Note that this crash did not surface in SitePerProcessBrowsertests, as the iframes in the test data file had a name attribute, in addition to the allow attributes. This meant that the FrameOwnerProperties::operator== comparison terminated early, and never tested the case where the two FOP objects were identical except for the allow attributes.

The test file has been updated so that this condition is actually tested, with a link back to this bug for reference. I'll also add unit tests for the operator== method for completeness.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/aee9dcacf21624198c60857788c35906fffa97ad

commit aee9dcacf21624198c60857788c35906fffa97ad
Author: iclelland <iclelland@chromium.org>
Date: Fri Mar 31 14:08:09 2017

Fix crash in frame owner property replication.

Also updated the test that can trigger it, removing the unnecessary name
attributes that were masking the error.

BUG= 705658 

Review-Url: https://codereview.chromium.org/2775393003
Cr-Commit-Position: refs/heads/master@{#461111}

[modify] https://crrev.com/aee9dcacf21624198c60857788c35906fffa97ad/content/common/frame_owner_properties.cc
[modify] https://crrev.com/aee9dcacf21624198c60857788c35906fffa97ad/content/test/data/allowed_frames.html