Apache OpenOffice (AOO) Bugzilla – Issue 120078
When opening a docx file, there is a lot of leaks on property strings stored in OOXMLPropertySetImpl
Last modified: 2013-07-12 12:06:44 UTC
The call stack of the allocating of the leaked objects, ntdll!RtlUlonglongByteSwap+00000B52 MSVCR90!malloc+00000079 MSVCR90!operator new+0000001F writerfilter!writerfilter::ooxml::OOXMLFastContextHandlerProperties::OOXMLFastContextHandlerProperties+0000005F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 1255) writerfilter!writerfilter::ooxml::OOXMLFastHelper<writerfilter::ooxml::OOXMLFastContextHandlerProperties>::createAndSetParentAndDefine+00000052 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfasthelper.hxx, 117) writerfilter!writerfilter::ooxml::OOXMLFactory::createFastChildContextFromFactory+0000020B (e:\aooblds\builds\r1352383\writerfilter\wntmsci12.pro\misc\ooxmlfactory_generated.cxx, 85) writerfilter!writerfilter::ooxml::OOXMLFactory::createFastChildContext+000000DE (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 273) writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::lcl_createFastChildContext+00000067 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 291) writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::createFastChildContext+0000004C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 276) fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00000F57 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 819) fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118) fastsax.uno!XML_Parse+0000236F fastsax.uno!XML_Parse+000028B4 fastsax.uno!XML_ParseBuffer+00000058 fastsax.uno!XML_Parse+000000EF fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646) fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476) writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343) writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120) sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448) sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738) sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877) sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607) fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201) fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429) fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203) fwk!framework::Desktop::loadComponentFromURL+000000E9 (e:\aooblds\builds\r1352383\framework\source\services\desktop.cxx, 655) sal3!rtl_allocateMemory+0000000D (e:\aooblds\builds\r1352383\sal\rtl\source\alloc_global.c, 301) sal3!rtl_uString_ImplAlloc+0000001C (e:\aooblds\builds\r1352383\sal\rtl\source\strtmpl.c, 945) sal3!rtl_string2UString_status+0000016E (e:\aooblds\builds\r1352383\sal\rtl\source\ustring.c, 615) sal3!rtl_string2UString+0000001F (e:\aooblds\builds\r1352383\sal\rtl\source\ustring.c, 725) sax!rtl::OStringToOUString+00000065 (e:\aooblds\builds\r1352383\solver\350\wntmsci12.pro\inc\rtl\ustring.hxx, 1503) sax!sax_fastparser::FastAttributeList::getValue+000000DC (e:\aooblds\builds\r1352383\sax\source\tools\fastattribs.cxx, 128) writerfilter!writerfilter::ooxml::OOXMLFactory::attributes+000003FE (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 175) writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::attributes+0000005C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 363) writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::startFastElement+00000018 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 200) fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00001180 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 827) fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118) fastsax.uno!XML_Parse+0000236F fastsax.uno!XML_Parse+000028B4 fastsax.uno!XML_ParseBuffer+00000058 fastsax.uno!XML_Parse+000000EF fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646) fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476) writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343) writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120) sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448) sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738) sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877) sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607) fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201) fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429) fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203) MSVCR90!operator new+0000001F writerfilter!writerfilter::ooxml::OOXMLFastContextHandlerProperties::newProperty+00000042 