Safari crashed in RenderLayer::paintLayer while using the Unity plugin. While debugging the crash on Mac OS 10.4, I made the following change: [code] --- WebCore/rendering/RenderLayer.cpp (revision 32516) +++ WebCore/rendering/RenderLayer.cpp (working copy) @@ -1621,9 +1621,19 @@ it[0]->paintLayer(rootLayer, p, paintDirtyRect, haveTransparency, paintRestriction, paintingRoot); // Now walk the sorted list of children with positive z-indices. + /* if (m_posZOrderList) for (Vector<RenderLayer*>::iterator it = m_posZOrderList->begin(); it != m_posZOrderList->end(); ++it) it[0]->paintLayer(rootLayer, p, paintDirtyRect, haveTransparency, paintRestriction, paintingRoot); + */ + if( m_posZOrderList ) + { + for( unsigned int i=0; i<m_posZOrderList->size(); ++i ) + { + RenderLayer *rl = m_posZOrderList->at( i ); + rl->paintLayer( rootLayer, p, paintDirtyRect, haveTransparency, paintRestriction, paintingRoot ); + } + } if (renderer()->hasMask() && shouldPaint && !selectionOnly && !damageRect.isEmpty()) { setClip(p, paintDirtyRect, damageRect); [/code] For some reason moving from the WTF::Vector iterator to walking the array by index fixed the problem. Dunno about you, but that worries me. The plugin also seems to trigger a lot of ASSERTS in WebCore when the plugin performs callbacks to JS/etc. For access to page and steps to repro, please contact rick.lee-morang@justleapin.com (reference ticket #993)