Representative crash: ``` Thread 4 Crashed:: Dispatch queue: LinearizedPagePreload 0 _platform_memmove + 96 1 void WTF::memcpySpan<unsigned char, 18446744073709551615ul, unsigned char const, 18446744073709551615ul>(std::__1::span<unsigned char, 18446744073709551615ul>, std::__1::span<unsigned char const, 18446744073709551615ul>) + 16 2 WebKit::PDFIncrementalLoader::dataProviderGetBytesAtPosition(std::__1::span<unsigned char, 18446744073709551615ul>, long long) + 52 3 WebKit::dataProviderGetBytesAtPositionCallback(void*, void*, long long, unsigned long) + 308 4 provider_get_bytes_at_position + 84 5 CGDataProviderDirectGetBytesAtPositionInternal + 308 ``` My current leading hypothesis is that the source buffer for the memcpy is nulled out before using it but after fetching it from the plugin. We should guard this work behind the data lock used for the buffer, too.

Pull request: https://github.com/apple/WebKit/pull/2388

Committed 283286.578@safari-7620-branch (de6e83ab1f4d): <https://commits.webkit.org/283286.578@safari-7620-branch> Reviewed commits have been landed. Closing PR #2388 and removing active labels.

<rdar://problem/141548517>

Re-opening for pull request https://github.com/apple/WebKit/pull/2406

Committed 283286.595@safari-7620-branch (0053acf9bc55): <https://commits.webkit.org/283286.595@safari-7620-branch> Reviewed commits have been landed. Closing PR #2406 and removing active labels.

<rdar://problem/143592990>

Committed 289647@main (1c283c67a9c0): <https://commits.webkit.org/289647@main> Reviewed commits have been landed. Closing PR #39706 and removing active labels.