I've set up an example fiddle (http://jsfiddle.net/fermion/wjqNh/2/) that demonstrates what I've been seeing for a few weeks now. This occurs in the current Webkit nightly and Chrome dev. channel browsers. To reproduce: 1) visit the fiddle in Webkit nightly 2) open up DOM inspector and attempt to inspect styles on the <a> tags in the "Result" pane 3) BOOM I've attached a trace from OS X's Console related to the event. Also notice the display, the link text isn't formatted correctly. In Webkit: http://p.fermion.us/3A1j0t1c1s1f3T3W3x2T in Safari 5.1.1: http://p.fermion.us/3X0A2g283i0r0K2P1u1Y If I remove applied border-image and -webkit-border-image tags it's fine. If I set top/left/right/bottom values to 0 as in: http://jsfiddle.net/fermion/8DCEh/1/ you can inspect the <a> without issue. Furthermore, setting all but one of top/left/right/bottom to be a non-zero value as in: http://jsfiddle.net/fermion/Epr2A/1/ is also fine. It seems that setting all of top/left/right/bottom to non-zero values triggers the crash.
Reproduced on ToT. Looks like CSSBorderImageSliceValue::cssText() is crashing because m_slices is null.
Created attachment 111013 [details] OS X Console output when the problem occurs Sorry, I thought I'd attached this originally!
<rdar://problem/10260690>
Created attachment 111068 [details] Patch
Comment on attachment 111068 [details] Patch r=me
http://trac.webkit.org/changeset/97502
I'm curious if I should file a different bug for the apparent rendering issue here, too. This is a page using the example styles from the jsfiddle links and more, notice the lack of fill behind the "button" text: http://p.fermion.us/3s2C2C1N1i2o0x162X2N Here's the same menu in Safari 5.1.1 http://p.fermion.us/0W2m40080x1Z243Z2C2g I'm more than happy to file another issue if that's what should happen. Thanks!
I believe that's because we now support unprefixed border-image, and you left 'fill' off of your border-image style.
(In reply to comment #8) > I believe that's because we now support unprefixed border-image, and you left 'fill' off of your border-image style. Got to love PEBKAC errors. Thanks for the tip Simon!