Stack Trace ========= frame #0: WebCore`WebCore::InlineBox::renderer() const+0 frame #1: WebCore`WebCore::RenderDeprecatedFlexibleBox::applyLineClamp(WebCore::FlexBoxIterator&, bool)+0 frame #2: WebCore`WebCore::RenderDeprecatedFlexibleBox::layoutVerticalBox(bool)+0 frame #3: WebCore`WebCore::RenderDeprecatedFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit)+0 frame #4: WebCore`WebCore::RenderBlock::layout()+0 frame #5: WebCore`WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)+0 frame #6: WebCore`WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)+0 frame #7: WebCore`WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit)+0 frame #8: WebCore`WebCore::RenderBlock::layout()+0 frame #9: WebCore`WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&)+0 frame #10: WebCore`WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&)+0
<rdar://problem/70988379>
Created attachment 413035 [details] Crashing input
<rdar://problem/66166850>
Created attachment 413267 [details] Reduced crashing input
(In reply to Ian Gilbert from comment #4) > Created attachment 413267 [details] > Reduced crashing input Nice!
Created attachment 413409 [details] Patch
Committed r269537: <https://trac.webkit.org/changeset/269537> All reviewed patches have been landed. Closing bug and clearing flags on attachment 413409 [details].
Are there any security implications here? If not, we should move it to non-security component and add a test.
I don' think there is any.
Can we add a test?
Created attachment 413523 [details] Patch
Comment on attachment 413523 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=413523&action=review > LayoutTests/fast/overflow/line-clamp-crash.html:6 > + if (window.testRunner) Remove the indentation here?
Created attachment 413541 [details] Patch
Committed r269567: <https://trac.webkit.org/changeset/269567> All reviewed patches have been landed. Closing bug and clearing flags on attachment 413541 [details].
*** Bug 218497 has been marked as a duplicate of this bug. ***