Fix a Chrome crash caused in a ChromeFrame instance in the automation job used for routing network requests

to the host. The crash happens while dereferencing a NULL AutomationResourceMessageFilter pointer in a pending
job.

We already NULL check the pointer in the if block above. Moving this check at the top.

Fixes bug http://code.google.com/p/chromium/issues/detail?id=35728

Bug=35728

Review URL: http://codereview.chromium.org/605022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39035 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 7 deletions

diff --git a/chrome/browser/automation/url_request_automation_job.cc b/chrome/browser/automation/url_request_automation_job.cc
index 32b1b15..8c6efa5 100644
--- a/chrome/browser/automation/url_request_automation_job.cc
+++ b/chrome/browser/automation/url_request_automation_job.cc
@@ -158,16 +158,16 @@ void URLRequestAutomationJob::Start() {
 }
 
 void URLRequestAutomationJob::Kill() {
-  if (!is_pending()) {
-    if (message_filter_.get()) {
+  if (message_filter_.get()) {
+    if (!is_pending()) {
       message_filter_->Send(new AutomationMsg_RequestEnd(0, tab_, id_,
           URLRequestStatus(URLRequestStatus::CANCELED, net::ERR_ABORTED)));
+    } else {
+      // If this is a pending job, then register it from the message filter to
+      // ensure that it is not serviced when the external host connects to the
+      // corresponding external tab.
+      message_filter_->UnRegisterRequest(this);
     }
-  } else {
-    // If this is a pending job, then register it from the message filter to
-    // ensure that it is not serviced when the external host connects to the
-    // corresponding external tab.
-    message_filter_->UnRegisterRequest(this);
   }
   DisconnectFromMessageFilter();
   URLRequestJob::Kill();