Fix UAF in PerfOutputCall::OnGetPerfOutput().

Running |done_callback_| may delete |this|; it's not safe to continue
execution after that point.

Bug: 1064898
Change-Id: Iffcb4ac54d928c90c207f3455521dac08de0a469
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2122865
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Gabriel Marin <gmx@chromium.org>
Auto-Submit: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Gabriel Marin <gmx@chromium.org>
Cr-Commit-Position: refs/heads/master@{#753790}

chrome/browser/metrics/perf/perf_output.cc

@@ -71,7 +71,7 @@ void PerfOutputCall::OnIOComplete(base::Optional<std::string> result) {
   // the callback argument. Callback can safely use |result| after |this| is
   // deleted.
   std::move(done_callback_).Run(std::move(result).value_or(std::string()));
-  // The callback may delete us, so it's hammertime: Can't touch |this|.
+  // NOTE: |this| may be deleted at this point!
 }
 
 void PerfOutputCall::OnGetPerfOutput(base::Optional<uint64_t> result) {
@@ -81,6 +81,8 @@ void PerfOutputCall::OnGetPerfOutput(base::Optional<uint64_t> result) {
   if (!result.has_value() && perf_data_pipe_reader_.get()) {
     perf_data_pipe_reader_.reset();
     std::move(done_callback_).Run(std::string());
+    // NOTE: |this| may be deleted at this point!
+    return;
   }
 
   // DBus method GetPerfOutputFd returns a generated session ID back to the