Detect reentrancy in MojoVideoDecoder::Stop().

DecoderSelector provides an InitCB that destroys the VideoDecoder
immeidately when initialization fails. This means that |this| is
invalidated immedately upon calling |init_cb_| in MojoVideoDecoder.

This CL adds a WeakPtr-based test for |this| destruction to the
potentially problematic callbacks in MojoVideoDecoder::Stop().

Bug: 839881
Change-Id: I9b1302ad3007a834c95ed1d3845e24b0d07158f8
Reviewed-on: https://chromium-review.googlesource.com/1169907Reviewed-by: Frank Liberato <liberato@chromium.org>
Commit-Queue: Dan Sanders <sandersd@chromium.org>
Cr-Commit-Position: refs/heads/master@{#581954}

media/mojo/clients/mojo_video_decoder.cc

@@ -373,11 +373,22 @@ void MojoVideoDecoder::Stop() {
 
   has_connection_error_ = true;
 
+  // |init_cb_| is likely to reentrantly destruct |this|, so we check for that
+  // using an on-stack WeakPtr.
+  // TODO(sandersd): Update the VideoDecoder API to be explicit about what
+  // reentrancy is allowed, and therefore which callbacks must be posted.
+  base::WeakPtr<MojoVideoDecoder> weak_this = weak_this_;
+
   if (!init_cb_.is_null())
     base::ResetAndReturn(&init_cb_).Run(false);
+  if (!weak_this)
+    return;
 
-  for (const auto& pending_decode : pending_decodes_)
+  for (const auto& pending_decode : pending_decodes_) {
     pending_decode.second.Run(DecodeStatus::DECODE_ERROR);
+    if (!weak_this)
+      return;
+  }
   pending_decodes_.clear();
 
   if (!reset_cb_.is_null())