239562 – CSS typed om serialization should use an allocated stack instead of recursion

Bug 239562 - CSS typed om serialization should use an allocated stack instead of recursion

Summary: CSS typed om serialization should use an allocated stack instead of recursion

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Alex Christensen

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-04-20 13:33 PDT by Alex Christensen
Modified:	2022-05-20 21:01 PDT (History)
CC List:	10 users (show)

See Also:

Attachments
Patch (43.15 KB, patch) 2022-04-20 13:33 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (43.52 KB, patch) 2022-04-20 15:07 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (45.78 KB, patch) 2022-05-13 12:56 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (45.09 KB, patch) 2022-05-18 09:10 PDT, Alex Christensen	achristensen: review? ews-feeder: commit-queue-	Details \| Formatted Diff \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Christensen 2022-04-20 13:33:06 PDT

CSS typed om serialization should use an allocated stack instead of recursion

Comment 1 Alex Christensen 2022-04-20 13:33:52 PDT

Created attachment 458009 [details]
Patch

Comment 2 EWS Watchlist 2022-04-20 13:36:31 PDT

This patch modifies the imported WPT tests. Please ensure that any changes on the tests (not coming from a WPT import) are exported to WPT. Please see https://trac.webkit.org/wiki/WPTExportProcess

Comment 3 Alex Christensen 2022-04-20 13:43:43 PDT

Filed https://bugs.chromium.org/p/chromium/issues/detail?id=1318183 to notify Chrome they have the same bug.

Comment 4 Sam Weinig 2022-04-20 14:39:48 PDT

Comment on attachment 458009 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=458009&action=review

> Source/WebCore/css/typedom/numeric/CSSMathInvert.cpp:79
> +    RunLoop::current().dispatch([m_value = WTFMove(m_value)] { });

What's this about? If this is really necessary, it seems like it deserves a meaty comment.

Comment 5 Alex Christensen 2022-04-20 14:59:35 PDT

If we don't do that, then we get a similar stack overflow crash in the destructors which call each other.  Will add comment.

Comment 6 Alex Christensen 2022-04-20 15:07:06 PDT

Created attachment 458018 [details]
Patch

Comment 7 Alex Christensen 2022-04-22 13:15:31 PDT

https://github.com/web-platform-tests/wpt/pull/33756

Comment 8 Radar WebKit Bug Importer 2022-04-27 13:34:12 PDT

<rdar://problem/92417190>

Comment 9 Alex Christensen 2022-05-13 12:56:01 PDT

Created attachment 459317 [details]
Patch

Comment 10 Alex Christensen 2022-05-18 09:10:20 PDT

Created attachment 459545 [details]
Patch