[fsp] Fix crash when reading files.

Before, the net::IOBuffer was being passed as a pointer, from the
FileStreamReader::Read to operations::ReadFile. However, there are PostTask
invocations on the way. When FileStreamReader is deleted after a PostTask is
fired from FileStreamReader::Read, and the operation is not completed, then
the net::IOBuffer will become invalid. When the operation is completed,
operation::ReadFile would cause a segmentation fault.

Since net::IOBuffer is ref counted, we should pass it as ref counted object
to be sure, that the buffer is always valid.

This patch migrates from passing IOBuffer as a pointer, to scoped_refptr.

TEST=Tested manually, that crashing doesn't occur anymore.
BUG=248427

Review URL: https://codereview.chromium.org/301973007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@274174 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/chromeos/file_system_provider/fileapi/file_stream_reader.cc

@@ -5,10 +5,12 @@
 #include "chrome/browser/chromeos/file_system_provider/fileapi/file_stream_reader.h"
 
 #include "base/files/file.h"
+#include "base/memory/ref_counted.h"
 #include "chrome/browser/chromeos/file_system_provider/fileapi/provider_async_file_util.h"
 #include "chrome/browser/chromeos/file_system_provider/mount_path_util.h"
 #include "chrome/browser/chromeos/file_system_provider/provided_file_system_interface.h"
 #include "content/public/browser/browser_thread.h"
+#include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 
 using content::BrowserThread;
@@ -82,7 +84,7 @@ void CloseFileOnUIThread(base::WeakPtr<ProvidedFileSystemInterface> file_system,
 void ReadFileOnUIThread(
     base::WeakPtr<ProvidedFileSystemInterface> file_system,
     int file_handle,
-    net::IOBuffer* buffer,
+    scoped_refptr<net::IOBuffer> buffer,
     int64 offset,
     int length,
     const ProvidedFileSystemInterface::ReadChunkReceivedCallback& callback) {
@@ -206,7 +208,7 @@ int FileStreamReader::Read(net::IOBuffer* buffer,
   if (!file_handle_) {
     Initialize(base::Bind(&FileStreamReader::ReadAfterInitialized,
                           weak_ptr_factory_.GetWeakPtr(),
-                          buffer,
+                          make_scoped_refptr(buffer),
                           buffer_length,
                           callback),
                base::Bind(&Int64ToIntCompletionCallback, callback));
@@ -233,7 +235,7 @@ int64 FileStreamReader::GetLength(
 }
 
 void FileStreamReader::ReadAfterInitialized(
-    net::IOBuffer* buffer,
+    scoped_refptr<net::IOBuffer> buffer,
     int buffer_length,
     const net::CompletionCallback& callback) {
   DCHECK_CURRENTLY_ON(BrowserThread::IO);

chrome/browser/chromeos/file_system_provider/fileapi/file_stream_reader.h

@@ -76,7 +76,7 @@ class FileStreamReader : public webkit_blob::FileStreamReader {
       const base::File::Info& file_info);
 
   // Same as Read(), but called after initializing is completed.
-  void ReadAfterInitialized(net::IOBuffer* buffer,
+  void ReadAfterInitialized(scoped_refptr<net::IOBuffer> buffer,
                             int buffer_length,
                             const net::CompletionCallback& callback);
 

chrome/browser/chromeos/file_system_provider/operations/read_file.cc

@@ -18,7 +18,7 @@ namespace {
 // Convert |value| into |output|. If parsing fails, then returns a negative
 // value. Otherwise returns number of bytes written to the buffer.
 int CopyRequestValueToBuffer(scoped_ptr<RequestValue> value,
-                             net::IOBuffer* buffer,
+                             scoped_refptr<net::IOBuffer> buffer,
                              int buffer_offset,
                              int buffer_length) {
   using extensions::api::file_system_provider_internal::
@@ -45,7 +45,7 @@ ReadFile::ReadFile(
     extensions::EventRouter* event_router,
     const ProvidedFileSystemInfo& file_system_info,
     int file_handle,
-    net::IOBuffer* buffer,
+    scoped_refptr<net::IOBuffer> buffer,
     int64 offset,
     int length,
     const ProvidedFileSystemInterface::ReadChunkReceivedCallback& callback)

chrome/browser/chromeos/file_system_provider/operations/read_file.h

@@ -6,6 +6,7 @@
 #define CHROME_BROWSER_CHROMEOS_FILE_SYSTEM_PROVIDER_OPERATIONS_READ_FILE_H_
 
 #include "base/files/file.h"
+#include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
 #include "chrome/browser/chromeos/file_system_provider/operations/operation.h"
 #include "chrome/browser/chromeos/file_system_provider/provided_file_system_info.h"
@@ -34,7 +35,7 @@ class ReadFile : public Operation {
       extensions::EventRouter* event_router,
       const ProvidedFileSystemInfo& file_system_info,
       int file_handle,
-      net::IOBuffer* buffer,
+      scoped_refptr<net::IOBuffer> buffer,
       int64 offset,
       int length,
       const ProvidedFileSystemInterface::ReadChunkReceivedCallback& callback);
@@ -49,7 +50,7 @@ class ReadFile : public Operation {
 
  private:
   int file_handle_;
-  net::IOBuffer* buffer_;
+  scoped_refptr<net::IOBuffer> buffer_;
   int64 offset_;
   int length_;
   int64 current_offset_;