[Webkit-unassigned] [Bug 18282] WebKit crashes with deeply nested divs
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 24 11:19:42 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=18282
--- Comment #51 from TAMURA, Kent <tkent at chromium.org> 2010-04-24 11:19:39 PST ---
(In reply to comment #47)
> I don't think this value should go in config.h. It should go in a header file
> included only by XMLTokenizer.cpp and HTMLParser.cpp. We don't want this to
> have any effect on the rest of the source code. We could add a new source file
> called TreeDepthLimit.h in the dom directory.
ok, I introduced dom/TreeDepthLimit.h.
> I think that m_nodeDepth is a strange name; is it really the depth of a node?
Changed it to m_treeDepth.
> The patch is risky. If we find that in some cases the node depth gets off, then
> we could either underflow to 0 or slowly creep up to the maximum depth and
> break parsing. So we need to make sure we are testing all the parsing code
> paths. It would help to have an assertion that the depth is back to zero once
> parsing is done. Running the regression tests with such an assert in place
> could help us catch any mismatches that otherwise would be silent.
I added an ASSERT().
> Besides that, I think we need to do some performance testing, but otherwise,
> this patch looks good to me.
Dromaeo innerHTMl test results:
Without this patch:
innerHTML: 108.85runs/s ±0.36%
With this patch:
innerHTML: 110.76runs/s ±0.39%
It seems no performance regression in this test.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list