Fix UAF in closures posted from InProcessWorkerObjectProxy

Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer
to the messaging proxy because we can't guarantee it's still there when
the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
Committed: https://crrev.com/31ed1877bdb9c27eae9d9da2a3954c16d5758a9b
Cr-Commit-Position: refs/heads/master@{#430251}

[alex clarke (OOO till 29th), 2016-11-04 11:32:08]

The CQ bit was checked by alexclarke@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-04 11:32:22]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[alex clarke (OOO till 29th), 2016-11-04 11:32:52]

Description was changed from

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitarially delayed
so it's not safe to use crossThreadUnretained pointer to the messaging
proxy.  We fix this with a WeakPtr.

BUG=660427
==========

to

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitarially delayed
so it's not safe to use crossThreadUnretained pointer to the messaging
proxy because we can't guarantee it's still there when they eventually 
get run.

We fix this with a WeakPtr.

BUG=660427
==========

[alex clarke (OOO till 29th), 2016-11-04 11:34:15]

alexclarke@chromium.org changed reviewers:
+ skyostil@chromium.org

[alex clarke (OOO till 29th), 2016-11-04 11:35:37]

Description was changed from

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitarially delayed
so it's not safe to use crossThreadUnretained pointer to the messaging
proxy because we can't guarantee it's still there when they eventually 
get run.

We fix this with a WeakPtr.

BUG=660427
==========

to

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer to the
messaging proxy because we can't guarantee it's still 
there when the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
==========

[alex clarke (OOO till 29th), 2016-11-04 11:35:45]

Description was changed from

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer to the
messaging proxy because we can't guarantee it's still 
there when the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
==========

to

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer 
to the messaging proxy because we can't guarantee it's still 
there when the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
==========

[alex clarke (OOO till 29th), 2016-11-04 11:36:01]

Description was changed from

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer 
to the messaging proxy because we can't guarantee it's still 
there when the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
==========

to

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer 
to the messaging proxy because we can't guarantee it's still there when 
the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
==========

[alex clarke (OOO till 29th), 2016-11-04 11:40:06]

alexclarke@chromium.org changed reviewers:
+ kinuko@chromium.org

[alex clarke (OOO till 29th), 2016-11-04 11:40:07]

+kinuko for review.  I'm not terribly familiar with this code, hopefully the fix
is OK!

[Sami, 2016-11-04 11:58:21]

Non-owner lgtm.

[commit-bot: I haz the power, 2016-11-04 12:38:16]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-04 12:38:17]

Dry run: This issue passed the CQ dry run.

[kinuko, 2016-11-04 16:33:05]

kinuko@chromium.org changed reviewers:
+ nhiroki@chromium.org

[kinuko, 2016-11-04 16:33:05]

I think this lgtm.  (Looks like we have a few bugs related to this u-a-f so
hopefully this'll fix them too)  +nhiroki as he probably wants to take a look at
it too

[nhiroki, 2016-11-07 08:43:36]

LGTM. Thank you for working on this!

[alex clarke (OOO till 29th), 2016-11-07 10:08:49]

The CQ bit was checked by alexclarke@chromium.org

[commit-bot: I haz the power, 2016-11-07 10:09:06]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-07 11:22:52]

Description was changed from

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer 
to the messaging proxy because we can't guarantee it's still there when 
the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
==========

to

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer 
to the messaging proxy because we can't guarantee it's still there when 
the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
==========

[commit-bot: I haz the power, 2016-11-07 11:22:53]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-11-07 11:24:55]

Description was changed from

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer 
to the messaging proxy because we can't guarantee it's still there when 
the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427
==========

to

==========
Fix UAF in closures posted from InProcessWorkerObjectProxy

Tasks posted by InProcessWorkerObjectProxy can be arbitrarily delayed
so it's not safe to post a closure with an crossThreadUnretained pointer
to the messaging proxy because we can't guarantee it's still there when
the closure eventually gets run.

We fix this with a WeakPtr.

BUG=660427

Committed: https://crrev.com/31ed1877bdb9c27eae9d9da2a3954c16d5758a9b
Cr-Commit-Position: refs/heads/master@{#430251}
==========

[commit-bot: I haz the power, 2016-11-07 11:24:56]

Patchset 1 (id:??) landed as
https://crrev.com/31ed1877bdb9c27eae9d9da2a3954c16d5758a9b
Cr-Commit-Position: refs/heads/master@{#430251}