Fix file chooser on ChromeOS.

Fix file chooser on ChromeOS.

A previous CL - https://codereview.chromium.org/2102883002/, introduced
a bug specific to the ChromeOS version of the file chooser. It fixed a
use-after-free bug by monitoring for RenderFrame deletions. However,
on ChromeOS, the file picker is itself a RenderFrame and the code didn't
account for nullifying the cached object only when they match.
This CL fixes the issue by ensuring that the pointer is cleared only
when the object being deleted matches.

BUG=624956
Committed: https://crrev.com/5e61b75ffa3c2fe805124b5969e8dff578510b99
Cr-Commit-Position: refs/heads/master@{#403554}

[Charlie Reis, 2016-07-01 21:50:17]

creis@chromium.org changed reviewers:
+ creis@chromium.org

[Charlie Reis, 2016-07-01 21:50:18]

LGTM.  I agree with your plan (as mentioned offline) to give this code some
attention and tests.  :)

https://codereview.chromium.org/2113353002/diff/1/chrome/browser/file_select_...
File chrome/browser/file_select_helper.cc (right):

https://codereview.chromium.org/2113353002/diff/1/chrome/browser/file_select_...
chrome/browser/file_select_helper.cc:659: render_frame_host_ = nullptr;
Seems right.  We should probably add a CleanUp call to both of these in a
separate CL to be consistent with the old behavior (from
https://codereview.chromium.org/2102883002/diff/80001/chrome/browser/file_sel...),
but let's not do that in this CL.

[nasko, 2016-07-01 21:56:36]

nasko@chromium.org changed reviewers:
+ jam@chromium.org

[nasko, 2016-07-01 21:56:37]

Hey John,
Can you owner review this for me?
Thanks,
Nasko

[jam, 2016-07-01 21:57:05]

lgtm

[nasko, 2016-07-01 21:57:57]

The CQ bit was checked by nasko@chromium.org

[commit-bot: I haz the power, 2016-07-01 21:58:19]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-07-01 22:35:18]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-07-01 22:36:25]

Description was changed from

==========
Fix file chooser on ChromeOS.

A previous CL - https://codereview.chromium.org/2102883002/, introduced
a bug specific to the ChromeOS version of the file chooser. It fixed a
use-after-free bug by monitoring for RenderFrame deletions. However,
on ChromeOS, the file picker is itself a RenderFrame and the code didn't
account for nullifying the cached object only when they match.
This CL fixes the issue by ensuring that the pointer is cleared only
when the object being deleted matches.

BUG=624956
==========

to

==========
Fix file chooser on ChromeOS.

A previous CL - https://codereview.chromium.org/2102883002/, introduced
a bug specific to the ChromeOS version of the file chooser. It fixed a
use-after-free bug by monitoring for RenderFrame deletions. However,
on ChromeOS, the file picker is itself a RenderFrame and the code didn't
account for nullifying the cached object only when they match.
This CL fixes the issue by ensuring that the pointer is cleared only
when the object being deleted matches.

BUG=624956

Committed: https://crrev.com/5e61b75ffa3c2fe805124b5969e8dff578510b99
Cr-Commit-Position: refs/heads/master@{#403554}
==========

[commit-bot: I haz the power, 2016-07-01 22:36:26]

Patchset 1 (id:??) landed as
https://crrev.com/5e61b75ffa3c2fe805124b5969e8dff578510b99
Cr-Commit-Position: refs/heads/master@{#403554}