2011-05-01 Nikolas Zimmermann <nzimmermann@rim.com>
authorzimmermann@webkit.org <zimmermann@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 1 May 2011 14:38:44 +0000 (14:38 +0000)
committerzimmermann@webkit.org <zimmermann@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 1 May 2011 14:38:44 +0000 (14:38 +0000)
commit23db4d24a4fc9a4789dbf594c7cd58c686ce1a1a
tree5d9bd98a90e1e829cbacbe7656681f546ba4e290
parentefbcbd3a42a828a494880b4cafca830a3e929b0c
2011-05-01  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        LEAK: SVGElement leaks when detaching it in a pending resource state
        https://bugs.webkit.org/show_bug.cgi?id=59072

        Add testcase that used to leak, the leaks bot will assure they won't in future.

        * svg/custom/pending-resource-leak-2-expected.txt: Added.
        * svg/custom/pending-resource-leak-2.svg: Added.
        * svg/custom/pending-resource-leak-3-expected.txt: Added.
        * svg/custom/pending-resource-leak-3.svg: Added.
        * svg/custom/pending-resource-leak-expected.txt: Added.
        * svg/custom/pending-resource-leak.svg: Added.

2011-05-01  Nikolas Zimmermann  <nzimmermann@rim.com>

        Reviewed by Dirk Schulze.

        LEAK: SVGElement leaks when detaching it in a pending resource state
        https://bugs.webkit.org/show_bug.cgi?id=59072

        Make the pending resources set non-refcounted again. We made it refcounted a while ago
        to fix a security bug, as we had dangling pointers in the set in SVGDocumentExtensions.
        Fix the underlying problem, by removing all pending resources referencing to a particular
        SVGElement, upon its destruction or upon removing it from the document.

        Example: <rect fill="url(#foo)" id="rect">
        When we try to render the rect, the foo paint server can't be found and thus "foo" will be
        added to the pending resource set, with "rect" as client. When "foo" appears, it would remove
        itself from the pending resource set, and a ref count to the "rect" would be released.
        If "foo" never appears, SVGDocumentExtensions still holds a ref to the <rect>, thus keeping
        it and the associated document alive.

        Tests: svg/custom/pending-resource-leak-2.svg
               svg/custom/pending-resource-leak-3.svg
               svg/custom/pending-resource-leak.svg

        These tests cover several scenarios where we used to leak. Should fix several SVG*Element leaks on the bots.
        I manually tested reloading above testcases dozens of times, before the leak count was incremented by 2 nodes on every reload, that's gone now.

        * rendering/svg/RenderSVGResourceContainer.cpp:
        (WebCore::RenderSVGResourceContainer::registerResource):
        * rendering/svg/RenderSVGShadowTreeRootContainer.cpp:
        (WebCore::RenderSVGShadowTreeRootContainer::updateFromElement):
        * rendering/svg/SVGResources.cpp:
        (WebCore::registerPendingResource):
        * svg/SVGDocumentExtensions.cpp:
        (WebCore::SVGDocumentExtensions::addPendingResource):
        (WebCore::SVGDocumentExtensions::hasPendingResources):
        (WebCore::SVGDocumentExtensions::removeElementFromPendingResources):
        (WebCore::SVGDocumentExtensions::removePendingResource):
        * svg/SVGDocumentExtensions.h:
        * svg/SVGElement.cpp:
        * svg/SVGElement.h:
        * svg/SVGElementRareData.h:
        (WebCore::SVGElementRareData::SVGElementRareData):
        (WebCore::SVGElementRareData::hasPendingResources):
        (WebCore::SVGElementRareData::setHasPendingResources):
        * svg/SVGStyledElement.cpp:
        (WebCore::SVGStyledElement::~SVGStyledElement):
        (WebCore::SVGStyledElement::insertedIntoDocument):
        (WebCore::SVGStyledElement::removedFromDocument):
        (WebCore::SVGStyledElement::hasPendingResources):
        (WebCore::SVGStyledElement::setHasPendingResources):
        * svg/SVGStyledElement.h:
        (WebCore::SVGStyledElement::needsPendingResourceHandling):
        (WebCore::SVGStyledElement::buildPendingResource):
        * svg/SVGUseElement.cpp:
        (WebCore::SVGUseElement::SVGUseElement):
        (WebCore::SVGUseElement::insertedIntoDocument):
        (WebCore::SVGUseElement::svgAttributeChanged):
        (WebCore::SVGUseElement::buildPendingResource):
        * svg/SVGUseElement.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@85413 268f45cc-cd09-0410-ab3c-d52691b4dbfc
20 files changed:
LayoutTests/ChangeLog
LayoutTests/svg/custom/pending-resource-leak-2-expected.txt [new file with mode: 0644]
LayoutTests/svg/custom/pending-resource-leak-2.svg [new file with mode: 0644]
LayoutTests/svg/custom/pending-resource-leak-3-expected.txt [new file with mode: 0644]
LayoutTests/svg/custom/pending-resource-leak-3.svg [new file with mode: 0644]
LayoutTests/svg/custom/pending-resource-leak-expected.txt [new file with mode: 0644]
LayoutTests/svg/custom/pending-resource-leak.svg [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/svg/RenderSVGResourceContainer.cpp
Source/WebCore/rendering/svg/RenderSVGShadowTreeRootContainer.cpp
Source/WebCore/rendering/svg/SVGResources.cpp
Source/WebCore/svg/SVGDocumentExtensions.cpp
Source/WebCore/svg/SVGDocumentExtensions.h
Source/WebCore/svg/SVGElement.cpp
Source/WebCore/svg/SVGElement.h
Source/WebCore/svg/SVGElementRareData.h
Source/WebCore/svg/SVGStyledElement.cpp
Source/WebCore/svg/SVGStyledElement.h
Source/WebCore/svg/SVGUseElement.cpp
Source/WebCore/svg/SVGUseElement.h