Loading any URL with a user stylesheet enabled results in a null pointer dereference. Backtrace is below. DocLoader::requestUserCSSStyleSheet is returning NULL as the URL being loaded is file:// while the document's URL is http://. This is the exact same crash that occurred in bug 12705 that was fixed in r19524. The change that introduced that crash was later rolled out, and was landed in a slightly different from in r19952. The updated change reintroduced the crash. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: 0 com.apple.WebCore 0x014b011f WebCore::UserStyleSheetLoader::UserStyleSheetLoader[in-charge](WebCore::Frame*, WebCore::String const&, WebCore::DocLoader*) + 119 (Frame.cpp:1 39) 1 com.apple.WebCore 0x010b193d WebCore::Frame::setUserStyleSheetLocation(WebCore::KURL const&) + 269 (Frame.cpp:323) 2 com.apple.WebCore 0x0136f37d WebCore::FrameLoader::begin(WebCore::KURL const&) + 1083 (FrameLoader.cpp:832) 3 com.apple.WebCore 0x0136f481 WebCore::FrameLoader::receivedFirstData() + 39 (FrameLoader.cpp:755) 4 com.apple.WebCore 0x0136f6d7 WebCore::FrameLoader::setEncoding(WebCore::String const&, bool) + 45 (FrameLoader.cpp:1506) 5 com.apple.WebCore 0x010d3d4e -[WebCoreFrameBridge receivedData:textEncodingName:] + 220 (WebCoreFrameBridge.mm:1484) 6 com.apple.WebKit 0x004318f1 -[WebHTMLRepresentation receivedData:withDataSource:] + 199 (WebHTMLRepresentation.mm:175) 7 com.apple.WebKit 0x0042cfa3 -[WebDataSource(WebInternal) _receivedData:] + 89 (WebDataSource.mm:178) 8 com.apple.WebKit 0x004938b5 WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 127 (WebFrameLoaderClient.mm:644) 9 com.apple.WebCore 0x013662b9 WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 53 (FrameLoader.cpp:2931) 10 com.apple.WebCore 0x01376969 WebCore::DocumentLoader::commitLoad(char const*, int) + 87 (DocumentLoader.cpp:344) 11 com.apple.WebCore 0x013769c2 WebCore::DocumentLoader::receivedData(char const*, int) + 76 (DocumentLoader.cpp:357) 12 com.apple.WebCore 0x013657c7 WebCore::FrameLoader::receivedData(char const*, int) + 41 (FrameLoader.cpp:1938) 13 com.apple.WebCore 0x013781fe WebCore::MainResourceLoader::addData(char const*, int, bool) + 80 (MainResourceLoader.cpp:133) 14 com.apple.WebCore 0x0137a21f WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 83 15 com.apple.WebCore 0x01378533 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 281 (MainResourceLoader.cpp:288) 16 com.apple.WebCore 0x01379e86 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 58 17 com.apple.WebCore 0x01359484 -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 172 (ResourceHandleMac.mm:352) 18 com.apple.Foundation 0x92856afa -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 641 19 com.apple.Foundation 0x92854ddb -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 686 20 com.apple.Foundation 0x92854ab5 _sendCallbacks + 201 21 com.apple.CoreFoundation 0x9082df92 CFRunLoopRunSpecific + 1213 22 com.apple.CoreFoundation 0x9082dace CFRunLoopRunInMode + 61