103592 2012-11-28 20:21:58 -0800 DRT - crashed in WebCore::SearchFieldCancelButtonElement::defaultEventHandler 2012-12-02 18:37:59 -0800 1 1 1 Unclassified WebKit UI Events 528+ (Nightly build) All All CLOSED FIXED P2 Normal --- 103819 0 xiaobwang webkit-unassigned dglazkov mifenton mkwst ojan rwlbuis staikos tkent tonikitoo webkit.review.bot oldest_to_newest 778626 0 xiaobwang 2012-11-28 20:21:58 -0800 Got a crash when running DRT test fast/forms/search-delete-while-cancel-button-clicked.html on BlackBerry platform. It doesn't reproduce 100%, but it did happen from time to time. Back Trace ========== #0 WebCore::SearchFieldCancelButtonElement::defaultEventHandler (this=0x4fca4d0, event=0x4eba738) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/html/shadow/TextControlInnerElements.cpp:206 #1 0x7a4f304e in dispatchEventPostProcess (preDispatchEventHandlerResult=0x0, event=..., this=0xdfee38) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/dom/EventDispatcher.cpp:340 #2 WebCore::EventDispatcher::dispatchEvent (this=0xdfee38, prpEvent=...) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/dom/EventDispatcher.cpp:255 #3 0x7a4f9596 in dispatchEvent (dispatcher=0xdfee38, this=0x4e66e00) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/dom/MouseEvent.cpp:215 #4 WebCore::MouseEventDispatchMediator::dispatchEvent (this=0x4e66e00, dispatcher=0xdfee38) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/dom/MouseEvent.cpp:204 #5 0x7a4f2770 in WebCore::EventDispatcher::dispatchEvent (node=<optimized out>, mediator=...) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/dom/EventDispatcher.cpp:128 #6 0x79daab66 in WebCore::Node::dispatchMouseEvent (this=0x4fca4d0, event=..., eventType=..., detail=<optimized out>, relatedTarget=0x3a06618) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/dom/Node.cpp:2664 #7 0x79f6d504 in WebCore::EventHandler::updateMouseEventTargetNode (this=0x1cddd8, targetNode=<optimized out>, mouseEvent=..., fireMouseOverOut=<optimized out>) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/page/EventHandler.cpp:2235 #8 0x79f6d6ae in WebCore::EventHandler::dispatchMouseEvent (this=0x1cddd8, eventType=..., targetNode=0x3a06618, clickCount=0, mouseEvent=..., setUnder=true) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/page/EventHandler.cpp:2252 #9 0x79f6e312 in WebCore::EventHandler::handleMouseMoveEvent (this=<optimized out>, mouseEvent=..., hoveredNode=<optimized out>, onlyUpdateScrollbars=<optimized out>) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/page/EventHandler.cpp:1827 #10 0x79f6f7f0 in WebCore::EventHandler::mouseMoved (this=0x1cddd8, event=...) at /home/yanbin/workspace/playbook/webkit/Source/WebCore/page/EventHandler.cpp:1699 #11 0x79c909c6 in BlackBerry::WebKit::WebPagePrivate::handleMouseEvent (this=0x1446d8, mouseEvent=...) at /home/yanbin/workspace/playbook/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:4021 #12 0x79c90bae in BlackBerry::WebKit::WebPage::mouseEvent (this=0x18a938, mouseEvent=..., wheelDeltaAccepted=0x0) at /home/yanbin/workspace/playbook/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:3965 #13 0x79ce098c in mouseMoveToCallback (context=0x8e6090, function=<optimized out>, thisObject=<optimized out>, argumentCount=<optimized out>, arguments=0xdff49c, exception=0xdff510) at /home/yanbin/workspace/playbook/webkit/Tools/DumpRenderTree/blackberry/EventSender.cpp:99 #14 0x7a8fe7b6 in JSC::JSCallbackFunction::call (exec=0x8e6090) at /home/yanbin/workspace/playbook/webkit/Source/JavaScriptCore/API/JSCallbackFunction.cpp:73 #15 0x7a877f22 in JSC::JITStubThunked_op_call_NotJSFunction (args=0xdff578) at /home/yanbin/workspace/playbook/webkit/Source/JavaScriptCore/jit/JITStubs.cpp:2275 #16 0x7a874b64 in cti_op_call_NotJSFunction () from libwebkit.so.0 #17 0x0011519a in ?? () #18 0x0011519a in ?? () The issue is when we handle the mouseout event in the search field cancel button, the input element has already been removed. See code below. void SearchFieldCancelButtonElement::defaultEventHandler(Event* event) { // If the element is visible, on mouseup, clear the value, and set selection RefPtr<HTMLInputElement> input(static_cast<HTMLInputElement*>(shadowHost())); /**********BUG: input is null if the input element has been removed.