[Webkit-unassigned] [Bug 8760] crash (hang?) on subtlegradient.com article page
bugzilla-daemon at opendarwin.org
bugzilla-daemon at opendarwin.org
Sun May 7 15:15:44 PDT 2006
http://bugzilla.opendarwin.org/show_bug.cgi?id=8760
opendarwin.org at mitzpettel.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |opendarwin.org at mitzpettel.co
| |m
------- Comment #3 from opendarwin.org at mitzpettel.com 2006-05-07 15:15 PDT -------
The page caused Safari to loop infinitely in RenderStyle::getPseudoStyle with
ps->pseudoStyle==ps. While trying to get down to the root cause I've discovered
a few problems:
1. RenderStyle::getPseudoStyle will never break out of the while loop since it
checks
if (styleType() == pid)
instead of
if (ps->styleType() == pid)
2. As a result of the above, RenderObject::getPseudoStyle will always call
addPseudoStyle(), making for long redundant pseudo style lists.
3. In the special case of FIRST_LINE_INHERITED, since
RenderObject::getPseudoStyle calls createStyleForElement(), it should set the
styleType on the result before adding it.
4. Also in that case, if the style sheet hasn't loaded yet,
createStyleForElement() will return the shared styleNotYetAvailable (even
though the caller doesn't allow sharing). Combined with the 1-3 above, this
will result in the styleNotYetAvailable shared style being added twice in a row
to the same style, creating the cycle and thus the hang.
I started working on a fix, but fixing 1 appears to expose more serious
problems which I still need to investigate.
--
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list