[Webkit-unassigned] [Bug 18282] WebKit crashes with deeply nested divs

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Apr 24 11:19:42 PDT 2010


--- Comment #51 from TAMURA, Kent <tkent at chromium.org>  2010-04-24 11:19:39 PST ---
(In reply to comment #47)
> I don't think this value should go in config.h. It should go in a header file
> included only by XMLTokenizer.cpp and HTMLParser.cpp. We don't want this to
> have any effect on the rest of the source code. We could add a new source file
> called TreeDepthLimit.h in the dom directory.

ok, I introduced dom/TreeDepthLimit.h.

> I think that m_nodeDepth is a strange name; is it really the depth of a node?

Changed it to m_treeDepth.

> The patch is risky. If we find that in some cases the node depth gets off, then
> we could either underflow to 0 or slowly creep up to the maximum depth and
> break parsing. So we need to make sure we are testing all the parsing code
> paths. It would help to have an assertion that the depth is back to zero once
> parsing is done. Running the regression tests with such an assert in place
> could help us catch any mismatches that otherwise would be silent.

I added an ASSERT().

> Besides that, I think we need to do some performance testing, but otherwise,
> this patch looks good to me.

Dromaeo innerHTMl test results:
Without this patch:
  innerHTML: 108.85runs/s ±0.36%
With this patch:
  innerHTML: 110.76runs/s ±0.39%

It seems no performance regression in this test.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list