NEW 129559
Huge memory consumption while opening a properly crafted SVG 
https://bugs.webkit.org/show_bug.cgi?id=129559
Summary Huge memory consumption while opening a properly crafted SVG
Adenilson Cavalcanti Silva
Reported 2014-03-01 13:58:36 PST
Open a 6 lines SVG and watch safari use up to 13GB of ram. Potentially harmful in embedded (even for desktop).
Attachments
Screenshot of memory use (492.65 KB, image/png)
2014-03-01 14:08 PST, Adenilson Cavalcanti Silva 		no flags
Details
PoC (346 bytes, text/html)
2014-03-01 14:17 PST, Adenilson Cavalcanti Silva 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Adenilson Cavalcanti Silva
Comment 1 2014-03-01 14:08:08 PST
Created attachment 225564 [details] Screenshot of memory use
Adenilson Cavalcanti Silva
Comment 2 2014-03-01 14:17:20 PST
Created attachment 225565 [details] PoC In a 16GB ram machine, it will use up to 13GB. I haven't tested in a 8GB or 6GB machine, maybe it will crash?
Dirk Schulze
Comment 3 2014-10-28 10:34:08 PDT
Adding thorten. Not sure if it is an CG issue or an actual issue in WebCore yet.
Radar WebKit Bug Importer
Comment 4 2014-10-28 11:34:15 PDT
<rdar://problem/18799216>
Said Abou-Hallawa
Comment 5 2015-04-13 12:14:07 PDT
Yes the svg is 6 lines of script but its height="18446744073709551697". Chrome does not have any problem rendering this SVG. But FireFox does have similar problem rendering this SVG.
Said Abou-Hallawa
Comment 6 2015-04-15 09:23:45 PDT
This is the simplest reduction I could get to repro this bug: <svg xmlns="http://www.w3.org/2000/svg"> <line stroke-dasharray="10,10" x1="0" y1="100" x2="1000000000" y2="0" style="stroke:black;stroke-width:2"/> </svg> Without the stroke-dash-array in the <line> tag, the memory usage is normal and the bug does not happen. With shorter line, the bug also does not happen.
Said Abou-Hallawa
Comment 7 2015-04-15 11:06:14 PDT
This bug happens because of a CG bug. <rdar://problem/20554955> tracks this issue. Nothing needs to be done in WebKit to resolve this issue. But this bug has to stay open till the CG bug is fixed.
Ahmad Saleem
Comment 8 2022-10-16 12:33:11 PDT
(In reply to Said Abou-Hallawa from comment #7) > This bug happens because of a CG bug. <rdar://problem/20554955> tracks this > issue. Nothing needs to be done in WebKit to resolve this issue. But this > bug has to stay open till the CG bug is fixed. This test case is still slow in Safari 16 and Safari Technology Preview 155 and should we mark this as "RESOLVED MOVED" since there is nothing to fixed in Webkit and usually we tag CG issue as "RESOLVED MOVED". Thanks!
Note You need to log in before you can comment on or make changes to this bug.