<rdar://problem/14291428> Overflowing the RuleData::m_selectorIndex bitfield can cause nasty rendering errors. After <http://trac.webkit.org/changeset/125294>, the limit was 4096 selectors. It was then bumped to 8192 in <http://trac.webkit.org/changeset/145034>. I am working on a patch to split huge selector lists into chunks so we can support arbitrarily large numbers of selectors.
Created attachment 206074 [details] Snack for EWS Here's a first stab at this; let's see what EWS thinks.
Created attachment 206235 [details] Proposed patch Patch introducing 8192 selector cap. Includes layout test documenting the behavior.
Comment on attachment 206235 [details] Proposed patch View in context: https://bugs.webkit.org/attachment.cgi?id=206235&action=review > Source/WebCore/css/StyleRule.cpp:275 > +Vector<RefPtr<StyleRule> > StyleRule::splitIntoMultipleRulesWithMaximumSelectorCount(unsigned maxSelectorCount) const max -> maximum > Source/WebCore/css/StyleRule.cpp:284 > + for (const CSSSelector* s = selectorList().first(); s; s = CSSSelectorList::next(s)) { s?! > Source/WebCore/css/StyleRule.cpp:285 > + for (const CSSSelector* subSelector = s; subSelector; subSelector = subSelector->tagHistory()) component or selectorComponent would be a better name. We use "subSelector" specifically to mean components that match a single element (relation == SubSelector).
r=me
Created attachment 206237 [details] Land for patching
Comment on attachment 206237 [details] Land for patching Clearing flags on attachment: 206237 Committed r152453: <http://trac.webkit.org/changeset/152453>
All reviewed patches have been landed. Closing bug.