Can you please attach a crash dump? Instructions can be found at <http://webkit.org/quality/crashlogs.html>

Created attachment 21915 [details]
Dr Watson Log

Created attachment 21916 [details]
Crash Dump

Dr Watson log and dump file attached.

I believe that I see this bug too.  It does not occur with build 34388, it does occur with 34603, 34752 & 35035.

This is with Safari 3.1.2 (525.21) on Windows XP SP3.

The crash does not occur straight away, I think because I have "New windows open with: Empty Page".  It does not occur if I open a simple page, for example http://www.google.co.uk .  But as soon as I open http://news.bbc.co.uk it crashes, I suspect because of the news ticker at the top which probably uses JavaScript.

I will attach log & dump.

Appologies if this is a different bug, symptoms appeared quite identical when I first searched, only further investigation revealed the differences.

Created attachment 22174 [details]
Dr Watson log

Created attachment 22175 [details]
User dump

It still crashes w/r35066.  I'm kind of baffel about this - what's the point of releasing Nightlies if they don't work at all?!

Here's the backtrace:

>	WebKit.dll!WebCore::HTMLCollection::resetCollectionInfo()  Line 131 + 0x6 bytes	C++
 	WebKit.dll!WebCore::HTMLCollection::namedItems(const WebCore::AtomicString & name={...}, WTF::Vector<WTF::RefPtr<WebCore::Node>,0> & result={...})  Line 432	C++
 	WebKit.dll!WebCore::HTMLFormElement::getNamedElements(const WebCore::AtomicString & name={...}, WTF::Vector<WTF::RefPtr<WebCore::Node>,0> & namedItems={...})  Line 697 + 0x1a bytes	C++
 	WebKit.dll!WebCore::JSHTMLFormElement::canGetItemsForName(KJS::ExecState * exec=0x0012f4c0, WebCore::HTMLFormElement * form=0x7fc5e120, const KJS::Identifier & propertyName={...})  Line 40 + 0x3d bytes	C++
 	WebKit.dll!WebCore::JSHTMLFormElement::getOwnPropertySlot(KJS::ExecState * exec=0x0012f4c0, const KJS::Identifier & propertyName={...}, KJS::PropertySlot & slot={...})  Line 127 + 0x17 bytes	C++
 	WebKit.dll!KJS::JSValue::get(KJS::ExecState * exec=0x00000000, const KJS::Identifier & propertyName={...})  Line 661 + 0xb bytes	C++
 	WebKit.dll!KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag flag=Normal, KJS::ExecState * exec=0x0012f4c0, KJS::RegisterFile * registerFile=0x7ff4e160, KJS::Register * r=0x7feff124, KJS::ScopeChainNode * scopeChain=0x7ff550b0, KJS::CodeBlock * codeBlock=0x7fa4c2d0, KJS::JSValue * * exception=0x0012f520)  Line 1694	C++
 	WebKit.dll!KJS::Machine::execute(KJS::ProgramNode * programNode=0x7f9db000, KJS::ExecState * exec=0x00000000, KJS::ScopeChainNode * scopeChain=0x7ff550b0, KJS::JSObject * thisObj=0x03260000, KJS::RegisterFileStack * registerFileStack=0x7feae6d8, KJS::JSValue * * exception=0x0012f520)  Line 670	C++
 	WebKit.dll!KJS::Interpreter::evaluate(KJS::ExecState * exec=0x7ff4e180, KJS::ScopeChain & scopeChain={...}, const KJS::UString & sourceURL={...}, int startingLineNumber=1, WTF::PassRefPtr<KJS::SourceProvider> source={...}, KJS::JSValue * thisValue=0x03260000)  Line 84	C++
 	WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::String & filename={...}, int baseLine=1, const WebCore::String & str={...})  Line 90 + 0x62 bytes	C++
 	WebKit.dll!WebCore::FrameLoader::executeScript(const WebCore::String & url={...}, int baseLine=1, const WebCore::String & script={...})  Line 785	C++
 	WebKit.dll!WebCore::HTMLTokenizer::scriptExecution(const WebCore::String & str={...}, WebCore::HTMLTokenizer::State state={...}, const WebCore::String & scriptURL={...}, int baseLine=1)  Line 546	C++
 	WebKit.dll!WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State state={...})  Line 483 + 0x1e bytes	C++
 	WebKit.dll!WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...})  Line 331 + 0xf bytes	C++
 	WebKit.dll!WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...})  Line 1497 + 0x26 bytes	C++
 	WebKit.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str=, bool appendData=)  Line 1732 + 0x1b bytes	C++
 	WebKit.dll!WTF::TCMalloc_ThreadCache::GetCacheIfPresent()  Line 2399	C++
 	WebKit.dll!WTF::fastFree(void * ptr=0x104c49e0)  Line 3114 + 0x2d bytes	C++
 	WebKit.dll!WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode * referenceNode=, WTF::PassRefPtr<WebCore::Event> e={...}, int & __formal=, bool tempEvent=)  Line 281 + 0x3d bytes	C++
 	WebKit.dll!WTF::Deque<WebCore::SegmentedSubstring>::Deque<WebCore::SegmentedSubstring>(const WTF::Deque<WebCore::SegmentedSubstring> & other={...})  Line 308 + 0x17 bytes	C++
 	WebKit.dll!WebCore::SegmentedString::clear()  Line 87 + 0x10 bytes	C++
 	WebKit.dll!WebCore::CachedScript::checkNotify()  Line 95 + 0xa bytes	C++
 	WebKit.dll!WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}, bool allDataReceived=true)  Line 85 + 0xe bytes	C++
 	WebKit.dll!WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader * loader=0x7fa2e000)  Line 269	C++
 	WebKit.dll!WebCore::SubresourceLoader::didFinishLoading()  Line 193 + 0xe bytes	C++
 	WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x7fdd0668)  Line 390	C++
 	WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x0283f5d8, const void * clientInfo=0x7fdd0668)  Line 118 + 0x11 bytes	C++

*** This bug has been marked as a duplicate of 19580 ***