DESCRIPTION: This is similar with a resolved bug 95492, but it has different code path. I will make a patch in the same way. HOW TO REPRODUCE: 1) Build debug version webkit 2) open bing.com 3) after it loaded, open baidu.com EXPECTED: Baidu.com is loaded and browser should not crash ACTUAL: Browser crashed at the assertion failure as following. Thread [3] (Suspended: Signal 'SIGSEGV' received. Description: Segmentation fault.) 22 JSC::MarkedAllocator::allocateSlowCase() MarkedAllocator.cpp:76 0x02954174 21 JSC::MarkedAllocator::allocate() MarkedAllocator.h:83 0x793f43e4 20 JSC::MarkedSpace::allocateWithDestructor() MarkedSpace.h:197 0x793f4518 19 JSC::Heap::allocateWithDestructor() Heap.h:366 0x793f4668 18 JSC::allocateCell<JSC::JSAPIValueWrapper>() JSCell.h:337 0x793ff2ac 17 JSC::JSAPIValueWrapper::create() JSAPIValueWrapper.h:49 0x793fb664 16 JSC::jsAPIValueWrapper() JSAPIValueWrapper.h:73 0x793fb814 15 toRef() APICast.h:114 0x793fb8a0 14 BlackBerry::WebKit::WebPagePrivate::executeJavaScriptInIsolatedWorld() WebPage.cpp:860 0x793d9f08 13 BlackBerry::WebKit::WebPage::executeJavaScriptInIsolatedWorld() WebPage.cpp:915 0x793da308