Speculative fix to get the ChromeFrame builder up again. It appears that there is a scenario in the

UrlmonUrlRequest object which handles host network requests in IE, where the binding can be NULL and
it is being torn down due to the active document instance being torn down. Based on debugging and code
inspection it appears that this can occur if there is some data which has not been read by Chrome as yet,
and the network request is completed by urlmon. In this case when the active document is torn down, the
state is left as WORKING and we would dereference a NULL binding.

Fix is a NULL check for the binding.

TBR=stoyan

Review URL: http://codereview.chromium.org/564014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37857 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 1 deletions

diff --git a/chrome_frame/urlmon_url_request.cc b/chrome_frame/urlmon_url_request.cc
index 11f6ff6..735d3f5 100644
--- a/chrome_frame/urlmon_url_request.cc
+++ b/chrome_frame/urlmon_url_request.cc
@@ -267,7 +267,9 @@ void UrlmonUrlRequest::Stop() {
   switch (state) {
     case Status::WORKING:
       status_.Cancel();
-      binding_->Abort();
+      if (binding_) {
+        binding_->Abort();
+      }
       break;
 
     case Status::ABORTING: