165809 2016-12-13 11:30:00 -0800 NSArray leaks seen in Safari, allocated under WKIconDatabaseTryCopyCGImageArrayForURL 2016-12-13 12:23:45 -0800 1 1 1 Unclassified WebKit Images WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 joepeck joepeck commit-queue joepeck mitz sabouhallawa simon.fraser oldest_to_newest 1259459 0 joepeck 2016-12-13 11:30:00 -0800 Summary: NSArray leaks seen in WebContentProcess, allocated under WKIconDatabaseTryCopyCGImageArrayForURL. Leak: 0x7f9d5c50e570 size=32 zone: DefaultMallocZone_0x108b79000 NSArray (Object Storage) C CoreFoundation 0x627c73f0 0x00007f9d 0x627df480 0x00007f9d .s|b......}b.... 0x627ea4e0 0x00007f9d 0x6402d690 0x00007f9d ..~b.......d.... Call stack: [thread 0x7fffdb8e73c0]: | start | NSApplicationMain | -[NSApplication run] | -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] | -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] | _DPSNextEvent | _BlockUntilNextEventMatchingListInModeWithFilter | ReceiveNextEventCommon | RunCurrentEventLoopInMode | CFRunLoopRunSpecific | __CFRunLoopRun | __CFRunLoopDoSource1 | __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ | mshMIGPerform | _XCopyAttributeValue | _AXXMIGCopyAttributeValue | CopyAttributeValue | CopyCarbonUIElementAttributeValue | CarbonCopyAttributeValueCallback(__CFData const*, unsigned int, __CFString const*, void const**, void*) | HLTBCopyUIElementAttributeValue | Accessible::GetNamedAttributeData(__CFString const*, void const*, void const**, unsigned char*) | SendEventToEventTargetWithOptions | SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) | DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) | HIObject::EventHook(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) | HIObject::HandleClassAccessibilityEvent(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) | HIObject::DispatchAccessibilityEvent(OpaqueEventRef*, unsigned long long, AccessibilityHandlers const*, void*) | MenuData::GetNamedAccessibleAttributeSelf(unsigned long long, __CFString const*, unsigned int, OpaqueEventRef*) | MenuData::HandleGetNamedAccessibleAttribute(unsigned long long, __CFString const*, unsigned int, OpaqueEventRef*) | OpenMenuForInspection(MenuData*) | _SimulateMenuOpening | SendMenuOpening(MenuSelectData*, MenuData*, double, unsigned int, unsigned int, __CFDictionary*, unsigned char, unsigned char*) | SendMenuPopulate(MenuData*, OpaqueEventTargetRef*, unsigned int, double, unsigned int, OpaqueEventRef*, unsigned char, unsigned char*) | SendEventToEventTargetWithOptions | SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) | DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) | NSSLMMenuEventHandler | -[NSCarbonMenuImpl _carbonPopulateEvent:handlerCallRef:] | -[NSMenu _populateWithEventRef:] | -[NSMenu _populateFromDelegateWithEventRef:] | -[HistoryBookmarkSource menuNeedsUpdate:] | -[HistoryBookmarkSource _updateHistoryMenu] | -[HistoryBookmarkSource _updateRecentlyClosedSubmenu] | -[ClosedTabOrWindowMenuBuilder buildClosedTabOrWindowMenu] | -[ClosedTabOrWindowMenuBuilder _appendToMenuUsingWindowPolicy:] | -[ClosedTabOrWindowMenuBuilder _menuItemsForWindowItemPolicyExpandWindowsIntoIndentedTabs:] | -[ClosedTabOrWindowMenuBuilder _menuItemForWindowItemPolicyExpandWindowsIntoIndentedTabsWithSingleNonDisposableTab:] | -[ClosedTabOrWindowMenuBuilder _itemIconForURLString:] | Safari::IconController::bestSiteIconNS(NSString*, CGSize const&, bool*) const | Safari::IconController::bestSiteIconDataForURLString(NSString*, CGSize) const | Safari::IconController::bestSiteIconForURLString(NSString*, CGSize const&) const | Safari::IconController::bestFallbackCandidate(NSURL*, CGSize const&) const | Safari::WK::IconDatabase::cgImageArrayForURL(Safari::WK::URL const&) const | WKIconDatabaseTryCopyCGImageArrayForURL | -[__NSArrayM insertObject:atIndex:] | malloc It looks like WKIconDatabaseTryCopyCGImageArrayForURL has an extra retain (it does both a Create + Retain). 1259462 1 joepeck 2016-12-13 11:30:32 -0800 I believe this is a regression caused by: https://trac.webkit.org/changeset/205682 1259475 2 297030 joepeck 2016-12-13 11:45:16 -0800 Created attachment 297030 [PATCH] Proposed Fix 1259480 3 297030 mitz 2016-12-13 11:56:37 -0800 Comment on attachment 297030 [PATCH] Proposed Fix I would have switched this code over to RetainPtr, adopting the newly-created array at first and explicitly leaking it on return, but this is OK too. 1259493 4 297030 commit-queue 2016-12-13 12:23:41 -0800 Comment on attachment 297030 [PATCH] Proposed Fix Clearing flags on attachment: 297030 Committed r209769: <http://trac.webkit.org/changeset/209769> 1259494 5 commit-queue 2016-12-13 12:23:45 -0800 All reviewed patches have been landed. Closing bug. 297030 2016-12-13 11:45:16 -0800 2016-12-13 12:23:41 -0800 [PATCH] Proposed Fix leak-1.patch text/plain 1289 joepeck ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCA3OTViYjViLi44OWQzMTZkIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTQg QEAKKzIwMTYtMTItMTMgIEpvc2VwaCBQZWNvcmFybyAgPHBlY29yYXJvQGFwcGxlLmNvbT4KKwor ICAgICAgICBOU0FycmF5IGxlYWtzIHNlZW4gaW4gU2FmYXJpLCBhbGxvY2F0ZWQgdW5kZXIgV0tJ Y29uRGF0YWJhc2VUcnlDb3B5Q0dJbWFnZUFycmF5Rm9yVVJMCisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNjU4MDkKKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIFVJUHJvY2Vzcy9BUEkvQy9jZy9XS0ljb25E YXRhYmFzZUNHLmNwcDoKKyAgICAgICAgKFdLSWNvbkRhdGFiYXNlVHJ5Q29weUNHSW1hZ2VBcnJh eUZvclVSTCk6CisgICAgICAgIEF2b2lkIGFuIGV4dHJhIHJldGFpbiBvbiBhbHJlYWR5IG5ld2x5 IGNyZWF0ZWQgYXJyYXkuCisKIDIwMTYtMTItMTIgIENocmlzIER1bWV6ICA8Y2R1bWV6QGFwcGxl LmNvbT4KIAogICAgICAgICBEb2N1bWVudC52aXNpYmlsaXR5U3RhdGUgc2hvdWxkIHVzZSBhbiBJ REwgc3RyaW5nIGVudW1lcmF0aW9uCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nl c3MvQVBJL0MvY2cvV0tJY29uRGF0YWJhc2VDRy5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9VSVByb2Nl c3MvQVBJL0MvY2cvV0tJY29uRGF0YWJhc2VDRy5jcHAKaW5kZXggMzA1NjMzNi4uYTI3OWFmNiAx MDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvVUlQcm9jZXNzL0FQSS9DL2NnL1dLSWNvbkRhdGFi YXNlQ0cuY3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1VJUHJvY2Vzcy9BUEkvQy9jZy9XS0ljb25E YXRhYmFzZUNHLmNwcApAQCAtNTQsNiArNTQsNSBAQCBDRkFycmF5UmVmIFdLSWNvbkRhdGFiYXNl VHJ5Q29weUNHSW1hZ2VBcnJheUZvclVSTChXS0ljb25EYXRhYmFzZVJlZiBpY29uRGF0YWJhcwog ICAgIGZvciAoYXV0byBuYXRpdmVJbWFnZSA6IG5hdGl2ZUltYWdlcykKICAgICAgICAgQ0ZBcnJh eUFwcGVuZFZhbHVlKGFycmF5LCBuYXRpdmVJbWFnZS5nZXQoKSk7CiAgICAgCi0gICAgcmV0dXJu IHN0YXRpY19jYXN0PENGQXJyYXlSZWY+KENGUmV0YWluKGFycmF5KSk7CisgICAgcmV0dXJuIHN0 YXRpY19jYXN0PENGQXJyYXlSZWY+KGFycmF5KTsKIH0KLQo=