Fix a null-pointer dereference in ChromeOS Bluetooth code.

The code had undefined behavior, depending on what order the compiler chose to evaluate the arguments in.  Specifically, the call to RegisterProfile() required evaluation of two arguments: |profile->object_path()| and |base::Bind(success_callback, base::Passed(&profile))|.  If the latter was evaluated first, then |profile| would be null by the time that the prior was evaluated.

The crash stack is:

Program received signal SIGSEGV, Segmentation fault.
std::string::compare() const ()
StartsWithASCII()
dbus::IsValidObjectPath()
dbus::MessageWriter::AppendObjectPath()
chromeos::BluetoothProfileManagerClientImpl::RegisterProfile()
chromeos::BluetoothAdapterProfileChromeOS::Register()
chromeos::BluetoothAdapterChromeOS::UseProfile()
chromeos::BluetoothSocketChromeOS::RegisterProfile()

BUG=457978
TEST=(see bug, comment #14)
R=armansito@chromium.org, jamuraa@chromium.org

Review URL: https://codereview.chromium.org/997023002

Cr-Commit-Position: refs/heads/master@{#320139}

1 files changed, 2 insertions, 1 deletions

diff --git a/device/bluetooth/bluetooth_adapter_profile_chromeos.cc b/device/bluetooth/bluetooth_adapter_profile_chromeos.cc
index f800304..207c55c4 100644
--- a/device/bluetooth/bluetooth_adapter_profile_chromeos.cc
+++ b/device/bluetooth/bluetooth_adapter_profile_chromeos.cc
@@ -28,8 +28,9 @@ void BluetoothAdapterProfileChromeOS::Register(
       new BluetoothAdapterProfileChromeOS(uuid));
 
   VLOG(1) << "Registering profile: " << profile->object_path().value();
+  const dbus::ObjectPath& object_path = profile->object_path();
   DBusThreadManager::Get()->GetBluetoothProfileManagerClient()->RegisterProfile(
-      profile->object_path(),
+      object_path,
       uuid.canonical_value(),
       options,
       base::Bind(success_callback, base::Passed(&profile)),