136399 2014-08-29 17:21:39 -0700 DOMTimer::m_nestingLevel is prone to overflow 2014-08-29 21:35:24 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 barraclough barraclough oldest_to_newest 1032301 0 barraclough 2014-08-29 17:21:39 -0700 Since this would happen after the 2 billionth timer fire this is unlikely, and consequences aren't severe (breaks throttling). 1032307 1 237395 barraclough 2014-08-29 17:41:18 -0700 Created attachment 237395 Fix 1032315 2 237395 ap 2014-08-29 18:02:28 -0700 Comment on attachment 237395 Fix Not related to this patch, but looks like we have a thread safety issue with nestingLevel and workers. 1032317 3 barraclough 2014-08-29 18:13:16 -0700 Transmitting file data .. Committed revision 173132. 1032338 4 barraclough 2014-08-29 21:35:24 -0700 (In reply to comment #2) > (From update of attachment 237395 [details]) > Not related to this patch, but looks like we have a thread safety issue with nestingLevel and workers. Good point! Fixed in: https://bugs.webkit.org/show_bug.cgi?id=136401 237395 2014-08-29 17:41:18 -0700 2014-08-29 18:02:25 -0700 Fix 136399.1.patch text/plain 4835 barraclough SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE3MzEzMSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDM4IEBACisyMDE0LTA4LTI5ICBHYXZpbiBC YXJyYWNsb3VnaCAgPGJhcnJhY2xvdWdoQGFwcGxlLmNvbT4KKworICAgICAgICBET01UaW1lcjo6 bV9uZXN0aW5nTGV2ZWwgaXMgcHJvbmUgdG8gb3ZlcmZsb3cKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEzNjM5OQorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFNpbmNlIHRoaXMgd291bGQgaGFwcGVuIGFmdGVy IHRoZSAyIGJpbGxpb250aCB0aW1lciBmaXJlIHRoaXMgaXMgdW5saWtlbHksCisgICAgICAgIGFu ZCBjb25zZXF1ZW5jZXMgYXJlbid0IHNldmVyZSAoYnJlYWtzIHRocm90dGxpbmcpLgorCisgICAg ICAgIFRoaXMgY2hhbmdlIGhhcyB0aGUgZm9sbG93aW5nIGNvbnNlcXVlbmNlcy4KKworICAgICAg ICAgICAgLSBtX25lc3RpbmdMZXZlbCBzYXR1cmF0ZXMgdG8gaXRzIG1heCB2YWx1ZS4KKyAgICAg ICAgICAgIC0gdW5uZXN0ZWQgdGltZXJzIGFyZSBpbmRpY2F0ZWQgYnkgYSBuZXN0aW5nIGxldmVs IG9mIDAuCisgICAgICAgICAgICAtIHJlcGVhdCB0aW1lcnMgdXBkYXRlIG1fbmVzdGluZ0xldmVs IG9uIGV2ZXJ5IGZpcmUsCisgICAgICAgICAgICAgIG5vdCBqdXN0IHRob3NlIHRoYXQgc2hvdWxk IGhhdmUgYmVlbiB0aHJvdHRsZWQuCisKKyAgICAgICAgVGhlIGxhc3QgcG9pbnQgaXMgc3VidGxl LCBidXQgdWx0aW1hdGVseSBzaG91bGQgYmUgaW5jb25zZXF1ZW50aWFsLiBUaW1lcnMKKyAgICAg ICAgd2hvc2UgcmVxdWVzdGVkIHRpbWVvdXQgaXMgbGVzcyB0aGF0IHRoZSBtaW5pbXVtIGludGVy dmFsIHdpbGwgc2F0dXJhdGUgcXVpY2tseQorICAgICAgICBhbnl3YXk7IHRpbWVycyB3aXRoIGFu IG9yaWdpbmFsIGludGVydmFsIGdyZWF0ZXIgdGhhbiB0aGUgbWluaW11bSBwcmV2aW91c2x5Cisg