Created attachment 61319 [details] test case that crashes Specifying 'text-rendering: optimizeLegibility;' on a block-level element (<p>) causes Safari 5 to crash when the block element has margins specified with the 'ex' unit. Like this: p, dt, dd, li {text-rendering: optimizeLegibility;} p {margin: .5ex 0 0;} If 'text-rendering: optimizeLegibility;' is specified on the root element or the parent block, the crash doesn't happen. This has been repro'd on XP and Vista.
Hmm, while attaching the test case (using OS X 10.6.4), QuickLook crashed while trying to preview the testcase (in the file selector dialog). 0 com.apple.WebCore 0x00007fff83397248 WebCore::CSSPrimitiveValue::computeLengthDouble(WebCore::RenderStyle*, WebCore::RenderStyle*, double, bool) + 376 1 com.apple.WebCore 0x00007fff8339707b WebCore::CSSPrimitiveValue::computeLengthIntForLength(WebCore::RenderStyle*, WebCore::RenderStyle*, double) + 11 2 com.apple.WebCore 0x00007fff8331d4ab WebCore::CSSStyleSelector::applyProperty(int, WebCore::CSSValue*) + 34811 3 com.apple.WebCore 0x00007fff8333118b void WebCore::CSSStyleSelector::applyDeclarations<false>(bool, int, int) + 171 4 com.apple.WebCore 0x00007fff83313634 WebCore::CSSStyleSelector::styleForElement(WebCore::Element*, WebCore::RenderStyle*, bool, bool, bool) + 2644 5 com.apple.WebCore 0x00007fff832ff902 WebCore::Node::styleForRenderer() + 82 6 com.apple.WebCore 0x00007fff832ff77f WebCore::Node::createRendererIfNeeded() + 143 7 com.apple.WebCore 0x00007fff832ff600 WebCore::Element::attach() + 32
1. I reported comment 1 as rdar://8183959 2. various people have commented to me that this also crashes Safari 5 on OS X and Chrome5 on Linux. 3. latest webkit builds appear imune to this crash (OS X 10.6.4 & Win 7)
*** This bug has been marked as a duplicate of bug 41585 ***