Fixes a memory corruption bug in proximity_auth::ProximityAuthBleSystem.

This memory corruption was causing the crash reported in
crbug.com/508190.

BUG=508190

Review URL: https://codereview.chromium.org/1214843006

Cr-Commit-Position: refs/heads/master@{#338023}

1 files changed, 6 insertions, 2 deletions

diff --git a/components/proximity_auth/ble/proximity_auth_ble_system.cc b/components/proximity_auth/ble/proximity_auth_ble_system.cc
index 7b7fad4..aa3f8da 100644
--- a/components/proximity_auth/ble/proximity_auth_ble_system.cc
+++ b/components/proximity_auth/ble/proximity_auth_ble_system.cc
@@ -293,8 +293,11 @@ void ProximityAuthBleSystem::OnConnectionStatusChanged(
       new_status == Connection::DISCONNECTED) {
     StopPollingScreenState();
 
+    // Note: it's not necessary to destroy the |connection_| here, as it's
+    // already in a DISCONNECTED state. Moreover, destroying it here can cause
+    // memory corruption, since the instance |connection_| still accesses some
+    // internal data members after |OnConnectionStatusChanged()| finishes.
     connection_->RemoveObserver(this);
-    connection_.reset();
 
     connection_finder_.reset(CreateConnectionFinder());
     connection_finder_->Find(
@@ -336,7 +339,8 @@ bool ProximityAuthBleSystem::HasUnlockKey(const std::string& message,
   std::string public_key = message.substr(message_prefix.size());
   if (out_public_key)
     (*out_public_key) = public_key;
-  return unlock_keys_.find(public_key) != unlock_keys_.end();
+  return unlock_keys_.find(public_key) != unlock_keys_.end() ||
+         device_whitelist_->HasDeviceWithPublicKey(public_key);
 }
 
 }  // namespace proximity_auth