Patch forthcoming. Sample crash log: 0 com.apple.WebKit 0x00007fff81318cfd WTF::HashTableIterator<WebKit::ProxyInstance*, WebKit::ProxyInstance*, WTF::IdentityExtractor<WebKit::ProxyInstance*>, WTF::PtrHash<WebKit::ProxyInstance*>, WTF::HashTraits<WebKit::ProxyInstance*>, WTF::HashTraits<WebKit::ProxyInstance*> > WTF::HashTable<WebKit::ProxyInstance*, WebKit::ProxyInstance*, WTF::IdentityExtractor<WebKit::ProxyInstance*>, WTF::PtrHash<WebKit::ProxyInstance*>, WTF::HashTraits<WebKit::ProxyInstance*>, WTF::HashTraits<WebKit::ProxyInstance*> >::find<WebKit::ProxyInstance*, WTF::IdentityHashTranslator<WebKit::ProxyInstance*, WebKit::ProxyInstance*, WTF::PtrHash<WebKit::ProxyInstance*> > >(WebKit::ProxyInstance* const&) + 125 1 com.apple.WebKit 0x00007fff812d7fca WebKit::NetscapePluginInstanceProxy::removeInstance(WebKit::ProxyInstance*) + 42 2 com.apple.WebKit 0x00007fff812d7f17 WebKit::ProxyInstance::~ProxyInstance() + 55 3 com.apple.WebCore 0x00007fff84fca6fa WebCore::HTMLPlugInElement::~HTMLPlugInElement() + 170 4 com.apple.WebCore 0x00007fff84fca5a5 WebCore::HTMLObjectElement::~HTMLObjectElement() + 133 5 com.apple.WebCore 0x00007fff84e4f52c void WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode*) + 76 6 com.apple.WebCore 0x00007fff84e4f7d6 WebCore::ContainerNode::~ContainerNode() + 38 7 com.apple.WebCore 0x00007fff84f8ee5e WebCore::HTMLDivElement::~HTMLDivElement() + 62 8 com.apple.WebCore 0x00007fff84f5c4d5 WebCore::JSNode::~JSNode() + 437 9 com.apple.JavaScriptCore 0x00007fff87cf4941 JSC::Heap::sweep() + 257 10 com.apple.JavaScriptCore 0x00007fff87cf0dfb JSC::Heap::collectAllGarbage() + 75 11 com.apple.WebCore 0x00007fff84fcb585 WebCore::collect(void*) + 21 <rdar://problem/7906226>
Created attachment 73008 [details] proposed fix Unfortunately, I couldn't make any regression tests.
Comment on attachment 73008 [details] proposed fix Looks great. r=me
Committed <http://trac.webkit.org/changeset/71426>.