GitLab

If the SubresourceManager is destroyed in the same stack as the
TabHelper's page_.reset(), then it seg faults because TabHelper::
OnPrerenderStop changes state on page_.

To fix, the handle should not be observed when it is cancelled due to
destruction of the SubresourceManager.

FWIW, I checked all other code paths to ensure this is the only place
where this bug can occur.

TBR=ryansturm@chromium.org

Bug: 1107168
Change-Id: Id8f74e2433e2cec2f9c4c2f4ada9a31790df8219
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2306549Reviewed-by: Robert Ogden <robertogden@chromium.org>
Commit-Queue: Robert Ogden <robertogden@chromium.org>
Cr-Commit-Position: refs/heads/master@{#789792}