[android] Fix a crash in BackgroundTaskUpdateScheduler.

Use a weak ptr factory instead of a base::Unretained to ensure that we
don't get a UAF after deleting BackgroundTaskUpdateScheduler or
cancelling a task.

R=agrieve@chromium.org,tiborg@chromium.org
BUG=880565

Change-Id: Ib6ce448625b3bbb99776dec75d3e8110ab987a34
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1895659Reviewed-by: Tibor Goldschwendt <tiborg@chromium.org>
Reviewed-by: Andrew Grieve <agrieve@chromium.org>
Commit-Queue: Alexander Timin <altimin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#711825}

chrome/browser/android/component_updater/background_task_update_scheduler.cc

@@ -48,6 +48,7 @@ void BackgroundTaskUpdateScheduler::Schedule(
 void BackgroundTaskUpdateScheduler::Stop() {
   Java_UpdateScheduler_cancelTask(base::android::AttachCurrentThread(),
                                   j_update_scheduler_);
+  weak_ptr_factory_.InvalidateWeakPtrs();
 }
 
 void BackgroundTaskUpdateScheduler::OnStartTask(
@@ -58,7 +59,7 @@ void BackgroundTaskUpdateScheduler::OnStartTask(
   base::SequencedTaskRunnerHandle::Get()->PostDelayedTask(
       FROM_HERE,
       base::BindOnce(&BackgroundTaskUpdateScheduler::OnStartTaskDelayed,
-                     base::Unretained(this)),
+                     weak_ptr_factory_.GetWeakPtr()),
       kOnStartTaskDelay);
 }
 

chrome/browser/android/component_updater/background_task_update_scheduler.h

@@ -10,6 +10,7 @@
 #include "base/android/scoped_java_ref.h"
 #include "base/callback.h"
 #include "base/macros.h"
+#include "base/memory/weak_ptr.h"
 #include "components/component_updater/update_scheduler.h"
 
 namespace component_updater {
@@ -43,6 +44,8 @@ class BackgroundTaskUpdateScheduler : public UpdateScheduler {
   UserTask user_task_;
   OnStopTaskCallback on_stop_;
 
+  base::WeakPtrFactory<BackgroundTaskUpdateScheduler> weak_ptr_factory_{this};
+
   DISALLOW_COPY_AND_ASSIGN(BackgroundTaskUpdateScheduler);
 };