Calling hasEditableStyle with dirty style during node detaching is invalid because style cannot be updated in such a situation.

Reached by the following layout tests:

fast/text/custom-font-data-crash2.html

Stack trace:

STDERR: #3 0x7f2bf7c62f73 blink::hasEditableStyle()
STDERR: #4 0x7f2bf83e4eb4 blink::LayoutButton::canBeSelectionLeaf()
STDERR: #5 0x7f2bf84d4671 blink::LayoutView::setSelection()
STDERR: #6 0x7f2bf84d5108 blink::LayoutView::clearSelection()
STDERR: #7 0x7f2bf8471d0e blink::LayoutObjectChildList::removeChildNode()
STDERR: #8 0x7f2bf84601fc blink::LayoutObject::removeChild()
STDERR: #9 0x7f2bf839588e blink::LayoutBlockFlow::removeChild()
STDERR: #10 0x7f2bf8414444 blink::LayoutObject::remove()
STDERR: #11 0x7f2bf84698d0 blink::LayoutObject::willBeDestroyed()
STDERR: #12 0x7f2bf84ae609 blink::LayoutText::willBeDestroyed()
STDERR: #13 0x7f2bf84c2635 blink::LayoutTextFragment::willBeDestroyed()
STDERR: #14 0x7f2bf846aa2d blink::LayoutObject::destroy()
STDERR: #15 0x7f2bf846a9fd blink::LayoutObject::destroyAndCleanupAnonymousWrappers()
STDERR: #16 0x7f2bf7b4a45f blink::Node::detachLayoutTree()
STDERR: #17 0x7f2bf7a133ff blink::ContainerNode::detachLayoutTree()
STDERR: #18 0x7f2bf7acbd33 blink::Element::detachLayoutTree()
STDERR: #19 0x7f2bf7a12aa5 blink::ContainerNode::removeBetween()
STDERR: #20 0x7f2bf7a12e51 blink::ContainerNode::removeChildren()
STDERR: #21 0x7f2bf7d8105e blink::replaceChildrenWithFragment()
STDERR: #22 0x7f2bf7ad2a2a blink::Element::setInnerHTML()