Bug 104615 - [Chromium] IndexedDB: Memory leak in IDBCallbacksProxy::onSuccess(PassRefPtr<IDBDatabaseBackendInterface>)
Summary: [Chromium] IndexedDB: Memory leak in IDBCallbacksProxy::onSuccess(PassRefPtr<...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Joshua Bell
URL:
Keywords:
Depends on: 104719
Blocks:
  Show dependency treegraph
 
Reported: 2012-12-10 17:03 PST by Joshua Bell
Modified: 2012-12-14 14:33 PST (History)
4 users (show)

See Also:

Attachments
Patch (1.73 KB, patch)
2012-12-10 17:24 PST, Joshua Bell 		no flags Details | Formatted Diff | Diff
Patch (3.04 KB, patch)
2012-12-14 13:15 PST, Joshua Bell 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joshua Bell 2012-12-10 17:03:10 PST 
https://code.google.com/p/chromium/issues/detail?id=122249

Valgrind says:

{
   bug_122249d
   Memcheck:Leak
   fun:_Znw*
   fun:_ZN6WebKit17IDBCallbacksProxy9onSuccessEN3WTF10PassRefPtrIN7WebCore27IDBDatabaseBackendInterfaceEEE
   fun:_ZN7WebCore22IDBDatabaseBackendImpl19processPendingCallsEv
   fun:_ZN7WebCore22IDBDatabaseBackendImpl35transactionFinishedAndCompleteFiredEN3WTF10PassRefPtrINS_25IDBTransactionBackendImplEEE
   fun:_ZN7WebCore25IDBTransactionBackendImpl6commitEv
}

Leak is pretty obvious, here's a speculative fix but I haven't run it through valgrind yet:

 void WebIDBCallbacksImpl::onSuccess(WebIDBDatabase* webKitInstance)
 {
+    OwnPtr<WebIDBDatabase> webDatabase = adoptPtr(webKitInstance);
     if (m_databaseProxy) {
         m_callbacks->onSuccess(m_databaseProxy.release());
         return;
     }
-    m_callbacks->onSuccess(IDBDatabaseBackendProxy::create(adoptPtr(webKitInstance)));
+    m_callbacks->onSuccess(IDBDatabaseBackendProxy::create(webDatabase.release()));
 }
Comment 1 Joshua Bell 2012-12-10 17:24:13 PST 
Created attachment 178674 [details]
Patch
Comment 2 Joshua Bell 2012-12-10 17:25:24 PST 
dgrogan@, alecflett@ - please take a look

Verified this addresses the leak w/ valgrind, at least in basics.html
Comment 3 David Grogan 2012-12-10 18:56:05 PST 
Comment on attachment 178674 [details]
Patch

LGTM
Comment 4 Joshua Bell 2012-12-10 20:07:52 PST 
tony@ - r?
Comment 5 WebKit Review Bot 2012-12-11 10:14:17 PST 
Comment on attachment 178674 [details]
Patch

Clearing flags on attachment: 178674

Committed r137330: <http://trac.webkit.org/changeset/137330>
Comment 6 WebKit Review Bot 2012-12-11 10:14:21 PST 
All reviewed patches have been landed.  Closing bug.
Comment 7 WebKit Review Bot 2012-12-11 14:25:56 PST 
Re-opened since this is blocked by bug 104719
Comment 8 Joshua Bell 2012-12-14 13:15:29 PST 
Created attachment 179521 [details]
Patch
Comment 9 Joshua Bell 2012-12-14 13:17:22 PST 
The previous patch was on the receiving end, and didn't account for the "real" Chromium implementation which correct passed in the right objects. For the Chromium-DRT implementation, simply don't generate a new wrapper object if one was sent through in onUpgradeNeeded, and let it be ignored.

dgrogan@ - another look?
Comment 10 David Grogan 2012-12-14 13:57:20 PST 
In chromium, won't this cause

IndexedDBCallbacksDatabase::onSuccess(WebKit::WebIDBDatabase* idb_object)

to attempt to delete NULL?

Also, to ensure I understand, this leak only happens in DRT, correct? Not chromium?
Comment 11 Joshua Bell 2012-12-14 14:05:15 PST 
(In reply to comment #10)
> In chromium, won't this cause
> 
> IndexedDBCallbacksDatabase::onSuccess(WebKit::WebIDBDatabase* idb_object)
> 
> to attempt to delete NULL?

Correct (but delete null is a safe no-op in C++)
 
> Also, to ensure I understand, this leak only happens in DRT, correct? Not chromium?

Correct. (Well, Chromium's DRT to be precise, it wouldn't affect other ports.)
Comment 12 David Grogan 2012-12-14 14:06:07 PST 
LGTM
Comment 13 Joshua Bell 2012-12-14 14:10:41 PST 
tony@ - patch is completely different, so can you take another look?
Comment 14 WebKit Review Bot 2012-12-14 14:32:57 PST 
Comment on attachment 179521 [details]
Patch

Clearing flags on attachment: 179521

Committed r137773: <http://trac.webkit.org/changeset/137773>
Comment 15 WebKit Review Bot 2012-12-14 14:33:01 PST 
All reviewed patches have been landed.  Closing bug.