<html>
    <head>
      <base href="https://bugs.webkit.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Hanging-punctuation: last crashes"
   href="https://bugs.webkit.org/show_bug.cgi?id=155899">155899</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Hanging-punctuation: last crashes
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>WebKit
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>WebKit Nightly Build
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Unspecified
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>Normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P2
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Layout and Rendering
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>webkit-unassigned&#64;lists.webkit.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>jonlee&#64;apple.com
          </td>
        </tr>

        <tr>
          <th>CC</th>
          <td>simon.fraser&#64;apple.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Create a user stylesheet and make it the user stylesheet in the latest WebKit nightly.  The stylesheet has one rule:

* {
    hanging-punctuation: last;
}


Open nytimes.com. It crashes on load.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                 0x00007fff8d94178b WebCore::RenderText::hangablePunctuationEndWidth(unsigned int) const + 59
1   com.apple.WebCore                 0x00007fff8d845c1b WebCore::RenderBlockFlow::computeInlinePreferredLogicalWidths(WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) const + 6923
2   com.apple.WebCore                 0x00007fff8d843f6a WebCore::RenderBlockFlow::computeIntrinsicLogicalWidths(WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) const + 58
3   com.apple.WebCore                 0x00007fff8cc9eeb5 WebCore::RenderBlock::computePreferredLogicalWidths() + 309
4   com.apple.WebCore                 0x00007fff8cc9d4ab WebCore::RenderBox::maxPreferredLogicalWidth() const + 27
5   com.apple.WebCore                 0x00007fff8d88f43c WebCore::RenderFlexibleBox::preferredMainAxisContentExtentForChild(WebCore::RenderBox&amp;, bool) + 380
6   com.apple.WebCore                 0x00007fff8d88f5c2 WebCore::RenderFlexibleBox::computeNextFlexLine(WTF::Vector&lt;WebCore::RenderBox*, 0ul, WTF::CrashOnOverflow, 16ul&gt;&amp;, WebCore::LayoutUnit&amp;, double&amp;, double&amp;, WebCore::LayoutUnit&amp;, bool&amp;) + 306
7   com.apple.WebCore                 0x00007fff8d88dcc9 WebCore::RenderFlexibleBox::layoutFlexItems(bool, WTF::Vector&lt;WebCore::RenderFlexibleBox::LineContext, 0ul, WTF::CrashOnOverflow, 16ul&gt;&amp;) + 409
8   com.apple.WebCore                 0x00007fff8cd07d42 WebCore::RenderFlexibleBox::layoutBlock(bool, WebCore::LayoutUnit) + 674
9   com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
10  com.apple.WebCore                 0x00007fff8d85a9b3 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 3123
11  com.apple.WebCore                 0x00007fff8d84651d WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 941
12  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
13  com.apple.WebCore                 0x00007fff8d84836a WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&amp;, WebCore::RenderBlockFlow::MarginInfo&amp;, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 826
14  com.apple.WebCore                 0x00007fff8d8472bc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 508
15  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
16  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
17  com.apple.WebCore                 0x00007fff8d84836a WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&amp;, WebCore::RenderBlockFlow::MarginInfo&amp;, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 826
18  com.apple.WebCore                 0x00007fff8d8472bc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 508
19  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
20  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
21  com.apple.WebCore                 0x00007fff8d84836a WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&amp;, WebCore::RenderBlockFlow::MarginInfo&amp;, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 826
22  com.apple.WebCore                 0x00007fff8d8472bc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 508
23  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
24  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
25  com.apple.WebCore                 0x00007fff8d847f1a WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&amp;) + 346
