Exclude files from FileSelectChooser if they can't convert to WebStrings.

content/browser/frame_host/render_frame_host_impl.cc

Index: content/browser/frame_host/render_frame_host_impl.cc
diff --git a/content/browser/frame_host/render_frame_host_impl.cc b/content/browser/frame_host/render_frame_host_impl.cc
index 5fba3c3c600b524ebe622722c778279b67b3e85b..26dd92de50625d992f2f2e0c8fff4acab29688cb 100644
--- a/content/browser/frame_host/render_frame_host_impl.cc
+++ b/content/browser/frame_host/render_frame_host_impl.cc
@@ -3217,8 +3217,18 @@ void RenderFrameHostImpl::FilesSelectedInChooser(
       BrowserContext::GetStoragePartition(GetProcess()->GetBrowserContext(),
                                           GetSiteInstance())
           ->GetFileSystemContext();
-  // Grant the security access requested to the given files.
+
+  // Exclude files whose paths can't be converted into WebStrings, which we can
+  // approximate with AsUTF8Unsafe.  Blink won't be able to handle these, and we
+  // would kill the renderer when it claims to have chosen an empty file path.
+  std::vector<content::FileChooserFileInfo> filtered_files;
   for (const auto& file : files) {
+    if (!file.file_path.AsUTF8Unsafe().empty())
+      filtered_files.push_back(file);
+  }
+
+  // Grant the security access requested to the given files.
+  for (const auto& file : filtered_files) {
     if (permissions == FileChooserParams::Save) {
       ChildProcessSecurityPolicyImpl::GetInstance()->GrantCreateReadWriteFile(
           GetProcess()->GetID(), file.file_path);
@@ -3234,7 +3244,7 @@ void RenderFrameHostImpl::FilesSelectedInChooser(
     }
   }
 
-  Send(new FrameMsg_RunFileChooserResponse(routing_id_, files));
+  Send(new FrameMsg_RunFileChooserResponse(routing_id_, filtered_files));
 }
 
 bool RenderFrameHostImpl::HasSelection() {