Limit ScrollAnchor to 20 adjustments between user scrolls.

third_party/WebKit/Source/core/layout/ScrollAnchor.cpp

Index: third_party/WebKit/Source/core/layout/ScrollAnchor.cpp
diff --git a/third_party/WebKit/Source/core/layout/ScrollAnchor.cpp b/third_party/WebKit/Source/core/layout/ScrollAnchor.cpp
index 8d1de54353f6f1b6df13ce4e08afc9fb9725ba54..928a3f14dffd6dc7beb585f98b6007b515ec1743 100644
--- a/third_party/WebKit/Source/core/layout/ScrollAnchor.cpp
+++ b/third_party/WebKit/Source/core/layout/ScrollAnchor.cpp
@@ -14,9 +14,12 @@ namespace blink {
 
 using Corner = ScrollAnchor::Corner;
 
+static const int kMaxAdjustments = 20;
+
 ScrollAnchor::ScrollAnchor(ScrollableArea* scroller)
     : m_scroller(scroller)
     , m_hasBounced(false)
+    , m_adjustmentCount(0)
 {
     ASSERT(m_scroller);
     ASSERT(m_scroller->isFrameView() || m_scroller->isPaintLayerScrollableArea());
@@ -251,7 +254,10 @@ void ScrollAnchor::restore()
         m_lastAdjusted.clear();
         return;
     }
-    adjust(adjustment);
+    // We impose a limit on the number of adjustments between user scrolls, to
+    // mitigate the impact of pathological feedback loops with event handlers.
+    if (++m_adjustmentCount <= kMaxAdjustments)
+        adjust(adjustment);
 }
 
 void ScrollAnchor::adjust(IntSize adjustment)
@@ -274,6 +280,7 @@ void ScrollAnchor::adjust(IntSize adjustment)
 
 void ScrollAnchor::clear()
 {
+    m_adjustmentCount = 0;
     m_current.clear();
 }