Chromium bug: http://crbug.com/18984 https://bugs.webkit.org/show_bug.cgi?id=22834 (checked in as r41877) fixed a mismatched new/free Valgrind warning. This has now reappeared as the opposite - a mismatched malloc/delete. The problem is that the patch for the bug above changed - fastFree(selectorVector[i]) + // We want to free the memory (which was allocated with new), but we + // don't want the destructor to run since it will affect the copy + // we've just made. In theory this is undefined, but operator delete + // is only defined taking a void*, so in practice it should be ok. + delete reinterpret_cast<char*>(selectorVector[i]); It appears things have moved around and the original allocation's use of operator new now calls through to FastAllocBase which calls malloc(). The bizarre part is that the delete hack used above seems to bypass FastAllocBase's operator delete (which calls free) and instead call the system library version instead, thus triggering a Valgrind warning. We probably need to revert this part of the aforementioned patch or come up with a better long-term solution.