Thanks for the bug report, Matt! Could you post the stack trace from CrashReporter? If you don't want to make Safari crash again, please copy the relevant report from ~/Library/Logs/CrashReporter/Safari.crash.log and post it to this bug. Were you using shipping Safari to reproduce the bug, or a WebKit nightly build? http://nightly.webkit.org/ If you were using a WebKit nightly, have you tried r22070 or later?

(In reply to comment #1) Currently using r22070; I believe this may be a regression issue as well, though I did post it as one as I hadn't used Photobucket over a couple of updates and wasn't 100% sure on this. Dev-mode in the CrashReporter gives me this: 2007-06-10 01:36:04 +0800 EXC_BAD_ACCESS (0x0001) KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 WebCore::RenderLayer::childrenClipRect() const + 14 1 WebCore::FrameView::windowClipRectForLayer(WebCore::RenderLayer const*, bool) const + 73 2 -[DOMElement(WebPrivate) _windowClipRect] + 129 3 -[WebBaseNetscapePluginView visibleRect] + 125 4 -[WebBaseNetscapePluginView(Internal) _viewHasMoved] + 142 5 -[WebBaseNetscapePluginView renewGState] + 72 6 -[NSView _invalidateGStatesForTree] + 48 7 -[NSView _invalidateFocus] + 34 8 -[NSView _removeSubview:] + 78 9 -[NSView _setSuperview:] + 282

Following these steps, I can NOT get Photobucket to crash. Does this crash for you? 1. Launch Safari/WebKit. 2. Go to URL: http://s164.photobucket.com/albums/u15/Effin_01/ 3. Double-click on the "URL Link" text. (Actually, you only need to click once to make it copy.) Do you have any haxies, APEs or Input Managers (like Saft, SafariStand, PithHelmet, etc.) installed? If so, please deactivate or uninstall them, then try reproducing this bug again. If a different set of steps reproduces the crash for you, please post them here.

Exactly the steps I go through. However, it doesn't seem to crash WebKit/Safari on that page; only my own Photobucket, when clicking on any URL (regardless of sub-album).

This looks very much like a duplicate of bug 13984. That was apparently fixed in r22062. Are you sure you're using the latest nightly?

(In reply to comment #4) > Exactly the steps I go through. However, it doesn't seem to crash WebKit/Safari > on that page; only my own Photobucket, when clicking on any URL (regardless of > sub-album). Could you provide a link to the page where this happens? Or does it only happen when you're logged into Photobucket? We need to be able to reproduce the crash before we can fix it!

http://smg.photobucket.com/albums/v348/Elithrar/ Guest password is "webkit" currently. Give it a try, I can still reproduce it and am 100% certain I am using the latest nightly.

(In reply to comment #7) > http://smg.photobucket.com/albums/v348/Elithrar/ > > Guest password is "webkit" currently. Give it a try, I can still reproduce it > and am 100% certain I am using the latest nightly. Thanks! I am unable to reproduce the crash, though, by clicking and double-clicking on text below various images on that page. Could you post a full crash log instead of the partial one from Comment #2?

Please be sure to save the crash log as a text file and attach it to the bug. Pasting it in a comment will cause Bugzilla to mangle it a bit which makes it tricky to read. Thanks!

FWIW, I also cannot reproduce with r23682 nightly. It's interesting that the crash involves a plugin, while the only plugin object on the page is a small Flash ad at the top. It would be indeed quite useful to have a full crash log.

(In reply to comment #10) > FWIW, I also cannot reproduce with r23682 nightly. > > It's interesting that the crash involves a plugin, while the only plugin object > on the page is a small Flash ad at the top. It would be indeed quite useful to > have a full crash log. > I also cannot reproduce the problem in Webkit r30790. Per comment #8, comment #10 and my experience I resolve the bug as WORKSFORME. Matt feel free to reopen the bug if you still experience the problem in the latest Webkit but remember to attach requested crash log.