Destroy (Password)AutofillAgent safely

AutofillAgent and related code often edits field values. Those edits may trigger JavaScript capable of deleting the associated frame. Currently, AutofillAgent and related classes are RenderFrameObservers and delete themselves on the frame deletion. This results in use-after-free if the deletion happens up in the stack and there is still the method which changed the field value down on the stack.

Therefore this CL postpones deletion by sending a DeleteSoon task on the frame destruction. The CL also changes a couple of places relying on render frame being alive if the observer is alive to handle a null frame gratefully.

R=dvadym@chromium.org
BUG=609010,609007,608100,608101

Review-Url: https://codereview.chromium.org/1946143002
Cr-Commit-Position: refs/heads/master@{#391524}
(cherry picked from commit d62bc3e6e2c3be6bbb01fa325e3389f089974017)

Review URL: https://codereview.chromium.org/1960023002 .

Cr-Commit-Position: refs/branch-heads/2704@{#441}
Cr-Branched-From: 6e53600def8f60d8c632fadc70d7c1939ccea347-refs/heads/master@{#386251}
7 files changed