Bug 26026

Summary: infinite loop when using keyboard in select popups
Product: WebKit Reporter: Tony Chang <tony>
Component: PlatformAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
Attachments:
Description Flags
v1 dglazkov: review+

Description Tony Chang 2009-05-26 12:51:49 PDT 
To repro, open a select drop down, use the arrow keys, then close the select.

This triggers an infinite loop in PopupMenuChromium.cpp which crashes once we overflow the stack:
WebCore::PopupMenu::updateFromElement()  Line 1177
WebCore::RenderMenuList::updateFromElement()  Line 176
WebCore::HTMLSelectElement::setSelectedIndex(...)  Line 183
WebCore::RenderMenuList::valueChanged(...)  Line 307
WebCore::PopupListBox::updateFromElement()  Line 1026
WebCore::PopupMenu::updateFromElement()  Line 1177

One line fix coming...
Comment 1 Tony Chang 2009-05-26 12:55:24 PDT 
Created attachment 30676 [details]
v1

Make sure to set the flag so we don't recurse.
Comment 2 Adam Barth 2009-06-01 00:36:25 PDT 
Will land.
Comment 3 Adam Barth 2009-06-01 00:41:56 PDT 
In the future, please base your patches in the main WebKit directory so we can use the awesomesauce WebKitTools.
Comment 4 Adam Barth 2009-06-01 00:43:41 PDT 
Sending        WebCore/ChangeLog
Sending        WebCore/platform/chromium/PopupMenuChromium.cpp
Transmitting file data ..
Committed revision 44312.