Bug 51079 - Possible infinite loop in ContainerNode::willRemoveChildren
Summary: Possible infinite loop in ContainerNode::willRemoveChildren
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2010-12-14 17:50 PST by Emil A Eklund
Modified: 2013-03-28 19:27 PDT (History)
5 users (show)

See Also:

Patch (4.15 KB, patch)
2010-12-14 17:51 PST, Emil A Eklund
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Emil A Eklund 2010-12-14 17:50:05 PST
Adding children to ContainerNode in a DOMNodeRemoved event handler triggers an infinite loop in ContainerNode::willRemoveChildren.
Comment 1 Emil A Eklund 2010-12-14 17:51:25 PST
Created attachment 76604 [details]
Comment 2 WebKit Commit Bot 2010-12-15 01:45:32 PST
The commit-queue encountered the following flaky tests while processing attachment 76604 [details]:

http/tests/navigation/target-frame-from-window.html bug 51098 (author: ddkilzer@webkit.org)
The commit-queue is continuing to process your patch.
Comment 3 WebKit Commit Bot 2010-12-15 01:47:30 PST
Comment on attachment 76604 [details]

Clearing flags on attachment: 76604

Committed r74101: <http://trac.webkit.org/changeset/74101>
Comment 4 WebKit Commit Bot 2010-12-15 01:47:35 PST
All reviewed patches have been landed.  Closing bug.
Comment 5 WebKit Review Bot 2010-12-15 05:58:40 PST
http://trac.webkit.org/changeset/74101 might have broken GTK Linux 64-bit Debug
Comment 6 Elliott Sprehn 2013-03-28 19:27:50 PDT
What was the reason for this fix? Gecko and Opera both end up in an infinite loop here so it's not clear avoiding it makes sense, and avoiding it added some complication to the algorithm (and more iterations over the children).