Issue 120078

Summary:

When opening a docx file, there is a lot of leaks on property strings stored in OOXMLPropertySetImpl

Product:

Writer

Reporter:

zhang jianfang <zhangjf>

Component:

open-import

Assignee:

zhang jianfang <zhangjf>

Status:

CLOSED FIXED

QA Contact:

Severity:

Major

Priority:

Version:

3.4.0

Target Milestone:

4.0.0

Hardware:

All

OS:

All

Issue Type:

DEFECT

Latest Confirmation in:

---

Developer Difficulty:

---

Issue Depends on:

Issue Blocks:

120975, 121359, 121372

Attachments:

Description	Flags
patch for file writerfilter/inc/resourcemodel/WW8ResourceModel.hxx	none

Description zhang jianfang 2012-06-25 07:59:15 UTC

The call stack of the allocating of the leaked objects,

ntdll!RtlUlonglongByteSwap+00000B52
MSVCR90!malloc+00000079
MSVCR90!operator new+0000001F
writerfilter!writerfilter::ooxml::OOXMLFastContextHandlerProperties::OOXMLFastContextHandlerProperties+0000005F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 1255)
writerfilter!writerfilter::ooxml::OOXMLFastHelper<writerfilter::ooxml::OOXMLFastContextHandlerProperties>::createAndSetParentAndDefine+00000052 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfasthelper.hxx, 117)
writerfilter!writerfilter::ooxml::OOXMLFactory::createFastChildContextFromFactory+0000020B (e:\aooblds\builds\r1352383\writerfilter\wntmsci12.pro\misc\ooxmlfactory_generated.cxx, 85)
writerfilter!writerfilter::ooxml::OOXMLFactory::createFastChildContext+000000DE (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 273)
writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::lcl_createFastChildContext+00000067 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 291)
writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::createFastChildContext+0000004C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 276)
fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00000F57 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 819)
	fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118)
	fastsax.uno!XML_Parse+0000236F
	fastsax.uno!XML_Parse+000028B4
	fastsax.uno!XML_ParseBuffer+00000058
	fastsax.uno!XML_Parse+000000EF
	fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646)
	fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476)
	writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343)
	writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120)
	sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448)
	sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738)
	sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877)
	sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607)
	fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201)
	fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429)
	fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203)
	fwk!framework::Desktop::loadComponentFromURL+000000E9 (e:\aooblds\builds\r1352383\framework\source\services\desktop.cxx, 655)
	
	
		sal3!rtl_allocateMemory+0000000D (e:\aooblds\builds\r1352383\sal\rtl\source\alloc_global.c, 301)
	sal3!rtl_uString_ImplAlloc+0000001C (e:\aooblds\builds\r1352383\sal\rtl\source\strtmpl.c, 945)
	sal3!rtl_string2UString_status+0000016E (e:\aooblds\builds\r1352383\sal\rtl\source\ustring.c, 615)
	sal3!rtl_string2UString+0000001F (e:\aooblds\builds\r1352383\sal\rtl\source\ustring.c, 725)
	sax!rtl::OStringToOUString+00000065 (e:\aooblds\builds\r1352383\solver\350\wntmsci12.pro\inc\rtl\ustring.hxx, 1503)
	sax!sax_fastparser::FastAttributeList::getValue+000000DC (e:\aooblds\builds\r1352383\sax\source\tools\fastattribs.cxx, 128)
	writerfilter!writerfilter::ooxml::OOXMLFactory::attributes+000003FE (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 175)
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::attributes+0000005C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 363)
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::startFastElement+00000018 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 200)
	fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00001180 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 827)
	fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118)
	fastsax.uno!XML_Parse+0000236F
	fastsax.uno!XML_Parse+000028B4
	fastsax.uno!XML_ParseBuffer+00000058
	fastsax.uno!XML_Parse+000000EF
	fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646)
	fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476)
	writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343)
	writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120)
	sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448)
	sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738)
	sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877)
	sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607)
	fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201)
	fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429)
	fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203)


