<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Fix crash due to search field disappearing when showing results menu"
href="https://bugs.webkit.org/show_bug.cgi?id=148410">148410</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Fix crash due to search field disappearing when showing results menu
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Nightly Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Macintosh
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebCore Misc.
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>wenson_hsieh@apple.com
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=259800" name="attach_259800" title="Click on the results button to crash WebKit">attachment 259800</a> <a href="attachment.cgi?id=259800&action=edit" title="Click on the results button to crash WebKit">[details]</a></span>
Click on the results button to crash WebKit
When an input of type search has a results attribute and is set up to disappear (e.g. display: none) when focused, clicking on the search field will crash WebKit since we assume that, after running the handler code, the search field's renderer will still exist. We use the renderer to then toggle the search results popup. This fix guards this logic with a check to make sure that the renderer still exists when handling an event on the search field results button.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>