https://chromium.googlesource.com/chromium/src.git/+/2af2d08972d14d5bdd91e0515eb5b15b4444aee9
blink::HTMLMediaElement::ShouldReusePlayer: avoid dereferencing a potentally NULL domWindow

The domWindow() method of the Document class can potentially return nullptr
as noted in renderer/core/dom/document.h

> // A document may or may not have a browsing context
> // (https://html.spec.whatwg.org/#browsing-context). A document with a browsing
> // context is created by navigation, and has a non-null domWindow(), GetFrame(),
> // Loader(), etc., and is visible to the user. It will have a valid
> // GetExecutionContext(), which will be equal to domWindow(). If the Document
> // constructor receives a DocumentInit created WithDocumentLoader(), it will
> // have a browsing context.
> // Documents created by all other APIs do not have a browsing context. These
> // Documents still have a valid GetExecutionContext() (i.e., the domWindow() of
> // the Document in which they were created), so they can still access
> // script, but return null for domWindow(), GetFrame() and Loader(). Generally,
> // they should not downcast the ExecutionContext to a LocalDOMWindow and access
> // the properties of the window directly.

Upon checking further, the offending document returns null for GetFrame() and
Loader() aswell so this was likely just an oversight and no invariants are being
violated

Introduced in https://chromium-review.googlesource.com/c/chromium/src/+/4202152

More details https://bugs.chromium.org/p/chromium/issues/detail?id=1447388

Fixed: 1447388
Change-Id: I85a6ef52baaac0ec7f5ec188d5d5bb2c518a8ecd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4546610
Reviewed-by: Fredrik Söderquist <fs@opera.com>
Commit-Queue: Fredrik Söderquist <fs@opera.com>
Cr-Commit-Position: refs/heads/main@{#1147184}

--- a/AUTHORS
+++ b/AUTHORS

@@ -1012,6 +1012,7 @@
 Prashant Hiremath <prashhir@cisco.com>
 Prashant Nevase <prashant.n@samsung.com>
 Prashant Patil <prashant.patil@imgtec.com>
+Pratham <prathamIN@proton.me>
 Praveen Akkiraju <praveen.anp@samsung.com>
 Preeti Nayak <preeti.nayak@samsung.com>
 Pritam Nikam <pritam.nikam@samsung.com>

--- a/third_party/blink/renderer/core/html/media/html_media_element.cc
+++ b/third_party/blink/renderer/core/html/media/html_media_element.cc

@@ -648,6 +648,11 @@
 
 bool HTMLMediaElement::ShouldReusePlayer(Document& old_document,
                                          Document& new_document) const {
+  // A NULL frame implies a NULL domWindow, so just check one of them
+  if (!old_document.GetFrame() || !new_document.GetFrame()) {
+    return false;
+  }
+
   // Don't reuse player if the Document Picture-in-Picture API is disabled for
   // both documents.
   if (!RuntimeEnabledFeatures::DocumentPictureInPictureAPIEnabled(
@@ -657,10 +662,6 @@
     return false;
   }
 
-  if (!old_document.GetFrame() || !new_document.GetFrame()) {
-    return false;
-  }
-
   auto* new_origin = new_document.GetFrame()
                          ->LocalFrameRoot()
                          .GetSecurityContext()