After fixing the main crash reported on bug 17313, the original test case still crashes. This is because a document is created via DOMParser.parseFromString and is then queried with querySelectorAll. As the document is not attached to any view it has no style selector, which leads to a null dereference. Top of backtrace is as follows: Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000000000e8 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x00e3745a WebCore::CSSStyleSelector::initElementAndPseudoState(WebCore::Element*) + 26 (CSSStyleSelector.cpp:535) 1 com.apple.WebCore 0x011192be WebCore::Node::querySelector(WebCore::String const&, int&) + 542 (Node.cpp:1225) 2 com.apple.WebCore 0x01036aee WebCore::jsDocumentPrototypeFunctionQuerySelector(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 142 (PassRefPtr.h:49) 3 com.apple.JavaScriptCore 0x00487228 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 696 (object.cpp:99)
Created attachment 19504 [details] Reduction (will crash Release builds of TOT)
<rdar://problem/5778077>
Fixed in <http://trac.webkit.org/changeset/33939>.