And in seems a similar issue also affects OfflinePageModelTaskified::PublishInternalArchive but in that case the unique pointer will be destroyed when that method concludes, destroying the archiver before it finishes processing the PublishArchive request.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc

commit 6ec81c24d281b5f226a8daa805f8fd5f8c8100fc
Author: Carlos Knippschild <carlosk@chromium.org>
Date: Wed Jun 06 01:29:06 2018

Fixes cases of user after free of the OfflinePageArchiver instance

The publish code from OfflinePageModelTaskified was deleting the
instance of OfflinePageArchiver right after requesting the publishing of
pages instead of waiting until they were done. This CL addresses that by
changing both the internal and external implementation of the publish
methods to use pending_archivers_ to store that instance until the
action callback is received.

This bug was also partially hidden away because test code was not
post-tasking the callback but calling it directly instead. So that has
also been changed to more closely mimic the runtime code. Nonetheless
the runtime code has alse been made more resistant to the cases where
the non-post-task callback happens.

Bug:  847630 
Change-Id: I1df933ed43a54fa4dccf342fcd7da46403d1a0ea
Reviewed-on: https://chromium-review.googlesource.com/1077656
Reviewed-by: Peter Williamson <petewil@chromium.org>
Commit-Queue: Carlos Knippschild <carlosk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#564761}
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/chrome/browser/offline_pages/offline_page_mhtml_archiver.cc
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/chrome/browser/offline_pages/offline_page_mhtml_archiver.h
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/chrome/browser/offline_pages/offline_page_mhtml_archiver_unittest.cc
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/chrome/browser/offline_pages/offline_page_request_handler_unittest.cc
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/model/offline_page_model_taskified.cc
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/model/offline_page_model_taskified.h
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/model/offline_page_model_taskified_unittest.cc
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/offline_page_archiver.cc
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/offline_page_archiver.h
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/offline_page_archiver_unittest.cc
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/offline_page_model.h
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/offline_page_test_archiver.cc
[modify] https://crrev.com/6ec81c24d281b5f226a8daa805f8fd5f8c8100fc/components/offline_pages/core/offline_page_test_archiver.h