Fix NavigationItem use-after-free crash in |-goToItemAtIndex:|

Fix NavigationItem use-after-free crash in |-goToItemAtIndex:|

If a history navigation item occurs and the current NavigationItem is
transient item, it will get discarded in CRWSessionController's
|-discardTransientItem|.  This CL updates history navigation logic to
store copies of the current NavigationItem's information before calling
any CRWSessionController code that might deallocate it.

BUG=700319
Review-Url: https://codereview.chromium.org/2745653007
Cr-Commit-Position: refs/heads/master@{#456190}
(cherry picked from commit c0f6017abb9aeb5ae1c8e137b6a3671305298b40)

Review-Url: https://codereview.chromium.org/2757043002 .
Cr-Commit-Position: refs/branch-heads/3029@{#279}
Cr-Branched-From: 939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}
Committed: https://chromium.googlesource.com/chromium/src/+/bda1c548b6b3b69ee60244d49bf986b9e0f4617a

[kkhorimoto, 2017-03-17 22:17:15]

Description was changed from

==========
Fix NavigationItem use-after-free crash in |-goToItemAtIndex:|

If a history navigation item occurs and the current NavigationItem is
transient item, it will get discarded in CRWSessionController's
|-discardTransientItem|.  This CL updates history navigation logic to
store copies of the current NavigationItem's information before calling
any CRWSessionController code that might deallocate it.

BUG=700319

Review-Url: https://codereview.chromium.org/2745653007
Cr-Commit-Position: refs/heads/master@{#456190}
(cherry picked from commit c0f6017abb9aeb5ae1c8e137b6a3671305298b40)
==========

to

==========
Fix NavigationItem use-after-free crash in |-goToItemAtIndex:|

If a history navigation item occurs and the current NavigationItem is
transient item, it will get discarded in CRWSessionController's
|-discardTransientItem|.  This CL updates history navigation logic to
store copies of the current NavigationItem's information before calling
any CRWSessionController code that might deallocate it.

BUG=700319

Review-Url: https://codereview.chromium.org/2745653007
Cr-Commit-Position: refs/heads/master@{#456190}
(cherry picked from commit c0f6017abb9aeb5ae1c8e137b6a3671305298b40)

Review-Url: https://codereview.chromium.org/2757043002 .
Cr-Commit-Position: refs/branch-heads/3029@{#279}
Cr-Branched-From:
939b32ee5ba05c396eef3fd992822fcca9a2e262-refs/heads/master@{#454471}
Committed:
https://chromium.googlesource.com/chromium/src/+/bda1c548b6b3b69ee60244d49bf9...
==========

[kkhorimoto, 2017-03-17 22:17:16]

Committed patchset #1 (id:1) manually as
bda1c548b6b3b69ee60244d49bf986b9e0f4617a.

[jif, 2017-03-20 10:30:14]

A revert of this CL (patchset #1 id:1) has been created in
https://codereview.chromium.org/2757223002/ by jif@chromium.org.

The reason for reverting is: Hi Kurt,
unfortunately this cherry-pick is causing compilation failure on the beta bots,
so I'm have to revert it.

Example of failure:
https://uberchromegw.corp.google.com/i/official.ios/builders/ios/builds/1269
The precise compilation error is: https://paste.googleplex.com/5908319097061376

Note: the beta-simulator and beta-device bots are *not* compiling the latest
beta, so you can't rely on them to find the compilation error. Right now *only*
the official beta builder are failing. I filed a bug about that: crbug/703065
.