Avoid memory corruption in sessions sync

Avoid memory corruption in sessions sync

This CL is premised on the theory that the memory corruption and related
crashes are due to invalid input data being fed into the sessions sync
code.  See the linked bug for more details.

Adds two tests that expose the scenario that is believed to be the cause
of the bug.  If checked in on their own, they would crash during
destruction of the SyncedSessionTracker.

Adds a CHECK to prevent the SyncedSessionsTracker from getting in to
a bad state.  The goal of this CHECK is to ensure that all crashes
caused by misuse of the tracker cause a crash immediately, rather than
corrupting the memory allocator's internal data structures and possibly
causing crashes in unrelated code.  The newly added tests would trigger
this CHECK, if not for the last component of this CL.

Adds a filter for incoming sync_pb::SessionHeader values.  Before acting
on the session, the SessionsSyncManager will now verify that the header
does not contain any duplicate tab IDs.  If verification fails, the
header will be ignored.  This part of the CL allows the new tests to
pass.

BUG=360822
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=291158

[rlarocque, 2014-08-20 20:04:20]

Here's an attempt to handle crbug.com/360822.

If you'd like, we could start by committing only the "CHECK" portion of this CL.
 That would help to collect better stacks so we could try to confirm the theory
that this crash is based on bad input.

Personally, I'd prefer to just try to fix it.  If my theory is correct, we'll
know it when we see the crash rate decline.  If my theory is incorrect, we'll
know it when we see the CHECK in crash stacks.

[tim (not reviewing), 2014-08-20 20:27:01]

LGTM

[rlarocque, 2014-08-20 20:30:25]

The CQ bit was checked by rlarocque@chromium.org

[commit-bot: I haz the power, 2014-08-20 20:31:13]

CQ is trying da patch. Follow status at
 https://chromium-status.appspot.com/cq/rlarocque@chromium.org/495593003/1

[commit-bot: I haz the power, 2014-08-20 22:58:39]

FYI, CQ is re-trying this CL (attempt #1).
The failing builders are:
  linux_gpu on tryserver.chromium.gpu
(http://build.chromium.org/p/tryserver.chromium.gpu/builders/linux_gpu/builds/...)
  android_clang_dbg on tryserver.chromium.linux
(http://build.chromium.org/p/tryserver.chromium.linux/builders/android_clang_d...)
  win_chromium_x64_rel_swarming on tryserver.chromium.win
(http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)

[commit-bot: I haz the power, 2014-08-20 23:02:27]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2014-08-20 23:02:28]

Try jobs failed on following builders:
  linux_gpu on tryserver.chromium.gpu
(http://build.chromium.org/p/tryserver.chromium.gpu/builders/linux_gpu/builds/...)
  android_clang_dbg on tryserver.chromium.linux
(http://build.chromium.org/p/tryserver.chromium.linux/builders/android_clang_d...)

[rlarocque, 2014-08-21 17:30:24]

The CQ bit was checked by rlarocque@chromium.org

[commit-bot: I haz the power, 2014-08-21 17:32:46]

CQ is trying da patch. Follow status at
 https://chromium-status.appspot.com/cq/rlarocque@chromium.org/495593003/1

[commit-bot: I haz the power, 2014-08-21 20:13:51]

Committed patchset #1 (1) as 291158