ManagePasswordsUIController should make a deep copy of values which it doesn't own.

chrome/browser/ui/passwords/manage_passwords_ui_controller.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/passwords/manage_passwords_ui_controller.h"
 
 #include "chrome/app/chrome_command_ids.h"
 #include "chrome/browser/browsing_data/browsing_data_helper.h"
 #include "chrome/browser/chrome_notification_types.h"
 #include "chrome/browser/password_manager/password_store_factory.h"
@@ skipping 19 matching lines @@
              Profile::EXPLICIT_ACCESS).get();
 }
 
 autofill::ConstPasswordFormMap ConstifyMap(
     const autofill::PasswordFormMap& map) {
   autofill::ConstPasswordFormMap ret;
   ret.insert(map.begin(), map.end());
   return ret;
 }
 
-} // namespace
+// Performs a deep copy of the PasswordForm pointers in |map|. The resulting map
+// is returned via |ret|. |deleter| is populated with these new objects.
+void DeepCopyMap(const autofill::PasswordFormMap& map,
+                 autofill::ConstPasswordFormMap* ret,
+                 ScopedVector<autofill::PasswordForm>* deleter) {
+  ConstifyMap(map).swap(*ret);
+  deleter->clear();
+  for (autofill::ConstPasswordFormMap::iterator i = ret->begin();
+       i != ret->end(); ++i) {
+    deleter->push_back(new autofill::PasswordForm(*i->second));
+    i->second = deleter->back();
+  }
+}
+
+}  // namespace
 
 DEFINE_WEB_CONTENTS_USER_DATA_KEY(ManagePasswordsUIController);
 
 ManagePasswordsUIController::ManagePasswordsUIController(
     content::WebContents* web_contents)
     : content::WebContentsObserver(web_contents),
       state_(password_manager::ui::INACTIVE_STATE) {
   password_manager::PasswordStore* password_store =
       GetPasswordStore(web_contents);
   if (password_store)
@@ skipping 35 matching lines @@
   password_form_map_ = ConstifyMap(form_manager_->best_matches());
   password_form_map_[form_manager_->associated_username()] =
       &form_manager_->pending_credentials();
   origin_ = form_manager_->pending_credentials().origin;
   state_ = password_manager::ui::CONFIRMATION_STATE;
   UpdateBubbleAndIconVisibility();
 }
 
 void ManagePasswordsUIController::OnPasswordAutofilled(
     const PasswordFormMap& password_form_map) {
-  password_form_map_ = ConstifyMap(password_form_map);
+  DeepCopyMap(password_form_map, &password_form_map_, &new_password_forms_);
   origin_ = password_form_map_.begin()->second->origin;
   state_ = password_manager::ui::MANAGE_STATE;
   UpdateBubbleAndIconVisibility();
 }
 
 void ManagePasswordsUIController::OnBlacklistBlockedAutofill(
     const PasswordFormMap& password_form_map) {
-  password_form_map_ = ConstifyMap(password_form_map);
+  DeepCopyMap(password_form_map, &password_form_map_, &new_password_forms_);
   origin_ = password_form_map_.begin()->second->origin;
   state_ = password_manager::ui::BLACKLIST_STATE;
   UpdateBubbleAndIconVisibility();
 }
 
 void ManagePasswordsUIController::WebContentsDestroyed() {
   password_manager::PasswordStore* password_store =
       GetPasswordStore(web_contents());
   if (password_store)
     password_store->RemoveObserver(this);
@@ skipping 142 matching lines @@
     return;
   CommandUpdater* updater = browser->command_controller()->command_updater();
   updater->ExecuteCommand(IDC_MANAGE_PASSWORDS_FOR_PAGE);
 #endif
 }
 
 bool ManagePasswordsUIController::PasswordPendingUserDecision() const {
   return state_ == password_manager::ui::PENDING_PASSWORD_STATE ||
          state_ == password_manager::ui::PENDING_PASSWORD_AND_BUBBLE_STATE;
 }