OOR-CORS: Check response_head.headers before accessing in OnReceiveResponse

|response.head.headers| can be empty in some cases, e.g. ftp accesses.
We previously added a null check in GetHeaderString(), but
OnReceiveResponse() itself accesses it without any null check.

This patch adds a check to have a status code, and uses a fallback value
if it does not exist.

Bug: 908261
Change-Id: I15e0e61ce39c9e7846c26ab8875485b4597ce458
Reviewed-on: https://chromium-review.googlesource.com/c/1351348Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611568}

services/network/cors/cors_url_loader.cc

@@ -199,11 +199,14 @@ void CorsURLLoader::OnReceiveResponse(
   DCHECK(forwarding_client_);
   DCHECK(!deferred_redirect_url_);
 
+  int response_status_code =
+      response_head.headers ? response_head.headers->response_code() : 0;
+
   const bool is_304_for_revalidation =
-      request_.is_revalidating && response_head.headers->response_code() == 304;
+      request_.is_revalidating && response_status_code == 304;
   if (fetch_cors_flag_ && !is_304_for_revalidation) {
     const auto error_status = CheckAccess(
-        request_.url, response_head.headers->response_code(),
+        request_.url, response_status_code,
         GetHeaderString(response_head, header_names::kAccessControlAllowOrigin),
         GetHeaderString(response_head,
                         header_names::kAccessControlAllowCredentials),