Bug 15760

Summary: Crash with ridiculous number of classes on an element
Product: WebKit Reporter: David Smith <catfish.man>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://dscoder.com/crazyclasstest.html

David Smith
Reported 2007-10-30 01:00:37 PDT
The destructor for AtomicStringList is recursive, and can run out of stack space when the number of classes is too high. Load the test url, then close the window or reload to trigger the crash. The testcase is currently 14MB; I haven't yet determined what the cutoff point where it stops crashing is. A reasonable solution (which I hope to find time to try) would be to make AtomicStringList be Vector based instead of a linked list.
Attachments
Sam Weinig
Comment 1 2007-12-14 13:59:31 PST
This was probably fixed in r28722 which switched the data structure to use a Vector. David, can you verify this.
David Smith
Comment 2 2007-12-14 14:36:16 PST
This is fixed as of r28722 :)
Note You need to log in before you can comment on or make changes to this bug.