Avoid use-after-free if frame is deleted when stopping loading.

Avoid use-after-free if frame is deleted when stopping loading.

WebFrame::stopLoading can run onload event handlers, which have
the ability to delete the frame.  This means we must be careful
when calling it from within RenderFrameImpl, or else the
remainder of the function may try to access a deleted object.

BUG=638166, 639689
TEST=See bug 638166 comment 11
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2307463003
Cr-Commit-Position: refs/heads/master@{#416082}
(cherry picked from commit ba53b47ffb07652d639e68db92743dc9aea21e5c)

Committed: https://chromium.googlesource.com/chromium/src/+/670a635d98f3f5674b87d75141bd17253f2f0a5c

[Charlie Reis, 2016-09-06 16:14:12]

creis@chromium.org changed reviewers:
+ dcheng@chromium.org

[Charlie Reis, 2016-09-06 16:14:13]

Merging to M54.

[Charlie Reis, 2016-09-06 16:22:06]

Description was changed from

==========
Avoid use-after-free if frame is deleted when stopping loading.

WebFrame::stopLoading can run onload event handlers, which have
the ability to delete the frame.  This means we must be careful
when calling it from within RenderFrameImpl, or else the
remainder of the function may try to access a deleted object.

BUG=638166, 639689
TEST=See bug 638166 comment 11
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2307463003
Cr-Commit-Position: refs/heads/master@{#416082}
(cherry picked from commit ba53b47ffb07652d639e68db92743dc9aea21e5c)
==========

to

==========
Avoid use-after-free if frame is deleted when stopping loading.

WebFrame::stopLoading can run onload event handlers, which have
the ability to delete the frame.  This means we must be careful
when calling it from within RenderFrameImpl, or else the
remainder of the function may try to access a deleted object.

BUG=638166, 639689
TEST=See bug 638166 comment 11
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

Review-Url: https://codereview.chromium.org/2307463003
Cr-Commit-Position: refs/heads/master@{#416082}
(cherry picked from commit ba53b47ffb07652d639e68db92743dc9aea21e5c)

Committed:
https://chromium.googlesource.com/chromium/src/+/670a635d98f3f5674b87d75141bd...
==========

[Charlie Reis, 2016-09-06 16:22:07]

Committed patchset #1 (id:1) manually as
670a635d98f3f5674b87d75141bd17253f2f0a5c.

[dcheng, 2016-09-07 00:06:11]

lgtm