26  com.apple.WebCore                 0x00007fff8d8472c9 WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 521
27  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
28  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
29  com.apple.WebCore                 0x00007fff8d84836a WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&amp;, WebCore::RenderBlockFlow::MarginInfo&amp;, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 826
30  com.apple.WebCore                 0x00007fff8d8472bc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 508
31  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
32  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
33  com.apple.WebCore                 0x00007fff8d84836a WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&amp;, WebCore::RenderBlockFlow::MarginInfo&amp;, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 826
34  com.apple.WebCore                 0x00007fff8d8472bc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 508
35  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
36  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
37  com.apple.WebCore                 0x00007fff8d84836a WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&amp;, WebCore::RenderBlockFlow::MarginInfo&amp;, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 826
38  com.apple.WebCore                 0x00007fff8d8472bc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 508
39  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
40  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
41  com.apple.WebCore                 0x00007fff8d84836a WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&amp;, WebCore::RenderBlockFlow::MarginInfo&amp;, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 826
42  com.apple.WebCore                 0x00007fff8d8472bc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 508
43  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
44  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
45  com.apple.WebCore                 0x00007fff8d84836a WebCore::RenderBlockFlow::layoutBlockChild(WebCore::RenderBox&amp;, WebCore::RenderBlockFlow::MarginInfo&amp;, WebCore::LayoutUnit&amp;, WebCore::LayoutUnit&amp;) + 826
46  com.apple.WebCore                 0x00007fff8d8472bc WebCore::RenderBlockFlow::layoutBlockChildren(bool, WebCore::LayoutUnit&amp;) + 508
47  com.apple.WebCore                 0x00007fff8d846505 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 917
48  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
49  com.apple.WebCore                 0x00007fff8d838940 WebCore::RenderBlock::layoutPositionedObject(WebCore::RenderBox&amp;, bool, bool) + 400
50  com.apple.WebCore                 0x00007fff8cbe3396 WebCore::RenderBlock::layoutPositionedObjects(bool, bool) + 102
51  com.apple.WebCore                 0x00007fff8d84693d WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 1997
52  com.apple.WebCore                 0x00007fff8cbdf7b6 WebCore::RenderBlock::layout() + 54
53  com.apple.WebCore                 0x00007fff8cbdf621 WebCore::RenderView::layout() + 769
54  com.apple.WebCore                 0x00007fff8cbdccb8 WebCore::FrameView::layout(bool) + 2776
55  com.apple.WebCore                 0x00007fff8d0435f2 WebCore::Document::updateLayoutIfDimensionsOutOfDate(WebCore::Element&amp;, WebCore::DimensionsCheck) + 1058
56  com.apple.WebCore                 0x00007fff8cca5833 WebCore::Element::offsetWidth() + 35
57  com.apple.WebCore                 0x00007fff8d46fa00 WebCore::jsElementOffsetWidth(JSC::ExecState*, long long, JSC::PropertyName) + 48
58  com.apple.JavaScriptCore          0x00007fff8836769f llint_slow_path_get_by_id + 3583
59  com.apple.JavaScriptCore          0x00007fff889c31ec llint_entry + 10814
60  com.apple.JavaScriptCore          0x00007fff889c632d llint_entry + 23423
61  com.apple.JavaScriptCore          0x00007fff889c05cb vmEntryToJavaScript + 299
62  com.apple.JavaScriptCore          0x00007fff888a4fbe JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 158
63  com.apple.JavaScriptCore          0x00007fff881e3934 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 16196
64  com.apple.JavaScriptCore          0x00007fff885659d5 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&amp;, JSC::JSValue, WTF::NakedPtr&lt;JSC::Exception&gt;&amp;) + 469
65  com.apple.WebCore                 0x00007fff8d99f92e WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&amp;, WebCore::DOMWrapperWorld&amp;, WebCore::ExceptionDetails*) + 318
66  com.apple.WebCore                 0x00007fff8d99fb80 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&amp;, WebCore::ExceptionDetails*) + 48
