GitLab

Currently, ExternalInstallError::RemoveError() calls
RemoveExternalInstallError() on ExternalInstallManager (its owner) which deletes
the ExternalInstallError instance. This also causes the deletion of the
extension id, which is passed as a reference. This is further accessed in
ExternalInstallManager::RemoveExternalInstallError leading to a UAF. This CL
fixes the issue by using a copy of the passed string reference in
RemoveExternalInstallError. A regression test is also added which fails on the
current master.

BUG=739142

Change-Id: I26c57a19a7d88e2a11eb17d3c45c371e95de700c
Reviewed-on: https://chromium-review.googlesource.com/572763Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#487266}