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 1304) writerfilter!writerfilter::ooxml::OOXMLFastHelper<writerfilter::ooxml::OOXMLIntegerValue>::newProperty+00000102 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfasthelper.hxx, 199) writerfilter!writerfilter::ooxml::OOXMLFactory::attributes+000005ED (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfactory.cxx, 190) writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::attributes+0000005C (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 363) writerfilter!writerfilter::ooxml::OOXMLFastContextHandler::startFastElement+00000018 (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmlfastcontexthandler.cxx, 200) fastsax.uno!sax_fastparser::FastSaxParser::callbackStartElement+00001180 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 827) fastsax.uno!call_callbackStartElement+0000001A (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 118) fastsax.uno!XML_Parse+0000236F fastsax.uno!XML_Parse+000028B4 fastsax.uno!XML_ParseBuffer+00000058 fastsax.uno!XML_Parse+000000EF fastsax.uno!sax_fastparser::FastSaxParser::parse+000000C2 (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 646) fastsax.uno!sax_fastparser::FastSaxParser::parseStream+000004FE (e:\aooblds\builds\r1352383\sax\source\fastparser\fastparser.cxx, 476) writerfilter!writerfilter::ooxml::OOXMLDocumentImpl::resolve+0000033F (e:\aooblds\builds\r1352383\writerfilter\source\ooxml\ooxmldocumentimpl.cxx, 343) writerfilter!WriterFilter::filter+00000B73 (e:\aooblds\builds\r1352383\writerfilter\source\filter\importfilter.cxx, 120) sfx!SfxObjectShell::ImportFrom+00000899 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 2448) sfx!SfxObjectShell::DoLoad+00000BF5 (e:\aooblds\builds\r1352383\sfx2\source\doc\objstor.cxx, 738) sfx!SfxBaseModel::load+00000299 (e:\aooblds\builds\r1352383\sfx2\source\doc\sfxbasemodel.cxx, 1877) sfx!SfxFrameLoader_Impl::load+000006E0 (e:\aooblds\builds\r1352383\sfx2\source\view\frmload.cxx, 607) fwk!framework::LoadEnv::impl_loadContent+00000A71 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 1201) fwk!framework::LoadEnv::startLoading+000000F2 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 429) fwk!framework::LoadEnv::loadComponentFromURL+000000C6 (e:\aooblds\builds\r1352383\framework\source\loadenv\loadenv.cxx, 203) fwk!framework::Desktop::loadComponentFromURL+000000E9 (e:\aooblds\builds\r1352383\framework\source\services\desktop.cxx, 655) ......
The cause is quite tricky, below explains why so many string objects get leaks, 1. In OOXMLFastContextHandlerProperties contructor it allocates OOXMLPropertySetImpl objects. Many OOXMLPropertyImpl contains OOXMLValue (Int, Object, Property...) then can be added into it by calling OOXMLPropertySetImpl::add() API. 2. The created OOXMLPropertyImpl object will be put into OOXMLFastContextHandlerProperties parent's OOXMLPropertySet by api OOXMLFastContextHandler::sendPropertiesToParent(). So OOXMLPropertySetImpl objects are orgnized in a reference tree. Once the root node leaks, all the tree node leak too. While the leak code point is far from where the leaked object created, void SettingsTable::lcl_sprm(Sprm& rSprm) { sal_uInt32 nSprmId = rSprm.getId(); Value::Pointer_t pValue = rSprm.getValue(); // here increase the ref count sal_Int32 nIntValue = pValue->getInt(); (void)nIntValue; rtl::OUString sStringValue = pValue->getString(); ... } it calls, Value::Pointer_t OOXMLPropertyImpl::getValue() { Value::Pointer_t pResult; if (mpValue.get() != NULL) pResult = Value::Pointer_t(mpValue->clone()); // mpValue may refer to a lot of OOXMLPropertySetImpl and other objects. else pResult = Value::Pointer_t(new OOXMLValue()); return pResult; } The direct cause of the memory leak is auto_ptr pValue in api SettingsTable::lcl_sprm() can not be released correctly. If you look deeper further, You will find the Value abstraction doesn't have a vitual destructor API. It means all it's subclass can not be freed correctly with the auto_ptr.
Created attachment 78465 [details] patch for file writerfilter/inc/resourcemodel/WW8ResourceModel.hxx Add virtual destructor for classes Properties, Table, BinaryObj, Stream, Value and Sprm, so all shared_ptr, auto_ptr, reference<> to these classes can call correct sub-class destructors.
Comment on attachment 78465 [details] patch for file writerfilter/inc/resourcemodel/WW8ResourceModel.hxx Call for review.
Committed to trunk by revision r1356537.
In last SVT(r1400866) there is no memory leak, close this defect.