ASSIGNED 177908
RenderBlockFlow::appendRunsForObject() needs a stack check since it recurses. 
https://bugs.webkit.org/show_bug.cgi?id=177908
Summary RenderBlockFlow::appendRunsForObject() needs a stack check since it recurses.
Mark Lam
Reported 2017-10-04 17:49:53 PDT
<rdar://problem/30290232>
Attachments
proposed patch. (6.01 KB, patch)
2017-10-04 18:49 PDT, Mark Lam 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2017-10-04 17:51:06 PDT
Patch coming soon.
Mark Lam
Comment 2 2017-10-04 18:49:08 PDT
Created attachment 322759 [details] proposed patch.
zalan
Comment 3 2017-10-04 19:01:32 PDT
Comment on attachment 322759 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=322759&action=review > Source/WebCore/ChangeLog:13 > + No new tests because the issue is difficult to reproduce. It was identified from > + an ASan build crash report that shows that there was a stack overflow, and the > + crash stack has RenderBlockFlow::appendRunsForObject() recursing on itself > + thereby filling up the stack. Though it's hard to come up with a test, the issue > + is obvious and easy to fix. It is reproducible? If so I'd rather fix the actual problem than adding a workaround. appendRunsForObject is meant to stabilize so while having this stack limit fixes the stack overflow issue, it does not address the root cause.
Note You need to log in before you can comment on or make changes to this bug.