Fix nullptr deref in maybeRenderFallbackContent()

third_party/WebKit/Source/web/WebLocalFrameImpl.cpp

Index: third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
diff --git a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
index 8ed362f1d683be0e1da6a6ea965613f2479747f7..634bd57f0045030d7d02dcd5f5ca9065a1297527 100644
--- a/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
+++ b/third_party/WebKit/Source/web/WebLocalFrameImpl.cpp
@@ -2108,16 +2108,21 @@ void WebLocalFrameImpl::LoadData(const WebData& data,
       history_item, static_cast<HistoryLoadType>(web_history_load_type));
 }
 
-bool WebLocalFrameImpl::MaybeRenderFallbackContent(
-    const WebURLError& error) const {
+WebLocalFrame::FallbackContentResult
+WebLocalFrameImpl::MaybeRenderFallbackContent(const WebURLError& error) const {
   DCHECK(GetFrame());
 
   if (!GetFrame()->Owner() || !GetFrame()->Owner()->CanRenderFallbackContent())
-    return false;
+    return NoFallbackContent;
+
+  // provisionalDocumentLoader() can be null if a navigation started and
+  // completed (e.g. about:blank) while waiting for the navigation that wants
+  // to show fallback content.
+  if (!GetFrame()->Loader().ProvisionalDocumentLoader())
+    return NoLoadInProgress;
 
-  DCHECK(GetFrame()->Loader().ProvisionalDocumentLoader());
   GetFrame()->Loader().ProvisionalDocumentLoader()->LoadFailed(error);
-  return true;
+  return FallbackRendered;
 }
 
 // Called when a navigation is blocked because a Content Security Policy (CSP)