*** Bug 15007 has been marked as a duplicate of this bug. ***

<rdar://problem/5421397>

Confirmed with r25142 debug build which hits this assert: ASSERTION FAILED: !firstLineBox() == !lastLineBox() (/Users/matt/Code/WebKit/WebCore/rendering/RenderInline.cpp:327 virtual int WebCore::RenderInline::height() const) I can't get this to crash in a release build though (using r25145 nightly). Thread 0 Crashed: 0 com.apple.WebCore 0x0119d01c WebCore::RenderInline::height() const + 144 (RenderInline.cpp:327) 1 com.apple.WebCore 0x01195a80 WebCore::RenderFlow::absoluteClippedOverflowRect() + 1164 (RenderFlow.cpp:503) 2 com.apple.WebCore 0x011b5c00 WebCore::RenderObject::repaint(bool) + 228 (RenderObject.cpp:1753) 3 com.apple.WebCore 0x0117a1b8 WebCore::RenderBox::imageChanged(WebCore::CachedImage*) + 292 (RenderBox.cpp:464) 4 com.apple.WebCore 0x0112cc04 WebCore::CachedImage::ref(WebCore::CachedResourceClient*) + 152 (CachedImage.cpp:83) 5 com.apple.WebCore 0x011994cc WebCore::RenderImage::setCachedImage(WebCore::CachedImage*) + 184 (RenderImage.cpp:71) 6 com.apple.WebCore 0x01337390 WebCore::HTMLImageLoader::notifyFinished(WebCore::CachedResource*) + 144 (HTMLImageLoader.cpp:142) 7 com.apple.WebCore 0x0112cfc0 WebCore::CachedImage::checkNotify() + 108 (CachedImage.cpp:218) 8 com.apple.WebCore 0x0112d2ec WebCore::CachedImage::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 428 (CachedImage.cpp:201) 9 com.apple.WebCore 0x01131f68 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 408 (loader.cpp:116) 10 com.apple.WebCore 0x01493034 WebCore::SubresourceLoader::didFinishLoading() + 204 (SubresourceLoader.cpp:195) 11 com.apple.WebCore 0x01490e38 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60 12 com.apple.WebCore 0x01464a68 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 204 (ResourceHandleMac.mm:443) 13 com.apple.Foundation 0x92c1389c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 14 com.apple.Foundation 0x92c11b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556

With a local debug build of WebKit r25142 with Safari 3 Public Beta v. 3.0.3 (522.12.1) on Mac OS X 10.4.10 (8R218), I get an assertion failure: ASSERTION FAILED: !firstLineBox() == !lastLineBox() (/path/to/WebKit/WebCore/rendering/RenderInline.cpp:327 virtual int WebCore::RenderInline::height() const) Segmentation fault With WebKit Nightly r25145 and Safari 3 Public Beta v. 3.0.3 on 10.4.10, I don't see a crash. With the Safari 3 Public Beta v. 3.0.3 with its original WebKit on 10.4.10, I DO see the crash described in this bug. With Safari 2.0.4 (419.3) with its original WebKit on 10.4.10, I do not see the crash.

P1 since this does lead to a crash. I am preparing a patch now.

Created attachment 16023 [details] Check that the renderer is an image before calling RenderImage methods Follows the existing behavior of loading the image even if it is not to be rendered.

Comment on attachment 16023 [details] Check that the renderer is an image before calling RenderImage methods + if (RenderObject* renderer = element()->renderer()) { + if (renderer->isImage()) + static_cast<RenderImage*>(renderer)->resetAnimation(); + } The braces here aren't necessary (or anywhere else in the lines you added in this patch). r=me

Committed revision 25150 with the brace tweaks Adam mentioned.