Created attachment 88998 [details] $ cat crash.log | c++filt It doesn't crash in itself, but we can easily reproduce the crash: $ Tools/Scripts/run-webkit-tests --debug canvas/philip/tests/initial.reset.2dstate.html canvas/philip/tests/initial.reset.clip.html
This crash caused or revealed by http://trac.webkit.org/changeset/83396
I cc-ed Beth and Dan, the author and the reviewer of r83396. Could you check it please if it is a regression caused by r83396, or a Qt specific/platform independent bug revealed by r83396?
This is an assertion failure in code added in r83396.
I can reproduce this on Mac OS X by opening canvas/philip/tests/initial.reset.2dstate.html in Safari, and then using Font Book to disable or enable a font (which invalidates the font cache).
r83396 is wrong in that it uses pointers to State instances, but State is copyable.
Created attachment 89023 [details] Patch
Comment on attachment 89023 [details] Patch Is m_font.fontSelector() never null here?
(In reply to comment #7) > (From update of attachment 89023 [details]) > Is m_font.fontSelector() never null here? If m_realizedFont is true, then m_font.fontSelector() should never be null.
Fixed in r83451. <http://trac.webkit.org/changeset/83451>