Just loading the URL hits the following ASSERT: ASSERTION FAILED: i < size() (/Users/matt/Code/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/Vector.h:429 T& WTF::Vector<T, inlineCapacity>::at(size_t) [with T = char, long unsigned int inlineCapacity = 64ul]) Thread 0 Crashed: 0 com.apple.WebCore 0x020a5b4d WTF::Vector<char, 64ul>::at(unsigned long) + 81 (Vector.h:429) 1 com.apple.WebCore 0x020a5b88 WTF::Vector<char, 64ul>::operator[](unsigned long) + 24 (Vector.h:438) 2 com.apple.WebCore 0x020a49b4 WebCore::findTextEncoding(char const*, int) + 82 (TextResourceDecoder.cpp:87) 3 com.apple.WebCore 0x020a523f WebCore::TextResourceDecoder::checkForHeadCharset(char const*, unsigned long, bool&) + 2135 (TextResourceDecoder.cpp:695) 4 com.apple.WebCore 0x020a57e4 WebCore::TextResourceDecoder::decode(char const*, unsigned long) + 216 (TextResourceDecoder.cpp:750) 5 com.apple.WebCore 0x01ccdad1 WebCore::FrameLoader::write(char const*, int, bool) + 607 (FrameLoader.cpp:978) 6 com.apple.WebCore 0x01ccdd62 WebCore::FrameLoader::addData(char const*, int) + 278 (FrameLoader.cpp:1747) 7 com.apple.WebCore 0x020bc52c -[WebCoreFrameBridge addData:] + 148 (WebCoreFrameBridge.mm:297) 8 com.apple.WebCore 0x020c13d4 -[WebCoreFrameBridge receivedData:textEncodingName:] + 252 (WebCoreFrameBridge.mm:1233) 9 com.apple.WebKit 0x001bf6e2 -[WebHTMLRepresentation receivedData:withDataSource:] + 200 (WebHTMLRepresentation.mm:175) 10 com.apple.WebKit 0x0019c6b0 -[WebDataSource(WebInternal) _receivedData:] + 90 (WebDataSource.mm:198) 11 com.apple.WebKit 0x001b2c02 WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 128 (WebFrameLoaderClient.mm:703) 12 com.apple.WebCore 0x01cc9071 WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 53 (FrameLoader.cpp:3228) 13 com.apple.WebCore 0x01c6d619 WebCore::DocumentLoader::commitLoad(char const*, int) + 87 (DocumentLoader.cpp:354) 14 com.apple.WebCore 0x01c6d838 WebCore::DocumentLoader::receivedData(char const*, int) + 76 (DocumentLoader.cpp:367) 15 com.apple.WebCore 0x01cc887d WebCore::FrameLoader::receivedData(char const*, int) + 41 (FrameLoader.cpp:2194) 16 com.apple.WebCore 0x01ea0c0a WebCore::MainResourceLoader::addData(char const*, int, bool) + 80 (MainResourceLoader.cpp:139) 17 com.apple.WebCore 0x01f965a9 WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 83 (ResourceLoader.cpp:240) 18 com.apple.WebCore 0x01ea0f18 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 282 (MainResourceLoader.cpp:299) 19 com.apple.WebCore 0x01f96180 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 62 (ResourceLoader.cpp:368) 20 com.apple.WebCore 0x01f93a3d -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 201 (ResourceHandleMac.mm:450) 21 com.apple.Foundation 0x90dea3b7 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidReceiveData:originalLength:] + 119 22 com.apple.Foundation 0x90dea31e _NSURLConnectionDidReceiveData + 94 23 com.apple.CFNetwork 0x92c500af sendDidReceiveDataCallback + 518 24 com.apple.CFNetwork 0x92c4d76d _CFURLConnectionSendCallbacks + 1559 25 com.apple.CFNetwork 0x92c4d0d9 muxerSourcePerform + 283 26 com.apple.CoreFoundation 0x943af62e CFRunLoopRunSpecific + 3166 27 com.apple.CoreFoundation 0x943afd18 CFRunLoopRunInMode + 88 28 com.apple.HIToolbox 0x910986a0 RunCurrentEventLoopInMode + 283 29 com.apple.HIToolbox 0x910984b9 ReceiveNextEventCommon + 374 30 com.apple.HIToolbox 0x9109832d BlockUntilNextEventMatchingListInMode + 106 31 com.apple.AppKit 0x917047d9 _DPSNextEvent + 657 32 com.apple.AppKit 0x9170408e -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 33 com.apple.Safari 0x0000965e 0x1000 + 34398 34 com.apple.AppKit 0x916fd0c5 -[NSApplication run] + 795 35 com.apple.AppKit 0x916ca30a NSApplicationMain + 574 36 com.apple.Safari 0x00002a76 0x1000 + 6774
<http://trac.webkit.org/projects/webkit/changeset/30538> more than likely caused this.
What's new in that check-in is the assertion. The code in question isn't new. My guess is that we had code reading off the end of the buffer, but just didn't catch it until now.
I can't access that URL without a username or password, so I can't reproduce this. I'll try to fix it based on the backtrace alone.
Created attachment 19313 [details] patch
Comment on attachment 19313 [details] patch r=me
It was actually r30535 that caused this.
LOL. I see this same assertion when running the regression tests. How did I miss it!?