There is nothing protecting the range object. This used to not be a problem before this patch because temporary objects in C++ are deleted after the full expression is evaluated, so it wasn't destroyed until after the function call. Patch forthcoming.
Created attachment 88702 [details] proposed fix
Comment on attachment 88702 [details] proposed fix View in context: https://bugs.webkit.org/attachment.cgi?id=88702&action=review > Source/WebKit2/ChangeLog:9 > + Now that the Range is used outide the full expression where it's created, it needs to be Typo: outside.
Committed <http://trac.webkit.org/changeset/83211>.