I'm hitting an assertion failure when loading a page that has a -webkit-gradient as the background of the body element.
Created attachment 21109 [details] testcase (asserts in debug build)
Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x02cf6f6c in WebCore::CSSGradientValue::image (this=0x4d9bf50, renderer=0x4dadf7c, size=@0xbfffc65c) at /Users/aroben/dev/WebKit/OpenSource/WebCore/css/CSSGradientValue.cpp:109 109 ASSERT(m_clients.contains(renderer)); (gdb) bt #0 0x02cf6f6c in WebCore::CSSGradientValue::image (this=0x4d9bf50, renderer=0x4dadf7c, size=@0xbfffc65c) at /Users/aroben/dev/WebKit/OpenSource/WebCore/css/CSSGradientValue.cpp:109 #1 0x02a5d5c4 in WebCore::StyleGeneratedImage::image (this=0x4db43c0, renderer=0x4dadf7c, size=@0xbfffc65c) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderStyle.cpp:221 #2 0x02a012df in WebCore::RenderBox::paintFillLayerExtended (this=0x4dadf7c, paintInfo=@0xbfffcafc, c=@0xbfffc878, bgLayer=0x4d9d648, clipY=0, clipH=992, tx=0, ty=0, w=1033, h=992, box=0x0, op=WebCore::CompositeSourceOver) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBox.cpp:825 #3 0x029f6e8e in WebCore::RenderBox::paintFillLayer (this=0x4dadf7c, paintInfo=@0xbfffcafc, c=@0xbfffc878, fillLayer=0x4d9d648, clipY=0, clipH=992, tx=0, ty=0, width=1033, height=992, op=WebCore::CompositeSourceOver) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBox.cpp:497 #4 0x029f6f4c in WebCore::RenderBox::paintFillLayers (this=0x4dadf7c, paintInfo=@0xbfffcafc, c=@0xbfffc878, fillLayer=0x4d9d648, clipY=0, clipH=992, tx=0, ty=0, width=1033, height=992, op=WebCore::CompositeSourceOver) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBox.cpp:491 #5 0x029fa12f in WebCore::RenderBox::paintRootBoxDecorations (this=0x4dadf7c, paintInfo=@0xbfffcafc, tx=0, ty=0) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBox.cpp:362 #6 0x029fa225 in WebCore::RenderBox::paintBoxDecorations (this=0x4dadf7c, paintInfo=@0xbfffcafc, tx=0, ty=0) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBox.cpp:374 #7 0x029ea21c in WebCore::RenderBlock::paintObject (this=0x4dadf7c, paintInfo=@0xbfffcafc, tx=0, ty=0) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBlock.cpp:1609 #8 0x029dc43c in WebCore::RenderBlock::paint (this=0x4dadf7c, paintInfo=@0xbfffcafc, tx=0, ty=0) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBlock.cpp:1457 #9 0x02a2646d in WebCore::RenderLayer::paintLayer (this=0x1b834ccc, rootLayer=0x1b8836cc, p=0xbfffce04, paintDirtyRect=@0xbfffce0c, haveTransparency=false, paintRestriction=WebCore::PaintRestrictionNone, paintingRoot=0x0, appliedTransform=false) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderLayer.cpp:1604 #10 0x02a2689a in WebCore::RenderLayer::paintLayer (this=0x1b8836cc, rootLayer=0x1b8836cc, p=0xbfffce04, paintDirtyRect=@0xbfffce0c, haveTransparency=false, paintRestriction=WebCore::PaintRestrictionNone, paintingRoot=0x0, appliedTransform=false) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderLayer.cpp:1661 #11 0x02a26a58 in WebCore::RenderLayer::paint (this=0x1b8836cc, p=0xbfffce04, damageRect=@0xbfffce0c, paintRestriction=WebCore::PaintRestrictionNone, paintingRoot=0x0) at /Users/aroben/dev/WebKit/OpenSource/WebCore/rendering/RenderLayer.cpp:1478 #12 0x02791541 in WebCore::Frame::paint (this=0x9218c0, p=0xbfffce04, rect=@0xbfffce0c) at /Users/aroben/dev/WebKit/OpenSource/WebCore/page/Frame.cpp:1366 #13 0x003cc760 in -[WebFrame(WebInternal) _drawRect:] (self=0x1b85e400, _cmd=0x94880054, rect={origin = {x = 0, y = 0}, size = {width = 1033, height = 992}}) at /Users/aroben/dev/WebKit/OpenSource/WebKit/mac/WebView/WebFrame.mm:570 #14 0x003ead65 in -[WebHTMLView drawSingleRect:] (self=0x91fed0, _cmd=0x2eb3f47, rect={origin = {x = 0, y = 0}, size = {width = 1033, height = 992}}) at /Users/aroben/dev/WebKit/OpenSource/WebKit/mac/WebView/WebHTMLView.mm:2837 #15 0x003eb0f3 in -[WebHTMLView drawRect:] (self=0x91fed0, _cmd=0x948a8630, rect={origin = {x = 0, y = 0}, size = {width = 1033, height = 992}}) at /Users/aroben/dev/WebKit/OpenSource/WebKit/mac/WebView/WebHTMLView.mm:2897
<rdar://problem/5931174>
*** This bug has been marked as a duplicate of 18445 ***