DOMTimer::m_nestingLevel is prone to overflow
authorbarraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 30 Aug 2014 01:11:23 +0000 (01:11 +0000)
committerbarraclough@apple.com <barraclough@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 30 Aug 2014 01:11:23 +0000 (01:11 +0000)
commita6a3d29a0317934162d2b94bae645195e4b20f95
tree688d6104b3868bd958308761bb42e223f678c109
parent1f4c62192e5c7313db0edb51ef541400b567b8ac
DOMTimer::m_nestingLevel is prone to overflow
https://bugs.webkit.org/show_bug.cgi?id=136399

Reviewed by Alexey Proskuryakov.

Since this would happen after the 2 billionth timer fire this is unlikely,
and consequences aren't severe (breaks throttling).

This change has the following consequences.

    - m_nestingLevel saturates to its max value.
    - unnested timers are indicated by a nesting level of 0.
    - repeat timers update m_nestingLevel on every fire,
      not just those that should have been throttled.

The last point is subtle, but ultimately should be inconsequential. Timers
whose requested timeout is less that the minimum interval will saturate quickly
anyway; timers with an original interval greater than the minimum previously
wouldn't have incremented m_nestingLevel, but doing so now doesn't hurt since
they won't be throttled when they hit the threshold. This simplifies things
conceptually a little & reduces the test performed on each timer fire.

* page/DOMTimer.cpp:
(WebCore::shouldForwardUserGesture):
    - unnested timers are indicated by a nesting level of 0
(WebCore::DOMTimer::DOMTimer):
    - don't increment nesting level on construction
(WebCore::DOMTimer::fired):
    - saturating increments
(WebCore::DOMTimer::adjustMinimumTimerInterval):
(WebCore::DOMTimer::intervalClampedToMinimum):
    - added ASSERTs

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@173132 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/page/DOMTimer.cpp