Bug 33071

After calling the link above, webkit crashes. BT: #0 0x002d6422 in __kernel_vsyscall () #1 0x019394d1 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0x0193c932 in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0x0196fee5 in ?? () from /lib/tls/i686/cmov/libc.so.6 #4 0x01979ff1 in ?? () from /lib/tls/i686/cmov/libc.so.6 #5 0x0197b6f2 in ?? () from /lib/tls/i686/cmov/libc.so.6 #6 0x0197e79d in free () from /lib/tls/i686/cmov/libc.so.6 #7 0x00577c22 in _tessellate_fan (stroker=<value optimized out>, in_vector=<value optimized out>, out_vector=0xbfffd4d0, midpt=0xbfffd538, inpt=0xbfffd540, outpt=0xbfffd530, clockwise=0) at cairo-path-stroke.c:392 #8 0x00577f12 in _cairo_stroker_add_cap (stroker=0xbfffd65c, f=<value optimized out>) at cairo-path-stroke.c:675 #9 0x00577faf in _cairo_stroker_add_leading_cap (stroker=0x0, face=<value optimized out>) at cairo-path-stroke.c:756 #10 0x00578115 in _cairo_stroker_add_caps (stroker=0xbfffd65c) at cairo-path-stroke.c:893 #11 0x005788df in _cairo_path_fixed_stroke_to_polygon (path=0x83a4104, stroke_style=0x83a3ea8, ctm=0x83a3f34, ctm_inverse=0x83a3f64, tolerance=0.10000000000000001, polygon=0xbfffdad0) at cairo-path-stroke.c:1387 #12 0x00578a22 in _cairo_path_fixed_stroke_to_traps (path=0x83a4104, stroke_style=0x83a3ea8, ctm=0x83a3f34, ctm_inverse=0x83a3f64, tolerance=0.10000000000000001, traps=0xbfffdef4) ---Type <return> to continue, or q <return> to quit--- at cairo-path-stroke.c:1423 #13 0x00568471 in _cairo_gstate_stroke_extents (gstate=0x83a3e98, path=0x83a4104, x1=0xbfffe240, y1=0xbfffe230, x2=0xbfffe238, y2=0xbfffe228) at cairo-gstate.c:1303 #14 0x0055eccd in cairo_stroke_extents (cr=0x83a3e78, x1=0xbfffe240, y1=0x6, x2=0x53fd, y2=0xbfffe228) at cairo.c:2434 #15 0x010536c0 in WebCore::Path::strokeBoundingRect(WebCore::StrokeStyleApplier*) () It's a release build but the relevant code is maybe in Cairo.