https://bugs.webkit.org/show_bug.cgi?id=113531

Reviewed by Eric Carlson.

No new tests, though this is intermittently reproducible with
http/tests/misc/delete-frame-during-readystatechange.html under ASAN.

* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::~HTMLMediaElement): Clear the media player manually
    before the destructor exits. Clearing the media player may cancel a resource load,
    which can trigger a readystatechange event. It's possible for the HTMLMediaElement
    to attempt to fire an abort event within the readystatechange event, even though it is
    now in an inconsistent state. Clearling the media player before finishing the destructor
    ensures that the HTMLMediaElement will at least still be alive if this case is triggered.
    Set m_completelyLoaded to true to ensure that if userCancelledLoad() is called, it doesn't
    attempt to fire events while destructing.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148636 268f45cc-cd09-0410-ab3c-d52691b4dbfc