Using nightly build r23540 ('Mozilla/5.0 (Windows; U; Windows NT 5.0; en) AppleWebKit/522.4.1+ (KHTML, like Gecko) Version/3.0.1 Safari/522.12.2'): The linked page just creates a canvas, and calls ctx.createPattern(canvas, ...) on it. Frequently (sometimes after having to reload the page a couple of times) it crashes, most commonly like: 'The instruction at "0x6fc02925" referenced memory at "0x00000040". The memory could not be "read".'
Thanks for the bug report, Philip! Could you please post a stack trace (as an attachment) of the crash?
Created attachment 15079 [details] stack trace Not sure if there's a better way to get this information, but this is just copied from the call stack window in the VS2005 debugger.
(In reply to comment #2) > Not sure if there's a better way to get this information, but this is just > copied from the call stack window in the VS2005 debugger. Thanks! I didn't realize you were on Windows--still getting used to bugs reported on that platform. :)
Confirmed with r23677.
<rdar://problem/5319511>
Created attachment 16005 [details] Possible fix for this crash I noticed in the current SVN version, this page crashes on Mac too. This patch seemed to fix the behavior on Mac. Not sure about Windows crashing though.
Comment on attachment 16005 [details] Possible fix for this crash A CGImageRetain would be preferable so as not to require the cast, and to balance the CGImageRelease in the destructor. A layout test should also be created that covers this crash.
Comment on attachment 16005 [details] Possible fix for this crash You could probably also use a RetainPtr to store m_platformImage.
Created attachment 16007 [details] Fix and layout test RetainPtr based fix
Comment on attachment 16007 [details] Fix and layout test r=me
Committed revision 25124. Original reporter please confirm this is fixed.
And corrected the reference to Henry in the ChangeLog in revision 25125.
(In reply to comment #11) > Original reporter please confirm this is fixed. Confirmed with r27386. (Sorry for the delay!)