*****/ if (input->disabled() || input->readOnly()) { if (!event->defaultHandled()) HTMLDivElement::defaultEventHandler(event); return; } ... } Further investigation shows we're trying to send mouseout event to the old node AFTER it has been detached, see log below. Note the log below is from a DRT run with NO crash. Output of instrumented code ============================ Debug - EventHandler::handleMouseMoveEvent() Debug - newSubframe = 0 Debug - EventHandler::updateMouseEventTargetNode(): m_nodeUnderMouse is 0 Debug - EventHandler::handleMouseMoveEvent() Debug - newSubframe = 0 Debug - EventHandler::updateMouseEventTargetNode(): m_nodeUnderMouse=5db2d8 (DIV, , 1) Debug - SearchFieldCancelButtonElement::defaultEventHandler: input is 4e0300 Debug - SearchFieldCancelButtonElement::defaultEventHandler: input is 4e0300 Debug - EventHandler::updateMouseEventTargetNode(): m_nodeUnderMouse=5db2d8 (DIV, , 1) Debug - SearchFieldCancelButtonElement::defaultEventHandler: input is 4e0300 Debug - EventHandler::setCapturingMouseEventsNode: 0x5db2d8 Debug - SearchFieldCancelButtonElement::detach(): m_capturing=1 <====== Cancel button detached. Debug - EventHandler::setCapturingMouseEventsNode: 0x0 Debug - frame->eventHandler()->setCapturingMouseEventsNode(0) Debug - EventHandler::handleMouseMoveEvent() Debug - newSubframe = 0 Debug - EventHandler::updateMouseEventTargetNode(): m_nodeUnderMouse=1dd840 (INPUT, , 1) Debug - SearchFieldCancelButtonElement::defaultEventHandler: input is 4e0300 <====== Called after detached, because it is the m_lastNodeUnderMouse. Debug - EventHandler::updateMouseEventTargetNode(): m_lastNodeUnderMouse=5db2d8 (DIV, , 1) Debug - EventHandler::updateMouseEventTargetNode(): m_nodeUnderMouse=1dd840 (INPUT, , 1) Debug - EventHandler::updateMouseEventTargetNode(): m_nodeUnderMouse=1dd840 (INPUT, , 1) Debug - EventHandler::updateMouseEventTargetNode(): m_nodeUnderMouse=1dd840 (INPUT, , 1) This tests that events don't continue to target a search cancel button if it is deleted while mouse is down. clicking in cancel deleting search input clicking button button click! 778677 1 176644 xiaobwang 2012-11-28 21:43:20 -0800 Created attachment 176644 patch The crash happened when we try to send mouseout event to the old node which has been detached. We should forget the detached old node. 778702 2 176644 webkit.review.bot 2012-11-28 22:28:07 -0800 Comment on attachment 176644 patch Attachment 176644 did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/15023708 New failing tests: fast/events/mouseout-dead-node.html fast/events/mouseover-mouseout2.html fast/events/mouseover-mouseout.html 778732 3 xiaobwang 2012-11-28 23:36:32 -0800 Oops, looks like we still expect to dispatch message to the detached nodes. That's why the 3 tests failed. See https://bugs.webkit.org/show_bug.cgi?id=12918 Need another patch. 