Fix crash in UserMediaProcessor::GetMediaStreamDispatcherHost

blink::UserMediaProcessor::OnLocalSourceStopped() is called after ExecutionContext was destroyed. In this case, blink::LocalFrame::GetBrowserInterfaceBroker() will access to LocalFrame::client_, and it will be null already and it will cause a crash. To avoid the crash, this CL checks the Frame::Client() doesn’t return null.

Bug: 1105842, 1049056
Change-Id: Idc942b4a59b6d0e220bd58dfeb4a53df0730dca1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2318502Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Minoru Chikamune <chikamune@chromium.org>
Cr-Commit-Position: refs/heads/master@{#792151}

third_party/blink/renderer/modules/mediastream/user_media_processor.cc

@@ -1755,6 +1755,12 @@ void UserMediaProcessor::StopAllProcessing() {
 
 void UserMediaProcessor::OnLocalSourceStopped(
     const blink::WebMediaStreamSource& source) {
+  // The client can be null if the frame is already detached.
+  // If it's already detached, dispatcher_host_ shouldn't be bound again.
+  // (ref: crbug.com/1105842)
+  if (!frame_->Client())
+    return;
+
   DCHECK_CALLED_ON_VALID_THREAD(thread_checker_);
   blink::WebPlatformMediaStreamSource* source_impl = source.GetPlatformSource();
   SendLogMessage(base::StringPrintf(