[468][Backport] Security bug 431668129

Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/6757109:
Check for existence of this in `DialogDelegate::RunCloseCallback`

Similarly to https://crrev.com/c/6370014 for the repeated callback
variant, widget can get destroyed after running OnceClosure. Since in
case of OnceClosure `already_started_close_` is just assigned to true,
return it directly after running the callback instead of returning
possibly destroyed member at the end.

Fixed: 431668129
Change-Id: I6848d351fb3776a82568300d148b4b9189f52078
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6757109
Commit-Queue: Rafał Godlewski <[email protected]>
Reviewed-by: Keren Zhu <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1487815}
Reviewed-on: https://codereview.qt-project.org/c/qt/qtwebengine-chromium/+/665069
Reviewed-by: Allan Sandfeld Jensen <[email protected]>

Author: Rafal Godlewski

chromium/ui/views/window/dialog_delegate.cc

@@ -243,12 +243,14 @@ bool DialogDelegate::RunCloseCallback(
   if (absl::holds_alternative<base::OnceClosure>(callback)) {
     already_started_close_ = true;
     absl::get<base::OnceClosure>(std::move(callback)).Run();
+    return true;
   } else {
     already_started_close_ =
         absl::get<base::RepeatingCallback<bool()>>(callback).Run();
+    return already_started_close_;
   }
 
-  return already_started_close_;
+  NOTREACHED();
 }
 
 View* DialogDelegate::GetInitiallyFocusedView() {