Possible fix for ExtensionFunctionDispatcher::DispatchWithCallbackInternal.

This is a possible fix for crashes observed in this function. The member
variable browser_context_ is possibly invalid because the object may
be freed by function->Run(). To avoid this we move the call to
ProcessManager::Get() to before where function->Run() is called.

BUG=441679

Review URL: https://codereview.chromium.org/798103002

Cr-Commit-Position: refs/heads/master@{#308214}

1 files changed, 4 insertions, 1 deletions

diff --git a/extensions/browser/extension_function_dispatcher.cc b/extensions/browser/extension_function_dispatcher.cc
index b3f3043..31d1e49 100644
--- a/extensions/browser/extension_function_dispatcher.cc
+++ b/extensions/browser/extension_function_dispatcher.cc
@@ -378,6 +378,9 @@ void ExtensionFunctionDispatcher::DispatchWithCallbackInternal(
     return;
   }
 
+  // Fetch the ProcessManager before |this| is possibly invalidated.
+  ProcessManager* process_manager = ProcessManager::Get(browser_context_);
+
   ExtensionSystem* extension_system = ExtensionSystem::Get(browser_context_);
   QuotaService* quota = extension_system->quota_service();
   std::string violation_error = quota->Assess(extension->id(),
@@ -410,7 +413,7 @@ void ExtensionFunctionDispatcher::DispatchWithCallbackInternal(
   // now, largely for simplicity's sake. This is OK because currently, only
   // the webRequest API uses IOThreadExtensionFunction, and that API is not
   // compatible with lazy background pages.
-  ProcessManager::Get(browser_context_)->IncrementLazyKeepaliveCount(extension);
+  process_manager->IncrementLazyKeepaliveCount(extension);
 }
 
 void ExtensionFunctionDispatcher::OnExtensionFunctionCompleted(