[Webkit-unassigned] [Bug 18282] WebKit crashes with deeply nested divs
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 15 19:23:37 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=18282
--- Comment #22 from TAMURA, Kent <tkent at chromium.org> 2010-03-15 19:23:37 PST ---
(In reply to comment #21)
> (From update of attachment 50688 [details])
> Does Chromium want this?
Yes. I'll enable DOMTREE_PARSING_MAXDEPTH.
>
> Aren't ports going to want to control MAX_DOM_TREE_DEPTH? I guess they can
> already by setting both ENABLE and MAX_DOM_TREE_DEPTH.
Do you mean no configure.ac change for MAX_DOM_TREE_DEPTH?
> Are you sure this is the order you want?
> +#if ENABLE(DOMTREE_PARSING_MAXDEPTH)
> + if (m_nodeDepth > MAX_DOM_TREE_DEPTH)
> + return;
> +#endif
> exitText();
Yes. In parseStartElement(). the check should be put after exitText(), and the
check should be put before exitText(). It's because exitText() in
parseStartElement() is for text *before* the start tag.
> + handleError(nonFatal, "Too deep tree.", lineNumber(), columnNumber());
>
> "DOM tree is too deep" would be more clear to my eyes. What sort of message
> does FireFox provide here? I'm pretty sure they have a limit.
Ok, I'll update the message.
Firefox has a limit for HTML DOM:
https://hg.mozilla.org/mozilla-central/file/050887c64183/parser/htmlparser/src/nsHTMLTokenizer.cpp#l382
but it doesn't show any message like WebKit doesn't for HTML.
I couldn't find a limit for XML parsing in Firefox.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list