Skip to site navigation (Press enter)

[webkit-changes] [140698] trunk/Source/WebCore

rniwa Thu, 24 Jan 2013 11:16:34 -0800

Title: [140698] trunk/Source/WebCore

Revision: 140698
Author: [email protected]
Date: 2013-01-24 11:18:22 -0800 (Thu, 24 Jan 2013)

Log Message

Abandoned Memory: SVGFontElement and Corresponding SVGDocument Never Deconstructed
https://bugs.webkit.org/show_bug.cgi?id=66438


Reviewed by Dirk Schulze.

The memory leak was caused by SVGFontFaceElement storing its own parent in a RefPtr.

Fixed the bug by storing a raw pointer instead, and clearing the pointer in removedFrom
when the node detached from the document. Also added several sanity check assertions.

* svg/SVGFontFaceElement.cpp:
(WebCore::SVGFontFaceElement::SVGFontFaceElement):
(WebCore::SVGFontFaceElement::associatedFontElement):
(WebCore::SVGFontFaceElement::rebuildFontFace):
(WebCore::SVGFontFaceElement::insertedInto):
(WebCore::SVGFontFaceElement::removedFrom):
* svg/SVGFontFaceElement.h:
(SVGFontFaceElement):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/svg/SVGFontFaceElement.cpp
trunk/Source/WebCore/svg/SVGFontFaceElement.h

Diff

Modified: trunk/Source/WebCore/ChangeLog (140697 => 140698)


--- trunk/Source/WebCore/ChangeLog	2013-01-24 19:12:13 UTC (rev 140697)
+++ trunk/Source/WebCore/ChangeLog	2013-01-24 19:18:22 UTC (rev 140698)
@@ -1,3 +1,24 @@
+2013-01-24  Ryosuke Niwa  <[email protected]>
+
+        Abandoned Memory: SVGFontElement and Corresponding SVGDocument Never Deconstructed
+        https://bugs.webkit.org/show_bug.cgi?id=66438
+
+        Reviewed by Dirk Schulze.
+
+        The memory leak was caused by SVGFontFaceElement storing its own parent in a RefPtr.
+
+        Fixed the bug by storing a raw pointer instead, and clearing the pointer in removedFrom
+        when the node detached from the document. Also added several sanity check assertions.
+
+        * svg/SVGFontFaceElement.cpp:
+        (WebCore::SVGFontFaceElement::SVGFontFaceElement):
+        (WebCore::SVGFontFaceElement::associatedFontElement):
+        (WebCore::SVGFontFaceElement::rebuildFontFace):
+        (WebCore::SVGFontFaceElement::insertedInto):
+        (WebCore::SVGFontFaceElement::removedFrom):
+        * svg/SVGFontFaceElement.h:
+        (SVGFontFaceElement):
+
 2013-01-22  Robert Hogan  <[email protected]>
 
         Inline Containing Only Collapsed Whitespace Not Getting a Linebox

Modified: trunk/Source/WebCore/svg/SVGFontFaceElement.cpp (140697 => 140698)


--- trunk/Source/WebCore/svg/SVGFontFaceElement.cpp	2013-01-24 19:12:13 UTC (rev 140697)
+++ trunk/Source/WebCore/svg/SVGFontFaceElement.cpp	2013-01-24 19:18:22 UTC (rev 140698)
@@ -49,6 +49,7 @@
 inline SVGFontFaceElement::SVGFontFaceElement(const QualifiedName& tagName, Document* document)
     : SVGElement(tagName, document)
     , m_fontFaceRule(StyleRuleFontFace::create())
+    , m_fontElement(0)
 {
     ASSERT(hasTagName(font_faceTag));
     RefPtr<StylePropertySet> styleDeclaration = StylePropertySet::create(CSSStrictMode);
@@ -262,13 +263,17 @@
 
 SVGFontElement* SVGFontFaceElement::associatedFontElement() const
 {
-    return m_fontElement.get();
+    ASSERT(parentNode() == m_fontElement);
+    ASSERT(!parentNode() || parentNode()->hasTagName(SVGNames::fontTag));
+    return m_fontElement;
 }
 
 void SVGFontFaceElement::rebuildFontFace()
 {
-    if (!inDocument())
+    if (!inDocument()) {
+        ASSERT(!m_fontElement);
         return;
+    }
 
     // we currently ignore all but the first src element, alternatively we could concat them
     SVGFontFaceSrcElement* srcElement = 0;
@@ -316,8 +321,10 @@
 Node::InsertionNotificationRequest SVGFontFaceElement::insertedInto(ContainerNode* rootParent)
 {
     SVGElement::insertedInto(rootParent);
-    if (!rootParent->inDocument())
+    if (!rootParent->inDocument()) {
+        ASSERT(!m_fontElement);
         return InsertionDone;
+    }
     document()->accessSVGExtensions()->registerSVGFontFaceElement(this);
 
     rebuildFontFace();
@@ -329,11 +336,13 @@
     SVGElement::removedFrom(rootParent);
 
     if (rootParent->inDocument()) {
+        m_fontElement = 0;
         document()->accessSVGExtensions()->unregisterSVGFontFaceElement(this);
         m_fontFaceRule->mutableProperties()->parseDeclaration(emptyString(), 0);
 
         document()->styleResolverChanged(DeferRecalcStyle);
-    }
+    } else
+        ASSERT(!m_fontElement);
 }
 
 void SVGFontFaceElement::childrenChanged(bool changedByParser, Node* beforeChange, Node* afterChange, int childCountDelta)

Modified: trunk/Source/WebCore/svg/SVGFontFaceElement.h (140697 => 140698)


--- trunk/Source/WebCore/svg/SVGFontFaceElement.h	2013-01-24 19:12:13 UTC (rev 140697)
+++ trunk/Source/WebCore/svg/SVGFontFaceElement.h	2013-01-24 19:18:22 UTC (rev 140698)
@@ -61,7 +61,7 @@
     virtual void removedFrom(ContainerNode*) OVERRIDE;
 
     RefPtr<StyleRuleFontFace> m_fontFaceRule;
-    RefPtr<SVGFontElement> m_fontElement;
+    SVGFontElement* m_fontElement;
 };
 
 } // namespace WebCore

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes