Crash in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine

https://bugs.webkit.org/show_bug.cgi?id=122776

Reviewed by Darin Adler.

Merge https://chromium.googlesource.com/chromium/blink/+/aca89bc4d984705a1f94b623dae0ab03e239a248

Fix modification of whitespace endpoints to not assume it's operating on RenderTexts

During line layout, we use midpoints to identify RenderObjects, or parts of
RenderObjects, that don't need InlineBoxes, usually because of collapsed whitespace.

Prior to actually creating BidiRuns (the precursor to InlineBoxes), we use
checkMidpoints to fix up our lineMidpointState to handle the case where we start
ignoring spaces in our line, but don't stop until somewhere on the following line.
Previously, this function assumed that the final midpoint (called an endpoint)
was a RenderText, but this assumption is wrong if we have a beginning midpoint
created by shouldSkipWhitespaceAfterStartObject (which handles inlines and list
markers) and no endpoint on that line. In that case, we'd instead adjust the
position backwards on the beginning midpoint, which would cause us to fail to
create an InlineBox for the inline or list marker. In the new test added, this
would actually trigger a crash due to an assumption when visually re-ordering
BidiRuns that a non-empty line would actually contain at least one such run.

Test: fast/text/whitespace/whitespace-and-margin-wrap-after-list-marker-crash.html

* rendering/RenderBlockLineLayout.cpp:
(WebCore::checkMidpoints):

Change-Id: I894bd9da4250dc2c79a55a8014e54df7dcbec719
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157436 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Michael Bruning <michael.bruning@digia.com>

0 files changed, 0 insertions, 0 deletions