Created attachment 41150 [details] Minimal test case I'm not using 528+ but the nightly 532.2+, but there was no option for it. However, it also crashes Safari 4.0.3. Attached is a minimal test case. The crash is reproducible every time, on both nightly and Safari 4.0.3. All Safari extensions were disabled at the moment of the crashes. Steps to reproduce: Hover "fooooooooo". -> Crash. Crash report: http://pastebin.com/f65b8e173 System info: http://pastebin.com/f6ebe5864 I'll also be attaching the crash report after submitting, just in case.
Created attachment 41151 [details] System information after crash in nightly WebKit
<rdar://problem/7301567>
Top of my crash log with some line numbers (r49488): Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000210 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001008ac636 WebCore::RenderLayer::updateHoverActiveState(WebCore::HitTestRequest const&, WebCore::HitTestResult&) + 582 (RenderLayer.cpp:3044) 1 com.apple.WebCore 0x00000001008ab1d0 WebCore::RenderLayer::hitTest(WebCore::HitTestRequest const&, WebCore::HitTestResult&) + 224 (RenderLayer.cpp:2322) 2 com.apple.WebCore 0x00000001008ab04b WebCore::Document::prepareMouseEvent(WebCore::HitTestRequest const&, WebCore::IntPoint const&, WebCore::PlatformMouseEvent const&) + 91 (Document.cpp:2192)
*** This bug has been marked as a duplicate of bug 26515 ***