I saw a few more issues whilst fixing some unrelated things. I think it's best I describe the bugs with a patch to be honest. Most of the issues are size_t vs. unsigned confusion on 64-bit, but also a couple of cases where it looks prudent to check for integer overflows. Patch forthcoming.
Created attachment 70188 [details] Patch
Comment on attachment 70188 [details] Patch Clearing flags on attachment: 70188 Committed r69414: <http://trac.webkit.org/changeset/69414>
All reviewed patches have been landed. Closing bug.