Looks like it started with darin's change here: http://trac.webkit.org/changeset/40824 Specifically removing the null check for doc in Frame::contentRenderer() (Frame.cpp:1130)

marking p1 since this is a regression.

I'm happy to just add the null-check back in. Don't know if that's the right fix though. Will send a patch with the null-check if I don't hear otherwise.

Created attachment 27738 [details] Fix crash on page load of http://www.stickam.com/liveStreams.do. Just readds a null-check that was removed in r40824. WebCore/page/Frame.cpp | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-)

Comment on attachment 27738 [details] Fix crash on page load of http://www.stickam.com/liveStreams.do. Just readds a null-check that was removed in r40824. r=me The code change looks fine, but I'm somewhat confused whether this needs a layout test. Did this problem cause crashes in existing tests on Windows? If it did not, can a new test be created for this fix?

IRC discussion: ojan: ap: regarding https://bugs.webkit.org/show_bug.cgi?id=23992...i haven't really been able to come up with a reduced case for the crash. it does crash everytime loading the page in question, but i haven' been able to figure out where exactly. saving a static version of the page and loading it doesn't cause a crash. i can dig further into the stack trace to try and understand when we're hitting this, but i'm not sure how much fruit that will yield. ap: ojan: ok I did dig further. Looks like it's crashing in the actual load event. I think (not sure) that an iframe is being appended to the page onload of the top-level window. The contentRenderer is grabbed before the iframe has a document.

Landed as http://trac.webkit.org/changeset/41066