Bug 314139
| Summary: | REGRESSION (297241@main): Overflow siblings at parser's max DOM tree depth get fully rendered, causing slow layout | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | zak ridouh <zakr> |
| Component: | New Bugs | Assignee: | zak ridouh <zakr> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
zak ridouh
After 297241@main fixed the parser's DOM depth cap to trigger at exactly 512 (>= instead of >), overflow elements now land at depth 512 instead of 513. The render tree's depth check at StyleTreeResolver only skips depth > 512, so the overflow siblings now pass through and get fully styled and laid out.
Content with thousands of overflow siblings for example, a Mail message embedding a crash log with many unmatched <unavailable> tags produces ~1500 sibling inline boxes at the boundary depth. Inline layout then walks the ancestor chain per box (LineBox::parentInlineBox / inlineLevelBoxAbsoluteTop), giving O(depth × N) and ~15s render times.
Fix it with the following: at the maximum render tree depth, skip elements that have a previous element sibling. The single legitimate deepest element keeps its renderer; the overflow run gets none.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
zak ridouh
<rdar://172219636>
zak ridouh
Pull request: https://github.com/WebKit/WebKit/pull/64319
EWS
Committed 312751@main (69a399de80ab): <https://commits.webkit.org/312751@main>
Reviewed commits have been landed. Closing PR #64319 and removing active labels.
EWS
Committed 305877.486@webkitglib/2.52 (024db5335281): <https://commits.webkit.org/305877.486@webkitglib/2.52>
Reviewed commits have been landed. Closing PR #64674 and removing active labels.