Crash in updateFirstLetter() from unnecessary anonymous block

Crash in updateFirstLetter() from unnecessary anonymous block
https://bugs.webkit.org/show_bug.cgi?id=72675

Patch by Ken Buchanan <kenrb@chromium.org> on 2012-01-27
Reviewed by David Hyatt.

Source/WebCore:

There was a problem with anonymous blocks not getting removed when
their only block flow siblings are removed if they also have non-block
flow first-letter siblings (i.e. floats). This patch modifies
RenderBlock::removeChild() to look for this situation and strip out
unnecessary anonymous container blocks if it occurs.

* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeChild):
(WebCore::RenderBlock::collapseAnonymousBoxChild): Added
* rendering/RenderBlock.h:
(WebCore::RenderBlock::collapseAnonymousBoxChild): Added

LayoutTests:

Adding tests that cause a div to be removed from between a floating
first-letter block and its remaining text. If the anonymous block is
removed as an immediate consequence of the div removal, this shouldn't
crash.

* fast/css-generated-content/float-first-letter-siblings-convert-to-inline-expected.txt: Added
* fast/css-generated-content/float-first-letter-siblings-convert-to-inline.html: Added
* fast/css-generated-content/positioned-div-with-floating-after-content-crash-expected.txt: Added
* fast/css-generated-content/positioned-div-with-floating-after-content-crash.html: Added
* fast/css-generated-content/resources/positioned-div-with-floating-after-content-crash-frame1.html: Added
* fast/css-generated-content/resources/positioned-div-with-floating-after-content-crash-frame2.html: Added

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106150 268f45cc-cd09-0410-ab3c-d52691b4dbfc