MutationObserver: Fix a null-pointer dereference in MutationObserverRegistration::unregister.

MutationObserver: Fix a null-pointer dereference in MutationObserverRegistration::unregister.

Before Oilpan was enabled, MutationObserverRegistration couldn't outlive
m_registrationNode. After enabling Oilpan, it's possible that a
MutationObserverRegsitration outlives its m_registrationNode.
Reproducible scenario:
 - No Persistent/Member references to both of objects,
 - No pointer to the m_registrationNode on the stack,
 - A pointer to the MutationObserveRegistration exists on the stack, and
 - Conservative GC is executed.

BUG=657613
Committed: https://crrev.com/afe73aec9717475be1979d3a052cb3fd81da8e17
Cr-Commit-Position: refs/heads/master@{#434616}

[tkent, 2016-11-28 04:09:53]

The CQ bit was checked by tkent@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-28 04:10:08]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-28 04:29:22]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-28 04:29:23]

Dry run: Try jobs failed on following builders:
  linux_chromium_compile_dbg_ng on master.tryserver.chromium.linux (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)

[tkent, 2016-11-28 04:58:59]

The CQ bit was checked by tkent@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-28 04:59:11]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[tkent, 2016-11-28 05:12:10]

Patchset #1 (id:1) has been deleted

[tkent, 2016-11-28 06:05:27]

The CQ bit was checked by tkent@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-11-28 06:05:39]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[tkent, 2016-11-28 06:33:46]

Patchset #1 (id:20001) has been deleted

[tkent, 2016-11-28 07:12:06]

tkent@chromium.org changed reviewers:
+ keishi@chromium.org

[tkent, 2016-11-28 07:12:06]

Keishi@, can you review this?  This is a regression by Oilpan.

[keishi, 2016-11-28 07:56:38]

LGTM

[commit-bot: I haz the power, 2016-11-28 08:02:48]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-11-28 08:02:49]

Dry run: This issue passed the CQ dry run.

[tkent, 2016-11-28 08:03:32]

The CQ bit was checked by tkent@chromium.org

[commit-bot: I haz the power, 2016-11-28 08:03:56]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-11-28 08:07:56]

CQ is committing da patch.

Bot data: {"patchset_id": 40001, "attempt_start_ts": 1480320212543020,
"parent_rev": "ae5f4b9c96619bd118b44817bdbf8d574d15ae61", "commit_rev":
"90e7c72a9259c3db31cd47bc27aaa830bd6785e1"}

[commit-bot: I haz the power, 2016-11-28 08:08:20]

Committed patchset #1 (id:40001)

[commit-bot: I haz the power, 2016-11-28 08:10:52]

Description was changed from

==========
MutationObserver: Fix a null-pointer dereference in
MutationObserverRegistration::unregister.

Before Oilpan was enabled, MutationObserverRegistration couldn't outlive
m_registrationNode. After enabling Oilpan, it's possible that a
MutationObserverRegsitration outlives its m_registrationNode.
Reproducible scenario:
 - No Persistent/Member references to both of objects,
 - No pointer to the m_registrationNode on the stack,
 - A pointer to the MutationObserveRegistration exists on the stack, and
 - Conservative GC is executed.

BUG=657613
==========

to

==========
MutationObserver: Fix a null-pointer dereference in
MutationObserverRegistration::unregister.

Before Oilpan was enabled, MutationObserverRegistration couldn't outlive
m_registrationNode. After enabling Oilpan, it's possible that a
MutationObserverRegsitration outlives its m_registrationNode.
Reproducible scenario:
 - No Persistent/Member references to both of objects,
 - No pointer to the m_registrationNode on the stack,
 - A pointer to the MutationObserveRegistration exists on the stack, and
 - Conservative GC is executed.

BUG=657613

Committed: https://crrev.com/afe73aec9717475be1979d3a052cb3fd81da8e17
Cr-Commit-Position: refs/heads/master@{#434616}
==========

[commit-bot: I haz the power, 2016-11-28 08:10:53]

Patchset 1 (id:??) landed as
https://crrev.com/afe73aec9717475be1979d3a052cb3fd81da8e17
Cr-Commit-Position: refs/heads/master@{#434616}