Issue 120078 - When opening a docx file, there is a lot of leaks on property strings stored in OOXMLPropertySetImpl
When opening a docx file, there is a lot of leaks on property strings stored ...
Status: CLOSED FIXED
Product: Writer
Classification: Application
Component: open-import
3.4.0
All All
: P3 major (vote)
: 4.0.0
Assigned To: zhang jianfang
:
Depends on:
Blocks: 120975 121372 121359
  Show dependency treegraph
 
Reported: 2012-06-25 07:59 UTC by zhang jianfang
Modified: 2013-07-12 12:06 UTC (History)
0 users

See Also:
Issue Type: DEFECT
Latest Confirmation on: ---
Developer Difficulty: ---


Attachments
patch for file writerfilter/inc/resourcemodel/WW8ResourceModel.hxx (1.30 KB, patch)
2012-06-25 13:55 UTC, zhang jianfang
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this issue.
Description zhang jianfang 2012-06-25 07:59:15 UTC
The call stack of the allocating of the leaked objects,

ntdll!RtlUlonglongByteSwap+00000B52
MSVCR90!malloc+00000079
MSVCR90!operator new+0000001F
writerfilter!writerfilter::ooxml::OOXMLFastContextHandlerProperties::OOXMLFastContextHandlerProperties+0000005F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 1255)
writerfilter!writerfilter::ooxml::OOXMLFastHelper<writerfilter::ooxml::OOXMLFastContextHandlerProperties>::createAndSetParentAndDefine+00000052 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfasthelper.hxx, 117)
writerfilter!writerfilter::ooxml::OOXMLFactory::createFastChildContextFromFactory+0000020B (e:\aooblds\builds\r1352383\writerfilter\wntmsci12.pro\misc\ooxmlfactory_generated.cxx, 85)
writerfilter!writerfilter::ooxml::OOXMLFactory::createFastChildContext+000000DE (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 273)
writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::lcl_createFastChildContext+00000067 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 291)
writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::createFastChildContext+0000004C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 276)
fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00000F57 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 819)
	fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118)
	fastsax.uno!XML_Parse+0000236F
	fastsax.uno!XML_Parse+000028B4
	fastsax.uno!XML_ParseBuffer+00000058
	fastsax.uno!XML_Parse+000000EF
	fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646)
	fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476)
	writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343)
	writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120)
	sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448)
	sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738)
	sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877)
	sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607)
	fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201)
	fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429)
	fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203)
	fwk!framework::Desktop::loadComponentFromURL+000000E9 (e:\aooblds\builds\r1352383\framework\source\services\desktop.cxx, 655)
	
	
		sal3!rtl_allocateMemory+0000000D (e:\aooblds\builds\r1352383\sal\rtl\source\alloc_global.c, 301)
	sal3!rtl_uString_ImplAlloc+0000001C (e:\aooblds\builds\r1352383\sal\rtl\source\strtmpl.c, 945)
	sal3!rtl_string2UString_status+0000016E (e:\aooblds\builds\r1352383\sal\rtl\source\ustring.c, 615)
	sal3!rtl_string2UString+0000001F (e:\aooblds\builds\r1352383\sal\rtl\source\ustring.c, 725)
	sax!rtl::OStringToOUString+00000065 (e:\aooblds\builds\r1352383\solver\350\wntmsci12.pro\inc\rtl\ustring.hxx, 1503)
	sax!sax_fastparser::FastAttributeList::getValue+000000DC (e:\aooblds\builds\r1352383\sax\source\tools\fastattribs.cxx, 128)
	writerfilter!writerfilter::ooxml::OOXMLFactory::attributes+000003FE (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 175)
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::attributes+0000005C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 363)
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::startFastElement+00000018 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 200)
	fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00001180 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 827)
	fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118)
	fastsax.uno!XML_Parse+0000236F
	fastsax.uno!XML_Parse+000028B4
	fastsax.uno!XML_ParseBuffer+00000058
	fastsax.uno!XML_Parse+000000EF
	fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646)
	fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476)
	writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343)
	writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120)
	sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448)
	sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738)
	sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877)
	sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607)
	fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201)
	fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429)
	fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203)


