Closed Bug 376509 Opened 14 years ago Closed 14 years ago

Leak of nested <svg:svg>

Categories

(Core :: SVG, defect)

1.8 Branch
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: tor, Unassigned)

Details

(4 keywords)

Attachments

(1 file)

The branch has a bug where once you nest <svg:svg> to three levels, we will leak everything past the second level.  Example:

<svg xmlns="http://www.w3.org/2000/svg">
  <svg id="leaking">
     <svg>
     </svg>
  </svg>
</svg>

Everything at the id="leaking" level and below is leaked.

This is happening because the nsSVGInnerSVGFrame::GetCoordContextProvider is QIing its content to a type and raising the refcount before returning it as an already_AddRefed<>.  The manual refcount is not needed because the QI already does that.
Attachment #260601 - Flags: superreview?(roc)
Attachment #260601 - Flags: review?(jwatt)
Attachment #260601 - Flags: review?(jwatt) → review+
Attachment #260601 - Flags: superreview?(roc) → superreview+
Comment on attachment 260601 [details] [diff] [review]
remove extra addref

This simple change fixes a large memory leak in SVG files with a deep (>2) nested structure, which is pretty easy to do with machine generated content.

Only affects SVG documents, so low risk from the point of view of what most content the browser deals with.  Change itself is also simple, just removing an extraneous addref.
Attachment #260601 - Flags: approval1.8.1.4?
Attachment #260601 - Flags: approval1.8.0.12?
Keywords: mlk, testcase
Comment on attachment 260601 [details] [diff] [review]
remove extra addref

approved for 1.8.0.12 and 1.8.1.4, a=dveditz for release-drivers
Attachment #260601 - Flags: approval1.8.1.4?
Attachment #260601 - Flags: approval1.8.1.4+
Attachment #260601 - Flags: approval1.8.0.12?
Attachment #260601 - Flags: approval1.8.0.12+
Checked in on MOZILLA_1_8_BRANCH and MOZILLA_1_8_0_BRANCH.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.