Merge changes Ib69ddd4d,Ib28c69a6,I342b9f6b

* changes:
  Cherry-pick WebKit change 53441 to make changes to Geolocation
  Bring Geolocation up-to-date with WebKit change 53342 to make suspend/resume public
  Cherry-pick WebKit change 52104 to make changes to Geolocation

4 files changed, 40 insertions, 9 deletions

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 777f32b..20bedf2 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,30 @@
+2010-01-18  Steve Falkenburg  <sfalken@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        <https://bugs.webkit.org/show_bug.cgi?id=33816>        
+        Crashes in Geolocation code due to refcounting, observer balance issues.
+        
+        Hold a ref to the GeoNotifier while dispatching a callback. The code was
+        copying a data member to avoid accessing a freed this ptr, but was still
+        using the this ptr.
+        
+        Geolocation::removeObserver calls are not always balanced with addObserver.
+        Instead of asserting and continuing, don't try to remove non-existant
+        observers.
+
+        * page/Geolocation.cpp:
+        (WebCore::Geolocation::GeoNotifier::timerFired): Protect notifier.
+        * page/GeolocationController.cpp:
+        (WebCore::GeolocationController::removeObserver): Change ASSERT into an if with early return.
+
+2009-12-14  Sam Weinig  <sam@webkit.org>
+
+        Fix the build.
+
+        * page/Geolocation.cpp:
+        * page/Geolocation.h:
+
 2010-01-21  Steve Block  <steveblock@google.com>
 
         Reviewed by David Levin.
diff --git a/WebCore/page/Geolocation.cpp b/WebCore/page/Geolocation.cpp
index f0578a8..cc5cc93 100644
--- a/WebCore/page/Geolocation.cpp
+++ b/WebCore/page/Geolocation.cpp
@@ -44,7 +44,6 @@
 #include "GeolocationController.h"
 #include "GeolocationError.h"
 #include "GeolocationPosition.h"
-#include "Geoposition.h"
 #include "PositionError.h"
 #endif
 
@@ -122,15 +121,15 @@ void Geolocation::GeoNotifier::timerFired(Timer<GeoNotifier>*)
 {
     m_timer.stop();
 
-    // Cache our pointer to the Geolocation object, as this GeoNotifier object
+    // Protect this GeoNotifier object, since it
     // could be deleted by a call to clearWatch in a callback.
-    Geolocation* geolocation = m_geolocation;
+    RefPtr<GeoNotifier> protect(this);
 
     if (m_fatalError) {
         if (m_errorCallback)
             m_errorCallback->handleEvent(m_fatalError.get());
         // This will cause this notifier to be deleted.
-        geolocation->fatalErrorOccurred(this);
+        m_geolocation->fatalErrorOccurred(this);
         return;
     }
 
@@ -139,7 +138,7 @@ void Geolocation::GeoNotifier::timerFired(Timer<GeoNotifier>*)
         // Clear the cached position in case this is a watch request, which
         // will continue to run.
         m_cachedPosition = 0;
-        geolocation->requestReturnedCachedPosition(this);
+        m_geolocation->requestReturnedCachedPosition(this);
         return;
     }
 
@@ -147,7 +146,7 @@ void Geolocation::GeoNotifier::timerFired(Timer<GeoNotifier>*)
         RefPtr<PositionError> error = PositionError::create(PositionError::TIMEOUT, "Timeout expired");
         m_errorCallback->handleEvent(error.get());
     }
-    geolocation->requestTimedOut(this);
+    m_geolocation->requestTimedOut(this);
 }
 
 void Geolocation::Watchers::set(int id, PassRefPtr<GeoNotifier> prpNotifier)
@@ -496,14 +495,18 @@ void Geolocation::clearWatch(int watchId)
 
 void Geolocation::suspend()
 {
+#if !ENABLE(CLIENT_BASED_GEOLOCATION)
     if (hasListeners())
         m_service->suspend();
+#endif
 }
 
 void Geolocation::resume()
 {
+#if !ENABLE(CLIENT_BASED_GEOLOCATION)
     if (hasListeners())
         m_service->resume();
+#endif
 }
 
 void Geolocation::setIsAllowed(bool allowed)
diff --git a/WebCore/page/Geolocation.h b/WebCore/page/Geolocation.h
index 5b5feb5..3006b29 100644
--- a/WebCore/page/Geolocation.h
+++ b/WebCore/page/Geolocation.h
@@ -34,11 +34,11 @@
 #include "PositionErrorCallback.h"
 #include "PositionOptions.h"
 #include "Timer.h"
-#include <wtf/Platform.h>
 #include <wtf/HashMap.h>
 #include <wtf/HashSet.h>
 #include <wtf/OwnPtr.h>
 #include <wtf/PassRefPtr.h>
+#include <wtf/Platform.h>
 #include <wtf/RefCounted.h>
 #include <wtf/RefPtr.h>
 #include <wtf/Vector.h>
@@ -73,7 +73,7 @@ public:
 
     void suspend();
     void resume();
-    
+
     void setIsAllowed(bool);
     bool isAllowed() const { return m_allowGeolocation == Yes; }
     bool isDenied() const { return m_allowGeolocation == No; }
diff --git a/WebCore/page/GeolocationController.cpp b/WebCore/page/GeolocationController.cpp
index 44eba6e..968e854 100644
--- a/WebCore/page/GeolocationController.cpp
+++ b/WebCore/page/GeolocationController.cpp
@@ -54,7 +54,8 @@ void GeolocationController::addObserver(Geolocation* observer)
 
 void GeolocationController::removeObserver(Geolocation* observer)
 {
-    ASSERT(m_observers.contains(observer));
+    if (!m_observers.contains(observer))
+        return;
 
     m_observers.remove(observer);
     if (m_observers.isEmpty())