This is because cachedImage()->response().url().string().impl() is null, and hash(null) is not expected, thus crash.
I am working on a fix for WebGL. If someone else more familiar with canvas 2d could fix this on the canvas 2d side, it would be great!
A test case for WebGL:
svn checkout https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl
Current behavior: crash
correct behavior: no crash
Created attachment 89716 [details]
This patch makes sure WebGL won't process an HTMLImageElement if it's not ready yet.
mdelaney is getting another patch ready for the rest.
Comment on attachment 89716 [details]
Committed r83992: <http://trac.webkit.org/changeset/83992>