Any visit to http://versiontracker.com/macosx/ (which redirects to a download page on CNet) causes latest Webkit to crash. In Safari, it functions fine. Sometimes the first page comes up with the popup that reads "Versiontracker.com is now part of CNet" and then it crashes when you click to dismiss it, other times it crashes instantly by entering that url.
The URL it redirects to is: http://www.versiontracker.com/macosx/ First then to http://download.cnet.com/mac/3151-20_4-0.html?tag=vtredir Navigating to that URL causes the same crash to occur with either instant crash or when clicking to dismiss the overlaid box.
I get the crash with r84622 nightly, bit not with a local debug build of r85060. Geoff, was this fixed already? Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001011ec4b3 WebCore::JSCSSStyleDeclarationOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void*, JSC::MarkStack&) + 35 1 com.apple.JavaScriptCore 0x00000001007fbdb8 JSC::HandleHeap::markWeakHandles(JSC::HeapRootVisitor&) + 120
(In reply to comment #2) > I get the crash with r84622 nightly, bit not with a local debug build of r85060. Geoff, was this fixed already? Hmmm... I don't recall a patch specifically targeted at JSCSSStyleDeclarationOwner::isReachableFromOpaqueRoots.
I cannot reproduce with a release build of r85222 either. There was a number of generic GC fixes too, so marking as WORKSFORME. Could you please try to reproduce when a new nightly is posted?
(FYI, this particular website was fixed by http://trac.webkit.org/changeset/84764.)
<rdar://problem/9370087>