details] [diff] [review]
remove extra addref

This simple change fixes a large memory leak in SVG files with a deep (>2) nested structure, which is pretty easy to do with machine generated content.

Only affects SVG documents, so low risk from the point of view of what most content the browser deals with.  Change itself is also simple, just removing an extraneous addref.
Attachment #260601 - Flags: approval1.8.1.4?
Attachment #260601 - Flags: approval1.8.0.12?
Keywords: mlk, testcase
Comment on attachment 260601 [details] [diff] [review]
remove extra addref

approved for 1.8.0.12 and 1.8.1.4, a=dveditz for release-drivers
Attachment #260601 - Flags: approval1.8.1.4?
Attachment #260601 - Flags: approval1.8.1.4+
Attachment #260601 - Flags: approval1.8.0.12?
Attachment #260601 - Flags: approval1.8.0.12+
Checked in on MOZILLA_1_8_BRANCH and MOZILLA_1_8_0_BRANCH.
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: fixed1.8.0.12, fixed1.8.1.4
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.