Between r14345 and r14375, a change introduced a crasher with the following trace: 0 com.apple.WebCore 0x01a0ddb0 WebCore::RenderTableSection::paint(WebCore::RenderObject::PaintInfo&, int, int) + 704 (RefPtr.h:50) 1 com.apple.WebCore 0x01a0c740 WebCore::RenderTable::paint(WebCore::RenderObject::PaintInfo&, int, int) + 560 (RenderObject.h:135) 2 com.apple.WebCore 0x019be7b0 WebCore::RenderBlock::paintChildren(WebCore::RenderObject::PaintInfo&, int, int) + 512 (RenderBlock.cpp:1279) 3 com.apple.WebCore 0x019c4d64 WebCore::RenderBlock::paintObject(WebCore::RenderObject::PaintInfo&, int, int) + 292 (RenderBlock.cpp:1331) 4 com.apple.WebCore 0x019bda84 WebCore::RenderBlock::paint(WebCore::RenderObject::PaintInfo&, int, int) + 468 (RenderBlock.cpp:1254) 5 com.apple.WebCore 0x019c2314 WebCore::RenderBlock::paintFloats(WebCore::RenderObject::PaintInfo&, int, int, bool) + 436 (RenderBlock.cpp:1386) 6 com.apple.WebCore 0x019c4dd4 WebCore::RenderBlock::paintObject(WebCore::RenderObject::PaintInfo&, int, int) + 404 (RenderBlock.cpp:1344) 7 com.apple.WebCore 0x019bda84 WebCore::RenderBlock::paint(WebCore::RenderObject::PaintInfo&, int, int) + 468 (RenderBlock.cpp:1254) 8 com.apple.WebCore 0x019e7e7c WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, bool, bool, WebCore::RenderObject*) + 892 (RenderLayer.cpp:1160) 9 com.apple.WebCore 0x019e7fd4 WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, bool, bool, WebCore::RenderObject*) + 1236 (RenderLayer.cpp:1185) 10 com.apple.WebCore 0x019e7fd4 WebCore::RenderLayer::paintLayer(WebCore::RenderLayer*, WebCore::GraphicsContext*, WebCore::IntRect const&, bool, bool, WebCore::RenderObject*) + 1236 (RenderLayer.cpp:1185) 11 com.apple.WebCore 0x0190aecc WebCore::Frame::paint(WebCore::GraphicsContext*, WebCore::IntRect const&) + 156 (Frame.cpp:2809) 12 com.apple.WebCore 0x01943e6c -[WebCoreFrameBridge drawRect:] + 188 (WebCoreFrameBridge.mm:908) 13 com.apple.WebKit 0x0033bd2c -[WebHTMLView drawSingleRect:] + 284 (WebHTMLView.m:2577) 14 com.apple.WebKit 0x0033bef0 -[WebHTMLView drawRect:] + 288 (WebHTMLView.m:2625) 15 com.apple.AppKit 0x93765bf8 -[NSView _drawRect:clip:] + 2128 16 com.apple.AppKit 0x9376499c -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 736 17 com.apple.WebKit 0x00336d48 -[WebHTMLView(WebPrivate) _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 296 (WebHTMLView.m:823) 18 com.apple.AppKit 0x93764d48 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676 19 com.apple.AppKit 0x9375e3f4 -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 384 20 com.apple.AppKit 0x937536e8 -[NSView displayIfNeeded] + 248 21 com.apple.AppKit 0x9385a7d8 -[NSClipView _immediateScrollToPoint:] + 1384 22 com.apple.AppKit 0x9385a0e8 -[NSScrollView scrollClipView:toPoint:] + 252 23 com.apple.AppKit 0x937c8934 -[NSClipView _scrollTo:animate:] + 744 24 com.apple.AppKit 0x93859ec4 -[NSScrollView _doScroller:hitPart:multiplier:] + 788 25 com.apple.AppKit 0x93aee448 -[NSScrollView scrollWheel:] + 328 26 com.apple.AppKit 0x937ee318 forwardMethod + 92 27 com.apple.AppKit 0x93b65cfc -[NSView scrollWheel:] + 248 28 com.apple.WebKit 0x003268e4 -[WebClipView scrollWheel:] + 148 (WebClipView.m:109) 29 com.apple.WebKit 0x0033c460 -[WebHTMLView scrollWheel:] + 112 (WebHTMLView.m:2703) 30 com.apple.AppKit 0x9377c340 -[NSWindow sendEvent:] + 6424 31 com.apple.Safari 0x00021ca4 0x1000 + 134308 32 com.apple.AppKit 0x93724c74 -[NSApplication sendEvent:] + 4172 33 com.apple.Safari 0x000217a8 0x1000 + 133032 34 com.apple.AppKit 0x9371c0b0 -[NSApplication run] + 508 35 com.apple.AppKit 0x9380cbfc NSApplicationMain + 452 36 com.apple.Safari 0x0005cb98 0x1000 + 375704 37 com.apple.Safari 0x0005ca40 0x1000 + 375360