[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

The crash issue 562339 is caused in computeInlineBoxPositionTemplate  called in the
 RenderPosition constructor.
The root issue is FrameSelection::setNonDirectionalSelectionIfNeededAlgorithm
 uses m_originalBase as up-to-date.
m_originBase is used only in the function.
However, there can be layout by next call.
Thus this CL recanonicalizes m_originalBase.

This CL also fix the issue m_originalBase/inFlatTree are leaked.

BUG=562339, 593592
TEST=LayoutTests/editing/selection/mouse/drag_selection_update_crash.html

Committed: https://crrev.com/9188249cc0a957865cc7aa592f6477b38cbb7f9a
Cr-Commit-Position: refs/heads/master@{#395001}

[yoichio, 2016-05-19 08:12:18]

Description was changed from

==========
[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

The crash issue 562339 is caused in computeInlineBoxPositionTemplate  called in
the
 RenderPosition constructor.
The root issue is FrameSelection::setNonDirectionalSelectionIfNeededAlgorithm
 uses m_originalBase as up-to-date.
m_originBase is used only in the function.
However, there can be layout by next call.
Thus this CL recanonicalizes m_originalBase.

BUG=562339, 593592
TEST=LayoutTests/editing/selection/mouse/drag_selection_update_crash.html
==========

to

==========
[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

The crash issue 562339 is caused in computeInlineBoxPositionTemplate  called in
the
 RenderPosition constructor.
The root issue is FrameSelection::setNonDirectionalSelectionIfNeededAlgorithm
 uses m_originalBase as up-to-date.
m_originBase is used only in the function.
However, there can be layout by next call.
Thus this CL recanonicalizes m_originalBase.

This CL also fix the issue m_originalBase/inFlatTree are leaked.

BUG=562339, 593592
TEST=LayoutTests/editing/selection/mouse/drag_selection_update_crash.html
==========

[yoichio, 2016-05-19 09:00:11]

yoichio@chromium.org changed reviewers:
+ yosin@chromium.org

[yosin_UTC9, 2016-05-20 04:26:24]

The CQ bit was checked by yosin@chromium.org

[yosin_UTC9, 2016-05-20 04:26:25]

lgtm

[commit-bot: I haz the power, 2016-05-20 04:26:48]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1993163003/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1993163003/1

[commit-bot: I haz the power, 2016-05-20 04:45:25]

Description was changed from

==========
[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

The crash issue 562339 is caused in computeInlineBoxPositionTemplate  called in
the
 RenderPosition constructor.
The root issue is FrameSelection::setNonDirectionalSelectionIfNeededAlgorithm
 uses m_originalBase as up-to-date.
m_originBase is used only in the function.
However, there can be layout by next call.
Thus this CL recanonicalizes m_originalBase.

This CL also fix the issue m_originalBase/inFlatTree are leaked.

BUG=562339, 593592
TEST=LayoutTests/editing/selection/mouse/drag_selection_update_crash.html
==========

to

==========
[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

The crash issue 562339 is caused in computeInlineBoxPositionTemplate  called in
the
 RenderPosition constructor.
The root issue is FrameSelection::setNonDirectionalSelectionIfNeededAlgorithm
 uses m_originalBase as up-to-date.
m_originBase is used only in the function.
However, there can be layout by next call.
Thus this CL recanonicalizes m_originalBase.

This CL also fix the issue m_originalBase/inFlatTree are leaked.

BUG=562339, 593592
TEST=LayoutTests/editing/selection/mouse/drag_selection_update_crash.html
==========

[commit-bot: I haz the power, 2016-05-20 04:45:27]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-05-20 04:46:53]

Description was changed from

==========
[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

The crash issue 562339 is caused in computeInlineBoxPositionTemplate  called in
the
 RenderPosition constructor.
The root issue is FrameSelection::setNonDirectionalSelectionIfNeededAlgorithm
 uses m_originalBase as up-to-date.
m_originBase is used only in the function.
However, there can be layout by next call.
Thus this CL recanonicalizes m_originalBase.

This CL also fix the issue m_originalBase/inFlatTree are leaked.

BUG=562339, 593592
TEST=LayoutTests/editing/selection/mouse/drag_selection_update_crash.html
==========

to

==========
[Editing][Stability] Recanonicalize m_originalbase in FrameSelection

The crash issue 562339 is caused in computeInlineBoxPositionTemplate  called in
the
 RenderPosition constructor.
The root issue is FrameSelection::setNonDirectionalSelectionIfNeededAlgorithm
 uses m_originalBase as up-to-date.
m_originBase is used only in the function.
However, there can be layout by next call.
Thus this CL recanonicalizes m_originalBase.

This CL also fix the issue m_originalBase/inFlatTree are leaked.

BUG=562339, 593592
TEST=LayoutTests/editing/selection/mouse/drag_selection_update_crash.html

Committed: https://crrev.com/9188249cc0a957865cc7aa592f6477b38cbb7f9a
Cr-Commit-Position: refs/heads/master@{#395001}
==========

[commit-bot: I haz the power, 2016-05-20 04:46:54]

Patchset 1 (id:??) landed as
https://crrev.com/9188249cc0a957865cc7aa592f6477b38cbb7f9a
Cr-Commit-Position: refs/heads/master@{#395001}