GitLab

This was introduced in r585571. The cause is that MojoDataPump could be hanging on to an unretained callback to CastTransportImpl::OnReadResult. CastSocketImpl::CloseInternal() would reset CastTransportImpl but not MojoDataPump. Depending on the timing of when the data comes back, a UAF could happen.

Bug: 878021
Change-Id: I1edf4d2bfdc6ed7c47344f715a7323ed6954cbf7
Reviewed-on: https://chromium-review.googlesource.com/1195747Reviewed-by: Derek Cheng <imcheng@chromium.org>
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#587245}