Bug 26026 - infinite loop when using keyboard in select popups
Summary: infinite loop when using keyboard in select popups
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows XP
: P2 Normal
Assignee: Adam Barth
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-05-26 12:51 PDT by Tony Chang
Modified: 2009-06-01 00:43 PDT (History)
1 user (show)

See Also:


Attachments
v1 (1.38 KB, patch)
2009-05-26 12:55 PDT, Tony Chang
dglazkov: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tony Chang 2009-05-26 12:51:49 PDT
To repro, open a select drop down, use the arrow keys, then close the select.

This triggers an infinite loop in PopupMenuChromium.cpp which crashes once we overflow the stack:
WebCore::PopupMenu::updateFromElement()  Line 1177
WebCore::RenderMenuList::updateFromElement()  Line 176
WebCore::HTMLSelectElement::setSelectedIndex(...)  Line 183
WebCore::RenderMenuList::valueChanged(...)  Line 307
WebCore::PopupListBox::updateFromElement()  Line 1026
WebCore::PopupMenu::updateFromElement()  Line 1177

One line fix coming...
Comment 1 Tony Chang 2009-05-26 12:55:24 PDT
Created attachment 30676 [details]
v1

Make sure to set the flag so we don't recurse.
Comment 2 Adam Barth 2009-06-01 00:36:25 PDT
Will land.
Comment 3 Adam Barth 2009-06-01 00:41:56 PDT
In the future, please base your patches in the main WebKit directory so we can use the awesomesauce WebKitTools.
Comment 4 Adam Barth 2009-06-01 00:43:41 PDT
Sending        WebCore/ChangeLog
Sending        WebCore/platform/chromium/PopupMenuChromium.cpp
Transmitting file data ..
Committed revision 44312.