Bug 97424
| Summary: | Hang in WebCore::SelectorDataList::execute<0> | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mike Lawther <mikelawther> |
| Component: | CSS | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED CONFIGURATION CHANGED | ||
| Severity: | Normal | CC: | bfulgham, inferno, kling, koivisto, tonikitoo |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Mike Lawther
As reported in http://code.google.com/p/chromium/issues/detail?id=148736:
We are seeing hangs in WebCore (83% of them hanging on http://live.gizmodo.com/).
Stack looks like:
0x5e612eee [chrome.dll] - selectorquery.cpp:118 (cs|src|ann)] WebCore::SelectorDataList::execute<0>(WebCore::SelectorChecker const &,WebCore::Node *,WTF::Vector<WTF::RefPtr<WebCore::Node>,0> &)
0x5e612d50 [chrome.dll] - selectorquery.cpp:62 (cs|src|ann)] WebCore::SelectorDataList::queryAll(WebCore::SelectorChecker const &,WebCore::Node *)
0x5e612d0d [chrome.dll] - selectorquery.cpp:158 (cs|src|ann)] WebCore::SelectorQuery::queryAll(WebCore::Node *)
0x5e611d1b [chrome.dll] - node.cpp:1624 (cs|src|ann)] WebCore::Node::querySelectorAll(WTF::AtomicString const &,int &)
Looking at SelectorQuery.cpp:118, it looks like this:
117: while (n) {
118: if (n->isElementNode())
119: ...;
So it looks like the hang is due to an infinite loop over the tree.
Not sure how the tree gets in a state where such an infinite loop is possible, but filing the bug here anyway.
Antti - as you wrote the code initially, any ideas how this could be happening?
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Brent Fulgham
This code has been significantly refactored since this patch was proposed. There doesn't seem to be any action we can take here.