Crash in updateFirstLetter() from unnecessary anonymous block
https://bugs.webkit.org/show_bug.cgi?id=72675
Patch by Ken Buchanan <kenrb@chromium.org> on 2012-01-27
Reviewed by David Hyatt.
Source/WebCore:
There was a problem with anonymous blocks not getting removed when
their only block flow siblings are removed if they also have non-block
flow first-letter siblings (i.e. floats). This patch modifies
RenderBlock::removeChild() to look for this situation and strip out
unnecessary anonymous container blocks if it occurs.
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeChild):
(WebCore::RenderBlock::collapseAnonymousBoxChild): Added
* rendering/RenderBlock.h:
(WebCore::RenderBlock::collapseAnonymousBoxChild): Added
LayoutTests:
Adding tests that cause a div to be removed from between a floating
first-letter block and its remaining text. If the anonymous block is
removed as an immediate consequence of the div removal, this shouldn't
crash.
* fast/css-generated-content/float-first-letter-siblings-convert-to-inline-expected.txt: Added
* fast/css-generated-content/float-first-letter-siblings-convert-to-inline.html: Added
* fast/css-generated-content/positioned-div-with-floating-after-content-crash-expected.txt: Added
* fast/css-generated-content/positioned-div-with-floating-after-content-crash.html: Added
* fast/css-generated-content/resources/positioned-div-with-floating-after-content-crash-frame1.html: Added
* fast/css-generated-content/resources/positioned-div-with-floating-after-content-crash-frame2.html: Added
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106150
268f45cc-cd09-0410-ab3c-
d52691b4dbfc