Fix a crash in SerialIoHandler.

When a receive error occurs, the SerialConnection pauses receives, which
triggers a call to CancelRead(). This should be a no-op as this occurs
after the previous read completed with an error, but
pending_read_buffer_ isn't cleared until after the error is reported to
SerialConnection. Thus, on posix, a call to ReadDone is enqueued, but
the pending read is cleared before it runs, leading to a crash. This
change clears pending_read_buffer_ and pending_write_buffer_ before
calling Done() or DoneWithError().

BUG=410331

Review URL: https://codereview.chromium.org/551713002

Cr-Commit-Position: refs/heads/master@{#293684}

device/serial/serial_io_handler.cc

@@ -114,12 +114,12 @@ void SerialIoHandler::ReadCompleted(int bytes_read,
                                     serial::ReceiveError error) {
   DCHECK(CalledOnValidThread());
   DCHECK(IsReadPending());
+  scoped_ptr<WritableBuffer> pending_read_buffer = pending_read_buffer_.Pass();
   if (error == serial::RECEIVE_ERROR_NONE) {
-    pending_read_buffer_->Done(bytes_read);
+    pending_read_buffer->Done(bytes_read);
   } else {
-    pending_read_buffer_->DoneWithError(bytes_read, error);
+    pending_read_buffer->DoneWithError(bytes_read, error);
   }
-  pending_read_buffer_.reset();
   Release();
 }
 
@@ -127,12 +127,13 @@ void SerialIoHandler::WriteCompleted(int bytes_written,
                                      serial::SendError error) {
   DCHECK(CalledOnValidThread());
   DCHECK(IsWritePending());
+  scoped_ptr<ReadOnlyBuffer> pending_write_buffer =
+      pending_write_buffer_.Pass();
   if (error == serial::SEND_ERROR_NONE) {
-    pending_write_buffer_->Done(bytes_written);
+    pending_write_buffer->Done(bytes_written);
   } else {
-    pending_write_buffer_->DoneWithError(bytes_written, error);
+    pending_write_buffer->DoneWithError(bytes_written, error);
   }
-  pending_write_buffer_.reset();
   Release();
 }