From 58e17b3cdc2792ecc486305126831542a39e376c Mon Sep 17 00:00:00 2001
From: Marshall Greenblatt <magreenblatt@gmail.com>
Date: Wed, 6 Nov 2019 13:17:18 -0500
Subject: [PATCH] Fix crash in RemoveFrame on unknown frame_tree_node_id (fixes
 issue #2799)

---
 libcef/browser/browser_info.cc | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/libcef/browser/browser_info.cc b/libcef/browser/browser_info.cc
index 76c05f0e1..851e7d53c 100644
--- a/libcef/browser/browser_info.cc
+++ b/libcef/browser/browser_info.cc
@@ -164,14 +164,18 @@ void CefBrowserInfo::RemoveFrame(content::RenderFrameHost* host) {
   // A new RFH with the same node ID may be added before the old RFH is deleted,
   // or this might be a speculative RFH. Therefore only delete the map entry if
   // it's currently pointing to the to-be-deleted frame info object.
-  if (frame_tree_node_id_map_.find(frame_info->frame_tree_node_id_)->second ==
-      frame_info) {
-    frame_tree_node_id_map_.erase(frame_info->frame_tree_node_id_);
+  {
+    auto it2 = frame_tree_node_id_map_.find(frame_info->frame_tree_node_id_);
+    if (it2 != frame_tree_node_id_map_.end() && it2->second == frame_info) {
+      frame_tree_node_id_map_.erase(frame_info->frame_tree_node_id_);
+    }
   }
 
   // And finally delete the frame info.
-  auto it2 = frame_info_set_.find(frame_info);
-  frame_info_set_.erase(it2);
+  {
+    auto it2 = frame_info_set_.find(frame_info);
+    frame_info_set_.erase(it2);
+  }
 }
 
 CefRefPtr<CefFrameHostImpl> CefBrowserInfo::GetMainFrame() {