Created attachment 88998 [details]
$ cat crash.log | c++filt
It doesn't crash in itself, but we can easily reproduce the crash:
$ Tools/Scripts/run-webkit-tests --debug canvas/philip/tests/initial.reset.2dstate.html canvas/philip/tests/initial.reset.clip.html
This crash caused or revealed by http://trac.webkit.org/changeset/83396
I cc-ed Beth and Dan, the author and the reviewer of r83396.
Could you check it please if it is a regression caused by r83396,
or a Qt specific/platform independent bug revealed by r83396?
This is an assertion failure in code added in r83396.
I can reproduce this on Mac OS X by opening canvas/philip/tests/initial.reset.2dstate.html in Safari, and then using Font Book to disable or enable a font (which invalidates the font cache).
r83396 is wrong in that it uses pointers to State instances, but State is copyable.
Created attachment 89023 [details]
Comment on attachment 89023 [details]
Is m_font.fontSelector() never null here?
(In reply to comment #7)
> (From update of attachment 89023 [details])
> Is m_font.fontSelector() never null here?
If m_realizedFont is true, then m_font.fontSelector() should never be null.
Fixed in r83451. <http://trac.webkit.org/changeset/83451>