[Webkit-unassigned] [Bug 18282] WebKit crashes with deeply nested divs

Wed Apr 7 23:55:18 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=18282

--- Comment #42 from TAMURA, Kent <tkent at chromium.org>  2010-04-07 23:55:17 PST ---
I have no idea of a complete and efficient algorithm to solve this problem in
DOM operations.
So I focus on the parser solution though it can't solve this problem
completely.

(In reply to comment #30)
> (From update of attachment 51008 [details])
> 4) MAX_DOM_TREE_DEPTH should be defined as a const size_t rather than a
> preprocessor macro.

I added "size_t maxDomTreeDepth" in config.h.
I kept MAX_DOM_TREE_DEPTH to change this value by a compiler
flag, and I didn't wrap it with "namespace WebCobre" because
config.h is used for .c too.

> 5) 4096 seems like a fairly low limit. Is that the best we can do?

As I wrote in another comment, it's very high.
I counted the maximum depth of Gmail message view.  It's about 35 + <tree depth
in an HTML message>.

However, I changed the default to 5000 because the existing block
depth cap doesn't work if MAX_DOM_TREE_DEPTH is <= 4096.

> 6) cMaxBlockDepth shouldn't be defined as MAX_DOM_TREE_DEPTH; the fact that
> it's the same constant is a coincidence, not fundamental.

Fixed.

> 7) In the parser, it looks to me like you repurposed m_blocksInStack to be a
> count of total nesting level, rather than block nesting level. That seems
> dubious to me for a couple of reasons: 

I added another depth counter. So this issue was resolved.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.