This is because cachedImage()->response().url().string().impl() is null, and hash(null) is not expected, thus crash.
I am working on a fix for WebGL. If someone else more familiar with canvas 2d could fix this on the canvas 2d side, it would be great!
A test case for WebGL: svn checkout https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl -r 14468 sdk/tests/conformance/tex-image-and-sub-image-2d-with-image.html Current behavior: crash correct behavior: no crash
Created attachment 89716 [details] Patch
This patch makes sure WebGL won't process an HTMLImageElement if it's not ready yet. mdelaney is getting another patch ready for the rest.
Comment on attachment 89716 [details] Patch Looks good.
Committed r83992: <http://trac.webkit.org/changeset/83992>