REGRESSION: Stack overflow in RenderBlockFlow::layoutBlock after increasing the font size to max in some RTL vertical books. https://bugs.webkit.org/show_bug.cgi?id=174144 <rdar://problem/32781038> Reviewed by Simon Fraser. Source/WebCore: We set the start/end margin on the ruby renderer to support overhanging content. The margins ensure that adjacent boxes on the line are placed properly respecting the overhanging content. The line breaking algorithm also takes this value into account as it affects the line's available width. We need to reset this value before laying out the lines, otherwise we might end up using this value on the line twice; first as the renderer's margins (as the result of the previous layout) and second as the renderer's overhanging value. Since this is not strictly part of the renderer's layout context (i.e. we set them during the line layout and not at RenderRubyRun::layout) we can't rely on the ruby's layout logic to reset them. Test: fast/ruby/ruby-overhang-margin-crash.html * rendering/RenderBlockLineLayout.cpp: (WebCore::RenderBlockFlow::layoutLineBoxes): LayoutTests: * fast/ruby/ruby-overhang-margin-crash-expected.txt: Added. * fast/ruby/ruby-overhang-margin-crash.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@219190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

commit: f2d2fb595fb97bdf6757c2b8fa613133e84eea37 [log] [tgz]
author: zalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Jul 06 05:49:50 2017 +0000
committer: zalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Jul 06 05:49:50 2017 +0000
tree: fb2b8638f064b42ffe1a5582bc3b446b64e2e633
parent: 8b73308e2b142c5dcdbde6de04a5bd710a00038d [diff] [blame]
diff --git a/Source/WebCore/rendering/RenderBlockLineLayout.cpp b/Source/WebCore/rendering/RenderBlockLineLayout.cpp
index 8dd65a5..e2e3507 100644
--- a/Source/WebCore/rendering/RenderBlockLineLayout.cpp
+++ b/Source/WebCore/rendering/RenderBlockLineLayout.cpp

@@ -1728,6 +1728,12 @@
                     layoutState.floatList().append(FloatWithRect::create(box));
                 else if (isFullLayout || box.needsLayout()) {
                     // Replaced element.
+                    if (isFullLayout && is<RenderRubyRun>(box)) {
+                        // FIXME: This resets the overhanging margins that we set during line layout (see computeInlineDirectionPositionsForSegment)
+                        // Find a more suitable place for this.
+                        setMarginStartForChild(box, 0);
+                        setMarginEndForChild(box, 0);
+                    }
                     box.dirtyLineBoxes(isFullLayout);
                     if (!o.isAnonymousInlineBlock()) {
                         if (isFullLayout)
commit	f2d2fb595fb97bdf6757c2b8fa613133e84eea37	[log] [tgz]
author	zalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Thu Jul 06 05:49:50 2017 +0000
committer	zalan@apple.com <zalan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Thu Jul 06 05:49:50 2017 +0000
tree	fb2b8638f064b42ffe1a5582bc3b446b64e2e633
parent	8b73308e2b142c5dcdbde6de04a5bd710a00038d [diff] [blame]