ICAgICAgIHdvdWxkbid0IGhhdmUgaW5jcmVtZW50ZWQgbV9uZXN0aW5nTGV2ZWwsIGJ1dCBkb2lu ZyBzbyBub3cgZG9lc24ndCBodXJ0IHNpbmNlCisgICAgICAgIHRoZXkgd29uJ3QgYmUgdGhyb3R0 bGVkIHdoZW4gdGhleSBoaXQgdGhlIHRocmVzaG9sZC4gVGhpcyBzaW1wbGlmaWVzIHRoaW5ncwor ICAgICAgICBjb25jZXB0dWFsbHkgYSBsaXR0bGUgJiByZWR1Y2VzIHRoZSB0ZXN0IHBlcmZvcm1l ZCBvbiBlYWNoIHRpbWVyIGZpcmUuCisKKyAgICAgICAgKiBwYWdlL0RPTVRpbWVyLmNwcDoKKyAg ICAgICAgKFdlYkNvcmU6OnNob3VsZEZvcndhcmRVc2VyR2VzdHVyZSk6CisgICAgICAgICAgICAt IHVubmVzdGVkIHRpbWVycyBhcmUgaW5kaWNhdGVkIGJ5IGEgbmVzdGluZyBsZXZlbCBvZiAwCisg ICAgICAgIChXZWJDb3JlOjpET01UaW1lcjo6RE9NVGltZXIpOgorICAgICAgICAgICAgLSBkb24n dCBpbmNyZW1lbnQgbmVzdGluZyBsZXZlbCBvbiBjb25zdHJ1Y3Rpb24KKyAgICAgICAgKFdlYkNv cmU6OkRPTVRpbWVyOjpmaXJlZCk6CisgICAgICAgICAgICAtIHNhdHVyYXRpbmcgaW5jcmVtZW50 cworICAgICAgICAoV2ViQ29yZTo6RE9NVGltZXI6OmFkanVzdE1pbmltdW1UaW1lckludGVydmFs KToKKyAgICAgICAgKFdlYkNvcmU6OkRPTVRpbWVyOjppbnRlcnZhbENsYW1wZWRUb01pbmltdW0p OgorICAgICAgICAgICAgLSBhZGRlZCBBU1NFUlRzCisKIDIwMTQtMDgtMjkgIFphbGFuIEJ1anRh cyAgPHphbGFuQGFwcGxlLmNvbT4KIAogICAgICAgICBJbXByb3ZlIHNob3dSZW5kZXJUcmVlKCkg b3V0cHV0LgpJbmRleDogU291cmNlL1dlYkNvcmUvcGFnZS9ET01UaW1lci5jcHAKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gU291cmNlL1dlYkNvcmUvcGFnZS9ET01UaW1lci5jcHAJKHJldmlzaW9uIDE3MzExNCkK KysrIFNvdXJjZS9XZWJDb3JlL3BhZ2UvRE9NVGltZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC01 NSwxMiArNTUsMTIgQEAgc3RhdGljIGlubGluZSBib29sIHNob3VsZEZvcndhcmRVc2VyR2VzdAog ewogICAgIHJldHVybiBVc2VyR2VzdHVyZUluZGljYXRvcjo6cHJvY2Vzc2luZ1VzZXJHZXN0dXJl KCkKICAgICAgICAgJiYgaW50ZXJ2YWwgPD0gbWF4SW50ZXJ2YWxGb3JVc2VyR2VzdHVyZUZvcndh cmRpbmcKLSAgICAgICAgJiYgbmVzdGluZ0xldmVsID09IDE7IC8vIEdlc3R1cmVzIHNob3VsZCBu b3QgYmUgZm9yd2FyZGVkIHRvIG5lc3RlZCB0aW1lcnMuCisgICAgICAgICYmICFuZXN0aW5nTGV2 ZWw7IC8vIEdlc3R1cmVzIHNob3VsZCBub3QgYmUgZm9yd2FyZGVkIHRvIG5lc3RlZCB0aW1lcnMu CiB9CiAKIERPTVRpbWVyOjpET01UaW1lcihTY3JpcHRFeGVjdXRpb25Db250ZXh0KiBjb250ZXh0 LCBzdGQ6OnVuaXF1ZV9wdHI8U2NoZWR1bGVkQWN0aW9uPiBhY3Rpb24sIGludCBpbnRlcnZhbCwg Ym9vbCBzaW5nbGVTaG90KQogICAgIDogU3VzcGVuZGFibGVUaW1lcihjb250ZXh0KQotICAgICwg bV9uZXN0aW5nTGV2ZWwodGltZXJOZXN0aW5nTGV2ZWwgKyAxKQorICAgICwgbV9uZXN0aW5nTGV2 ZWwodGltZXJOZXN0aW5nTGV2ZWwpCiAgICAgLCBtX2FjdGlvbihXVEY6Om1vdmUoYWN0aW9uKSkK ICAgICAsIG1fb3JpZ2luYWxJbnRlcnZhbChpbnRlcnZhbCkKICAgICAsIG1fc2hvdWxkRm9yd2Fy ZFVzZXJHZXN0dXJlKHNob3VsZEZvcndhcmRVc2VyR2VzdHVyZShpbnRlcnZhbCwgbV9uZXN0aW5n TGV2ZWwpKQpAQCAtMTMwLDcgKzEzMCw4IEBAIHZvaWQgRE9NVGltZXI6OmZpcmVkKCkKICAgICAg ICAgQVNTRVJUKCFkb2N1bWVudC0+ZnJhbWUoKS0+dGltZXJzUGF1c2VkKCkpOwogICAgIH0KICNl