	MSVCR90!operator new+0000001F
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandlerProperties::newProperty+00000042 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 1304)
	writerfilter!writerfilter::ooxml::OOXMLFastHelper<writerfilter::ooxml::OOXMLIntegerValue>::newProperty+00000102 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfasthelper.hxx, 199)
	writerfilter!writerfilter::ooxml::OOXMLFactory::attributes+000005ED (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 190)
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::attributes+0000005C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 363)
	writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::startFastElement+00000018 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 200)
	fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00001180 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 827)
	fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118)
	fastsax.uno!XML_Parse+0000236F
	fastsax.uno!XML_Parse+000028B4
	fastsax.uno!XML_ParseBuffer+00000058
	fastsax.uno!XML_Parse+000000EF
	fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646)
	fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476)
	writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343)
	writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120)
	sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448)
	sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738)
	sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877)
	sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607)
	fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201)
	fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429)
	fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203)
	fwk!framework::Desktop::loadComponentFromURL+000000E9 (e:\aooblds\builds\r1352383\framework\source\services\desktop.cxx, 655)
	
	......

Comment 1 zhang jianfang 2012-06-25 08:30:39 UTC

The cause  is quite tricky,

below explains why so many string objects get leaks,
  1. In OOXMLFastContextHandlerProperties contructor it allocates OOXMLPropertySetImpl objects. Many OOXMLPropertyImpl contains OOXMLValue (Int, Object, Property...) then can be added into it by calling OOXMLPropertySetImpl::add() API. 
  2. The created OOXMLPropertyImpl object will be put into OOXMLFastContextHandlerProperties parent's OOXMLPropertySet by api OOXMLFastContextHandler::sendPropertiesToParent(). So OOXMLPropertySetImpl objects are orgnized in a reference tree.  Once the root node leaks, all the tree node leak too.


While the leak code point is far from where the leaked object created,
    
  void SettingsTable::lcl_sprm(Sprm& rSprm)
{
    sal_uInt32 nSprmId = rSprm.getId();
            
    Value::Pointer_t pValue = rSprm.getValue();    // here increase the ref count
    sal_Int32 nIntValue = pValue->getInt();
    (void)nIntValue;
    rtl::OUString sStringValue = pValue->getString();
...
}

it calls,

Value::Pointer_t OOXMLPropertyImpl::getValue()
{
    Value::Pointer_t pResult;

    if (mpValue.get() != NULL)
        pResult = Value::Pointer_t(mpValue->clone());   // mpValue may refer to a lot of OOXMLPropertySetImpl and other objects.
    else
        pResult = Value::Pointer_t(new OOXMLValue());

    return pResult;
}

The direct cause of the memory leak is auto_ptr pValue in api SettingsTable::lcl_sprm() can not be released correctly. If you look deeper further, You will find the Value abstraction doesn't have a vitual destructor API. It means all it's subclass can not be freed correctly with the auto_ptr.

Comment 2 zhang jianfang 2012-06-25 13:55:28 UTC

Created attachment 78465 [details]
patch for file writerfilter/inc/resourcemodel/WW8ResourceModel.hxx

Add virtual destructor for classes  Properties, Table, BinaryObj, Stream, Value and Sprm, so all shared_ptr, auto_ptr, reference<> to these classes can call correct sub-class destructors.

Comment 3 zhang jianfang 2012-06-26 02:02:28 UTC

Comment on attachment 78465 [details]
patch for file writerfilter/inc/resourcemodel/WW8ResourceModel.hxx

Call for review.

Comment 4 zhang jianfang 2012-07-03 01:36:37 UTC

Committed to trunk by revision r1356537.

Comment 5 Yan Ji 2012-11-30 06:02:38 UTC

In last SVT(r1400866) there is no memory leak, close this defect.