THis happens since the update to Webkit 1.1.7. Every time I visit http://sports.orange.fr/, Webkit based browsers crash when the page has finished loading. Here is the backtrace: #0 0xb7bd0592 in JSC::JITStubs::cti_op_loop_if_less (args=0x2) at ../JavaScriptCore/runtime/JSCell.h:251 #1 0xae1693fe in ?? () #2 0xb7bfa6fd in JSC::Interpreter::execute (this=0xb52d8900, programNode=0xae2e18d0, callFrame=0xb52f0ca4, scopeChain=0xb2e6ebb8, thisObj=0xb2fe0000, exception=0xbff2336c) at ../JavaScriptCore/jit/JITCode.h:76 #3 0xb7b8f4b8 in JSC::evaluate (exec=0xb52f0ca4, scopeChain=@0xb52f0c80, source=@0xbff23728, thisValue={m_ptr = 0xb2fe0000}) at ../JavaScriptCore/runtime/Completion.cpp:67 #4 0xb755b989 in WebCore::ScriptController::evaluate (this=0xb52a8908, sourceCode=@0xbff23728) at ../WebCore/bindings/js/ScriptController.cpp:101 #5 0xb7773c36 in WebCore::FrameLoader::executeScript (this=0xb52a86a8, sourceCode=@0xbff23728) at ../WebCore/loader/FrameLoader.cpp:802 #6 0xb772a832 in WebCore::HTMLTokenizer::scriptExecution (this=0xb52ce400, sourceCode=@0xbff23728, state={static EntityShift = 4, m_bits = 0}) at ../WebCore/html/HTMLTokenizer.cpp:555 #7 0xb772ca8e in WebCore::HTMLTokenizer::scriptHandler (this=0xb52ce400, state={static EntityShift = 4, m_bits = 128}) at ../WebCore/html/HTMLTokenizer.cpp:497 #8 0xb772dc19 in WebCore::HTMLTokenizer::parseSpecial (this=0xb52ce400, src=@0xb52ced4c, state={static EntityShift = 4, m_bits = 128}) at ../WebCore/html/HTMLTokenizer.cpp:348 #9 0xb77319ae in WebCore::HTMLTokenizer::parseTag (this=0xb52ce400, src=@0xb52ced4c, state={static EntityShift = 4, m_bits = 1}) at ../WebCore/html/HTMLTokenizer.cpp:1541 #10 0xb773234f in WebCore::HTMLTokenizer::write (this=0xb52ce400, str=@0xbff23a60, appendData=false) at ../WebCore/html/HTMLTokenizer.cpp:1718 #11 0xb772c016 in WebCore::HTMLTokenizer::notifyFinished (this=0xb52ce400) at ../WebCore/html/HTMLTokenizer.cpp:2019 #12 0xb775a4dc in WebCore::CachedScript::checkNotify (this=0xae25e8c0) at ../WebCore/loader/CachedScript.cpp:106 #13 0xb77ab19c in WebCore::Loader::Host::didFinishLoading (this=0xae262aa8, loader=0xae25d800) at ../WebCore/loader/loader.cpp:323 #14 0xb7799d70 in WebCore::SubresourceLoader::didFinishLoading ( this=0xae25d800) at ../WebCore/loader/SubresourceLoader.cpp:183 #15 0xb7794e01 in WebCore::ResourceLoader::didFinishLoading (this=0xae25d800) at ../WebCore/loader/ResourceLoader.cpp:416 #16 0xb793f29c in finishedCallback (session=0x822a808, msg=0x8930528, data=0xb00cc868) at ../WebCore/platform/network/soup/ResourceHandleSoup.cpp:352 #17 0xb6c7cdbb in ?? () from /usr/lib/libsoup-2.4.so.1 #18 0xb70513d4 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8a34a30, return_value=0x0, n_param_values=1, param_values=0x8797f30, invocation_hint=0xbff23dbc, marshal_data=0x822a808) at /build/buildd/glib2.0-2.18.2/gobject/gmarshal.c:77 #19 0xb7043c4b in IA__g_closure_invoke (closure=0x8a34a30, return_value=0x0, n_param_values=1, param_values=0x8797f30, invocation_hint=0xbff23dbc) at /build/buildd/glib2.0-2.18.2/gobject/gclosure.c:767 #20 0xb705a5d8 in signal_emit_unlocked_R (node=0x86a1630, detail=0, instance=0x8930528, emission_return=0x0, instance_and_params=0x8797f30) at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:3314 #21 0xb705b7ac in IA__g_signal_emit_valist (instance=0x8930528, signal_id=195, detail=0, var_args=0xbff23f5c "��ȶi�ƶ��ȶ\210?��K8Ƕ(\005\223\b\bQ\"\bp�\225\b�7Ƕ�_\a��>Ƕ�?���\023\005�h7\222\b(\005\223\bؠ�\b�_\a�P\006\233\b\002") at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:2977 #22 0xb705bc26 in IA__g_signal_emit (instance=0x8930528, signal_id=195, detail=0) at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:3034 #23 0xb6c6ea8f in soup_message_finished () from /usr/lib/libsoup-2.4.so.1 #24 0xb6c7384b in ?? () from /usr/lib/libsoup-2.4.so.1 #25 0xb70513d4 in IA__g_cclosure_marshal_VOID__VOID (closure=0x89b0650, return_value=0x0, n_param_values=1, param_values=0x8797b78, invocation_hint=0xbff2410c, marshal_data=0x8930528) at /build/buildd/glib2.0-2.18.2/gobject/gmarshal.c:77 #26 0xb7043c4b in IA__g_closure_invoke (closure=0x89b0650, return_value=0x0, n_param_values=1, param_values=0x8797b78, invocation_hint=0xbff2410c) at /build/buildd/glib2.0-2.18.2/gobject/gclosure.c:767 #27 0xb705a095 in signal_emit_unlocked_R (node=0x86a6dd0, detail=0, instance=0x8923768, emission_return=0x0, instance_and_params=0x8797b78) at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:3244 #28 0xb705b7ac in IA__g_signal_emit_valist (instance=0x8923768, signal_id=206, detail=0, var_args=0xbff242ac "�\037\003��\037\003�\b��\b�B��\035���(\033�\b\001") at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:2977 #29 0xb705bc26 in IA__g_signal_emit (instance=0x8923768, signal_id=206, detail=0) at /build/buildd/glib2.0-2.18.2/gobject/gsignal.c:3034 #30 0xb6c7ebc2 in ?? () from /usr/lib/libsoup-2.4.so.1 #31 0xb6fec71d in g_io_unix_dispatch (source=0x8923768, callback=0xb6c7eb70, user_data=0x8923768) at /build/buildd/glib2.0-2.18.2/glib/giounix.c:162 #32 0xb6fb5718 in IA__g_main_context_dispatch (context=0x81e2618) at /build/buildd/glib2.0-2.18.2/glib/gmain.c:2144 #33 0xb6fb8dc3 in g_main_context_iterate (context=0x81e2618, block=1, dispatch=1, self=0x81e21d8) at /build/buildd/glib2.0-2.18.2/glib/gmain.c:2778 #34 0xb6fb92e2 in IA__g_main_loop_run (loop=0x8924f48) at /build/buildd/glib2.0-2.18.2/glib/gmain.c:2986 #35 0xb719e3a9 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #36 0x08049c21 in main (argc=Cannot access memory at address 0x70 ) at ../WebKitTools/GtkLauncher/main.c:205