Bug 21131

Created attachment 23836 [details]
clicking on the select element causes crash

Confirmed with r36890.

See also: <http://trac.webkit.org/projects/webkit/changeset/36810>.

Created attachment 27365 [details]
Fix

Here's a fix. I'll probably want to do it in a slightly different way and add some layout tests.

I don't think removing the frame is the issue.

Ultimately, I think the problem is the browser is trying to remove the select element while the browser is trying to draw the menu window, so swallowing the mouse down isn't going to fix it.


See also: http://jimeh.info/webkit-bomb

This markup removes the select element onfocus, so clicking on it, will causes WebKit to crash, but using tab to focus the select element removes the select element just fine. 

I considered submitting another bug report, but this one seems close enough.

Created attachment 27500 [details]
remove the select element when the menu window is being drawn crashes webkit

(In reply to comment #4)
> I don't think removing the frame is the issue.

Removing the frame is definitely the issue with the original crash reported in this bug.

> Ultimately, I think the problem is the browser is trying to remove the select
> element while the browser is trying to draw the menu window, so swallowing the
> mouse down isn't going to fix it.

The crash you posted is different. You should probably make a different bug for it.

Comment on attachment 27500 [details]
remove the select element when the menu window is being drawn crashes webkit

It appears that this crash was spun off into a separate bug: bug 23858. I'll mark the attachment as obsolete.