The return value of LineBoxBuilder::lineContent looks probably incorrect: const LineBuilder::LineContent lineContent() const { return m_lineContent; } If it was intended to return a copy, then it would surely return a non-const LineBuilder::LineContent, so I think this should probably be changed to: const LineBuilder::LineContent& lineContent() const { return m_lineContent; } But I have not checked to see if this change would be safe. I noticed due to this false-positive GCC 13 warning: In file included from /home/mcatanzaro/Projects/WebKit/WebKitBuild/gtk4/WebCore/DerivedSources/unified-sources/UnifiedSource-207b877e-5.cpp:2: /home/mcatanzaro/Projects/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineLineBoxBuilder.cpp: In member function ‘void WebCore::Layout::LineBoxBuilder::adjustOutsideListMarkersPosition(WebCore::Layout::LineBox&)’: /home/mcatanzaro/Projects/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:714:15: error: possibly dangling reference to a temporary [-Werror=dangling-reference] 714 | auto& listMarkerRun = lineContent().runs[listMarkerBoxIndex]; | ^~~~~~~~~~~~~ /home/mcatanzaro/Projects/WebKit/Source/WebCore/layout/formattingContexts/inline/InlineLineBoxBuilder.cpp:714:68: note: the temporary was destroyed at the end of the full expression ‘(& WebCore::Layout::LineBoxBuilder::lineContent() const().WebCore::Layout::LineBuilder::LineContent::runs)->WTF::Vector<WebCore::Layout::Line::Run, 10>::operator[](listMarkerBoxIndex)’ 714 | auto& listMarkerRun = lineContent().runs[listMarkerBoxIndex]; | ^ It looks bad, but I don't think it's a real problem because although lineContent() is itself invalid after this statement, lineContent().runs[listMarkerBoxIndex] should still be valid.