Ensure that the refcount on InternalGetCommandRequest stays non-zero through a PostTask

The problem was that BaseSessionService::ScheduleGetLastSessionCommands() was posting a task with a InternalGetCommandsRequest* request parameter by calling NewRunnableMethod(.., &SessionBackend::ReadLastSessionCommands, request).  SessnionBackend::ReadLastSessionCommands takes one parameter of type scoped_refptr<InternalGetCommandsRequest>.  However, NewRunnableMethod was matching the template because an InternalGetCommandsRequest* is implicitly convertable to a scoped_refptr<InternalGetCommandsRequest> but it was not actually creating the scoped_refptr<> (and thus bumping the refcount) until the task was dispatched.  By this time the refcount on the InternalGetCommandsRequest had already dropped to zero, leading to memory corruption.

This fixes the problem by passing a scoped_refptr<...> in to NewRunnableMethod() to ensure that it is copied and that the refcount stays up.

TEST=covered by TabRestoreUITest.RestoreIntoSameWindow - caused very intermittend failures locally
BUG=none

Review URL: http://codereview.chromium.org/404012

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32240 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 1 insertions, 1 deletions

diff --git a/chrome/browser/sessions/base_session_service.cc b/chrome/browser/sessions/base_session_service.cc
index fcafbe0..64b3949 100644
--- a/chrome/browser/sessions/base_session_service.cc
+++ b/chrome/browser/sessions/base_session_service.cc
@@ -229,7 +229,7 @@ BaseSessionService::Handle BaseSessionService::ScheduleGetLastSessionCommands(
   AddRequest(request, consumer);
   if (backend_thread()) {
     backend_thread()->message_loop()->PostTask(FROM_HERE, NewRunnableMethod(
-        backend(), &SessionBackend::ReadLastSessionCommands, request));
+        backend(), &SessionBackend::ReadLastSessionCommands, request_wrapper));
   } else {
     backend()->ReadLastSessionCommands(request);
   }