67  com.apple.WebCore                 0x00007fff8cc21a3c WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&amp;) + 556
68  com.apple.WebCore                 0x00007fff8cc20afa WebCore::ScriptElement::prepareScript(WTF::TextPosition const&amp;, WebCore::ScriptElement::LegacyTypeSupport) + 1066
69  com.apple.WebCore                 0x00007fff8cc1fd02 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&amp;) + 338
70  com.apple.WebCore                 0x00007fff8cc1fb40 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr&lt;WebCore::Element&gt;, WTF::TextPosition const&amp;) + 48
71  com.apple.WebCore                 0x00007fff8cc1f9ac WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 316
72  com.apple.WebCore                 0x00007fff8d2392fd WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&amp;) + 669
73  com.apple.WebCore                 0x00007fff8cbb48e3 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 115
74  com.apple.WebCore                 0x00007fff8d239630 WebCore::HTMLDocumentParser::append(WTF::RefPtr&lt;WTF::StringImpl&gt;&amp;&amp;) + 480
75  com.apple.WebCore                 0x00007fff8d01efe5 WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&amp;, char const*, unsigned long) + 117
76  com.apple.WebCore                 0x00007fff8cba8945 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 1045
77  com.apple.WebKit                  0x00007fff8dfb9f9a WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 50
78  com.apple.WebCore                 0x00007fff8cc1a221 WebCore::DocumentLoader::commitLoad(char const*, int) + 145
79  com.apple.WebCore                 0x00007fff8cc19ced WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) + 173
80  com.apple.WebCore                 0x00007fff8ceea151 WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&amp;) + 145
81  com.apple.WebCore                 0x00007fff8cc1977a WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtr&lt;WebCore::SharedBuffer&gt;, long long, WebCore::DataPayloadType) + 218
82  com.apple.WebCore                 0x00007fff8cc3861c WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr&lt;WebCore::SharedBuffer&gt;, long long, WebCore::DataPayloadType) + 44
83  com.apple.WebKit                  0x00007fff8dfbf48e WebKit::WebResourceLoader::didReceiveResource(WebKit::ShareableResource::Handle const&amp;, double) + 172
84  com.apple.WebKit                  0x00007fff8e1d32a5 void IPC::handleMessage&lt;Messages::WebResourceLoader::DidReceiveResource, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&amp;, double)&gt;(IPC::MessageDecoder&amp;, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebKit::ShareableResource::Handle const&amp;, double)) + 97
85  com.apple.WebKit                  0x00007fff8e03524b IPC::Connection::dispatchMessage(std::__1::unique_ptr&lt;IPC::MessageDecoder, std::__1::default_delete&lt;IPC::MessageDecoder&gt; &gt;) + 127
86  com.apple.WebKit                  0x00007fff8e0380c0 IPC::Connection::dispatchOneMessage() + 126
87  com.apple.JavaScriptCore          0x00007fff88b748a5 WTF::RunLoop::performWork() + 437
88  com.apple.JavaScriptCore          0x00007fff88b74c52 WTF::RunLoop::performWork(void*) + 34
89  com.apple.CoreFoundation          0x00007fff85eceb41 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
90  com.apple.CoreFoundation          0x00007fff85eaf68d __CFRunLoopDoSources0 + 557
91  com.apple.CoreFoundation          0x00007fff85eaebef __CFRunLoopRun + 927
92  com.apple.CoreFoundation          0x00007fff85eae5e8 CFRunLoopRunSpecific + 296
93  com.apple.HIToolbox               0x00007fff85482bf2 RunCurrentEventLoopInMode + 240
94  com.apple.HIToolbox               0x00007fff85482a26 ReceiveNextEventCommon + 432
95  com.apple.HIToolbox               0x00007fff8548285b _BlockUntilNextEventMatchingListInModeWithFilter + 71
96  com.apple.AppKit                  0x00007fff83a7635e _DPSNextEvent + 1055
97  com.apple.AppKit                  0x00007fff841a0834 -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 766
98  com.apple.AppKit                  0x00007fff83a6ad6f -[NSApplication run] + 926
99  com.apple.AppKit                  0x00007fff83a36bb9 NSApplicationMain + 1179
100 libxpc.dylib                      0x000000010cf3d9c3 _xpc_objc_main + 795
101 libxpc.dylib                      0x000000010cf3c3a6 xpc_main + 494
102 com.apple.WebKit.WebContent       0x000000010cf0180f 0x10cf00000 + 6159
103 libdyld.dylib                     0x00007fff99f6d499 start + 1</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>