Bug 26026

Summary: infinite loop when using keyboard in select popups
Product: WebKit Reporter: Tony Chang <tony>
Component: PlatformAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
Attachments:
Description Flags
v1 dglazkov: review+

Tony Chang
Reported 2009-05-26 12:51:49 PDT
To repro, open a select drop down, use the arrow keys, then close the select. This triggers an infinite loop in PopupMenuChromium.cpp which crashes once we overflow the stack: WebCore::PopupMenu::updateFromElement() Line 1177 WebCore::RenderMenuList::updateFromElement() Line 176 WebCore::HTMLSelectElement::setSelectedIndex(...) Line 183 WebCore::RenderMenuList::valueChanged(...) Line 307 WebCore::PopupListBox::updateFromElement() Line 1026 WebCore::PopupMenu::updateFromElement() Line 1177 One line fix coming...
Attachments
v1 (1.38 KB, patch)
2009-05-26 12:55 PDT, Tony Chang 		dglazkov: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Tony Chang
Comment 1 2009-05-26 12:55:24 PDT
Created attachment 30676 [details] v1 Make sure to set the flag so we don't recurse.
Adam Barth
Comment 2 2009-06-01 00:36:25 PDT
Will land.
Adam Barth
Comment 3 2009-06-01 00:41:56 PDT
In the future, please base your patches in the main WebKit directory so we can use the awesomesauce WebKitTools.
Adam Barth
Comment 4 2009-06-01 00:43:41 PDT
Sending WebCore/ChangeLog Sending WebCore/platform/chromium/PopupMenuChromium.cpp Transmitting file data .. Committed revision 44312.
Note You need to log in before you can comment on or make changes to this bug.