Can you please attach a crash dump? Instructions can be found at <http://webkit.org/quality/crashlogs.html>

Created attachment 21915 [details] Dr Watson Log

Created attachment 21916 [details] Crash Dump

Dr Watson log and dump file attached.

I believe that I see this bug too. It does not occur with build 34388, it does occur with 34603, 34752 & 35035. This is with Safari 3.1.2 (525.21) on Windows XP SP3. The crash does not occur straight away, I think because I have "New windows open with: Empty Page". It does not occur if I open a simple page, for example http://www.google.co.uk . But as soon as I open http://news.bbc.co.uk it crashes, I suspect because of the news ticker at the top which probably uses JavaScript. I will attach log & dump. Appologies if this is a different bug, symptoms appeared quite identical when I first searched, only further investigation revealed the differences.

Created attachment 22174 [details] Dr Watson log

Created attachment 22175 [details] User dump

It still crashes w/r35066. I'm kind of baffel about this - what's the point of releasing Nightlies if they don't work at all?!

Here's the backtrace: > WebKit.dll!WebCore::HTMLCollection::resetCollectionInfo() Line 131 + 0x6 bytes C++ WebKit.dll!WebCore::HTMLCollection::namedItems(const WebCore::AtomicString & name={...}, WTF::Vector<WTF::RefPtr<WebCore::Node>,0> & result={...}) Line 432 C++ WebKit.dll!WebCore::HTMLFormElement::getNamedElements(const WebCore::AtomicString & name={...}, WTF::Vector<WTF::RefPtr<WebCore::Node>,0> & namedItems={...}) Line 697 + 0x1a bytes C++ WebKit.dll!WebCore::JSHTMLFormElement::canGetItemsForName(KJS::ExecState * exec=0x0012f4c0, WebCore::HTMLFormElement * form=0x7fc5e120, const KJS::Identifier & propertyName={...}) Line 40 + 0x3d bytes C++ WebKit.dll!WebCore::JSHTMLFormElement::getOwnPropertySlot(KJS::ExecState * exec=0x0012f4c0, const KJS::Identifier & propertyName={...}, KJS::PropertySlot & slot={...}) Line 127 + 0x17 bytes C++ WebKit.dll!KJS::JSValue::get(KJS::ExecState * exec=0x00000000, const KJS::Identifier & propertyName={...}) Line 661 + 0xb bytes C++ WebKit.dll!KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag flag=Normal, KJS::ExecState * exec=0x0012f4c0, KJS::RegisterFile * registerFile=0x7ff4e160, KJS::Register * r=0x7feff124, KJS::ScopeChainNode * scopeChain=0x7ff550b0, KJS::CodeBlock * codeBlock=0x7fa4c2d0, KJS::JSValue * * exception=0x0012f520) Line 1694 C++ WebKit.dll!KJS::Machine::execute(KJS::ProgramNode * programNode=0x7f9db000, KJS::ExecState * exec=0x00000000, KJS::ScopeChainNode * scopeChain=0x7ff550b0, KJS::JSObject * thisObj=0x03260000, KJS::RegisterFileStack * registerFileStack=0x7feae6d8, KJS::JSValue * * exception=0x0012f520) Line 670 C++ WebKit.dll!KJS::Interpreter::evaluate(KJS::ExecState * exec=0x7ff4e180, KJS::ScopeChain & scopeChain={...}, const KJS::UString & sourceURL={...}, int startingLineNumber=1, WTF::PassRefPtr<KJS::SourceProvider> source={...}, KJS::JSValue * thisValue=0x03260000) Line 84 C++ WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::String & filename={...}, int baseLine=1, const WebCore::String & str={...}) Line 90 + 0x62 bytes C++ WebKit.dll!WebCore::FrameLoader::executeScript(const WebCore::String & url={...}, int baseLine=1, const WebCore::String & script={...}) Line 785 C++ WebKit.dll!WebCore::HTMLTokenizer::scriptExecution(const WebCore::String & str={...}, WebCore::HTMLTokenizer::State state={...}, const WebCore::String & scriptURL={...}, int baseLine=1) Line 546 C++ WebKit.dll!WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State state={...}) Line 483 + 0x1e bytes C++ WebKit.dll!WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 331 + 0xf bytes C++ WebKit.dll!WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 1497 + 0x26 bytes C++ WebKit.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str=, bool appendData=) Line 1732 + 0x1b bytes C++ WebKit.dll!WTF::TCMalloc_ThreadCache::GetCacheIfPresent() Line 2399 C++ WebKit.dll!WTF::fastFree(void * ptr=0x104c49e0) Line 3114 + 0x2d bytes C++ WebKit.dll!WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode * referenceNode=, WTF::PassRefPtr<WebCore::Event> e={...}, int & __formal=, bool tempEvent=) Line 281 + 0x3d bytes C++ WebKit.dll!WTF::Deque<WebCore::SegmentedSubstring>::Deque<WebCore::SegmentedSubstring>(const WTF::Deque<WebCore::SegmentedSubstring> & other={...}) Line 308 + 0x17 bytes C++ WebKit.dll!WebCore::SegmentedString::clear() Line 87 + 0x10 bytes C++ WebKit.dll!WebCore::CachedScript::checkNotify() Line 95 + 0xa bytes C++ WebKit.dll!WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}, bool allDataReceived=true) Line 85 + 0xe bytes C++ WebKit.dll!WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader * loader=0x7fa2e000) Line 269 C++ WebKit.dll!WebCore::SubresourceLoader::didFinishLoading() Line 193 + 0xe bytes C++ WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x7fdd0668) Line 390 C++ WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x0283f5d8, const void * clientInfo=0x7fdd0668) Line 118 + 0x11 bytes C++

*** This bug has been marked as a duplicate of 19580 ***