[webkit-reviews] review denied: [Bug 41129] CSSSelector: Avoid chaining tagHistory of CSSSelector, which causes stack overflow. : [Attachment 60092] fix-crash-by-settting-limit-selectors-chaining-2-fix-typo
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 13 02:40:11 PDT 2010
Shinichiro Hamaji <hamaji at chromium.org> has denied Hayato Ito
<hayato at chromium.org>'s request for review:
Bug 41129: CSSSelector: Avoid chaining tagHistory of CSSSelector, which causes
stack overflow.
https://bugs.webkit.org/show_bug.cgi?id=41129
Attachment 60092: fix-crash-by-settting-limit-selectors-chaining-2-fix-typo
https://bugs.webkit.org/attachment.cgi?id=60092&action=review
------- Additional Comments from Shinichiro Hamaji <hamaji at chromium.org>
WebCore/css/CSSParser.h:172
+ CSSSelector* connectFloatingSelector(CSSSelector* ownerSelector,
CSSSelector* sinkingSelector, CSSSelector::Relation);
Do we need to return a value?
WebCore/css/CSSParser.cpp:185
+ deleteAllKeys(m_floatingSelectors);
I'm not sure, but now it seems we don't sink floating selectors, so all
selectors will be deleted when a parser is destructed?
More information about the webkit-reviews
mailing list