PasswordAutofillAgent: do not provisionally save forms in NULL frames

Based on a recent crash reports, there is a suspicion that PasswordAutofillAgent::provisionally_saved_forms_ gets NULL WebFrame pointers assigned as keys. That's likely happening in TextDidChangeInTextField(), when ProvisionallySavePassword() is called with element.document().frame(). That can be NULL, as the comment at blink::Document::frame() says.

This CL makes sure that forms for which we don't know the frame are not provisionally saved.

It is still unclear to me, how to reproduce this crash, so I have no idea how to reproduce it in tests. Therefore this CL does not add tests. There is a bug (400186) filed for making PasswordAutofillAgent observe frames directly, which should ultimately clean up this mess anyway.

BUG=420519

Review URL: https://codereview.chromium.org/649583003

Cr-Commit-Position: refs/heads/master@{#299443}

components/autofill/content/renderer/password_autofill_agent.cc

@@ -533,8 +533,10 @@ bool PasswordAutofillAgent::TextDidChangeInTextField(
     // handlers run, so save away a copy of the password in case it gets lost.
     // To honor the user having explicitly cleared the password, even an empty
     // password will be saved here.
-    ProvisionallySavePassword(
-        element.document().frame(), element.form(), RESTRICTION_NONE);
+    if (blink::WebLocalFrame* element_frame = element.document().frame()) {
+      ProvisionallySavePassword(
+          element_frame, element.form(), RESTRICTION_NONE);
+    }
 
     PasswordToLoginMap::iterator iter = password_to_username_.find(element);
     if (iter != password_to_username_.end()) {