Add a hack to handle GetPage() being null in LocalFrame::IsProvisional()

Normally, this shouldn't happen, but there is a bug that causes the
FrameLifecycle to be rewound from kDetached to kDetaching when a frame
is detached twice (!!). Simply return false in this case, since any work
gated on IsProvisional() should have already happened, so skipping it
should be "safe".

Bug: 838348, 1154141
Change-Id: Ic7a5e4014e3eb42b1f8881472b39743e718b8ff3
Fixed: 1148955
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2575725
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Nate Chapin <japhet@chromium.org>
Cr-Commit-Position: refs/heads/master@{#833988}

third_party/blink/renderer/core/frame/local_frame.cc

@@ -2106,6 +2106,15 @@ bool LocalFrame::IsProvisional() const {
   // this state can no longer be accurately calculated.
   CHECK(!IsDetached());
 
+  // TODO(https://crbug.com/838348): Sadly, there are situations where Blink may
+  // attempt to detach a main frame twice due to a bug. That rewinds
+  // FrameLifecycle from kDetached to kDetaching, but GetPage() will already be
+  // null. Early returning false in that case is "safe enough", as the frame has
+  // already been detached, so any detach work gated on IsProvisional() has
+  // already been done.
+  if (!GetPage())
+    return false;
+
   if (IsMainFrame()) {
     return GetPage()->MainFrame() != this;
   }