Created attachment 238367 [details] Test case The crashing test case (if you put more line breaks into it then the crash disappears): <!DOCTYPE html> <font>a<style> * { font:small-caps normal 800% Minion; } </style><source> Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff33729a2 in WebCore::FontGlyphs::primarySimpleFontData (this=0x8343b0, description=...) at ../../Source/WebCore/platform/graphics/FontGlyphs.h:127 127 m_cachedPrimarySimpleFontData = primaryFontData(description)->fontDataForCharacter(' '); #0 0x00007ffff33729a2 in WebCore::FontGlyphs::primarySimpleFontData (this=0x8343b0, description=...) at ../../Source/WebCore/platform/graphics/FontGlyphs.h:127 #1 0x00007ffff3372a5c in WebCore::Font::primaryFont (this=0x99ea88) at ../../Source/WebCore/platform/graphics/Font.h:362 #2 0x00007ffff33729ee in WebCore::Font::fontMetrics (this=0x99ea88) at ../../Source/WebCore/platform/graphics/Font.h:175 #3 0x00007ffff397270f in WebCore::requiresLineBoxForContent (flow=..., lineInfo=...) at ../../Source/WebCore/rendering/line/LineInlineHeaders.h:59 #4 0x00007ffff3b4cabd in WebCore::BreakingContext::handleEmptyInline (this=0x7fffffffa910) at ../../Source/WebCore/rendering/line/BreakingContextInlineHeaders.h:386 #5 0x00007ffff3b4a9f0 in WebCore::LineBreaker::nextSegmentBreak (this=0x7fffffffac70, resolver=..., lineInfo=..., renderTextInfo=..., lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0x0, wordMeasurements=...) at ../../Source/WebCore/rendering/line/LineBreaker.cpp:111 #6 0x00007ffff3b4a6ff in WebCore::LineBreaker::nextLineBreak (this=0x7fffffffac70, resolver=..., lineInfo=..., renderTextInfo=..., lastFloatFromPreviousLine=0x0, consecutiveHyphenatedLines=0x0, wordMeasurements=...) at ../../Source/WebCore/rendering/line/LineBreaker.cpp:82 #7 0x00007ffff396b130 in WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange (this=0xaa6ae0, layoutState=..., resolver=..., cleanLineStart=..., cleanLineBidiStatus=..., consecutiveHyphenatedLines=0x0) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1087 #8 0x00007ffff396aca3 in WebCore::RenderBlockFlow::layoutRunsAndFloats (this=0xaa6ae0, layoutState=..., hasInlineChild=0x1) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1031 #9 0x00007ffff396d520 in WebCore::RenderBlockFlow::layoutLineBoxes (this=0xaa6ae0, relayoutChildren=0x1, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockLineLayout.cpp:1448 #10 0x00007ffff394e2d4 in WebCore::RenderBlockFlow::layoutInlineChildren (this=0xaa6ae0, relayoutChildren=0x1, repaintLogicalTop=..., repaintLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:653 #11 0x00007ffff394d5ca in WebCore::RenderBlockFlow::layoutBlock (this=0xaa6ae0, relayoutChildren=0x1, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:484 #12 0x00007ffff392285f in WebCore::RenderBlock::layout (this=0xaa6ae0) at ../../Source/WebCore/rendering/RenderBlock.cpp:1019 #13 0x00007ffff394e6b0 in WebCore::RenderBlockFlow::layoutBlockChild (this=0xaa6380, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:712 #14 0x00007ffff394e1d1 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0xaa6380, relayoutChildren=0x1, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:633 #15 0x00007ffff394d5ee in WebCore::RenderBlockFlow::layoutBlock (this=0xaa6380, relayoutChildren=0x1, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:486 #16 0x00007ffff392285f in WebCore::RenderBlock::layout (this=0xaa6380) at ../../Source/WebCore/rendering/RenderBlock.cpp:1019 #17 0x00007ffff394e6b0 in WebCore::RenderBlockFlow::layoutBlockChild (this=0x8a7d20, child=..., marginInfo=..., previousFloatLogicalBottom=..., maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:712 #18 0x00007ffff394e1d1 in WebCore::RenderBlockFlow::layoutBlockChildren (this=0x8a7d20, relayoutChildren=0x1, maxFloatLogicalBottom=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:633 #19 0x00007ffff394d5ee in WebCore::RenderBlockFlow::layoutBlock (this=0x8a7d20, relayoutChildren=0x1, pageLogicalHeight=...) at ../../Source/WebCore/rendering/RenderBlockFlow.cpp:486 #20 0x00007ffff392285f in WebCore::RenderBlock::layout (this=0x8a7d20) at ../../Source/WebCore/rendering/RenderBlock.cpp:1019 #21 0x00007ffff3b1aaa9 in WebCore::RenderView::layoutContent (this=0x8a7d20, state=...) at ../../Source/WebCore/rendering/RenderView.cpp:230 #22 0x00007ffff3b1b179 in WebCore::RenderView::layout (this=0x8a7d20) at ../../Source/WebCore/rendering/RenderView.cpp:355 #23 0x00007ffff369240f in WebCore::FrameView::layout (this=0xa390f0, allowSubtree=0x1) at ../../Source/WebCore/page/FrameView.cpp:1301 #24 0x00007ffff30613d5 in WebCore::Document::implicitClose (this=0xabf430) at ../../Source/WebCore/dom/Document.cpp:2441 #25 0x00007ffff3540b63 in WebCore::FrameLoader::checkCallImplicitClose (this=0xa83bc8) at ../../Source/WebCore/loader/FrameLoader.cpp:898 #26 0x00007ffff35408cb in WebCore::FrameLoader::checkCompleted (this=0xa83bc8) at ../../Source/WebCore/loader/FrameLoader.cpp:844 #27 0x00007ffff3540634 in WebCore::FrameLoader::finishedParsing (this=0xa83bc8) at ../../Source/WebCore/loader/FrameLoader.cpp:764 #28 0x00007ffff3069e57 in WebCore::Document::finishedParsing (this=0xabf430) at ../../Source/WebCore/dom/Document.cpp:4524 #29 0x00007ffff33bd667 in WebCore::HTMLConstructionSite::finishedParsing (this=0x85a618) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #30 0x00007ffff33fb1dd in WebCore::HTMLTreeBuilder::finished (this=0x85a600) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997 #31 0x00007ffff33c60d0 in WebCore::HTMLDocumentParser::end (this=0x85a760) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:439 #32 0x00007ffff33c61bb in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x85a760) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:450 #33 0x00007ffff33c4c69 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x85a760) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #34 0x00007ffff33c61fe in WebCore::HTMLDocumentParser::attemptToEnd (this=0x85a760) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #35 0x00007ffff33c62b5 in WebCore::HTMLDocumentParser::finish (this=0x85a760) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:490 #36 0x00007ffff35322d1 in WebCore::DocumentWriter::end (this=0xabac90) at ../../Source/WebCore/loader/DocumentWriter.cpp:246 #37 0x00007ffff351d9ad in WebCore::DocumentLoader::finishedLoading (this=0xababf0, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441 #38 0x00007ffff351d716 in WebCore::DocumentLoader::notifyFinished (this=0xababf0, resource=0x882ab0) at ../../Source/WebCore/loader/DocumentLoader.cpp:375 #39 0x00007ffff35d47c4 in WebCore::CachedResource::checkNotify (this=0x882ab0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:347 #40 0x00007ffff35d48ce in WebCore::CachedResource::finishLoading (this=0x882ab0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:363 #41 0x00007ffff35d11f4 in WebCore::CachedRawResource::finishLoading (this=0x882ab0, data=0xa840c0) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:101 #42 0x00007ffff3580a50 in WebCore::SubresourceLoader::didFinishLoading (this=0x883020, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.c