From c48089977dc4d2a63d37e6668382c10b42e22a72 Mon Sep 17 00:00:00 2001 From: dsinclair Date: Mon, 19 Sep 2016 08:37:10 -0700 Subject: Revert of Pdfium: Fix fonts leaking on ClosePage. (patchset #10 id:180001 of https://codereview.chromium.org/2158023002/ ) Reason for revert: Causes heap-use-after-free. See crbug.com/647612. Original issue's description: > Fix memory leaking on ClosePage. > CFX_FontCache refactoring: > after this CL: Only one global CFX_FontCache used. Any cached items from it, are released, when its are not used. > > BUG=79367,48791 > > The fonts was not cleared after unloading pages. > > Test pdf: > > http://www.nasa.gov/pdf/750614main_NASA_FY_2014_Budget_Estimates-508.pdf > > For this file, we have ~5 fonts per page, which equal ~1 Mb per page. > In this PDF we have 670 pages, as result after slow scrolling(reading) full document we have ~600 Mb fonts data in memory. > > memory usage of PDF Plugin: > before this CL: ~660 Mb > after this CL: ~100 Mb > > Committed: https://pdfium.googlesource.com/pdfium/+/cde5101eb15b24519e89fa500fe37038bc8e2201 TBR=tsepez@chromium.org,brucedawson@chromium.org,npm@chromium.org,art-snake@yandex-team.ru # Not skipping CQ checks because original CL landed more than 1 days ago. BUG=79367,48791 Review-Url: https://codereview.chromium.org/2350763002 --- core/fxge/ge/cfx_fontcache.cpp | 53 +++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 19 deletions(-) (limited to 'core/fxge/ge/cfx_fontcache.cpp') diff --git a/core/fxge/ge/cfx_fontcache.cpp b/core/fxge/ge/cfx_fontcache.cpp index acae018c83..3ecd83c33f 100644 --- a/core/fxge/ge/cfx_fontcache.cpp +++ b/core/fxge/ge/cfx_fontcache.cpp @@ -10,43 +10,38 @@ #include "core/fxge/include/fx_font.h" #include "core/fxge/include/fx_freetype.h" -CFX_FontCache::CountedFaceCache::CountedFaceCache() {} - -CFX_FontCache::CountedFaceCache::~CountedFaceCache() {} - CFX_FontCache::CFX_FontCache() {} CFX_FontCache::~CFX_FontCache() { - ASSERT(m_ExtFaceMap.empty()); - ASSERT(m_FTFaceMap.empty()); + FreeCache(TRUE); } -CFX_FaceCache* CFX_FontCache::GetCachedFace(const CFX_Font* pFont) { +CFX_FaceCache* CFX_FontCache::GetCachedFace(CFX_Font* pFont) { FXFT_Face face = pFont->GetFace(); const bool bExternal = !face; CFX_FTCacheMap& map = bExternal ? m_ExtFaceMap : m_FTFaceMap; auto it = map.find(face); if (it != map.end()) { - CountedFaceCache* counted_face_cache = it->second.get(); + CFX_CountedFaceCache* counted_face_cache = it->second; counted_face_cache->m_nCount++; - return counted_face_cache->m_Obj.get(); + return counted_face_cache->m_Obj; } - std::unique_ptr counted_face_cache(new CountedFaceCache); - counted_face_cache->m_nCount = 2; CFX_FaceCache* face_cache = new CFX_FaceCache(bExternal ? nullptr : face); - counted_face_cache->m_Obj.reset(face_cache); - map[face] = std::move(counted_face_cache); + CFX_CountedFaceCache* counted_face_cache = new CFX_CountedFaceCache; + counted_face_cache->m_nCount = 2; + counted_face_cache->m_Obj = face_cache; + map[face] = counted_face_cache; return face_cache; } #ifdef _SKIA_SUPPORT_ -CFX_TypeFace* CFX_FontCache::GetDeviceCache(const CFX_Font* pFont) { +CFX_TypeFace* CFX_FontCache::GetDeviceCache(CFX_Font* pFont) { return GetCachedFace(pFont)->GetDeviceCache(pFont); } #endif -void CFX_FontCache::ReleaseCachedFace(const CFX_Font* pFont) { +void CFX_FontCache::ReleaseCachedFace(CFX_Font* pFont) { FXFT_Face face = pFont->GetFace(); const bool bExternal = !face; CFX_FTCacheMap& map = bExternal ? m_ExtFaceMap : m_FTFaceMap; @@ -55,10 +50,30 @@ void CFX_FontCache::ReleaseCachedFace(const CFX_Font* pFont) { if (it == map.end()) return; - CountedFaceCache* counted_face_cache = it->second.get(); - if (counted_face_cache->m_nCount > 2) { + CFX_CountedFaceCache* counted_face_cache = it->second; + if (counted_face_cache->m_nCount > 1) { counted_face_cache->m_nCount--; - } else { - map.erase(it); + } +} + +void CFX_FontCache::FreeCache(FX_BOOL bRelease) { + for (auto it = m_FTFaceMap.begin(); it != m_FTFaceMap.end();) { + auto curr_it = it++; + CFX_CountedFaceCache* cache = curr_it->second; + if (bRelease || cache->m_nCount < 2) { + delete cache->m_Obj; + delete cache; + m_FTFaceMap.erase(curr_it); + } + } + + for (auto it = m_ExtFaceMap.begin(); it != m_ExtFaceMap.end();) { + auto curr_it = it++; + CFX_CountedFaceCache* cache = curr_it->second; + if (bRelease || cache->m_nCount < 2) { + delete cache->m_Obj; + delete cache; + m_ExtFaceMap.erase(curr_it); + } } } -- cgit v1.2.3