Created attachment 449916 [details] the html trigger crash 1. build a debug webkit 2. open html 3. crash ASSERTION FAILED: initialLogicalWidth >= 0 ../../Source/WebCore/layout/formattingContexts/inline/InlineLineBoxBuilder.cpp(304) : WebCore::Layout::InlineLayoutUnit WebCore::Layout::LineBoxBuilder::constructAndAlignInlineLevelBoxes(WebCore::Layout::LineBox&, const RunList&) 1 0x7fb3ead29964 WTFReportBacktrace 2 0x7fb3ead29c01 WTFCrash 3 0x7fb404820ba1 WTF::CrashOnOverflow::overflowed() 4 0x7fb4102565eb WebCore::Layout::LineBoxBuilder::constructAndAlignInlineLevelBoxes(WebCore::Layout::LineBox&, WTF::Vector<WebCore::Layout::Line::Run, 10ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) 5 0x7fb4102534af WebCore::Layout::LineBoxBuilder::build(WebCore::Layout::LineBuilder::LineContent const&) 6 0x7fb410234265 WebCore::Layout::InlineFormattingContext::computeGeometryForLineContent(WebCore::Layout::LineBuilder::LineContent const&) 7 0x7fb41022cae7 WebCore::Layout::InlineFormattingContext::lineLayout(WTF::Vector<WebCore::Layout::InlineItem, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::Layout::LineBuilder::InlineItemRange, WebCore::Layout::ConstraintsForInFlowContent const&) 8 0x7fb41022b622 WebCore::Layout::InlineFormattingContext::lineLayoutForIntergration(WebCore::Layout::ConstraintsForInFlowContent const&) 9 0x7fb40cae89f0 WebCore::LayoutIntegration::LineLayout::layout() 10 0x7fb40e05bfd9 WebCore::RenderBlockFlow::layoutModernLines(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 11 0x7fb40e032f58 WebCore::RenderBlockFlow::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 12 0x7fb40e030f80 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 13 0x7fb40df5a8ab WebCore::RenderBlock::layout() 14 0x7fb40e3af7be WebCore::RenderListItem::layout() 15 0x7fb40e033a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 16 0x7fb40e032c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 17 0x7fb40e030fa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 18 0x7fb40df5a8ab WebCore::RenderBlock::layout() 19 0x7fb40e033a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 20 0x7fb40e032c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 21 0x7fb40e030fa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 22 0x7fb40df5a8ab WebCore::RenderBlock::layout() 23 0x7fb40e033a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 24 0x7fb40e032c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 25 0x7fb40e030fa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 26 0x7fb40df5a8ab WebCore::RenderBlock::layout() 27 0x7fb40e033a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) 28 0x7fb40e032c96 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&) 29 0x7fb40e030fa4 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) 30 0x7fb40df5a8ab WebCore::RenderBlock::layout() 31 0x7fb40e033a40 WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&, WebCore::RenderBlockFlow::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ** (MiniBrowser:917450): WARNING **: 15:34:09.707: WebProcess CRASHED