When clicking rapidly 2 different select popups, we could reach a state where

one of the Chrome ExternalPopup object that the RenderView owns gets destroyed
but the Webkit ExternalPopup does not get notified and still keeps a pointer to
the deleted object, causing a crasher later on.
We prevent this kind of scenario by refusing to create a new popup if one is
already showing. WebKit will just cancel that 2nd popup in that case.

BUG=124678
TEST=Open www.vescam.com/select.html On the section with a row of 3 selects,
     try clicking between them rapidly. It should never crash.


Review URL: https://chromiumcodereview.appspot.com/10392093

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139441 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 2 deletions

diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc
index 1b4a943..b31576c 100644
--- a/content/renderer/render_view_impl.cc
+++ b/content/renderer/render_view_impl.cc
@@ -1666,8 +1666,14 @@ WebWidget* RenderViewImpl::createPopupMenu(WebKit::WebPopupType popup_type) {
 WebExternalPopupMenu* RenderViewImpl::createExternalPopupMenu(
     const WebPopupMenuInfo& popup_menu_info,
     WebExternalPopupMenuClient* popup_menu_client) {
-  // TODO(jcivelli): http:/b/5793321 Implement a better fix, as detailed in bug.
-  DCHECK(!external_popup_menu_.get());
+  // An IPC message is sent to the browser to build and display the actual
+  // popup.  The user could have time to click a different select by the time
+  // the popup is shown.  In that case external_popup_menu_ is non NULL.
+  // By returning NULL in that case, we instruct WebKit to cancel that new
+  // popup.  So from the user perspective, only the first one will show, and
+  // will have to close the first one before another one can be shown.
+  if (external_popup_menu_.get())
+    return NULL;
   external_popup_menu_.reset(
       new ExternalPopupMenu(this, popup_menu_info, popup_menu_client));
   return external_popup_menu_.get();