Clear flat tree node data before early return.

Caused a fuzzer crash because ancestor marking of
ChildNeedsStyleRecalc happened with out-of-date FlatTreeNodeData.

Bug: 1034265
Change-Id: If36225997187bd1a3dcfb6ea4b9519ce44172711
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1986800Reviewed-by: Anders Hartvoll Ruud <andruud@chromium.org>
Commit-Queue: Rune Lillesveen <futhark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#728497}

third_party/blink/renderer/core/dom/container_node.cc

@@ -1008,13 +1008,15 @@ void ContainerNode::ChildrenChanged(const ChildrenChange& change) {
   GetDocument().IncDOMTreeVersion();
   GetDocument().NotifyChangeChildren(*this);
   InvalidateNodeListCachesInAncestors(nullptr, nullptr, &change);
-
   if (change.IsChildRemoval() || change.type == kAllChildrenRemoved) {
     GetDocument().GetStyleEngine().ChildrenRemoved(*this);
     return;
   }
   if (!change.IsChildInsertion())
     return;
+  Node* inserted_node = change.sibling_changed;
+  if (inserted_node->IsContainerNode() || inserted_node->IsTextNode())
+    inserted_node->ClearFlatTreeNodeDataIfHostChanged(*this);
   if (!InActiveDocument())
     return;
   if (IsElementNode() && !GetComputedStyle()) {
@@ -1025,11 +1027,8 @@ void ContainerNode::ChildrenChanged(const ChildrenChange& change) {
     // the ComputedStyle goes from null to non-null.
     return;
   }
-  Node* inserted_node = change.sibling_changed;
-  if (inserted_node->IsContainerNode() || inserted_node->IsTextNode()) {
-    inserted_node->ClearFlatTreeNodeDataIfHostChanged(*this);
+  if (inserted_node->IsContainerNode() || inserted_node->IsTextNode())
     inserted_node->SetStyleChangeOnInsertion();
-  }
 }
 
 void ContainerNode::CloneChildNodesFrom(const ContainerNode& node) {