bmRpZgotICAgIHRpbWVyTmVzdGluZ0xldmVsID0gbV9uZXN0aW5nTGV2ZWw7CisgICAgdGltZXJO ZXN0aW5nTGV2ZWwgPSBzdGQ6Om1pbihtX25lc3RpbmdMZXZlbCArIDEsIG1heFRpbWVyTmVzdGlu Z0xldmVsKTsKKwogICAgIEFTU0VSVCghaXNTdXNwZW5kZWQoKSk7CiAgICAgQVNTRVJUKCFjb250 ZXh0LT5hY3RpdmVET01PYmplY3RzQXJlU3VzcGVuZGVkKCkpOwogICAgIFVzZXJHZXN0dXJlSW5k aWNhdG9yIGdlc3R1cmVJbmRpY2F0b3IobV9zaG91bGRGb3J3YXJkVXNlckdlc3R1cmUgPyBEZWZp bml0ZWx5UHJvY2Vzc2luZ1VzZXJHZXN0dXJlIDogUG9zc2libHlQcm9jZXNzaW5nVXNlckdlc3R1 cmUpOwpAQCAtMTQxLDExICsxNDIsMTQgQEAgdm9pZCBET01UaW1lcjo6ZmlyZWQoKQogCiAgICAg Ly8gU2ltcGxlIGNhc2UgZm9yIG5vbi1vbmUtc2hvdCB0aW1lcnMuCiAgICAgaWYgKGlzQWN0aXZl KCkpIHsKLSAgICAgICAgZG91YmxlIG1pbmltdW1JbnRlcnZhbCA9IGNvbnRleHQtPm1pbmltdW1U aW1lckludGVydmFsKCk7Ci0gICAgICAgIGlmIChyZXBlYXRJbnRlcnZhbCgpICYmIHJlcGVhdElu dGVydmFsKCkgPCBtaW5pbXVtSW50ZXJ2YWwpIHsKKyAgICAgICAgaWYgKG1fbmVzdGluZ0xldmVs IDwgbWF4VGltZXJOZXN0aW5nTGV2ZWwpIHsKICAgICAgICAgICAgIG1fbmVzdGluZ0xldmVsKys7 Ci0gICAgICAgICAgICBpZiAobV9uZXN0aW5nTGV2ZWwgPj0gbWF4VGltZXJOZXN0aW5nTGV2ZWwp Ci0gICAgICAgICAgICAgICAgYXVnbWVudFJlcGVhdEludGVydmFsKG1pbmltdW1JbnRlcnZhbCAt IHJlcGVhdEludGVydmFsKCkpOworCisgICAgICAgICAgICBkb3VibGUgbWluaW11bUludGVydmFs ID0gY29udGV4dC0+bWluaW11bVRpbWVySW50ZXJ2YWwoKTsKKyAgICAgICAgICAgIGlmIChyZXBl YXRJbnRlcnZhbCgpICYmIHJlcGVhdEludGVydmFsKCkgPCBtaW5pbXVtSW50ZXJ2YWwpIHsKKyAg ICAgICAgICAgICAgICBpZiAobV9uZXN0aW5nTGV2ZWwgPT0gbWF4VGltZXJOZXN0aW5nTGV2ZWwp CisgICAgICAgICAgICAgICAgICAgIGF1Z21lbnRSZXBlYXRJbnRlcnZhbChtaW5pbXVtSW50ZXJ2 YWwgLSByZXBlYXRJbnRlcnZhbCgpKTsKKyAgICAgICAgICAgIH0KICAgICAgICAgfQogCiAgICAg ICAgIG1fYWN0aW9uLT5leGVjdXRlKGNvbnRleHQpOwpAQCAtMjAxLDYgKzIwNSw3IEBAIHZvaWQg RE9NVGltZXI6OmRpZFN0b3AoKQogCiB2b2lkIERPTVRpbWVyOjphZGp1c3RNaW5pbXVtVGltZXJJ bnRlcnZhbChkb3VibGUgb2xkTWluaW11bVRpbWVySW50ZXJ2YWwpCiB7CisgICAgQVNTRVJUKG1f bmVzdGluZ0xldmVsIDw9IG1heFRpbWVyTmVzdGluZ0xldmVsKTsKICAgICBpZiAobV9uZXN0aW5n TGV2ZWwgPCBtYXhUaW1lck5lc3RpbmdMZXZlbCkKICAgICAgICAgcmV0dXJuOwogCkBAIC0yMTgs NiArMjIzLDggQEAgdm9pZCBET01UaW1lcjo6YWRqdXN0TWluaW11bVRpbWVySW50ZXJ2YQogCiBk b3VibGUgRE9NVGltZXI6OmludGVydmFsQ2xhbXBlZFRvTWluaW11bShpbnQgdGltZW91dCwgZG91 YmxlIG1pbmltdW1UaW1lckludGVydmFsKSBjb25zdAogeworICAgIEFTU0VSVChtX25lc3RpbmdM ZXZlbCA8PSBtYXhUaW1lck5lc3RpbmdMZXZlbCk7CisKICAgICBkb3VibGUgaW50ZXJ2YWxNaWxs aXNlY29uZHMgPSBzdGQ6Om1heChvbmVNaWxsaXNlY29uZCwgdGltZW91dCAqIG9uZU1pbGxpc2Vj b25kKTsKIAogICAgIGlmIChpbnRlcnZhbE1pbGxpc2Vjb25kcyA8IG1pbmltdW1UaW1lckludGVy dmFsICYmIG1fbmVzdGluZ0xldmVsID49IG1heFRpbWVyTmVzdGluZ0xldmVsKQo=