Fix crash caused by stale WebContents in chrome://interstitials

chrome/browser/ui/webui/interstitials/interstitial_ui.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/webui/interstitials/interstitial_ui.h"
 
 #include "base/atomic_sequence_num.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_util.h"
 #include "base/time/time.h"
@@ skipping 47 matching lines @@
   }
 
   return net::X509Certificate::CreateFromBytes(cert_der.data(),
                                                cert_der.size());
 }
 
 // Implementation of chrome://interstitials demonstration pages. This code is
 // not used in displaying any real interstitials.
 class InterstitialHTMLSource : public content::URLDataSource {
  public:
-  explicit InterstitialHTMLSource(content::WebContents* web_contents);
-  ~InterstitialHTMLSource() override;
+  InterstitialHTMLSource() {}
+  ~InterstitialHTMLSource() override {}
 
   // content::URLDataSource:
   std::string GetMimeType(const std::string& mime_type) const override;
   std::string GetSource() const override;
   std::string GetContentSecurityPolicyScriptSrc() const override;
   std::string GetContentSecurityPolicyStyleSrc() const override;
   std::string GetContentSecurityPolicyImgSrc() const override;
   void StartDataRequest(
       const std::string& path,
       const content::ResourceRequestInfo::WebContentsGetter& wc_getter,
       const content::URLDataSource::GotDataCallback& callback) override;
 
  private:
-  content::WebContents* web_contents_;
   DISALLOW_COPY_AND_ASSIGN(InterstitialHTMLSource);
 };
 
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
 // Provides fake connection information to the captive portal blocking page so
 // that both Wi-Fi and non Wi-Fi blocking pages can be displayed.
 class CaptivePortalBlockingPageWithNetInfo : public CaptivePortalBlockingPage {
  public:
   CaptivePortalBlockingPageWithNetInfo(
       content::WebContents* web_contents,
@@ skipping 207 matching lines @@
           base::Callback<void(content::CertificateRequestResultType)>(),
           is_wifi_connection, wifi_ssid);
   return blocking_page;
 }
 #endif
 
 } //  namespace
 
 InterstitialUI::InterstitialUI(content::WebUI* web_ui)
     : WebUIController(web_ui) {
-  std::unique_ptr<InterstitialHTMLSource> html_source(
-      new InterstitialHTMLSource(web_ui->GetWebContents()));
   Profile* profile = Profile::FromWebUI(web_ui);
-  content::URLDataSource::Add(profile, html_source.release());
+  content::URLDataSource::Add(profile, new InterstitialHTMLSource());
 }
 
 InterstitialUI::~InterstitialUI() {
 }
 
 // InterstitialHTMLSource
 
-InterstitialHTMLSource::InterstitialHTMLSource(
-    content::WebContents* web_contents)
-    : web_contents_(web_contents) {
-}
-
-InterstitialHTMLSource::~InterstitialHTMLSource() {
-}
-
 std::string InterstitialHTMLSource::GetMimeType(
     const std::string& mime_type) const {
   return "text/html";
 }
 
 std::string InterstitialHTMLSource::GetSource() const {
   return chrome::kChromeUIInterstitialHost;
 }
 
 std::string InterstitialHTMLSource::GetContentSecurityPolicyScriptSrc() const {
   // 'unsafe-inline' is added to script-src.
   return "script-src chrome://resources 'self' 'unsafe-eval' 'unsafe-inline';";
 }
 
 std::string InterstitialHTMLSource::GetContentSecurityPolicyStyleSrc() const {
   return "style-src 'self' 'unsafe-inline';";
 }
 
 std::string InterstitialHTMLSource::GetContentSecurityPolicyImgSrc() const {
   return "img-src data:;";
 }
 
 void InterstitialHTMLSource::StartDataRequest(
     const std::string& path,
     const content::ResourceRequestInfo::WebContentsGetter& wc_getter,
     const content::URLDataSource::GotDataCallback& callback) {
+  content::WebContents* web_contents = wc_getter.Run();
   std::unique_ptr<content::InterstitialPageDelegate> interstitial_delegate;
   if (base::StartsWith(path, "ssl", base::CompareCase::SENSITIVE)) {
-    interstitial_delegate.reset(CreateSSLBlockingPage(web_contents_));
+    interstitial_delegate.reset(CreateSSLBlockingPage(web_contents));
   } else if (base::StartsWith(path, "safebrowsing",
                               base::CompareCase::SENSITIVE)) {
-    interstitial_delegate.reset(CreateSafeBrowsingBlockingPage(web_contents_));
+    interstitial_delegate.reset(CreateSafeBrowsingBlockingPage(web_contents));
   } else if (base::StartsWith(path, "clock", base::CompareCase::SENSITIVE)) {
-    interstitial_delegate.reset(CreateBadClockBlockingPage(web_contents_));
+    interstitial_delegate.reset(CreateBadClockBlockingPage(web_contents));
   }
 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
   else if (base::StartsWith(path, "captiveportal",
                             base::CompareCase::SENSITIVE))
   {
-    interstitial_delegate.reset(CreateCaptivePortalBlockingPage(web_contents_));
+    interstitial_delegate.reset(CreateCaptivePortalBlockingPage(web_contents));
   }
 #endif
   std::string html;
   if (interstitial_delegate.get()) {
     html = interstitial_delegate.get()->GetHTMLContents();
   } else {
     html = ResourceBundle::GetSharedInstance()
                           .GetRawDataResource(IDR_SECURITY_INTERSTITIAL_UI_HTML)
                           .as_string();
   }
   scoped_refptr<base::RefCountedString> html_bytes = new base::RefCountedString;
   html_bytes->data().assign(html.begin(), html.end());
   callback.Run(html_bytes.get());
 }