[Webkit-unassigned] [Bug 27275] Chromium popup menus can crash when the selected index is -1
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jul 15 17:09:41 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27275
--- Comment #7 from Paul Godavari <paul at chromium.org> 2009-07-15 17:09:41 PDT ---
I don't believe we are masking a bug here, since it's perfectly valid for the
popup to try and hit test outside of its region (thereby generating an index of
-1) during mouse operations. In this case, the ASSERT is incorrect since there
is at least one place in the code where we return a value that violates the
assert.
Perhaps a better fix is to go through all the PopupListBox vector indexing to
make sure that we can never index outside its valid range [0, numItems()).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list