Comment 2 for bug 1068495

I commented on the MP, but I'll copy that here too:

"I'm not sure this is going to fix it. From looking at the crash reports, the issue just looks like a classic use-after-free rather than an issue with gobject type casts. In unity_webapps_available_application_get_application_domain, it's most likely the dereferencing of |app| which triggers it ( ((UnityWebappsAvailableApplicationClass *)(((GTypeInstance *)app)->g_class))->get_application_domain(app) )"

In fact, it looks like the bug is here:

http://bazaar.launchpad.net/~webapps/libunity-webapps/trunk/view/head:/src/libunity-webapps-repository/unity-webapps-application-repository.c#L347

      unity_webapps_local_url_index_load_applications (index);
      app = unity_webapps_local_url_index_get_application_by_name (index, name);
      g_hash_table_replace (data->repository->priv->applications_by_name, g_strdup (name), app); <---
    }

... |app| is stored without a reference, so next time a webapp is installed, this app is destroyed when it is replaced here:

http://bazaar.launchpad.net/~webapps/libunity-webapps/trunk/view/head:/src/libunity-webapps-repository/unity-webapps-application-collector.c#L217

  app_name = unity_webapps_application_manifest_get_package_name (manifest);
  app = (UnityWebappsLocalAvailableApplication *) unity_webapps_local_available_application_new (manifest);
  g_hash_table_replace (collector->priv->found_applications, g_strdup (app_name),
   g_object_ref (app));

 out:
  if (manifest != NULL)
    {
      g_object_unref (G_OBJECT (manifest));
    }
  if (app != NULL)
    {
      g_object_unref (G_OBJECT (app));
    }
  return ret;