It's possible to be latched to a DOM element, then attempt a new scroll event where the hit test for the mouse event returns NULL for the target element. When this happens, the NULL element is dereferenced without a NULL check resulting in a crash.
This patch corrects this mistake.
Created attachment 231676 [details]
Wow, Simon. That was fast!
Committed r169037: <http://trac.webkit.org/changeset/169037>