Fix race crash on UrlBar Autofill

If an Autofill session is triggered on the UrlBar before
setTextForAutofillServices has been called for the first time, the
member mTextForAutofillServices, which is null, is passed to the
constructor of SpannableStringBuilder. This results in a crash.

This is fixed by always intializing mTextForAutofillServices.

R=tedchoc@chromium.org

Bug: 1109186
Change-Id: I2d2e2b73521a6261c23c1cc3dd36ba83dc19f110
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2317209Reviewed-by: Ted Choc <tedchoc@chromium.org>
Commit-Queue: Ted Choc <tedchoc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#791876}

chrome/android/java/src/org/chromium/chrome/browser/omnibox/UrlBar.java

@@ -879,8 +879,13 @@ public abstract class UrlBar extends AutocompleteEditText {
 
     @Override
     public Editable getText() {
-        return mRequestingAutofillStructure ? new SpannableStringBuilder(mTextForAutofillServices)
-                                            : super.getText();
+        if (mRequestingAutofillStructure) {
+            // crbug.com/1109186: mTextForAutofillServices must not be null here, but Autofill
+            // requests can be triggered before it is initialized.
+            return new SpannableStringBuilder(
+                    mTextForAutofillServices != null ? mTextForAutofillServices : "");
+        }
+        return super.getText();
     }
 
     @Override