This leads to out of bounds accesses and subsequent crashes. Patch on its way.
Created attachment 207775 [details] Patch
Comment on attachment 207775 [details] Patch r=me
<rdar://problem/14527940>
Committed r153500: <http://trac.webkit.org/changeset/153500>