778867 4 176687 xiaobwang 2012-11-29 02:55:50 -0800 Created attachment 176687 patch - checking pointer So that the other 3 tests can pass. 778941 5 176687 tkent 2012-11-29 05:27:50 -0800 Comment on attachment 176687 patch - checking pointer View in context: https://bugs.webkit.org/attachment.cgi?id=176687&action=review > Source/WebCore/ChangeLog:19 > + (WebCore::SearchFieldCancelButtonElement::defaultEventHandler): > + (WebCore::InputFieldSpeechButtonElement::defaultEventHandler): SearchFieldResultsButtonElement::defaultEventHandler should have a similar change. > Source/WebCore/html/shadow/TextControlInnerElements.cpp:200 > - if (input->disabled() || input->readOnly()) { > + if (!input || input->disabled() || input->readOnly()) { You have to update SearchFieldCancelButtonElement::willRespondToMouseClickEvents too. > Source/WebCore/html/shadow/TextControlInnerElements.cpp:285 > - if (input->disabled() || input->readOnly()) { > + if (!input || input->disabled() || input->readOnly()) { You have to update InputFieldSpeechButtonElement::willRespondToMouseClickEvents too. 778942 6 176687 tkent 2012-11-29 05:29:13 -0800 Comment on attachment 176687 patch - checking pointer View in context: https://bugs.webkit.org/attachment.cgi?id=176687&action=review > Source/WebCore/ChangeLog:3 > + [BlackBerry] DRT - crashed on WebCore::SearchFieldCancelButtonElement The change is platform-independent. We should remove [BlackBerry] prefix from the summary. 778966 7 xiaobwang 2012-11-29 06:45:33 -0800 Thanks for the good suggestions! 778968 8 176718 xiaobwang 2012-11-29 06:47:43 -0800 Created attachment 176718 patch - checking pointer in more places 778969 9 xiaobwang 2012-11-29 06:48:20 -0800 platform=All 779029 10 176718 tonikitoo 2012-11-29 08:37:17 -0800 Comment on attachment 176718 patch - checking pointer in more places View in context: https://bugs.webkit.org/attachment.cgi?id=176718&action=review > Source/WebCore/ChangeLog:13 > + The crash happened when the search field cancel button handles mouseout > + event after the search input was detached. When it happens the input > + element returned from shadowHost() is null, need to check the pointer > + before dereferencing. > + InputFieldSpeechButton and SearchFieldResultsButtonElement have the > + similar issue. The patch itself looks good, but I would feel confident if you find out and described why it passes for other platforms without your fix. 779088 11 ap 2012-11-29 09:24:56 -0800 Per bug 97395, it also crashes on Mac. Please dupe accordingly. 779986 12 xiaobwang 2012-11-30 03:26:44 -0800 (In reply to comment #10) > (From update of attachment 176718 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=176718&action=review > > > Source/WebCore/ChangeLog:13 > > + The crash happened when the search field cancel button handles mouseout > > + event after the search input was detached. When it happens the input > > + element returned from shadowHost() is null, need to check the pointer > > + before dereferencing. > > + InputFieldSpeechButton and SearchFieldResultsButtonElement have the > > + similar issue. > > The patch itself looks good, but I would feel confident if you find out and described why it passes for other platforms without your fix. Good question, I need more investigation for the answer:) 780138 13 staikos 2012-11-30 08:37:59 -0800 (In reply to comment #10) > (From update of attachment 176718 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=176718&action=review > > > Source/WebCore/ChangeLog:13 > > + The crash happened when the search field cancel button handles mouseout > > + event after the search input was detached. When it happens the input > > + element returned from shadowHost() is null, need to check the pointer > > + before dereferencing. > > + InputFieldSpeechButton and SearchFieldResultsButtonElement have the > > + similar issue. > > The patch itself looks good, but I would feel confident if you find out and described why it passes for other platforms without your fix. Per Alexey it crashes Mac too. It is flakey... it takes some work to trigger it. 