Got a testcase? Some stupid cookie issue is preventing me from seeing the crbug.

Here is the initial report. Can you maybe visit the original bug using an Incognito Window? Chrome Version: 18.0.986.0 (Official Build 115854) canary OS: Mac OS X 10.7.2 Crash ID: no crash reported in chrome://crashes URL (if applicable) where crash occurred: http://updates.html5rocks.com/2011/12/CSS-Filter-Effects-Landing-in-WebKit Can you reproduce this crash? Yes What steps will reproduce this crash (or if it's not reproducible, what were you doing just before the crash)? 1. Open DevTools 2. Select <div id="wrap"> node 3. Add a css rule in the element.style pane: -webkit-filter: grayscale(0); 4. Aw, Snap! Console Log: Google Chrome Helper(668,0xac74c2c0) malloc: *** mmap(size=1966014464) failed (error code=12) *** error: can't allocate region *** set a breakpoint in malloc_error_break to debug [668:519:717682482340:ERROR:process_util_mac.mm(553)] Terminating process due to a potential for future heap corruption

The huge layer is because .dsq-toolbar-icon has text-indent: -9999em with no overflow:hidden, so the site is asking for it.

I think transparencyClipBox() could intersect with the clip rect.

Created attachment 122525 [details] Patch

Comment on attachment 122525 [details] Patch I wonder if we should add some way to debug/display a filter chain in DRT or LayoutTestController?