I think I may have found the leak. We create an ImageResource for the static image, and save it as the m_image Member of StyleFetchedImage but the destructor for the ImageResource is never called. The member pointer to it is cleared in StyleFetchedImage::dispose though.

I have a fix for the first leak of the SecurityOrigin object, but it is concerning that we don't seem to be freeing the RefPtr's held by the Resource when removing it: https://codereview.chromium.org/2278723002. I'd assume this means that we'd need to clear out the rest of its RefPtr's to ensure anything held onto is cleaned up.

The second leak looks like the same cause. It's from the HashMap held onto by the Resource's ResourceRequest's HTTPHeaderMap.

The third and fourth are from the observer list, finished observer list and clients list leaking on the ImageResource/Resource object.

We really need to properly delete the Resource object when it's removed.

Looks like we just need to call memoryCache()->evictResources() when we're doing the RenderingTest TearDown so that these resources are freed. CL is updated: https://codereview.chromium.org/2278723002

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c90a6ca1d464e103448621a244ebb93e1f7d440c

commit c90a6ca1d464e103448621a244ebb93e1f7d440c
Author: flackr <flackr@chromium.org>
Date: Fri Aug 26 12:33:45 2016

Evict resources from memory cache after running rendering test.

BUG= 640344 
TEST=Manual steps in bug.

Review-Url: https://codereview.chromium.org/2278723002
Cr-Commit-Position: refs/heads/master@{#414691}

[modify] https://crrev.com/c90a6ca1d464e103448621a244ebb93e1f7d440c/third_party/WebKit/Source/core/layout/LayoutTestHelper.cpp