780700 14 xiaobwang 2012-12-01 02:27:08 -0800 Yes, it's very flaky. When we remove the input element with JavaScript "search.parentNode.removeChild(search)", the search type input control is detached from DOM tree. It's shadow nodes are also detached, but they're not removed. So in SearchFieldCancelButtonElement::defaultEventHandler(), we can still get the shadowRoot and ShadowHost. The shadow roots are removed on JavaScript GC, see back trace below. How and when GC is performed is platform dependent. This might be the reason why it didn't crash on other platforms. Back trace when removing ShadowRoots for the input element =========================================================== WebCore::ElementShadow::removeAllShadowRoots() at ElementShadow.cpp:102 0x794ae1a8 WebCore::Element::~Element() at Element.cpp:142 0x794a8ed2 WebCore::StyledElement::~StyledElement() at StyledElement.cpp:141 0x794cf650 ~HTMLElement() at HTMLElement.h:45 0x795750dc WebCore::LabelableElement::~LabelableElement() at LabelableElement.cpp:41 0x795750dc WebCore::HTMLFormControlElement::~HTMLFormControlElement() at HTMLFormControlElement.cpp:70 0x795460ca WebCore::HTMLFormControlElementWithState::~HTMLFormControlElementWithState() at HTMLFormControlElementWithState.cpp:42 0x79cdc9a6 WebCore::HTMLTextFormControlElement::~HTMLTextFormControlElement() at HTMLTextFormControlElement.cpp:66 0x7956d874 WebCore::HTMLInputElement::~HTMLInputElement() at HTMLInputElement.cpp:159 0x7954dc2c WebCore::HTMLInputElement::~HTMLInputElement() at HTMLInputElement.cpp:159 0x7954dd0c WebCore::Node::removedLastRef() at Node.cpp:2,884 0x794b8816 deref() at TreeShared.h:81 0x798f7a3e releaseImpl() at JSNode.h:69 0x798f7a3e WebCore::JSNodeOwner::finalize() at JSNodeCustom.cpp:144 0x798f7a3e finalize() at WeakSetInlines.h:52 0x7a021284 JSC::WeakBlock::sweep() at WeakBlock.cpp:80 0x7a021284 JSC::WeakSet::sweep() at WeakSet.cpp:47 0x7a020fca JSC::MarkedBlock::sweep() at MarkedBlock.cpp:106 0x7a01d24a sweepNextBlock() at IncrementalSweeper.cpp:130 0x7a01bf3a JSC::IncrementalSweeper::doSweep() at IncrementalSweeper.cpp:104 0x7a01bf3a JSC::HeapTimer::timerDidFire() at HeapTimer.cpp:119 0x7a01bc84 fired() at BlackBerryPlatformTimer.h:118 0x7a01bdee For the flakiness of GC, it's reasonable to do point checking in these places. 780713 15 176718 tkent 2012-12-01 04:34:05 -0800 Comment on attachment 176718 patch - checking pointer in more places ok 780715 16 176718 webkit.review.bot 2012-12-01 04:40:17 -0800 Comment on attachment 176718 patch - checking pointer in more places Clearing flags on attachment: 176718 Committed r136309: <http://trac.webkit.org/changeset/136309> 780716 17 webkit.review.bot 2012-12-01 04:40:22 -0800 All reviewed patches have been landed. Closing bug. 780763 18 webkit.review.bot 2012-12-01 12:17:36 -0800 Re-opened since this is blocked by bug 103819 780866 19 mkwst 2012-12-02 00:49:47 -0800 (In reply to comment #18) > Re-opened since this is blocked by bug 103819 Sorry, I was mistaken! Closing this again. 781080 20 xiaobwang 2012-12-02 18:37:59 -0800 close it. 176644 2012-11-28 21:43:20 -0800 2012-11-29 02:55:50 -0800 patch 0001-BlackBerry-DRT-crashed-on-WebCore-SearchFieldCancelB.patch text/plain 2464 xiaobwang RnJvbSBmNDA4MGYwZTNmNDlkY2QwZTNhOTI5MWUxYWNhMmM4NzUxMzMyYWJlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBYaWFvYm8gV2FuZyA8eGJ3YW5nQHRvcmNobW9iaWxlLmNvbS5j bj4KRGF0ZTogVGh1LCAyOSBOb3YgMjAxMiAxMjoyODoyMiArMDgwMApTdWJqZWN0OiBbUEFUQ0hd IFtCbGFja0JlcnJ5XSBEUlQgLSBjcmFzaGVkIG9uCiBXZWJDb3JlOjpTZWFyY2hGaWVsZENhbmNl bEJ1dHRvbkVsZW1lbnQKIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0x MDM1OTIKClJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgoKVGhlIGNyYXNoIGhhcHBlbmVkIHdo