This is a 100% crasher on 18227 and 18221 (haven't tested earlier builds) on a 10.4.8 Intel machine. Enter a zip code into the text entry box, hit return, and observe the nearly instant crash. Submitting the form triggers a very short javascript that appears to do some data validation, and choses a web page based on the validation. I'm attaching a log for this crash.
Created attachment 11852 [details] Crash log
Confirmed in locally-built debug build of WebKit r18212. Crash happens on page returned from form submission. Might be related to Bug 11832. On the console "Bus error" is printed with this stack trace: Date/Time: 2006-12-14 23:15:02.990 -0600 OS Version: 10.4.8 (Build 8L127) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: bash [16966] Version: 2.0.4 (419.3) Build Version: 1 Project Name: WebBrowser Source Version: 4190300 PID: 11076 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x0000001c Thread 0 Crashed: 0 com.apple.WebCore 0x0158fc80 WebCore::Node::document() const + 156 (Node.h:270) 1 com.apple.WebCore 0x012abf98 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 312 (EventTargetNode.cpp:294) 2 com.apple.WebCore 0x012ac0cc WebCore::EventTargetNode::dispatchHTMLEvent(WebCore::AtomicString const&, bool, bool) + 172 (EventTargetNode.cpp:516) 3 com.apple.WebCore 0x013282d4 WebCore::HTMLScriptElement::notifyFinished(WebCore::CachedResource*) + 244 (HTMLScriptElement.cpp:155) 4 com.apple.WebCore 0x01141db4 WebCore::CachedScript::checkNotify() + 108 (CachedScript.cpp:91) 5 com.apple.WebCore 0x01141ef4 WebCore::CachedScript::data(WTF::Vector<char, (unsigned long)0>&, bool) + 180 (CachedScript.cpp:83) 6 com.apple.WebCore 0x01144414 WebCore::Loader::receivedAllData(WebCore::SubresourceLoader*, NSData*) + 344 (loader.cpp:109) 7 com.apple.WebCore 0x0146fee0 WebCore::SubresourceLoader::didFinishLoading() + 248 (SubresourceLoaderMac.mm:196) 8 com.apple.WebCore 0x0146af38 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60 (ResourceLoaderMac.mm:457) 9 com.apple.WebCore 0x0147e7c4 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 144 (ResourceHandleMac.mm:265) 10 com.apple.Foundation 0x9299384c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 11 com.apple.Foundation 0x92991ab8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 12 com.apple.Foundation 0x92991810 _sendCallbacks + 156 13 com.apple.CoreFoundation 0x907dd4cc __CFRunLoopDoSources0 + 384 14 com.apple.CoreFoundation 0x907dc9fc __CFRunLoopRun + 452 15 com.apple.CoreFoundation 0x907dc47c CFRunLoopRunSpecific + 268 16 com.apple.HIToolbox 0x93208740 RunCurrentEventLoopInMode + 264 17 com.apple.HIToolbox 0x93207dd4 ReceiveNextEventCommon + 380 18 com.apple.HIToolbox 0x93207c40 BlockUntilNextEventMatchingListInMode + 96 19 com.apple.AppKit 0x9370bae4 _DPSNextEvent + 384 20 com.apple.AppKit 0x9370b7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 21 com.apple.Safari 0x00006740 0x1000 + 22336 22 com.apple.AppKit 0x93707cec -[NSApplication run] + 472 23 com.apple.AppKit 0x937f887c NSApplicationMain + 452 24 com.apple.Safari 0x0005c77c 0x1000 + 374652 25 com.apple.Safari 0x0005c624 0x1000 + 374308
Confirmed this is a regression from shipping Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127).
I bet this is something like bug 11010.
*** This bug has been marked as a duplicate of 11010 ***