Sets render_frame_proxy_ to null in the RenderFrameImpl when destroying the RenderFrameProxy.

Sets render_frame_proxy_ to null in the RenderFrameImpl when destroying the RenderFrameProxy.

This fixes with a use-after-free in the RenderFrameProxy reported by the asan bots, but uncovers another one.

TEST=NavigateRemoteFrame
BUG=357747
Committed: https://crrev.com/912887b4a462f216fca73228de49b4c6cc980da4
Cr-Commit-Position: refs/heads/master@{#316337}

[lfg, 2015-02-13 21:24:19]

lfg@chromium.org changed reviewers:
+ nasko@chromium.org

[lfg, 2015-02-13 21:24:19]

PTAL.

Thanks!

[nasko, 2015-02-13 21:28:19]

LGTM

Let's mention in the description of the CL that it helps with UaF, but uncovers
another one. Also specify TEST=NavigateRenderFrame to indicate what it is
targeted at fixing.

[lfg, 2015-02-13 22:53:55]

The CQ bit was checked by lfg@chromium.org

[commit-bot: I haz the power, 2015-02-13 22:54:50]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/929463004/20001

[commit-bot: I haz the power, 2015-02-14 00:04:09]

Committed patchset #2 (id:20001)

[commit-bot: I haz the power, 2015-02-14 00:05:09]

Patchset 2 (id:??) landed as
https://crrev.com/912887b4a462f216fca73228de49b4c6cc980da4
Cr-Commit-Position: refs/heads/master@{#316337}