ZW4gd2UgdHJ5IHRvIHNlbmQgbW91c2VvdXQgZXZlbnQgdG8gdGhlIG9sZCBub2RlCndoaWNoIGhh cyBiZWVuIGRldGFjaGVkLiBXZSBzaG91bGQgZm9yZ2V0IHRoZSBkZXRhY2hlZCBvbGQgbm9kZS4K Ck5vIG5ldyB0ZXN0cy4gVGhlIHBhdGNoIGZpeGVzIHRoZSBmb2xsb3dpbmcgdGVzdCBvbiBCbGFj a0JlcnJ5IHBsYXRmb3JtLgpUZXN0OiBmYXN0L2Zvcm1zL3NlYXJjaC1kZWxldGUtd2hpbGUtY2Fu Y2VsLWJ1dHRvbi1jbGlja2VkLmh0bWwKCiogcGFnZS9FdmVudEhhbmRsZXIuY3BwOgooV2ViQ29y ZTo6RXZlbnRIYW5kbGVyOjp1cGRhdGVNb3VzZUV2ZW50VGFyZ2V0Tm9kZSk6Ci0tLQogU291cmNl L1dlYkNvcmUvQ2hhbmdlTG9nICAgICAgICAgICAgIHwgICAxNiArKysrKysrKysrKysrKysrCiBT b3VyY2UvV2ViQ29yZS9wYWdlL0V2ZW50SGFuZGxlci5jcHAgfCAgICA0ICsrKysKIDIgZmlsZXMg Y2hhbmdlZCwgMjAgaW5zZXJ0aW9ucygrKSwgMCBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS9T b3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg YmVmMTMzMy4uOTI2ZDVkZSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisr KyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE5IEBACisyMDEyLTExLTI4 ICBYaWFvYm8gV2FuZyAgPHhid2FuZ0B0b3JjaG1vYmlsZS5jb20uY24+CisKKyAgICAgICAgW0Js YWNrQmVycnldIERSVCAtIGNyYXNoZWQgb24gV2ViQ29yZTo6U2VhcmNoRmllbGRDYW5jZWxCdXR0 b25FbGVtZW50CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0xMDM1OTIKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBUaGUgY3Jhc2ggaGFwcGVuZWQgd2hlbiB3ZSB0cnkgdG8gc2VuZCBtb3VzZW91dCBldmVudCB0 byB0aGUgb2xkIG5vZGUKKyAgICAgICAgd2hpY2ggaGFzIGJlZW4gZGV0YWNoZWQuIFdlIHNob3Vs ZCBmb3JnZXQgdGhlIGRldGFjaGVkIG9sZCBub2RlLgorCisgICAgICAgIE5vIG5ldyB0ZXN0cy4g VGhlIHBhdGNoIGZpeGVzIHRoZSBmb2xsb3dpbmcgdGVzdCBvbiBCbGFja0JlcnJ5IHBsYXRmb3Jt LgorICAgICAgICBUZXN0OiBmYXN0L2Zvcm1zL3NlYXJjaC1kZWxldGUtd2hpbGUtY2FuY2VsLWJ1 dHRvbi1jbGlja2VkLmh0bWwKKworICAgICAgICAqIHBhZ2UvRXZlbnRIYW5kbGVyLmNwcDoKKyAg ICAgICAgKFdlYkNvcmU6OkV2ZW50SGFuZGxlcjo6dXBkYXRlTW91c2VFdmVudFRhcmdldE5vZGUp OgorCiAyMDEyLTExLTI4ICBIYXlhdG8gSXRvICA8aGF5YXRvQGNocm9taXVtLm9yZz4KIAogICAg ICAgICBOb2RlOjpjb21wYXJlRG9jdW1lbnRQb3NpdGlvbiByZXR1cm5zIHdyb25nIHZhbHVlIGZv ciBhIG5vZGUgaW4gdGhlIGRpZmZlcmVudCBzaGFkb3cgdHJlZS4KZGlmZiAtLWdpdCBhL1NvdXJj ZS9XZWJDb3JlL3BhZ2UvRXZlbnRIYW5kbGVyLmNwcCBiL1NvdXJjZS9XZWJDb3JlL3BhZ2UvRXZl bnRIYW5kbGVyLmNwcAppbmRleCBkYTdkMjIzLi5mYmE4M2M3IDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS9wYWdlL0V2ZW50SGFuZGxlci5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGFnZS9F dmVudEhhbmRsZXIuY3BwCkBAIC0yMzMzLDYgKzIzMzMsMTAgQEAgdm9pZCBFdmVudEhhbmRsZXI6 OnVwZGF0ZU1vdXNlRXZlbnRUYXJnZXROb2RlKE5vZGUqIHRhcmdldE5vZGUsIGNvbnN0IFBsYXRm b3JtTW8KICNlbmRpZgogICAgICAgICB9CiAKKyAgICAgICAgLy8gRm9yZ2V0IHRoZSBvbGQgbm9k ZSBpZiBpdCBoYXMgYmVlbiBkZXRhY2hlZAorICAgICAgICBpZiAobV9sYXN0Tm9kZVVuZGVyTW91 c2UgJiYgIW1fbGFzdE5vZGVVbmRlck1vdXNlLT5hdHRhY2hlZCgpKQorICAgICAgICAgICAgbV9s YXN0Tm9kZVVuZGVyTW91c2UgPSAwOworCiAgICAgICAgIGlmIChtX2xhc3ROb2RlVW5kZXJNb3Vz ZSAhPSBtX25vZGVVbmRlck1vdXNlKSB7CiAgICAgICAgICAgICAvLyBzZW5kIG1vdXNlb3V0IGV2 ZW50IHRvIHRoZSBvbGQgbm9kZQogICAgICAgICAgICAgaWYgKG1fbGFzdE5vZGVVbmRlck1vdXNl KQotLSAKMS43LjYKCg== 176687 2012-11-29 02:55:50 -0800 2012-11-29 06:47:43 -0800 patch - checking pointer 0001-BlackBerry-DRT-crashed-on-WebCore-SearchFieldCancelB.patch text/plain 3569 xiaobwang RnJvbSA4MGM5MGEzZGRhYmU3ZWVkZDRhOWYwNmI0OWMwOTJjZWM1N2IwNjU5IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBYaWFvYm8gV2FuZyA8eGJ3YW5nQHRvcmNobW9iaWxlLmNvbS5j bj4KRGF0ZTogVGh1LCAyOSBOb3YgMjAxMiAxODo0OToyMiArMDgwMApTdWJqZWN0OiBbUEFUQ0hd IFtCbGFja0JlcnJ5XSBEUlQgLSBjcmFzaGVkIG9uCiBXZWJDb3JlOjpTZWFyY2hGaWVsZENhbmNl bEJ1dHRvbkVsZW1lbnQKIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0x MDM1OTIKClJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgoKVGhlIGNyYXNoIGhhcHBlbmVkIHdo ZW4gdGhlIHNlYXJjaCBmaWVsZCBjYW5jZWwgYnV0dG9uIGhhbmRsZXMgbW91c2VvdXQKZXZlbnQg YWZ0ZXIgdGhlIHNlYXJjaCBpbnB1dCB3YXMgZGV0YWNoZWQuIFdoZW4gaXQgaGFwcGVucyB0aGUg aW5wdXQKZWxlbWVudCByZXR1cm5lZCBmcm9tIHNoYWRvd0hvc3QoKSBpcyBudWxsLCBuZWVkIHRv IGNoZWNrIHRoZSBwb2ludGVyCmJlZm9yZSBkZXJlZmVyZW5jaW5nLgpJbnB1dEZpZWxkU3BlZWNo QnV0dG9uIGhhcyB0aGUgc2ltaWxhciBpc3N1ZS4KCk5vIG5ldyB0ZXN0cy4gVGhlIHBhdGNoIGZp eGVzIHRoZSBmb2xsb3dpbmcgdGVzdCBvbiBCbGFja0JlcnJ5IHBsYXRmb3JtLgpUZXN0OiBmYXN0 L2Zvcm1zL3NlYXJjaC1kZWxldGUtd2hpbGUtY2FuY2VsLWJ1dHRvbi1jbGlja2VkLmh0bWwKCiog aHRtbC9zaGFkb3cvVGV4dENvbnRyb2xJbm5lckVsZW1lbnRzLmNwcDoKKFdlYkNvcmU6OlNlYXJj aEZpZWxkQ2FuY2VsQnV0dG9uRWxlbWVudDo6ZGVmYXVsdEV2ZW50SGFuZGxlcik6CihXZWJDb3Jl OjpJbnB1dEZpZWxkU3BlZWNoQnV0dG9uRWxlbWVudDo6ZGVmYXVsdEV2ZW50SGFuZGxlcik6Ci0t LQogU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAg IDIwICsrKysrKysrKysrKysrKysrKysrCiAuLi4vaHRtbC9zaGFkb3cvVGV4dENvbnRyb2xJbm5l ckVsZW1lbnRzLmNwcCAgICAgICB8ICAgIDQgKystLQogMiBmaWxlcyBjaGFuZ2VkLCAyMiBpbnNl cnRpb25zKCspLCAyIGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCBiZWYxMzMzLi5mNmQ2MWQ4 IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNv cmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjMgQEAKKzIwMTItMTEtMjkgIFhpYW9ibyBXYW5nICA8 eGJ3YW5nQHRvcmNobW9iaWxlLmNvbS5jbj4KKworICAgICAgICBbQmxhY2tCZXJyeV0gRFJUIC0g Y3Jhc2hlZCBvbiBXZWJDb3JlOjpTZWFyY2hGaWVsZENhbmNlbEJ1dHRvbkVsZW1lbnQKKyAgICAg ICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEwMzU5MgorCisgICAg ICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoZSBjcmFzaCBoYXBw ZW5lZCB3aGVuIHRoZSBzZWFyY2ggZmllbGQgY2FuY2VsIGJ1dHRvbiBoYW5kbGVzIG1vdXNlb3V0 CisgICAgICAgIGV2ZW50IGFmdGVyIHRoZSBzZWFyY2ggaW5wdXQgd2FzIGRldGFjaGVkLiBXaGVu IGl0IGhhcHBlbnMgdGhlIGlucHV0CisgICAgICAgIGVsZW1lbnQgcmV0dXJuZWQgZnJvbSBzaGFk b3dIb3N0KCkgaXMgbnVsbCwgbmVlZCB0byBjaGVjayB0aGUgcG9pbnRlcgorICAgICAgICBiZWZv cmUgZGVyZWZlcmVuY2luZy4KKyAgICAgICAgSW5wdXRGaWVsZFNwZWVjaEJ1dHRvbiBoYXMgdGhl IHNpbWlsYXIgaXNzdWUuCisKKyAgICAgICAgTm8gbmV3IHRlc3RzLiBUaGUgcGF0Y2ggZml4ZXMg dGhlIGZvbGxvd2luZyB0ZXN0IG9uIEJsYWNrQmVycnkgcGxhdGZvcm0uCisgICAgICAgIFRlc3Q6 IGZhc3QvZm9ybXMvc2VhcmNoLWRlbGV0ZS13aGlsZS1jYW5jZWwtYnV0dG9uLWNsaWNrZWQuaHRt bAorCisgICAgICAgICogaHRtbC9zaGFkb3cvVGV4dENvbnRyb2xJbm5lckVsZW1lbnRzLmNwcDoK KyAgICAgICAgKFdlYkNvcmU6OlNlYXJjaEZpZWxkQ2FuY2VsQnV0dG9uRWxlbWVudDo6ZGVmYXVs dEV2ZW50SGFuZGxlcik6CisgICAgICAgIChXZWJDb3JlOjpJbnB1dEZpZWxkU3BlZWNoQnV0dG9u RWxlbWVudDo6ZGVmYXVsdEV2ZW50SGFuZGxlcik6CisKIDIwMTItMTEtMjggIEhheWF0byBJdG8g IDxoYXlhdG9AY2hyb21pdW0ub3JnPgogCiAgICAgICAgIE5vZGU6OmNvbXBhcmVEb2N1bWVudFBv c2l0aW9uIHJldHVybnMgd3JvbmcgdmFsdWUgZm9yIGEgbm9kZSBpbiB0aGUgZGlmZmVyZW50IHNo YWRvdyB0cmVlLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvaHRtbC9zaGFkb3cvVGV4dENv bnRyb2xJbm5lckVsZW1lbnRzLmNwcCBiL1NvdXJjZS9XZWJDb3JlL2h0bWwvc2hhZG93L1RleHRD b250cm9sSW5uZXJFbGVtZW50cy5jcHAKaW5kZXggYzc5YzViOC4uZDA4N2YwYyAxMDA2NDQKLS0t IGEvU291cmNlL1dlYkNvcmUvaHRtbC9zaGFkb3cvVGV4dENvbnRyb2xJbm5lckVsZW1lbnRzLmNw cAorKysgYi9Tb3VyY2UvV2ViQ29yZS9odG1sL3NoYWRvdy9UZXh0Q29udHJvbElubmVyRWxlbWVu dHMuY3BwCkBAIC0xOTcsNyArMTk3LDcgQEAgdm9pZCBTZWFyY2hGaWVsZENhbmNlbEJ1dHRvbkVs ZW1lbnQ6OmRlZmF1bHRFdmVudEhhbmRsZXIoRXZlbnQqIGV2ZW50KQogewogICAgIC8vIElmIHRo ZSBlbGVtZW50IGlzIHZpc2libGUsIG9uIG1vdXNldXAsIGNsZWFyIHRoZSB2YWx1ZSwgYW5kIHNl dCBzZWxlY3Rpb24KICAgICBSZWZQdHI8SFRNTElucHV0RWxlbWVudD4gaW5wdXQoc3RhdGljX2Nh c3Q8SFRNTElucHV0RWxlbWVudCo+KHNoYWRvd0hvc3QoKSkpOwotICAgIGlmIChpbnB1dC0+ZGlz YWJsZWQoKSB8fCBpbnB1dC0+cmVhZE9ubHkoKSkgeworICAgIGlmICghaW5wdXQgfHwgaW5wdXQt PmRpc2FibGVkKCkgfHwgaW5wdXQtPnJlYWRPbmx5KCkpIHsKICAgICAgICAgaWYgKCFldmVudC0+ ZGVmYXVsdEhhbmRsZWQoKSkKICAgICAgICAgICAgIEhUTUxEaXZFbGVtZW50OjpkZWZhdWx0RXZl bnRIYW5kbGVyKGV2ZW50KTsKICAgICAgICAgcmV0dXJuOwpAQCAtMjgyLDcgKzI4Miw3IEBAIHZv aWQgSW5wdXRGaWVsZFNwZWVjaEJ1dHRvbkVsZW1lbnQ6OmRlZmF1bHRFdmVudEhhbmRsZXIoRXZl bnQqIGV2ZW50KQogICAgIC8vIGhlcmUsIHdlIHRha2UgYSB0ZW1wb3JhcnkgcmVmZXJlbmNlLgog ICAgIFJlZlB0cjxIVE1MSW5wdXRFbGVtZW50PiBpbnB1dChzdGF0aWNfY2FzdDxIVE1MSW5wdXRF