REGRESSION: Stack overflow in RenderBlockFlow::layoutBlock after increasing the font size to max in some RTL vertical books.

https://bugs.webkit.org/show_bug.cgi?id=174144
<rdar://problem/32781038>

Reviewed by Simon Fraser.

Source/WebCore:

We set the start/end margin on the ruby renderer to support overhanging content. The margins ensure that
adjacent boxes on the line are placed properly respecting the overhanging content.
The line breaking algorithm also takes this value into account as it affects the line's available width.
We need to reset this value before laying out the lines, otherwise we might end up using this value on the line twice;
first as the renderer's margins (as the result of the previous layout) and second as the renderer's overhanging value.
Since this is not strictly part of the renderer's layout context (i.e. we set them during the line layout and not at
RenderRubyRun::layout) we can't rely on the ruby's layout logic to reset them.

Test: fast/ruby/ruby-overhang-margin-crash.html

* rendering/RenderBlockLineLayout.cpp:
(WebCore::RenderBlockFlow::layoutLineBoxes):

LayoutTests:

* fast/ruby/ruby-overhang-margin-crash-expected.txt: Added.
* fast/ruby/ruby-overhang-margin-crash.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@219190 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Author: [email protected]

LayoutTests/ChangeLog

@@ -1,3 +1,14 @@
+2017-07-05  Zalan Bujtas  <[email protected]>
+
+        REGRESSION: Stack overflow in RenderBlockFlow::layoutBlock after increasing the font size to max in some RTL vertical books.
+        https://bugs.webkit.org/show_bug.cgi?id=174144
+        <rdar://problem/32781038>
+
+        Reviewed by Simon Fraser.
+
+        * fast/ruby/ruby-overhang-margin-crash-expected.txt: Added.
+        * fast/ruby/ruby-overhang-margin-crash.html: Added.
+
 2017-07-05  Jonathan Bedard  <[email protected]>
 
         Move internal iOS 11 TestExpectations to OpenSource

LayoutTests/fast/ruby/ruby-overhang-margin-crash-expected.txt

@@ -0,0 +1,2 @@
+PASS if no crash.
+i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i凝ぎよう i i i i i i i

LayoutTests/fast/ruby/ruby-overhang-margin-crash.html

@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<title>This tests ruby's overhanging margin.</title>
+<style>
+.col {
+    column-count: 2;
+    widows: 2;
+    orphans: 1;
+    width: 200px;
+    font-size: 10px;
+}
+</style>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+</script>
+</head>
+<body>
+PASS if no crash.
+<div class=col><div>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i<ruby><rb>凝</rb><rt>ぎよう</rt></ruby>
+i i i i i i i</div></div>
+</body>
+</html>

Source/WebCore/ChangeLog

@@ -1,3 +1,24 @@
+2017-07-05  Zalan Bujtas  <[email protected]>
+
+        REGRESSION: Stack overflow in RenderBlockFlow::layoutBlock after increasing the font size to max in some RTL vertical books.
+        https://bugs.webkit.org/show_bug.cgi?id=174144
+        <rdar://problem/32781038>
+
+        Reviewed by Simon Fraser.
+
+        We set the start/end margin on the ruby renderer to support overhanging content. The margins ensure that
+        adjacent boxes on the line are placed properly respecting the overhanging content.
+        The line breaking algorithm also takes this value into account as it affects the line's available width.
+        We need to reset this value before laying out the lines, otherwise we might end up using this value on the line twice;
+        first as the renderer's margins (as the result of the previous layout) and second as the renderer's overhanging value.
+        Since this is not strictly part of the renderer's layout context (i.e. we set them during the line layout and not at
+        RenderRubyRun::layout) we can't rely on the ruby's layout logic to reset them.
+
+        Test: fast/ruby/ruby-overhang-margin-crash.html
+
+        * rendering/RenderBlockLineLayout.cpp:
+        (WebCore::RenderBlockFlow::layoutLineBoxes):
+
 2017-07-05  Yusuke Suzuki  <[email protected]>
 
         Upgrade GCC baseline

Source/WebCore/rendering/RenderBlockLineLayout.cpp

@@ -1728,6 +1728,12 @@ void RenderBlockFlow::layoutLineBoxes(bool relayoutChildren, LayoutUnit& repaint
                     layoutState.floatList().append(FloatWithRect::create(box));
                 else if (isFullLayout || box.needsLayout()) {
                     // Replaced element.
+                    if (isFullLayout && is<RenderRubyRun>(box)) {
+                        // FIXME: This resets the overhanging margins that we set during line layout (see computeInlineDirectionPositionsForSegment)
+                        // Find a more suitable place for this.
+                        setMarginStartForChild(box, 0);
+                        setMarginEndForChild(box, 0);
+                    }
                     box.dirtyLineBoxes(isFullLayout);
                     if (!o.isAnonymousInlineBlock()) {
                         if (isFullLayout)