Protect calls to RequestAXTreeSnapshot against a crashed render process

As it's also mentioned in crrev.com/c/1117847, it is possible for
|frame_| to get reset during the lifetime of RFHI in case the render
process crashes, so we need to protect against this to prevent the
browser from crashing if a call to SnapshotAccessibilityTree gets
run in such scenario.

It would be preferable not to allow that to happen in the first place,
but such change is out of scope in the context of fixing the particular
crash reported in crbug.com/1062442, so let's add an extra check and a
TODO pointing to the issue tracking this problem (crbug.com/859110).

Bug: 1010831, 1062442
Change-Id: I972302eefb67a6f2a77597de1a8c28d85536b301
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2112465
Commit-Queue: Mario Sanchez Prada <mario@igalia.com>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#752024}

content/browser/frame_host/render_frame_host_impl.cc

@@ -6114,6 +6114,10 @@ void RenderFrameHostImpl::UpdateAccessibilityMode() {
 
 void RenderFrameHostImpl::RequestAXTreeSnapshot(AXTreeSnapshotCallback callback,
                                                 ui::AXMode ax_mode) {
+  // TODO(https://crbug.com/859110): Remove once frame_ can no longer be null.
+  if (!IsRenderFrameLive())
+    return;
+
   frame_->SnapshotAccessibilityTree(
       ax_mode.mode(),
       base::BindOnce(&RenderFrameHostImpl::RequestAXTreeSnapshotCallback,