Prevent re-entrancy into ProxyScriptFetcherImpl from ~URLRequestContext.

The problem is that ProxyScriptFetcherImpl::OnFetchComplete() will delete the URLRequest, which may hold the last reference to the URLRequestContext, which will destroy the ProxyScriptFetcherImpl, which still thinks the URLRequest is alive, although we are in its destructor.  Furthermore, even if we dodge that bullet, ProxyScriptFetcherImpl::OnFetchComplete() will invoke the user callback after deleting the URLRequest.  This callback is to the InitProxyResolver object, which got deleted in ~URLRequestContext.

So, we work around both of these problems by extending the lifetime of the URLRequestContext by acquiring a reference, which we release after deleting the URLRequest and invoking the user callback.

The real solution is to stop refcounting URLRequestContext and do explicit destruction ordering.  That's beyond the scope of this changelist.

BUG=64253
TEST=none

Review URL: http://codereview.chromium.org/5256002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67181 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 0 deletions

diff --git a/net/proxy/proxy_script_fetcher_impl.cc b/net/proxy/proxy_script_fetcher_impl.cc
index 882aba8..221e5c0 100644
--- a/net/proxy/proxy_script_fetcher_impl.cc
+++ b/net/proxy/proxy_script_fetcher_impl.cc
@@ -260,6 +260,9 @@ void ProxyScriptFetcherImpl::FetchCompleted() {
   int result_code = result_code_;
   CompletionCallback* callback = callback_;
 
+  // Hold a reference to the URLRequestContext to prevent re-entrancy from
+  // ~URLRequestContext.
+  scoped_refptr<URLRequestContext> context(cur_request_->context());
   ResetCurRequestState();
 
   callback->Run(result_code);