Fix NavigationItem use-after-free crash in |-goToItemAtIndex:|

Fix NavigationItem use-after-free crash in |-goToItemAtIndex:|

If a history navigation item occurs and the current NavigationItem is
transient item, it will get discarded in CRWSessionController's
|-discardTransientItem|.  This CL updates history navigation logic to
store copies of the current NavigationItem's information before calling
any CRWSessionController code that might deallocate it.

BUG=700319
Review-Url: https://codereview.chromium.org/2745653007
Cr-Commit-Position: refs/heads/master@{#456190}
Committed: https://chromium.googlesource.com/chromium/src/+/c0f6017abb9aeb5ae1c8e137b6a3671305298b40

[kkhorimoto, 2017-03-10 21:11:55]

kkhorimoto@chromium.org changed reviewers:
+ eugenebut@chromium.org

[Eugene But (OOO till 7-30), 2017-03-10 21:29:52]

lgtm

[kkhorimoto, 2017-03-10 21:31:59]

The CQ bit was checked by kkhorimoto@chromium.org

[commit-bot: I haz the power, 2017-03-10 21:33:02]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[kkhorimoto, 2017-03-10 21:34:02]

The CQ bit was unchecked by kkhorimoto@chromium.org

[kkhorimoto, 2017-03-10 22:10:41]

The CQ bit was checked by kkhorimoto@chromium.org

[kkhorimoto, 2017-03-10 22:10:42]

The patchset sent to the CQ was uploaded after l-g-t-m from
eugenebut@chromium.org
Link to the patchset: https://codereview.chromium.org/2745653007/#ps20001
(title: "test fix")

[commit-bot: I haz the power, 2017-03-10 22:11:09]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-10 22:30:07]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1489183841709510,
"parent_rev": "23aab52c3a86a4b94c476bf499c926d710239b46", "commit_rev":
"c0f6017abb9aeb5ae1c8e137b6a3671305298b40"}

[commit-bot: I haz the power, 2017-03-10 22:30:53]

Description was changed from

==========
Fix NavigationItem use-after-free crash in |-goToItemAtIndex:|

If a history navigation item occurs and the current NavigationItem is
transient item, it will get discarded in CRWSessionController's
|-discardTransientItem|.  This CL updates history navigation logic to
store copies of the current NavigationItem's information before calling
any CRWSessionController code that might deallocate it.

BUG=700319
==========

to

==========
Fix NavigationItem use-after-free crash in |-goToItemAtIndex:|

If a history navigation item occurs and the current NavigationItem is
transient item, it will get discarded in CRWSessionController's
|-discardTransientItem|.  This CL updates history navigation logic to
store copies of the current NavigationItem's information before calling
any CRWSessionController code that might deallocate it.

BUG=700319

Review-Url: https://codereview.chromium.org/2745653007
Cr-Commit-Position: refs/heads/master@{#456190}
Committed:
https://chromium.googlesource.com/chromium/src/+/c0f6017abb9aeb5ae1c8e137b6a3...
==========

[commit-bot: I haz the power, 2017-03-10 22:30:54]

Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/chromium/src/+/c0f6017abb9aeb5ae1c8e137b6a3...