QtWebkit based browser crash when a wikipedia page contains an audio tag

On Linux, QtWebKit uses GStreamer for media playback. Any browser using QtWebkit crashes with a high probability whenever an <audio> tag is present on a web page. As music artists' pages on Wikipedia often contain audio snippets in Vorbis format, it crashed a lot when Amarok's Wikipedia applet rendered a page.

The same crash is reproducible using Rekonq, a QtWebkit-based browser for KDE.

The following bug report for Amarok details the issue: https://bugs.kde.org/show_bug.cgi?id=319371

The Backtrace obtained by the crash shows the following relevant lines:

Thread 1 (Thread 0x7f8015a3b7c0 (LWP 8397)):
[KCrash Handler]
#6 malloc_consolidate (av=av@entry=0x7f7f50000020) at malloc.c:4067
#7 0x00007f80122b5898 in _int_free (av=0x7f7f50000020, p=0x7f7f50022110, have_lock=0) at malloc.c:3973
#8 0x00007f80042b425a in gst_buffer_finalize (buffer=0x7f7ff001eee0) at gstbuffer.c:207
#9 0x00007f80042d76d9 in gst_mini_object_free (mini_object=0x7f7ff001eee0) at gstminiobject.c:376
#10 gst_mini_object_unref (mini_object=0x7f7ff001eee0) at gstminiobject.c:411
#11 0x00007f800c4664b3 in g_value_unset (value=0x7f7f5001a9d0) at /build/buildd/glib2.0-2.36.0/./gobject/gvalue.c:274
#12 0x00007f8004313e68 in gst_value_free_list_or_array (value=<optimized out>) at gstvalue.c:253
#13 0x00007f800c4664b3 in g_value_unset (value=value@entry=0x7f7f5001aa78) at /build/buildd/glib2.0-2.36.0/./gobject/gvalue.c:274
#14 0x00007f80042f9a7c in gst_structure_free (structure=0x7f7f08027590) at gststructure.c:340
#15 0x00007f80042b8945 in _gst_caps_free (caps=0x7f7f5003ce80) at gstcaps.c:337
#16 gst_caps_unref (caps=0x7f7f5003ce80) at gstcaps.c:439
#17 0x00007f7eff5d8166 in ?? () from /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstogg.so
#18 0x00007f800c4474a4 in g_object_unref (_object=0x7f7f5003a990) at /build/buildd/glib2.0-2.36.0/./gobject/gobject.c:2987
#19 0x00007f800c4664b3 in g_value_unset (value=value@entry=0x7f7f5000c6b8) at /build/buildd/glib2.0-2.36.0/./gobject/gvalue.c:274
#20 0x00007f80042f9a7c in gst_structure_free (structure=0x7f7f10003f00) at gststructure.c:340
#21 0x00007f80042d76d9 in gst_mini_object_free (mini_object=0x6447680) at gstminiobject.c:376
#22 gst_mini_object_unref (mini_object=0x6447680) at gstminiobject.c:411
#23 0x00007f80042b7a70 in gst_message_unref (msg=<optimized out>) at ../gst/gstmessage.h:347
#24 gst_bus_set_flushing (bus=bus@entry=0x7f7f00004560, flushing=flushing@entry=1) at gstbus.c:449
#25 0x00007f80042e490d in gst_pipeline_change_state (element=0x6253970, transition=<optimized out>) at gstpipeline.c:518
#26 0x00007f7fe1c3e58b in ?? () from /usr/lib/x86_64-linux-gnu/gstreamer-0.10/libgstplaybin.so
#27 0x00007f80042c5d2c in gst_element_change_state (element=element@entry=0x6253970, transition=<optimized out>) at gstelement.c:2761
#28 0x00007f80042c61d3 in gst_element_continue_state (element=element@entry=0x6253970, ret=ret@entry=GST_STATE_CHANGE_SUCCESS) at gstelement.c:2444
#29 0x00007f80042c5daf in gst_element_change_state (element=element@entry=0x6253970, transition=transition@entry=GST_STATE_CHANGE_PAUSED_TO_READY) at gstelement.c:2798
#30 0x00007f80042c6678 in gst_element_set_state_func (element=0x6253970, state=GST_STATE_NULL) at gstelement.c:2717
#31 0x00007f8008ed5374 in WebCore::MediaPlayerPrivateGStreamer::durationChanged() () from /usr/lib/x86_64-linux-gnu/libQtWebKit.so.4
#32 0x00007f8008ed75f4 in WebCore::MediaPlayerPrivateGStreamer::handleMessage(_GstMessage*) () from /usr/lib/x86_64-linux-gnu/libQtWebKit.so.4
#33 0x00007f800c442620 in g_closure_invoke (closure=0x564a5a0, return_value=0x0, n_param_values=2, param_values=0x7fffa91147f0, invocation_hint=0x7fffa9114790) at /build/buildd/glib2.0-2.36.0/./gobject/gclosure.c:777
#34 0x00007f800c453f00 in signal_emit_unlocked_R (node=node@entry=0xe4c800, detail=detail@entry=1478, instance=instance@entry=0x7f7f00004560, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fffa91147f0) at /build/buildd/glib2.0-2.36.0/./gobject/gsignal.c:3584
#35 0x00007f800c45bd11 in g_signal_emit_valist (instance=0x7f7f00004560, signal_id=<optimized out>, detail=1478, var_args=var_args@entry=0x7fffa9114a48) at /build/buildd/glib2.0-2.36.0/./gobject/gsignal.c:3328
#36 0x00007f800c45bf92 in g_signal_emit (instance=instance@entry=0x7f7f00004560, signal_id=<optimized out>, detail=<optimized out>) at /build/buildd/glib2.0-2.36.0/./gobject/gsignal.c:3384
#37 0x00007f80042b6b92 in gst_bus_async_signal_func (bus=0x7f7f00004560, message=0x7f7f00002510, data=<optimized out>) at gstbus.c:1118
#38 0x00007f80042b7927 in gst_bus_source_dispatch (source=source@entry=0x62868f0, callback=0x7f80042b6b10 <gst_bus_async_signal_func>, user_data=0x0) at gstbus.c:764
#39 0x00007f800cdbcf05 in g_main_dispatch (context=0xd182a0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054
#40 g_main_context_dispatch (context=context@entry=0xd182a0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630
#41 0x00007f800cdbd248 in g_main_context_iterate (context=context@entry=0xd182a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701
#42 0x00007f800cdbd304 in g_main_context_iteration (context=0xd182a0, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#43 0x00007f8012cbd016 in QEventDispatcherGlib::processEvents (this=0xb9fad0, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#44 0x00007f801371d1ae in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#45 0x00007f8012c8d38f in QEventLoop::processEvents (this=this@entry=0x7fffa9114da0, flags=...) at kernel/qeventloop.cpp:149
#46 0x00007f8012c8d618 in QEventLoop::exec (this=this@entry=0x7fffa9114da0, flags=...) at kernel/qeventloop.cpp:204
#47 0x00007f8012c92cf6 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1218
#48 0x00007f8013675ffc in QApplication::exec () at kernel/qapplication.cpp:3828
#49 0x00000000004090ca in main (argc=1, argv=0x7fffa91172e8) at ../../src/main.cpp:329