fixup: ensure preloader_ is non-null before ScanAndPreload

A previous security fix prevented text documents from creating
preloader_ objects. Calling ScanAndPreload in these cases is
incorrect and normally DCHECKed (but it seems like this case is
sufficiently rare that it made it into the wild).

Bug: 1166786, 901056
Change-Id: Ia1530536d644396601e5d7ab88a878ae378ad832
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2630742
Auto-Submit: Richard Townsend <richard.townsend@arm.com>
Commit-Queue: Mason Freed <masonfreed@chromium.org>
Reviewed-by: Mason Freed <masonfreed@chromium.org>
Cr-Commit-Position: refs/heads/master@{#844141}

third_party/blink/renderer/core/html/parser/html_document_parser.cc

@@ -1249,7 +1249,12 @@ void HTMLDocumentParser::Append(const String& input_source) {
       return;
 
     preload_scanner_->AppendToEnd(source);
-    ScanAndPreload(preload_scanner_.get());
+    if (preloader_) {
+      // TODO(Richard.Townsend@arm.com): add test coverage of this branch.
+      // The crash in crbug.com/1166786 indicates that text documents are being
+      // speculatively prefetched.
+      ScanAndPreload(preload_scanner_.get());
+    }
 
     // Return after the preload scanner, do not actually parse the document.
     return;