bGVtZW50Kj4oc2hhZG93SG9zdCgpKSk7CiAKLSAgICBpZiAoaW5wdXQtPmRpc2FibGVkKCkgfHwg aW5wdXQtPnJlYWRPbmx5KCkpIHsKKyAgICBpZiAoIWlucHV0IHx8IGlucHV0LT5kaXNhYmxlZCgp IHx8IGlucHV0LT5yZWFkT25seSgpKSB7CiAgICAgICAgIGlmICghZXZlbnQtPmRlZmF1bHRIYW5k bGVkKCkpCiAgICAgICAgICAgICBIVE1MRGl2RWxlbWVudDo6ZGVmYXVsdEV2ZW50SGFuZGxlcihl dmVudCk7CiAgICAgICAgIHJldHVybjsKLS0gCjEuNy42Cgo= 176718 2012-11-29 06:47:43 -0800 2012-12-01 04:40:17 -0800 patch - checking pointer in more places 0001-DRT-crashed-in-WebCore-SearchFieldCancelButtonElemen.patch text/plain 6286 xiaobwang RnJvbSA3MzRkMjM4MTYzMjUxMzdkNmEzOGViMjlhYzg3ZmQ3NjFlZjE1MTM4IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBYaWFvYm8gV2FuZyA8eGlhb2JvLndhbmdAdG9yY2htb2JpbGUu Y29tLmNuPgpEYXRlOiBUaHUsIDI5IE5vdiAyMDEyIDIyOjM5OjUwICswODAwClN1YmplY3Q6IFtQ QVRDSF0gRFJUIC0gY3Jhc2hlZCBpbgogV2ViQ29yZTo6U2VhcmNoRmllbGRDYW5jZWxCdXR0b25F bGVtZW50OjpkZWZhdWx0RXZlbnRIYW5kbGVyCiBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MTAzNTkyCgpSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KClRoZSBjcmFz aCBoYXBwZW5lZCB3aGVuIHRoZSBzZWFyY2ggZmllbGQgY2FuY2VsIGJ1dHRvbiBoYW5kbGVzIG1v dXNlb3V0CmV2ZW50IGFmdGVyIHRoZSBzZWFyY2ggaW5wdXQgd2FzIGRldGFjaGVkLiBXaGVuIGl0 IGhhcHBlbnMgdGhlIGlucHV0CmVsZW1lbnQgcmV0dXJuZWQgZnJvbSBzaGFkb3dIb3N0KCkgaXMg bnVsbCwgbmVlZCB0byBjaGVjayB0aGUgcG9pbnRlcgpiZWZvcmUgZGVyZWZlcmVuY2luZy4KSW5w dXRGaWVsZFNwZWVjaEJ1dHRvbiBhbmQgU2VhcmNoRmllbGRSZXN1bHRzQnV0dG9uRWxlbWVudCBo YXZlIHRoZQpzaW1pbGFyIGlzc3VlLgoKTm8gbmV3IHRlc3RzLiBUaGUgcGF0Y2ggZml4ZXMgdGhl IGZvbGxvd2luZyB0ZXN0IG9uIEJsYWNrQmVycnkgcGxhdGZvcm0uClRlc3Q6IGZhc3QvZm9ybXMv c2VhcmNoLWRlbGV0ZS13aGlsZS1jYW5jZWwtYnV0dG9uLWNsaWNrZWQuaHRtbAoKKiBodG1sL3No YWRvdy9UZXh0Q29udHJvbElubmVyRWxlbWVudHMuY3BwOgooV2ViQ29yZTo6U2VhcmNoRmllbGRS ZXN1bHRzQnV0dG9uRWxlbWVudDo6ZGVmYXVsdEV2ZW50SGFuZGxlcik6CihXZWJDb3JlOjpTZWFy Y2hGaWVsZENhbmNlbEJ1dHRvbkVsZW1lbnQ6OmRlZmF1bHRFdmVudEhhbmRsZXIpOgooV2ViQ29y ZTo6U2VhcmNoRmllbGRDYW5jZWxCdXR0b25FbGVtZW50Ojp3aWxsUmVzcG9uZFRvTW91c2VDbGlj a0V2ZW50cyk6CihXZWJDb3JlOjpJbnB1dEZpZWxkU3BlZWNoQnV0dG9uRWxlbWVudDo6ZGVmYXVs dEV2ZW50SGFuZGxlcik6CihXZWJDb3JlOjpJbnB1dEZpZWxkU3BlZWNoQnV0dG9uRWxlbWVudDo6 d2lsbFJlc3BvbmRUb01vdXNlQ2xpY2tFdmVudHMpOgooV2ViQ29yZTo6SW5wdXRGaWVsZFNwZWVj aEJ1dHRvbkVsZW1lbnQ6OnNldFJlY29nbml0aW9uUmVzdWx0KToKLS0tCiBTb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgMjUgKysrKysrKysrKysr KysrKysrKysKIC4uLi9odG1sL3NoYWRvdy9UZXh0Q29udHJvbElubmVyRWxlbWVudHMuY3BwICAg ICAgIHwgICAxMiArKysrKy0tLS0tCiAyIGZpbGVzIGNoYW5nZWQsIDMxIGluc2VydGlvbnMoKyks IDYgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nIGIv U291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCmluZGV4IDZkOTJmMGUuLmJhNzBlMTIgMTAwNjQ0Ci0t LSBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VM b2cKQEAgLTEsMyArMSwyOCBAQAorMjAxMi0xMS0yOSAgWGlhb2JvIFdhbmcgIDx4aWFvYm8ud2Fu Z0B0b3JjaG1vYmlsZS5jb20uY24+CisKKyAgICAgICAgRFJUIC0gY3Jhc2hlZCBpbiBXZWJDb3Jl OjpTZWFyY2hGaWVsZENhbmNlbEJ1dHRvbkVsZW1lbnQ6OmRlZmF1bHRFdmVudEhhbmRsZXIKKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEwMzU5MgorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRoZSBjcmFzaCBo YXBwZW5lZCB3aGVuIHRoZSBzZWFyY2ggZmllbGQgY2FuY2VsIGJ1dHRvbiBoYW5kbGVzIG1vdXNl b3V0CisgICAgICAgIGV2ZW50IGFmdGVyIHRoZSBzZWFyY2ggaW5wdXQgd2FzIGRldGFjaGVkLiBX aGVuIGl0IGhhcHBlbnMgdGhlIGlucHV0CisgICAgICAgIGVsZW1lbnQgcmV0dXJuZWQgZnJvbSBz aGFkb3dIb3N0KCkgaXMgbnVsbCwgbmVlZCB0byBjaGVjayB0aGUgcG9pbnRlcgorICAgICAgICBi ZWZvcmUgZGVyZWZlcmVuY2luZy4KKyAgICAgICAgSW5wdXRGaWVsZFNwZWVjaEJ1dHRvbiBhbmQg U2VhcmNoRmllbGRSZXN1bHRzQnV0dG9uRWxlbWVudCBoYXZlIHRoZQorICAgICAgICBzaW1pbGFy IGlzc3VlLgorCisgICAgICAgIE5vIG5ldyB0ZXN0cy4gVGhlIHBhdGNoIGZpeGVzIHRoZSBmb2xs b3dpbmcgdGVzdCBvbiBCbGFja0JlcnJ5IHBsYXRmb3JtLgorICAgICAgICBUZXN0OiBmYXN0L2Zv cm1zL3NlYXJjaC1kZWxldGUtd2hpbGUtY2FuY2VsLWJ1dHRvbi1jbGlja2VkLmh0bWwKKworICAg