[Webkit-unassigned] [Bug 27748] New: crash w/ stack overflow when same CSS file loaded repeatedly
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 27 18:10:52 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27748
Summary: crash w/ stack overflow when same CSS file loaded
repeatedly
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P2
Component: CSS
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: dpranke at chromium.org
originally reported as chromium bug #16755: https://crbug.com/16755
in CSSStyleSelector.h, ~CSSRuleData() deletes the next pointer in the linked
list before itself, causing a frame to be stuffed onto the stack for every
member of the list. For really long lists, this can cause a stack overflow.
Example (in the wild): http://www.jordanzad.com/jordan/index.php
This web page appears to load the same CSS file over and over again (probably
due to a buggy code generator).
The easiest fix is to change CSSRuleDataSet to delete the list iteratively.
This fixes the size of the stack at one frame.
I have a simpler version as a test case that I will upload momentarily. I am
currently playing around with it a bit to understand when CSSRuleData()
elements are created, and when CSSRuleDataSets() are created, to see if there
are better ways to handle this long-term.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list