Give the main frame a RenderWidget.

content/browser/security_exploit_browsertest.cc

Index: content/browser/security_exploit_browsertest.cc
diff --git a/content/browser/security_exploit_browsertest.cc b/content/browser/security_exploit_browsertest.cc
index 55dd9ef8977c63f5178848535939973df30c2af3..994021f32861f7a9a8b46cd3e7441ad5c308ed20 100644
--- a/content/browser/security_exploit_browsertest.cc
+++ b/content/browser/security_exploit_browsertest.cc
@@ -196,7 +196,7 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, SetWebUIProperty) {
 // process.
 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
                        AttemptDuplicateRenderViewHost) {
-  int duplicate_routing_id = MSG_ROUTING_NONE;
+  int32 duplicate_routing_id = MSG_ROUTING_NONE;
   RenderViewHostImpl* pending_rvh =
       PrepareToDuplicateHosts(shell(), &duplicate_routing_id);
   EXPECT_NE(MSG_ROUTING_NONE, duplicate_routing_id);
@@ -213,11 +213,11 @@ IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest,
   scoped_refptr<SessionStorageNamespaceImpl> session_storage(
       new SessionStorageNamespaceImpl(dom_storage_context));
   // Cause a deliberate collision in routing ids.
-  int main_frame_routing_id = duplicate_routing_id + 1;
-  pending_rvh->CreateNewWindow(duplicate_routing_id,
-                               main_frame_routing_id,
-                               params,
-                               session_storage.get());
+  int32 main_frame_routing_id = duplicate_routing_id + 1;
+  int32 main_frame_widget_routing_id = duplicate_routing_id + 2;
+  pending_rvh->CreateNewWindow(duplicate_routing_id, main_frame_routing_id,
+                               main_frame_widget_routing_id, 0 /* surface id */,
+                               params, session_storage.get());
 
   // If the above operation doesn't cause a crash, the test has succeeded!
 }