Ubuntu
firefox-3.0 package

[Firefox] possible memory leak when displaying large svg files

Bug #380318 reported by stop on 2009-05-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mozilla Firefox	Invalid	High	mozilla-bugs #495394
	firefox-3.0 (Ubuntu)	Won't Fix	Undecided	Unassigned

Bug Description

Binary package hint: firefox-3.0
Ubuntu 9.04

Firefox starts eating memory when attempting to display an svg. As an example check this page:
http://en.wikipedia.org/wiki/File:Sun_and_VY_Canis_Majoris.svg. The page itself won't cause this error but clicking the image will.

The bug is discussed and confirmed here:
http://ubuntuforums.org/showthread.php?p=7343813#post7343813

See original description

stop (whoopwhoop) on 2009-05-25

description:

updated

Revision history for this message

Mr. Blonde (mr.blonde) wrote on 2009-05-25:

I can confirm this, clicking on the link causes a memory leak. I'm using Ubuntu Jaunty.

Revision history for this message

Steffen Banhardt (steffenbanhardt) wrote on 2009-05-28:

firefox_crash7.8_ink.svg Edit (2.2 KiB, image/svg+xml)

Attached is a smaller example made from the original wikipedia svg, with all the stuff that is not responsible, removed.

The file contains a path, which is a large, closed circle, made with cubic bezier:

d="M 800,500 C 800,700 600,900 400,900 C 200,900 0,700 0,500 C 0,300 200,100 400,100 C 600,100 800,300 800,500 z "

This is enlarged by a matrix:

transform="matrix(20,0,0,20,-3000,-14000)"

The whole thing has a feGaussianBlur filter on itself with stdDeviation="3.2"

The graphic loads if *one* of these is done:

* filter removed
* shrinked the path (e.g. everpoint divided by 100)
* "smaller" matrix

It is quite interesting to see, that the svg (as also the original file from wikipedia) loads without any problem in a background tab - firefox freezes only, when the tab is opened.

Changed in firefox-3.0 (Ubuntu):
status:	New → Confirmed

Steffen Banhardt (steffenbanhardt) on 2009-05-28

summary:

- Firefox eats all memory when displaying svg
+ [Firefox] possible memory leak when displaying large svg files

Revision history for this message

In Mozilla Bugzilla #495394, Bugzilla-steffenbanhardt (bugzilla-steffenbanhardt) wrote on 2009-05-29:

User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10

This bug is frum Ubuntu's launchpad, see link:

Some svg files make Firefox consume up all memory and crash. One example is the svg linked at http://en.wikipedia.org/wiki/File:Sun_and_VY_Canis_Majoris.svg, I tried to find, what part of this svg is responsible for that behaviour, a sample file is attached.

The file contains a path, which is a large, closed circle, made with cubic bezier:

d="M 800,500 C 800,700 600,900 400,900 C 200,900 0,700 0,500 C 0,300 200,100 400,100 C 600,100 800,300 800,500 z "

This is enlarged by a matrix:

transform="matrix(20,0,0,20,-3000,-14000)"

The whole thing has a feGaussianBlur filter on itself with stdDeviation="3.2"

The graphic loads if *one* of these is done:

* filter removed
* shrinked the path (e.g. everpoint divided by 100)
* "smaller" matrix

It is quite interesting to see, that the svg (as also the original file from wikipedia) loads without any problem in a background tab - firefox freezes only, when the tab is opened.

Reproducible: Always

Steps to Reproduce:
1. Open file
Actual Results:
More and more memory is consumed, firefox crashes.

Expected Results:
Firefox shows the svg.

Revision history for this message

In Mozilla Bugzilla #495394, Bugzilla-steffenbanhardt (bugzilla-steffenbanhardt) wrote on 2009-05-29:

Created an attachment (id=380385)
simple svg that crahes

Bug Watch Updater (bug-watch-updater) on 2009-05-29

Changed in firefox:
status:	Unknown → New

Revision history for this message

In Mozilla Bugzilla #495394, longsonr (longsonr) wrote on 2009-05-29:

Works for me with a current trunk build, although I'm testing on Windows rather than Linux.

Does a current trunk build still crash for you? If so can you follow the steps in https://developer.mozilla.org/En/How_to_get_a_stacktrace_for_a_bug_report or http://kb.mozillazine.org/Getting_a_stacktrace_with_gdb to get a stack trace?

Revision history for this message

In Mozilla Bugzilla #495394, longsonr (longsonr) wrote on 2009-05-29:

Actually, never mind. 3.0.10 hangs on Windows too so some patch since then has fixed it.

Bug Watch Updater (bug-watch-updater) on 2009-05-30

Changed in firefox:
status:	New → Invalid

Revision history for this message

In Mozilla Bugzilla #495394, John Vivirito (gnomefreak) wrote on 2009-05-30:

This bug should not have been closed
Windows build is not the same as Linux
this bug is marked as a Linux bug not windows
Please reopen this bug

Revision history for this message

In Mozilla Bugzilla #495394, longsonr (longsonr) wrote on 2009-05-30:

The bug exists on Windows too on 3.0.x It does not exist on Windows with a current trunk build. Reopen it if you confirm that the current trunk still has a problem on Linux.

Revision history for this message

John Vivirito (gnomefreak) wrote on 2009-05-30:

#10

I have asked for the upstream bug report to be reopened as it was closed for wrong reason.

Revision history for this message

In Mozilla Bugzilla #495394, Bugzilla-steffenbanhardt (bugzilla-steffenbanhardt) wrote on 2009-06-23:

#11

Can't reproduce anymore with

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b4pre) Gecko/20090401 Ubuntu/9.04 (jaunty) Shiretoko/3.5b4pre

So it seems to be resolved and fixed

Revision history for this message

In Mozilla Bugzilla #495394, Matti-mversen (matti-mversen) wrote on 2009-06-23:

#12

no patch in the bug = not fixed

Revision history for this message

Steffen Banhardt (steffenbanhardt) wrote on 2009-06-23:

#13

I can't reproduce this anymore with

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b4pre) Gecko/20090401 Ubuntu/9.04 (jaunty) Shiretoko/3.5b4pre

and reported this upstream to.

Revision history for this message

stop (whoopwhoop) wrote on 2009-06-23:

#14

Well, it still happens here with a fully (default) updated jaunty 64 bit.

Revision history for this message

Steffen Banhardt (steffenbanhardt) wrote on 2009-06-23:

#15

yes, but not with the firefox 3.5 beta and the new gecko - you can try by installing firefox-3.5 from the repos, but this is not yet installed by default

Revision history for this message

Micah Gersten (micahg) wrote on 2009-12-11:

#16

Upstream has closed this bug as Won't Fix on Firefox 3. It is not an issue on Firefox 3.5 which is in both Jaunty and Karmic. Please report any other bugs you may find.