Bug 15760 - Crash with ridiculous number of classes on an element
Summary: Crash with ridiculous number of classes on an element
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Nobody
URL: http://dscoder.com/crazyclasstest.html
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-30 01:00 PDT by David Smith
Modified: 2007-12-14 14:36 PST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description David Smith 2007-10-30 01:00:37 PDT
The destructor for AtomicStringList is recursive, and can run out of stack space when the number of classes is too high. Load the test url, then close the window or reload to trigger the crash. The testcase is currently 14MB; I haven't yet determined what the cutoff point where it stops crashing is.

A reasonable solution (which I hope to find time to try) would be to make AtomicStringList be Vector based instead of a linked list.
Comment 1 Sam Weinig 2007-12-14 13:59:31 PST
This was probably fixed in r28722 which switched the data structure to use a Vector.  David, can you verify this.
Comment 2 David Smith 2007-12-14 14:36:16 PST
This is fixed as of r28722 :)