	MSVCR90!operator new+0000001F
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandlerProperties::newProperty+00000042 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 1304)
	writerfilter!writerfilter::ooxml::OOXMLFastHelper<writerfilter::ooxml::OOXMLIntegerValue>::newProperty+00000102 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfasthelper.hxx, 199)
	writerfilter!writerfilter::ooxml::OOXMLFactory::attributes+000005ED (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 190)
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::attributes+0000005C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 363)
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::startFastElement+00000018 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 200)
	fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00001180 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 827)
	fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118)
	fastsax.uno!XML_Parse+0000236F
	fastsax.uno!XML_Parse+000028B4
	fastsax.uno!XML_ParseBuffer+00000058
	fastsax.uno!XML_Parse+000000EF
	fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646)
	fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476)
	writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343)
	writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120)
	sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448)
	sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738)
	sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877)
	sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607)
	fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201)
	fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429)
	fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203)
	fwk!framework::Desktop::loadComponentFromURL+000000E9 (e:\aooblds\builds\r1352383\framework\source\services\desktop.cxx, 655)
	
	......
Comment 1 zhang jianfang 2012-06-25 08:30:39 UTC
The cause  is quite tricky,

below explains why so many string objects get leaks,
  1. In OOXMLFastContextHandlerProperties contructor it allocates OOXMLPropertySetImpl objects. Many OOXMLPropertyImpl contains OOXMLValue (Int, Object, Property...) then can be added into it by calling OOXMLPropertySetImpl::add() API. 
  2. The created OOXMLPropertyImpl object will be put into OOXMLFastContextHandlerProperties parent's OOXMLPropertySet by api OOXMLFastContextHandler::sendPropertiesToParent(). So OOXMLPropertySetImpl objects are orgnized in a reference tree.  Once the root node leaks, all the tree node leak too.


While the leak code point is far from where the leaked object created,
    
  void SettingsTable::lcl_sprm(Sprm& rSprm)
{
    sal_uInt32 nSprmId = rSprm.getId();
            
    Value::Pointer_t pValue = rSprm.getValue();    // here increase the ref count
    sal_Int32 nIntValue = pValue->getInt();
    (void)nIntValue;
    rtl::OUString sStringValue = pValue->getString();
...
}

it calls,

Value::Pointer_t OOXMLPropertyImpl::getValue()
{
    Value::Pointer_t pResult;

    if (mpValue.get() != NULL)
        pResult = Value::Pointer_t(mpValue->clone());   // mpValue may refer to a lot of OOXMLPropertySetImpl and other objects.
    else
        pResult = Value::Pointer_t(new OOXMLValue());

    return pResult;
}

The direct cause of the memory leak is auto_ptr pValue in api SettingsTable::lcl_sprm() can not be released correctly. If you look deeper further, You will find the Value abstraction doesn't have a vitual destructor API. It means all it's subclass can not be freed correctly with the auto_ptr.
Comment 2 zhang jianfang 2012-06-25 13:55:28 UTC
Created attachment 78465 [details]
patch for file writerfilter/inc/resourcemodel/WW8ResourceModel.hxx

Add virtual destructor for classes  Properties, Table, BinaryObj, Stream, Value and Sprm, so all shared_ptr, auto_ptr, reference<> to these classes can call correct sub-class destructors.
Comment 3 zhang jianfang 2012-06-26 02:02:28 UTC
Comment on attachment 78465 [details]
patch for file writerfilter/inc/resourcemodel/WW8ResourceModel.hxx

Call for review.
Comment 4 zhang jianfang 2012-07-03 01:36:37 UTC
Committed to trunk by revision r1356537.
Comment 5 Yan Ji 2012-11-30 06:02:38 UTC
In last SVT(r1400866) there is no memory leak, close this defect.