Do not destroy RenderQuote's text fragment child when quotation mark string is changing.
authorzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Feb 2015 16:50:44 +0000 (16:50 +0000)
committerzalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Feb 2015 16:50:44 +0000 (16:50 +0000)
commitcdd1ac2ff332a91a4207a0cc63d003cf7b8dfbb0
tree90dd72196b6c0258bdeb09b1ef7b9804a7c6e368
parent69d85d21c7352ecf841c3026afa1c4512c83ecf5
Do not destroy RenderQuote's text fragment child when quotation mark string is changing.
https://bugs.webkit.org/show_bug.cgi?id=141271
rdar://problem/18169375

Reviewed by Antti Koivisto.

Similar approach as https://codereview.chromium.org/679593004/

This patch ensures that laying out a RenderQuote does not force a sibling RenderQuote's
child renderer(RenderText) to be destroyed.
BreakingContext holds a pointer to the next renderer on the line (BreakingContext::m_nextObject).
While laying out the line, initiated by BreakingContext, placing the current renderer could end up destroying the "next" renderer.
This happens when the pseudo after quotation mark(RenderQuote) becomes floated, the sibling <q>'s pseudo
before text needs to be changed (from " to ') so that we don't end up with 2 sets of the same opening
strings.
The fix is to reuse the RenderTextFragment object instead of destroy/recreate it.

Source/WebCore:

Test: fast/css/content/quote-crash-when-floating.html

* rendering/RenderQuote.cpp:
(WebCore::RenderQuote::RenderQuote):
(WebCore::fragmentChild):
(WebCore::RenderQuote::updateText):
* rendering/RenderQuote.h:
* rendering/RenderTextFragment.cpp:
(WebCore::RenderTextFragment::setText):
(WebCore::RenderTextFragment::setContentString):
* rendering/RenderTextFragment.h:

LayoutTests:

* fast/css/content/quote-crash-when-floating-expected.txt: Added.
* fast/css/content/quote-crash-when-floating.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@179691 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/css/content/quote-crash-when-floating-expected.txt [new file with mode: 0644]
LayoutTests/fast/css/content/quote-crash-when-floating.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderQuote.cpp
Source/WebCore/rendering/RenderQuote.h
Source/WebCore/rendering/RenderTextFragment.cpp
Source/WebCore/rendering/RenderTextFragment.h