Change scoped_ptr::reset()'s behaviour to match unique_ptr.

base/memory/scoped_ptr.h

Index: base/memory/scoped_ptr.h
diff --git a/base/memory/scoped_ptr.h b/base/memory/scoped_ptr.h
index fb781b0b32ddfd8b47ff3e4a0662ff53b9cd8760..2399e954cc6451ab593661a04c9bb5643ce3aedb 100644
--- a/base/memory/scoped_ptr.h
+++ b/base/memory/scoped_ptr.h
@@ -228,25 +228,14 @@ class scoped_ptr_impl {
     // https://crbug.com/162971
     assert(!ShouldAbortOnSelfReset<D>::value || p == nullptr || p != data_.ptr);
 
-    // Note that running data_.ptr = p can lead to undefined behavior if
-    // get_deleter()(get()) deletes this. In order to prevent this, reset()
-    // should update the stored pointer before deleting its old value.
-    //
-    // However, changing reset() to use that behavior may cause current code to
-    // break in unexpected ways. If the destruction of the owned object
-    // dereferences the scoped_ptr when it is destroyed by a call to reset(),
-    // then it will incorrectly dispatch calls to |p| rather than the original
-    // value of |data_.ptr|.
-    //
-    // During the transition period, set the stored pointer to nullptr while
-    // deleting the object. Eventually, this safety check will be removed to
-    // prevent the scenario initially described from occuring and
-    // http://crbug.com/176091 can be closed.
+    // Match C++11's definition of unique_ptr::reset(), which requires changing
+    // the pointer before invoking the deleter on the old pointer. This prevents
+    // |this| from being accessed after the deleter is run, which may destroy
+    // |this|.
     T* old = data_.ptr;
-    data_.ptr = nullptr;
+    data_.ptr = p;
     if (old != nullptr)
       static_cast<D&>(data_)(old);
-    data_.ptr = p;
   }
 
   T* get() const { return data_.ptr; }