Bug 21131

Summary: crash onmousedown of a select element
Product: WebKit Reporter: Ojan Vafai <ojan>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: m, zwarich
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
clicking on the select element causes crash
none
Fix
none
remove the select element when the menu window is being drawn crashes webkit none

Ojan Vafai
Reported 2008-09-25 21:03:17 PDT
If you remove the frame a select element is in onmousedown, you get a crash. Test case coming.
Attachments
clicking on the select element causes crash (235 bytes, text/html)
2008-09-25 21:03 PDT, Ojan Vafai 		no flags
Details
Fix (2.33 KB, patch)
2009-02-05 14:35 PST, Cameron Zwarich (cpst) 		no flags
DetailsFormatted DiffDiff
remove the select element when the menu window is being drawn crashes webkit (1.02 KB, text/html)
2009-02-09 16:11 PST, M. Dave Auayan 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Ojan Vafai
Comment 1 2008-09-25 21:03:52 PDT
Created attachment 23836 [details] clicking on the select element causes crash
Alexey Proskuryakov
Comment 2 2008-09-26 00:07:17 PDT
Confirmed with r36890. See also: <http://trac.webkit.org/projects/webkit/changeset/36810>.
Cameron Zwarich (cpst)
Comment 3 2009-02-05 14:35:44 PST
Created attachment 27365 [details] Fix Here's a fix. I'll probably want to do it in a slightly different way and add some layout tests.
M. Dave Auayan
Comment 4 2009-02-09 16:09:00 PST
I don't think removing the frame is the issue. Ultimately, I think the problem is the browser is trying to remove the select element while the browser is trying to draw the menu window, so swallowing the mouse down isn't going to fix it. See also: http://jimeh.info/webkit-bomb This markup removes the select element onfocus, so clicking on it, will causes WebKit to crash, but using tab to focus the select element removes the select element just fine. I considered submitting another bug report, but this one seems close enough.
M. Dave Auayan
Comment 5 2009-02-09 16:11:19 PST
Created attachment 27500 [details] remove the select element when the menu window is being drawn crashes webkit
Cameron Zwarich (cpst)
Comment 6 2009-02-09 17:32:35 PST
(In reply to comment #4) > I don't think removing the frame is the issue. Removing the frame is definitely the issue with the original crash reported in this bug. > Ultimately, I think the problem is the browser is trying to remove the select > element while the browser is trying to draw the menu window, so swallowing the > mouse down isn't going to fix it. The crash you posted is different. You should probably make a different bug for it.
Cameron Zwarich (cpst)
Comment 7 2009-02-09 22:10:22 PST
Comment on attachment 27500 [details] remove the select element when the menu window is being drawn crashes webkit It appears that this crash was spun off into a separate bug: bug 23858. I'll mark the attachment as obsolete.
Note You need to log in before you can comment on or make changes to this bug.