Use correct WebView from AccessibilityController.

Use correct WebView from AccessibilityController.

Before this CL AccessibilityController would act on the WebView
associated with the main test window, rather than acting on the WebView
associated with the frame owning the AccessibilityController's
javascript bindings.  This could lead to UaF in
AccessibilityController::NotificationReceived where it was trying to use
web_view_->mainFrame on an already destroyed view (no good repro at ToT
- repro would happen after other OOPIF refactorings when running in
--site-per-process mode).

Changes in the current CL:
- AccessibilityController's lifetime is now owned by WebViewTestProxy
  (rather than having AccessibilityController owned by the global
  TestInterfaces object).
- AccessibilityController now uses WebView from the correct
  WebViewTestProxy (rather than one associted with the main test window).
- TestInterfaces object no longer has a pointer to an
  AccessibilityController object (because there is no longer a
  central/global AccessibilityController object).  This means having to
  move code that calls AccessibilityController::Install and
  AccessibilityController::Reset away from TestInterfaces.

Additional changes:
- AccessibilityController does not need to inherit from
  base::SupportsWeakPtr<...> (because AccessibilityController already
  has a weak_factory_ field).

BUG=595089
Committed: https://crrev.com/8ee983a2a52420c843fc4ed0de1ee3c107ef00b8
Cr-Commit-Position: refs/heads/master@{#389156}

[Łukasz Anforowicz, 2016-04-20 21:41:02]

Description was changed from

==========
Use correct WebView from AccessibilityController.

Before this CL AccessibilityController would act on the WebView
associated with the main test window, rather than acting on the WebView
associated with the frame owning the AccessibilityController's
javascript bindings.  This could lead to UaF UaF in
AccessibilityController::NotificationReceived where it was trying to use
web_view_->mainFrame on an already destroyed view (no good repro at ToT
- repro would happen after other OOPIF refactorings when running in
--site-per-process mode).

Changes in the current CL:
- AccessibilityController's lifetime is now owned by WebViewTestProxy
  (rather than having AccessibilityController owned by the global
  TestInterfaces object).
- AccessibilityController now uses WebView from the correct
  WebViewTestProxy (rather than one associted with the main test window).
- TestInterfaces object no longer has a pointer to an
  AccessibilityController object (because there is no longer a
  central/global AccessibilityController object).  This means having to
  move code that calls AccessibilityController::Install and
  AccessibilityController::Reset away from TestInterfaces.

Additional changes:
- AccessibilityController does not need to inherit from
  base::SupportsWeakPtr<...> (because AccessibilityController already
  has a weak_factory_ field).

BUG=595089
==========

to

==========
Use correct WebView from AccessibilityController.

Before this CL AccessibilityController would act on the WebView
associated with the main test window, rather than acting on the WebView
associated with the frame owning the AccessibilityController's
javascript bindings.  This could lead to UaF in
AccessibilityController::NotificationReceived where it was trying to use
web_view_->mainFrame on an already destroyed view (no good repro at ToT
- repro would happen after other OOPIF refactorings when running in
--site-per-process mode).

Changes in the current CL:
- AccessibilityController's lifetime is now owned by WebViewTestProxy
  (rather than having AccessibilityController owned by the global
  TestInterfaces object).
- AccessibilityController now uses WebView from the correct
  WebViewTestProxy (rather than one associted with the main test window).
- TestInterfaces object no longer has a pointer to an
  AccessibilityController object (because there is no longer a
  central/global AccessibilityController object).  This means having to
  move code that calls AccessibilityController::Install and
  AccessibilityController::Reset away from TestInterfaces.

Additional changes:
- AccessibilityController does not need to inherit from
  base::SupportsWeakPtr<...> (because AccessibilityController already
  has a weak_factory_ field).

BUG=595089
==========

[Łukasz Anforowicz, 2016-04-21 23:03:44]

lukasza@chromium.org changed reviewers:
+ jochen@chromium.org

[Łukasz Anforowicz, 2016-04-21 23:03:45]

jochen@, could you please take a look?

[jochen (gone - plz use gerrit), 2016-04-22 15:24:58]

lgtm

[Łukasz Anforowicz, 2016-04-22 16:05:36]

The CQ bit was checked by lukasza@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-04-22 16:06:14]

Dry run: CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1903043002/40001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1903043002/40001

[commit-bot: I haz the power, 2016-04-22 16:56:28]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-04-22 16:56:29]

Dry run: This issue passed the CQ dry run.

[Łukasz Anforowicz, 2016-04-22 17:41:13]

The CQ bit was checked by lukasza@chromium.org

[commit-bot: I haz the power, 2016-04-22 17:41:44]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1903043002/40001
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1903043002/40001

[commit-bot: I haz the power, 2016-04-22 17:47:57]

Committed patchset #3 (id:40001)

[commit-bot: I haz the power, 2016-04-22 19:49:24]

Description was changed from

==========
Use correct WebView from AccessibilityController.

Before this CL AccessibilityController would act on the WebView
associated with the main test window, rather than acting on the WebView
associated with the frame owning the AccessibilityController's
javascript bindings.  This could lead to UaF in
AccessibilityController::NotificationReceived where it was trying to use
web_view_->mainFrame on an already destroyed view (no good repro at ToT
- repro would happen after other OOPIF refactorings when running in
--site-per-process mode).

Changes in the current CL:
- AccessibilityController's lifetime is now owned by WebViewTestProxy
  (rather than having AccessibilityController owned by the global
  TestInterfaces object).
- AccessibilityController now uses WebView from the correct
  WebViewTestProxy (rather than one associted with the main test window).
- TestInterfaces object no longer has a pointer to an
  AccessibilityController object (because there is no longer a
  central/global AccessibilityController object).  This means having to
  move code that calls AccessibilityController::Install and
  AccessibilityController::Reset away from TestInterfaces.

Additional changes:
- AccessibilityController does not need to inherit from
  base::SupportsWeakPtr<...> (because AccessibilityController already
  has a weak_factory_ field).

BUG=595089
==========

to

==========
Use correct WebView from AccessibilityController.

Before this CL AccessibilityController would act on the WebView
associated with the main test window, rather than acting on the WebView
associated with the frame owning the AccessibilityController's
javascript bindings.  This could lead to UaF in
AccessibilityController::NotificationReceived where it was trying to use
web_view_->mainFrame on an already destroyed view (no good repro at ToT
- repro would happen after other OOPIF refactorings when running in
--site-per-process mode).

Changes in the current CL:
- AccessibilityController's lifetime is now owned by WebViewTestProxy
  (rather than having AccessibilityController owned by the global
  TestInterfaces object).
- AccessibilityController now uses WebView from the correct
  WebViewTestProxy (rather than one associted with the main test window).
- TestInterfaces object no longer has a pointer to an
  AccessibilityController object (because there is no longer a
  central/global AccessibilityController object).  This means having to
  move code that calls AccessibilityController::Install and
  AccessibilityController::Reset away from TestInterfaces.

Additional changes:
- AccessibilityController does not need to inherit from
  base::SupportsWeakPtr<...> (because AccessibilityController already
  has a weak_factory_ field).

BUG=595089

Committed: https://crrev.com/8ee983a2a52420c843fc4ed0de1ee3c107ef00b8
Cr-Commit-Position: refs/heads/master@{#389156}
==========

[commit-bot: I haz the power, 2016-04-22 19:49:25]

Patchset 3 (id:??) landed as
https://crrev.com/8ee983a2a52420c843fc4ed0de1ee3c107ef00b8
Cr-Commit-Position: refs/heads/master@{#389156}