Created attachment 167450 [details] Crash log. r130578 Reproducibility: once Steps: 1. https://maps.google.com/maps?vector=1 2. Moved the map around with the mouse. What happened: 2. Crash. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000107b66753 WTF::Float32Array::set(unsigned int, double) + 83 (Float32Array.h:52) 1 com.apple.WebCore 0x0000000107b649b6 WebCore::JSFloat32Array::indexSetter(JSC::ExecState*, unsigned int, JSC::JSValue) + 70 (JSFloat32Array.cpp:100) 2 com.apple.WebCore 0x0000000107b64d73 WebCore::JSFloat32Array::putByIndex(JSC::JSCell*, JSC::ExecState*, unsigned int, JSC::JSValue, bool) + 275 (JSFloat32Array.cpp:240) 3 com.apple.JavaScriptCore 0x00000001062fa374 cti_op_put_by_val + 420 (JITStubs.cpp:2524) 4 com.apple.JavaScriptCore 0x00000001062ff880 0x1060f8000 + 2128000 5 com.apple.JavaScriptCore 0x00000001062c5da4 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:134) 6 com.apple.JavaScriptCore 0x00000001062c2b32 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1746 (Interpreter.cpp:961) 7 com.apple.JavaScriptCore 0x000000010616db42 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:39) 8 com.apple.JavaScriptCore 0x00000001063157c7 JSC::boundFunctionCall(JSC::ExecState*) + 647 (JSBoundFunction.cpp:56) 9 com.apple.JavaScriptCore 0x00000001062c2dea JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 2442 (Interpreter.cpp:988) 10 com.apple.JavaScriptCore 0x000000010616db42 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:39) 11 com.apple.WebCore 0x0000000107a0ca02 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 (JSMainThreadExecState.h:56) 12 com.apple.WebCore 0x0000000107a0c6c5 WebCore::JSCallbackData::invokeCallback(JSC::JSValue, JSC::MarkedArgumentBuffer&, bool*) + 741 (JSCallbackData.cpp:78) 13 com.apple.WebCore 0x0000000107a0c3ca WebCore::JSCallbackData::invokeCallback(JSC::MarkedArgumentBuffer&, bool*) + 154 (JSCallbackData.cpp:48) 14 com.apple.WebCore 0x0000000107ce1dfd WebCore::JSRequestAnimationFrameCallback::handleEvent(unsigned long long) + 189 (JSRequestAnimationFrameCallbackCustom.cpp:49) 15 com.apple.WebCore 0x000000010844cb6e WebCore::ScriptedAnimationController::serviceScriptedAnimations(unsigned long long) + 302 (ScriptedAnimationController.cpp:129) 16 com.apple.WebCore 0x000000010844d1bf WebCore::ScriptedAnimationController::displayRefreshFired(double) + 47 (ScriptedAnimationController.h:90) 17 com.apple.WebCore 0x0000000107309dfc WebCore::DisplayRefreshMonitorClient::fireDisplayRefreshIfNeeded(double) + 60 (DisplayRefreshMonitor.cpp:53) 18 com.apple.WebCore 0x0000000107309fd2 WebCore::DisplayRefreshMonitor::displayDidRefresh() + 226 (DisplayRefreshMonitor.cpp:112) 19 com.apple.WebCore 0x0000000107309edd WebCore::DisplayRefreshMonitor::handleDisplayRefreshedNotificationOnMainThread(void*) + 29 (DisplayRefreshMonitor.cpp:75) 20 com.apple.JavaScriptCore 0x000000010653612a WTF::dispatchFunctionsFromMainThread() + 298 (MainThread.cpp:157) 21 com.apple.JavaScriptCore 0x0000000106538bf5 -[JSWTFMainThreadCaller call] + 21 (MainThreadMac.mm:49) 22 com.apple.Foundation 0x00007fff88921677 __NSThreadPerformPerform + 225 23 com.apple.CoreFoundation 0x00007fff8b12b101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 24 com.apple.CoreFoundation 0x00007fff8b12aaed __CFRunLoopDoSources0 + 445 25 com.apple.CoreFoundation 0x00007fff8b14ddc5 __CFRunLoopRun + 789 26 com.apple.CoreFoundation 0x00007fff8b14d6b2 CFRunLoopRunSpecific + 290 27 com.apple.HIToolbox 0x00007fff934420a4 RunCurrentEventLoopInMode + 209 28 com.apple.HIToolbox 0x00007fff93441e42 ReceiveNextEventCommon + 356 29 com.apple.HIToolbox 0x00007fff93441cd3 BlockUntilNextEventMatchingListInMode + 62 30 com.apple.AppKit 0x00007fff91908613 _DPSNextEvent + 685 31 com.apple.AppKit 0x00007fff91907ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 32 com.apple.AppKit 0x00007fff918ff283 -[NSApplication run] + 517 33 com.apple.WebCore 0x000000010841baac WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37) 34 com.apple.WebKit2 0x00000001053ba88a WebKit::WebProcessMain(WebKit::CommandLine const&) + 4458 (WebProcessMainMac.mm:190) 35 com.apple.WebKit2 0x00000001052c6d78 WebKitMain(WebKit::CommandLine const&) + 200 (WebKitMain.cpp:50) 36 com.apple.WebKit2 0x00000001052c6c89 WebKitMain + 153 (WebKitMain.cpp:74) 37 com.apple.WebProcess 0x000000010506fda2 main + 274 (MainMacProcess.cpp:68) 38 libdyld.dylib 0x00007fff881c47e1 start + 1 Expected result: 2. WebKit does not crash.