Bug 15760
Summary: | Crash with ridiculous number of classes on an element | ||
---|---|---|---|
Product: | WebKit | Reporter: | David Smith <catfish.man> |
Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | Normal | ||
Priority: | P2 | ||
Version: | 523.x (Safari 3) | ||
Hardware: | Mac | ||
OS: | OS X 10.5 | ||
URL: | http://dscoder.com/crazyclasstest.html |
David Smith
The destructor for AtomicStringList is recursive, and can run out of stack space when the number of classes is too high. Load the test url, then close the window or reload to trigger the crash. The testcase is currently 14MB; I haven't yet determined what the cutoff point where it stops crashing is.
A reasonable solution (which I hope to find time to try) would be to make AtomicStringList be Vector based instead of a linked list.
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Sam Weinig
This was probably fixed in r28722 which switched the data structure to use a Vector. David, can you verify this.
David Smith
This is fixed as of r28722 :)