To repro, open a select drop down, use the arrow keys, then close the select. This triggers an infinite loop in PopupMenuChromium.cpp which crashes once we overflow the stack: WebCore::PopupMenu::updateFromElement() Line 1177 WebCore::RenderMenuList::updateFromElement() Line 176 WebCore::HTMLSelectElement::setSelectedIndex(...) Line 183 WebCore::RenderMenuList::valueChanged(...) Line 307 WebCore::PopupListBox::updateFromElement() Line 1026 WebCore::PopupMenu::updateFromElement() Line 1177 One line fix coming...
Created attachment 30676 [details] v1 Make sure to set the flag so we don't recurse.
Will land.
In the future, please base your patches in the main WebKit directory so we can use the awesomesauce WebKitTools.
Sending WebCore/ChangeLog Sending WebCore/platform/chromium/PopupMenuChromium.cpp Transmitting file data .. Committed revision 44312.