[Webkit-unassigned] [Bug 15760] New: Crash with ridiculous number of classes on an element
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 30 01:00:37 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=15760
Summary: Crash with ridiculous number of classes on an element
Product: WebKit
Version: 523.x+ (nightly)
Platform: Macintosh
URL: http://dscoder.com/crazyclasstest.html
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: catfish.man at gmail.com
The destructor for AtomicStringList is recursive, and can run out of stack
space when the number of classes is too high. Load the test url, then close the
window or reload to trigger the crash. The testcase is currently 14MB; I
haven't yet determined what the cutoff point where it stops crashing is.
A reasonable solution (which I hope to find time to try) would be to make
AtomicStringList be Vector based instead of a linked list.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list