[WebSocket] Fix a crash caused by a pending empty frame.

This CL fixes the process that sends pending frames when a WebSocketChannel
receives quota from the renderer process. The IOBuffer data of a frame can
be null, but the implementation didn't take account of that.

BUG=364788
R=ricea@chromium.org

Review URL: https://codereview.chromium.org/258833005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@266513 0039d316-1c4b-4281-b951-d872f2087c98

net/websockets/websocket_channel.cc

@@ -421,7 +421,9 @@ void WebSocketChannel::SendFlowControl(int64 quota) {
     const size_t bytes_to_send =
         std::min(base::checked_cast<size_t>(quota), data_size);
     const bool final = front.final() && data_size == bytes_to_send;
-    const char* data = front.data()->data() + front.offset();
+    const char* data = front.data() ?
+        front.data()->data() + front.offset() : NULL;
+    DCHECK(!bytes_to_send || data) << "Non empty data should not be null.";
     const std::vector<char> data_vector(data, data + bytes_to_send);
     DVLOG(3) << "Sending frame previously split due to quota to the "
              << "renderer: quota=" << quota << " data_size=" << data_size

net/websockets/websocket_channel_test.cc

@@ -2406,7 +2406,7 @@ TEST_F(WebSocketChannelFlowControlTest, EmptyMessageNoQuota) {
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
        NOT_MASKED,  "FIRST MESSAGE"},
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
-       NOT_MASKED,  ""},
+       NOT_MASKED,  NULL},
       {FINAL_FRAME, WebSocketFrameHeader::kOpCodeText,
        NOT_MASKED,  "THIRD MESSAGE"}};
   stream->PrepareReadFrames(ReadableFakeWebSocketStream::SYNC, OK, frames);