Created attachment 50673 [details] backtrace of the described crash Nightly build, version 533.3+, revision 55959. Backtrace included. Description of the affected website: foksuk.nl is a daily updated Dutch webcomic. Just below the comic image there is the week navigation, saying e.g. "Deze week (10)", with hyperlink triangle images pointing to the previous and next week. On the next line is the within-week navigation, enumerating the days "maandag", "dinsdag" and so on, also hyperlinks. This is what i was doing prior to the crash: I loaded foksuk.nl and clicked the leftwards triangle four times, to reach the oldest week available. Next, in each week i first clicked "maandag" (the first day), then viewed the comics of the other days sequentially, then clicked the rightwards triangle to go to the next week. During this procedure, WebKit suddenly crashed. I have viewed at least 10 comics before the crash happened. Unfortunately, i do not remember whether the crash happened directly after a navigation click, or just suddenly while i was viewing a comic; however, if it was after a click, it was within-week navigation. If you try clicking around long enough the crash might reoccur. However, since i'm not sure whether it was caused by a click, it might also just have nothing to do with the website. I have two nondefault plugins installed that might have influence: SafariAdblock and ClickToFlash.
From the crash log, this looks like an issue with Sparkle, which has a somewhat different status than "Safari enhancers" like SafariAdBlock, being included with WebKit nightly launcher (I think).
Being non-reproducible, this is not a P1.
*** Bug 39266 has been marked as a duplicate of this bug. ***
I get this crash every day or two - my usual way to "resolve" this is to manually update to the latest WebKit, which will stop the automatic checks for a day or two. Is there any way to disable automatic checking of updates? The binary images offset places this crash within the version of Sparkle shipped with WebKit, that is: org.andymatuschak.Sparkle 1.5 Beta (git) (830f633) <945EA036-7EC3-D020-C889-29ECB588B891> /Applications/WebKit.app/Contents/Frameworks/10.6/Sparkle.framework/Versions/A/Sparkle Backtraces available upon request - they all look very similar: objc_msgSend() selector name: invalidate Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 libobjc.A.dylib 0x00007fff819ac11c objc_msgSend + 40 1 org.andymatuschak.Sparkle 0x0000000101b96560 0x101b95000 + 5472 2 org.andymatuschak.Sparkle 0x0000000101b964ec 0x101b95000 + 5356 3 com.apple.Foundation 0x00007fff85f7f86e _nsnote_callback + 167 4 com.apple.CoreFoundation 0x00007fff83388aea __CFXNotificationPost + 954 5 com.apple.CoreFoundation 0x00007fff83375098 _CFXNotificationPostNotification + 200 6 com.apple.Foundation 0x00007fff85f767d8 -[NSNotificationCenter postNotificationName:object:userInfo:] + 101 7 org.andymatuschak.Sparkle 0x0000000101ba30f7 load_dsa_key + 29847 8 org.andymatuschak.Sparkle 0x0000000101ba16a9 load_dsa_key + 23113 9 org.andymatuschak.Sparkle 0x0000000101ba29e0 load_dsa_key + 28032 10 org.andymatuschak.Sparkle 0x0000000101ba2eec load_dsa_key + 29324 11 org.andymatuschak.Sparkle 0x0000000101b9fe63 load_dsa_key + 16899 12 org.andymatuschak.Sparkle 0x0000000101b9900c 0x101b95000 + 16396 13 com.apple.Foundation 0x00007fff860d72c2 _NSURLDownloadDidFinish + 113 14 com.apple.CFNetwork 0x00007fff82a04a30 URLDownload::downloadFinished() + 58 15 com.apple.CFNetwork 0x00007fff82a05d66 DownloadConnectionClient::_connectionDidFinishLoadingCallback(_CFURLConnection*, void const*) + 39 16 com.apple.CFNetwork 0x00007fff829c118e URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 174 17 com.apple.CFNetwork 0x00007fff82a26502 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 254 18 com.apple.CFNetwork 0x00007fff82a2676e URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 874 19 com.apple.CFNetwork 0x00007fff829ad8fb URLConnectionClient::processEvents() + 121 20 com.apple.CFNetwork 0x00007fff829ad6d8 MultiplexerSource::perform() + 160 21 com.apple.CoreFoundation 0x00007fff8337df21 __CFRunLoopDoSources0 + 1361 22 com.apple.CoreFoundation 0x00007fff8337c119 __CFRunLoopRun + 873 23 com.apple.CoreFoundation 0x00007fff8337b8df CFRunLoopRunSpecific + 575 24 com.apple.HIToolbox 0x00007fff8027bada RunCurrentEventLoopInMode + 333 25 com.apple.HIToolbox 0x00007fff8027b8df ReceiveNextEventCommon + 310 26 com.apple.HIToolbox 0x00007fff8027b798 BlockUntilNextEventMatchingListInMode + 59 27 com.apple.AppKit 0x00007fff80cdaa4a _DPSNextEvent + 708 28 com.apple.AppKit 0x00007fff80cda399 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155 29 com.apple.Safari 0x000000010000b6cc 0x100000000 + 46796 30 com.apple.AppKit 0x00007fff80ca006f -[NSApplication run] + 395 31 com.apple.AppKit 0x00007fff80c98d8c NSApplicationMain + 364 32 com.apple.Safari 0x00000001000016f4 0x100000000 + 5876
*** Bug 41268 has been marked as a duplicate of this bug. ***
While the binary images offset placed this crash in WebKit's copy of Sparkle, I'm now pretty sure this is a Click2Flash problem - possibly it sometimes invoked its own copy of Sparkle, and sometimes the (different) WebKit copy of Sparkle. Either disabling Sparkle or upgrading to the Click2Flash betas (recent 1.6b series) appears to fix this problem :)
Just a follow-up, a couple of weeks after upgrading to Click2Flash 1.6b - no crashes of this kind in the intervening time. So looks like it was Click2Flash incorrectly using Webkit's sparkle.
*** Bug 51640 has been marked as a duplicate of this bug. ***
invalid due to bug 217729 removing all supporting code for WebKit.app