can you try to reproduce with the latest tarball, please?

Is there a more recent version than 2.13.3 that hasn't hit ftp.gnome.org yet? I had the same file as on the ftp site, but just to be sure I deleted the tarball I had and redownloaded/rebuilt 2.13.3 with the same result as noted above.

Created attachment 57675 [details]
Backtrace after redownload/rebuild

This is very weird.  What CFLAGS are you compiling with?  I don't see how the priv structure would be NULL here.  The priv structure is allocated at the same time as the pager

+ Trace 65464

Could be a 64bit issue too....

CFLAGS="-march=athlon64 -O2 -pipe"

Nothing strange in the CFLAGS and everything in my system is built with this. 
Still, here are the results with various CFLAGS:

-march=athlon64 OK
-march=athlon64 -pipe OK
-march=athlon64 -O2 Crash
-march=athlon64 -O1 Crash

So any -O flags kills yelp. Should yelp strip out -Ox flags in the configure stage?

I noticed that when top_process_pending is added to idle (using deprecated funcs, btw :P), the timeout ID is NOT saved, and NOT removed when the object is disposed/finalised...

Oh and EEK!

static void
toc_pager_dispose (GObject *object)
{
    YelpTocPager *pager = YELP_TOC_PAGER (object);

    g_free (pager->priv);

That's likely the cause, priv is gobject private data and must not be freed (it'll be freed automatically on finalize)

The same problem exists in gtkentryaction.c.

Hi,

I know this is probably irrelevant, but can you try rebuilding scrollkeeper with the patch from:
https://launchpad.net/products/scrollkeeper/+bug/29886

(It seems to other, unrelated badness, but since scrollkeeper is used in both bits of the code...)

I built scrollkeeper with the patch and rebuilt yelp -- no difference, it still crashes.

Created attachment 58264 [details] [review]
possible fix

Created attachment 58283 [details] [review]
updated patch to latest cvs

Created attachment 58286 [details] [review]
another update

Created attachment 58302 [details]
Patched CVS Yelp Crash

I just got in, so I only tried the most recent patch on CVS. It looks like the same crash, but I've attached the backtrace so you can check it out.

2.13.4 still has this problem.

I can confirm that this is fixed in 2.13.5.

With 2.13.6, it crashes again. I don't know if this is the same crash:

Backtrace was generated from '/usr/bin/yelp'

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 46912603268992 (LWP 14877)]
[New Thread 1124096352 (LWP 14889)]
[New Thread 1115703648 (LWP 14888)]
[New Thread 1107310944 (LWP 14887)]
[New Thread 1098918240 (LWP 14886)]
[New Thread 1090525536 (LWP 14882)]
[New Thread 1082132832 (LWP 14881)]
0x00002aaab00d0eba in waitpid () from /lib/tls/libpthread.so.0

+ Trace 66757

2.14.0 still has this problem.

The latest stack trace seems to be a duplicate of bug 334408

I don't think this is the same stack trace as bug 334408.

However, it's great to finally get a complete stack trace for a yelp/mozilla bug.  Looking at stack frame #7 of thread 1, a serious problem is evident - ao is 0x2, which means a bad value was returned from atk_object_get_parent (and thus, the ATK implementation inside gecko/mozilla).  This isn't atk's fault, and unless this is a knock-on effect of another bug, this fault probably lies with mozilla.

With 2.15.2, this problem is gone. Whether this is a workaround from Gnome devs or a gecko fix, I don't know.

Closing.  Please Re-Open if you find that this problem still exists.

never noticed this before, but this seems to be the timeout_update_gok() issue