Closed Bug 647710 Opened 9 years ago Closed 9 years ago

Huge leak in Mac OS X plugin CoreAnimationSupport.

Categories

(Core :: Plug-ins, defect, P1, critical)

x86
macOS
defect

Tracking

()

RESOLVED FIXED
Tracking Status
blocking2.0 --- Macaw+
status2.0 --- .1-fixed

People

(Reporter: bino_george, Assigned: BenWa)

References

()

Details

Attachments

(1 file, 1 obsolete file)

User-Agent:       Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7) AppleWebKit/534.26.4 (KHTML, like Gecko) Version/5.1 Safari/534.26.4
Build Identifier: 4.0 RC

With the latest Lion Beta, available through Apple Developer Connection, there is a huge leak in the Core animation support code. To reproduce it, just run FireFox with Malloc stack logging enabled and you will see that the Real memory used by FireFox goes up my 1 Meg every 10 seconds when running a Java Applet like :

http://java.sun.com/applets/jdk/1.4/demo/applets/ArcTest/example1.html

Below are the cases of the leaks :

The major culprit is lots of :

Leak: 0x11c87eb50  size=48  zone: DefaultMallocZone_0x101d3a000	instance of '__NSCFData', type ObjC, implemented in CoreFoundation	
	0x7bbed6e8 0x00007fff 0x00001480 0x00000001 	...{............
	0x00000020 0x00000000 0x00000020 0x00000000 	 ....... .......
	0x7bc16760 0x00007fff 0x133bb364 0x00000001 	`g.{....d.;.....
	Call stack: [thread 0x7fff7ad64950]: | CreateSystemColorSpace() | CGColorSpaceCreateWithPlatformColorSpace | ColorSyncProfileFromCMProfile | ColorSyncProfileCreate | create | __CFDataInit | _CFRuntimeCreateInstance | malloc_zone_malloc 


followed by :

Leak: 0x11c8b0710  size=32  zone: DefaultMallocZone_0x101d3a000	instance of '__NSCFString', type ObjC, implemented in CoreFoundation	
	0x7bbed508 0x00007fff 0x0000078c 0x00000001 	...{............
	0x59586704 0x0000005a 0x00000000 0x00000000 	.gXYZ...........
	Call stack: [thread 0x7fff7ad64950]: | CreateSystemColorSpace() | CGColorSpaceCreateWithPlatformColorSpace | ColorSyncProfileFromCMProfile | ColorSyncProfileCreate | create | CFStringCreateWithBytes | __CFStringCreateImmutableFunnel3 

and :

Leak: 0x114426ca0  size=16  zone: DefaultMallocZone_0x101d3a000	
	0x12ab8ead 0x7972ac53 0x3b98c697 0x69d22374 	....S.ry...;t#.i
	Call stack: [thread 0x7fff7ad64950]: | nsCARenderer::DrawSurfaceToCGContext(CGContext*, nsIOSurface*, CGColorSpace*, int, int, int, int) | CGContextDrawImage | ripc_DrawImage | ripc_AcquireImage | CGSImageDataLock | img_data_lock | 

All of these are in FireFox code :

http://mxr.mozilla.org/mozilla-central/source/gfx/thebes/nsCoreAnimationSupport.mm

and 

http://mxr.mozilla.org/mozilla-central/source/gfx/thebes/nsCoreAnimationSupport.mm





Reproducible: Always

Steps to Reproduce:
0. Install Lion Beta from developer.apple.com, Make sure you install the developer tools.
1. MallocStackLogging=1 /Applications/Firefox.app/Contents/MacOS/firefox-bin
2. Go to the URL : http://java.sun.com/applets/jdk/1.4/demo/applets/ArcTest/example1.html
3. leaks <pid>


Actual Results:  
Below are the cases of the leaks :

The major culprit is lots of :

Leak: 0x11c87eb50  size=48  zone: DefaultMallocZone_0x101d3a000	instance of '__NSCFData', type ObjC, implemented in CoreFoundation	
	0x7bbed6e8 0x00007fff 0x00001480 0x00000001 	...{............
	0x00000020 0x00000000 0x00000020 0x00000000 	 ....... .......
	0x7bc16760 0x00007fff 0x133bb364 0x00000001 	`g.{....d.;.....
	Call stack: [thread 0x7fff7ad64950]: | CreateSystemColorSpace() | CGColorSpaceCreateWithPlatformColorSpace | ColorSyncProfileFromCMProfile | ColorSyncProfileCreate | create | __CFDataInit | _CFRuntimeCreateInstance | malloc_zone_malloc 


followed by :

Leak: 0x11c8b0710  size=32  zone: DefaultMallocZone_0x101d3a000	instance of '__NSCFString', type ObjC, implemented in CoreFoundation	
	0x7bbed508 0x00007fff 0x0000078c 0x00000001 	...{............
	0x59586704 0x0000005a 0x00000000 0x00000000 	.gXYZ...........
	Call stack: [thread 0x7fff7ad64950]: | CreateSystemColorSpace() | CGColorSpaceCreateWithPlatformColorSpace | ColorSyncProfileFromCMProfile | ColorSyncProfileCreate | create | CFStringCreateWithBytes | __CFStringCreateImmutableFunnel3 

and :

Leak: 0x114426ca0  size=16  zone: DefaultMallocZone_0x101d3a000	
	0x12ab8ead 0x7972ac53 0x3b98c697 0x69d22374 	....S.ry...;t#.i
	Call stack: [thread 0x7fff7ad64950]: | nsCARenderer::DrawSurfaceToCGContext(CGContext*, nsIOSurface*, CGColorSpace*, int, int, int, int) | CGContextDrawImage | ripc_DrawImage | ripc_AcquireImage | CGSImageDataLock | img_data_lock | 

All of these are in FireFox code :

http://mxr.mozilla.org/mozilla-central/source/gfx/thebes/nsCoreAnimationSupport.mm

and 

http://mxr.mozilla.org/mozilla-central/source/gfx/thebes/nsCoreAnimationSupport.mm
Priority: -- → P1
Version: unspecified → Trunk
Benoit - can you look into this?
Thanks for the report.

The fault is here:
http://mxr.mozilla.org/mozilla-central/source/layout/generic/nsObjectFrame.cpp#4425

Some sloppy testing code I forgot to fix before submitting a patch.
Assignee: nobody → b56girard
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
We should get this into Firefox 4.0.1.
blocking2.0: --- → .x+
Attached patch Fix Color Profile Leak v1 (obsolete) — Splinter Review
Attachment #524237 - Flags: review?(joshmoz)
Attachment #524237 - Flags: review?(joshmoz) → review+
Is someone available to check this in? Particularly in 1.9.2.
Keywords: checkin-needed
I don't think 1.9.2 supports CA, does it? Do you mean the 2.0 branch?
(In reply to comment #6)
> I don't think 1.9.2 supports CA, does it? Do you mean the 2.0 branch?

Right, opps.
Pulling into Macaw
blocking2.0: .x+ → Macaw+
Attached patch fix v1.1Splinter Review
Update to current trunk.
Attachment #524237 - Attachment is obsolete: true
http://hg.mozilla.org/mozilla-central/rev/d256fbc66a37

Leaving the checkin-needed keyword since I assume we want this landed on 2.0 branch too.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Attachment #524297 - Flags: approval2.0?
Comment on attachment 524297 [details] [diff] [review]
fix v1.1

Approved for the mozilla2.0 repository, a=dveditz for release-drivers

Please land for the Tumucumaque Macaw release
Attachment #524297 - Flags: approval2.0? → approval2.0+
Keywords: checkin-needed
You need to log in before you can comment on or make changes to this bug.