Disable Form-Not-Secure warning when |autofill_client_| is null

components/password_manager/core/browser/password_autofill_manager.cc

Index: components/password_manager/core/browser/password_autofill_manager.cc
diff --git a/components/password_manager/core/browser/password_autofill_manager.cc b/components/password_manager/core/browser/password_autofill_manager.cc
index 34b6bd72d9dd8557bb74e033fedb9c5409df2577..091b2062c2ef71c5e7129cdbb1e41e2c5afb6c0d 100644
--- a/components/password_manager/core/browser/password_autofill_manager.cc
+++ b/components/password_manager/core/browser/password_autofill_manager.cc
@@ -257,6 +257,16 @@ void PasswordAutofillManager::OnShowNotSecureWarning(
     base::i18n::TextDirection text_direction,
     const gfx::RectF& bounds) {
   DCHECK(security_state::IsHttpWarningInFormEnabled());
+  // TODO(estark): Other code paths in this file don't do null checks before
+  // using |autofill_client_|. It seems that these other code paths somehow
+  // short-circuit before dereferencing |autofill_client_| in cases where it's
+  // null; it would be good to understand why/how and make a firm decision about
+  // whether |autofill_client_| is allowed to be null. Ideally we would be able
+  // to get rid of such cases so that we can enable Form-Not-Secure warnings
+  // here in all cases. https://crbug.com/699217
+  if (!autofill_client_)
+    return;
+
   std::vector<autofill::Suggestion> suggestions;
   autofill::Suggestion http_warning_suggestion(
       l10n_util::GetStringUTF8(IDS_AUTOFILL_LOGIN_HTTP_WARNING_MESSAGE),