PasswordController should give up on WebState destruction

ios/chrome/browser/passwords/password_controller.mm

 // Copyright 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #import "ios/chrome/browser/passwords/password_controller.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <utility>
@@ skipping 30 matching lines @@
 #import "ios/web/public/web_state/web_state.h"
 #import "ios/web/public/web_state/web_state_observer_bridge.h"
 #include "url/gurl.h"
 
 using password_manager::PasswordFormManager;
 using password_manager::PasswordGenerationManager;
 using password_manager::PasswordManager;
 using password_manager::PasswordManagerClient;
 using password_manager::PasswordManagerDriver;
 
+@interface PasswordController ()
+
+// This is set to YES as soon as the associated WebState is destroyed.
+@property(readonly) BOOL isWebStateDestroyed;
+
+@end
+
 @interface PasswordController ()<CRWWebStateObserver, FormSuggestionProvider>
 
 // Parses the |jsonString| which contatins the password forms found on a web
 // page to populate the |forms| vector.
 - (void)getPasswordForms:(std::vector<autofill::PasswordForm>*)forms
            fromFormsJSON:(NSString*)jsonString
                  pageURL:(const GURL&)pageURL;
 
 // Processes the JSON string returned as a result of extracting the submitted
 // form data and populates |form|. Returns YES on success. NO otherwise.
@@ skipping 174 matching lines @@
 
   JsPasswordManager* passwordJsManager_;  // weak
 
   // The pending form data.
   scoped_ptr<autofill::PasswordFormFillData> formData_;
 
   // Bridge to observe WebState from Objective-C.
   scoped_ptr<web::WebStateObserverBridge> webStateObserverBridge_;
 }
 
+@synthesize isWebStateDestroyed = isWebStateDestroyed_;
+
 - (instancetype)initWithWebState:(web::WebState*)webState
              passwordsUiDelegate:(id<PasswordsUiDelegate>)UIDelegate {
   DCHECK(webState);
   self = [super init];
   if (self) {
     webStateObserverBridge_.reset(
         new web::WebStateObserverBridge(webState, self));
     passwordManagerClient_.reset(new IOSChromePasswordManagerClient(self));
     passwordManager_.reset(new PasswordManager(passwordManagerClient_.get()));
     passwordManagerDriver_.reset(new IOSChromePasswordManagerDriver(self));
@@ skipping 102 matching lines @@
 
 - (void)webState:(web::WebState*)webState
     didSubmitDocumentWithFormNamed:(const std::string&)formName
                      userInitiated:(BOOL)userInitiated {
   base::WeakNSObject<PasswordController> weakSelf(self);
   // This code is racing against the new page loading and will not get the
   // password form data if the page has changed. In most cases this code wins
   // the race.
   // TODO(crbug.com/418827): Fix this by passing in more data from the JS side.
   id completionHandler = ^(BOOL found, const autofill::PasswordForm& form) {
-    if (weakSelf) {
+    if (weakSelf && ![weakSelf isWebStateDestroyed]) {
       weakSelf.get()->passwordManager_->OnPasswordFormSubmitted(
           weakSelf.get()->passwordManagerDriver_.get(), form);
     }
   };
   [self extractSubmittedPasswordForm:formName
                    completionHandler:completionHandler];
 }
 
 - (void)webStateDestroyed:(web::WebState*)webState {
+  isWebStateDestroyed_ = YES;
   [self detach];
 }
 
 - (void)findPasswordFormsWithCompletionHandler:
     (void (^)(const std::vector<autofill::PasswordForm>&))completionHandler {
   DCHECK(completionHandler);
 
   if (!webStateObserverBridge_ || !webStateObserverBridge_->web_state())
     return;
 
@@ skipping 403 matching lines @@
 
 - (PasswordManager*)passwordManager {
   return passwordManager_.get();
 }
 
 - (JsPasswordManager*)passwordJsManager {
   return passwordJsManager_;
 }
 
 @end