Created attachment 186429 [details] Crash log. Safari 6.0.3 (8536.28.9) Reproducibility: always Steps: Try to join a Lync meeting from URL. What happened: WebKit PluginProcess crashes. *** error for object 0x1073c5cf8: pointer being freed was not allocated Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x00007fff8cea5212 __pthread_kill + 10 1 libsystem_c.dylib 0x00007fff93187b54 pthread_kill + 90 2 libsystem_c.dylib 0x00007fff931cbdce abort + 143 3 libsystem_c.dylib 0x00007fff9319f9b9 free + 392 4 com.apple.WebKit2 0x00007fff90c47683 WebKit::releaseNPVariantValue(_NPVariant*) + 30 5 com.apple.WebKit2 0x00007fff90c40d31 WebKit::NPObjectMessageReceiver::invoke(WebKit::NPIdentifierData const&, WTF::Vector<WebKit::NPVariantData, 0ul> const&, bool&, WebKit::NPVariantData&) + 539 6 com.apple.WebKit2 0x00007fff90c41ab3 void CoreIPC::handleMessage<Messages::NPObjectMessageReceiver::Invoke, WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, WTF::Vector<WebKit::NPVariantData, 0ul> const&, bool&, WebKit::NPVariantData&)>(CoreIPC::ArgumentDecoder*, CoreIPC::ArgumentEncoder*, WebKit::NPObjectMessageReceiver*, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, WTF::Vector<WebKit::NPVariantData, 0ul> const&, bool&, WebKit::NPVariantData&)) + 131 7 com.apple.WebKit2 0x00007fff90c4431c WebKit::NPRemoteObjectMap::didReceiveSyncMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*, WTF::OwnPtr<CoreIPC::ArgumentEncoder>&) + 78 8 com.apple.WebKit2 0x00007fff90cc1130 WebKit::WebProcessConnection::didReceiveSyncMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*, WTF::OwnPtr<CoreIPC::ArgumentEncoder>&) + 120 9 com.apple.WebKit2 0x00007fff90bd95e6 CoreIPC::Connection::dispatchSyncMessage(CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 132 10 com.apple.WebKit2 0x00007fff90bd5fa8 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 162 11 com.apple.WebKit2 0x00007fff90c1870e CoreIPC::Connection::SyncMessageState::dispatchMessages(CoreIPC::Connection*) + 306 12 com.apple.WebKit2 0x00007fff90c185d0 CoreIPC::Connection::SyncMessageState::dispatchMessageAndResetDidScheduleDispatchMessagesForConnection(CoreIPC::Connection*) + 102 13 com.apple.WebCore 0x00007fff93dd2d9c WebCore::RunLoop::performWork() + 156 14 com.apple.WebCore 0x00007fff93dd3437 WebCore::RunLoop::performWork(void*) + 71 15 com.apple.CoreFoundation 0x00007fff923e2b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 16 com.apple.CoreFoundation 0x00007fff923e2455 __CFRunLoopDoSources0 + 245 17 com.apple.CoreFoundation 0x00007fff924057f5 __CFRunLoopRun + 789 18 com.apple.CoreFoundation 0x00007fff924050e2 CFRunLoopRunSpecific + 290 19 com.apple.HIToolbox 0x00007fff8fa87eb4 RunCurrentEventLoopInMode + 209 20 com.apple.HIToolbox 0x00007fff8fa87c52 ReceiveNextEventCommon + 356 21 com.apple.HIToolbox 0x00007fff8fa87ae3 BlockUntilNextEventMatchingListInMode + 62 22 com.apple.AppKit 0x00007fff8d1d8563 _DPSNextEvent + 685 23 com.apple.AppKit 0x00007fff8d1d7e22 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 24 com.apple.AppKit 0x00007fff8d1cf1d3 -[NSApplication run] + 517 25 com.apple.WebCore 0x00007fff93dd380f WebCore::RunLoop::run() + 63 26 com.apple.WebKit2 0x00007fff90c54487 WebKit::PluginProcessMain(WebKit::CommandLine const&) + 794 27 com.apple.WebKit2 0x00007fff90c8b1f4 WebKitMain + 296 28 com.apple.WebKit.PluginProcess 0x0000000106e9ce7b 0x106e9c000 + 3707 29 libdyld.dylib 0x00007fff8eab27e1 start + 1 Expected result: WbKit PluginProcess does not crash.