ICAgICAqIGh0bWwvc2hhZG93L1RleHRDb250cm9sSW5uZXJFbGVtZW50cy5jcHA6CisgICAgICAg IChXZWJDb3JlOjpTZWFyY2hGaWVsZFJlc3VsdHNCdXR0b25FbGVtZW50OjpkZWZhdWx0RXZlbnRI YW5kbGVyKToKKyAgICAgICAgKFdlYkNvcmU6OlNlYXJjaEZpZWxkQ2FuY2VsQnV0dG9uRWxlbWVu dDo6ZGVmYXVsdEV2ZW50SGFuZGxlcik6CisgICAgICAgIChXZWJDb3JlOjpTZWFyY2hGaWVsZENh bmNlbEJ1dHRvbkVsZW1lbnQ6OndpbGxSZXNwb25kVG9Nb3VzZUNsaWNrRXZlbnRzKToKKyAgICAg ICAgKFdlYkNvcmU6OklucHV0RmllbGRTcGVlY2hCdXR0b25FbGVtZW50OjpkZWZhdWx0RXZlbnRI YW5kbGVyKToKKyAgICAgICAgKFdlYkNvcmU6OklucHV0RmllbGRTcGVlY2hCdXR0b25FbGVtZW50 Ojp3aWxsUmVzcG9uZFRvTW91c2VDbGlja0V2ZW50cyk6CisgICAgICAgIChXZWJDb3JlOjpJbnB1 dEZpZWxkU3BlZWNoQnV0dG9uRWxlbWVudDo6c2V0UmVjb2duaXRpb25SZXN1bHQpOgorCiAyMDEy LTExLTI5ICBBbmR5IFNoYXcgIDxhbmR5LnNoYXdAZGlnaWEuY29tPgogCiAgICAgICAgIFtRdF0g SW1wbGVtZW50IHN1cHBvcnQgZm9yIENvY29hIGJhc2VkIE5QQVBJIHBsdWdpbnMgb24gTWFjCmRp ZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9odG1sL3NoYWRvdy9UZXh0Q29udHJvbElubmVyRWxl bWVudHMuY3BwIGIvU291cmNlL1dlYkNvcmUvaHRtbC9zaGFkb3cvVGV4dENvbnRyb2xJbm5lckVs ZW1lbnRzLmNwcAppbmRleCBjNzljNWI4Li5kNjY2ZmNlIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2Vi Q29yZS9odG1sL3NoYWRvdy9UZXh0Q29udHJvbElubmVyRWxlbWVudHMuY3BwCisrKyBiL1NvdXJj ZS9XZWJDb3JlL2h0bWwvc2hhZG93L1RleHRDb250cm9sSW5uZXJFbGVtZW50cy5jcHAKQEAgLTE0 NCw3ICsxNDQsNyBAQCB2b2lkIFNlYXJjaEZpZWxkUmVzdWx0c0J1dHRvbkVsZW1lbnQ6OmRlZmF1 bHRFdmVudEhhbmRsZXIoRXZlbnQqIGV2ZW50KQogewogICAgIC8vIE9uIG1vdXNlZG93biwgYnJp bmcgdXAgYSBtZW51LCBpZiBuZWVkZWQKICAgICBIVE1MSW5wdXRFbGVtZW50KiBpbnB1dCA9IHN0 YXRpY19jYXN0PEhUTUxJbnB1dEVsZW1lbnQqPihzaGFkb3dIb3N0KCkpOwotICAgIGlmIChldmVu dC0+dHlwZSgpID09IGV2ZW50TmFtZXMoKS5tb3VzZWRvd25FdmVudCAmJiBldmVudC0+aXNNb3Vz ZUV2ZW50KCkgJiYgc3RhdGljX2Nhc3Q8TW91c2VFdmVudCo+KGV2ZW50KS0+YnV0dG9uKCkgPT0g TGVmdEJ1dHRvbikgeworICAgIGlmIChpbnB1dCAmJiBldmVudC0+dHlwZSgpID09IGV2ZW50TmFt ZXMoKS5tb3VzZWRvd25FdmVudCAmJiBldmVudC0+aXNNb3VzZUV2ZW50KCkgJiYgc3RhdGljX2Nh c3Q8TW91c2VFdmVudCo+KGV2ZW50KS0+YnV0dG9uKCkgPT0gTGVmdEJ1dHRvbikgewogICAgICAg ICBpbnB1dC0+Zm9jdXMoKTsKICAgICAgICAgaW5wdXQtPnNlbGVjdCgpOwogICAgICAgICBSZW5k ZXJTZWFyY2hGaWVsZCogcmVuZGVyZXIgPSB0b1JlbmRlclNlYXJjaEZpZWxkKGlucHV0LT5yZW5k ZXJlcigpKTsKQEAgLTE5Nyw3ICsxOTcsNyBAQCB2b2lkIFNlYXJjaEZpZWxkQ2FuY2VsQnV0dG9u RWxlbWVudDo6ZGVmYXVsdEV2ZW50SGFuZGxlcihFdmVudCogZXZlbnQpCiB7CiAgICAgLy8gSWYg dGhlIGVsZW1lbnQgaXMgdmlzaWJsZSwgb24gbW91c2V1cCwgY2xlYXIgdGhlIHZhbHVlLCBhbmQg c2V0IHNlbGVjdGlvbgogICAgIFJlZlB0cjxIVE1MSW5wdXRFbGVtZW50PiBpbnB1dChzdGF0aWNf Y2FzdDxIVE1MSW5wdXRFbGVtZW50Kj4oc2hhZG93SG9zdCgpKSk7Ci0gICAgaWYgKGlucHV0LT5k aXNhYmxlZCgpIHx8IGlucHV0LT5yZWFkT25seSgpKSB7CisgICAgaWYgKCFpbnB1dCB8fCBpbnB1 dC0+ZGlzYWJsZWQoKSB8fCBpbnB1dC0+cmVhZE9ubHkoKSkgewogICAgICAgICBpZiAoIWV2ZW50 LT5kZWZhdWx0SGFuZGxlZCgpKQogICAgICAgICAgICAgSFRNTERpdkVsZW1lbnQ6OmRlZmF1bHRF dmVudEhhbmRsZXIoZXZlbnQpOwogICAgICAgICByZXR1cm47CkBAIC0yMzYsNyArMjM2LDcgQEAg dm9pZCBTZWFyY2hGaWVsZENhbmNlbEJ1dHRvbkVsZW1lbnQ6OmRlZmF1bHRFdmVudEhhbmRsZXIo RXZlbnQqIGV2ZW50KQogYm9vbCBTZWFyY2hGaWVsZENhbmNlbEJ1dHRvbkVsZW1lbnQ6OndpbGxS ZXNwb25kVG9Nb3VzZUNsaWNrRXZlbnRzKCkKIHsKICAgICBjb25zdCBIVE1MSW5wdXRFbGVtZW50 KiBpbnB1dCA9IHN0YXRpY19jYXN0PEhUTUxJbnB1dEVsZW1lbnQqPihzaGFkb3dIb3N0KCkpOwot ICAgIGlmICghaW5wdXQtPmRpc2FibGVkKCkgJiYgIWlucHV0LT5yZWFkT25seSgpKQorICAgIGlm IChpbnB1dCAmJiAhaW5wdXQtPmRpc2FibGVkKCkgJiYgIWlucHV0LT5yZWFkT25seSgpKQogICAg ICAgICByZXR1cm4gdHJ1ZTsKIAogICAgIHJldHVybiBIVE1MRGl2RWxlbWVudDo6d2lsbFJlc3Bv bmRUb01vdXNlQ2xpY2tFdmVudHMoKTsKQEAgLTI4Miw3ICsyODIsNyBAQCB2b2lkIElucHV0Rmll bGRTcGVlY2hCdXR0b25FbGVtZW50OjpkZWZhdWx0RXZlbnRIYW5kbGVyKEV2ZW50KiBldmVudCkK ICAgICAvLyBoZXJlLCB3ZSB0YWtlIGEgdGVtcG9yYXJ5IHJlZmVyZW5jZS4KICAgICBSZWZQdHI8 SFRNTElucHV0RWxlbWVudD4gaW5wdXQoc3RhdGljX2Nhc3Q8SFRNTElucHV0RWxlbWVudCo+KHNo YWRvd0hvc3QoKSkpOwogCi0gICAgaWYgKGlucHV0LT5kaXNhYmxlZCgpIHx8IGlucHV0LT5yZWFk T25seSgpKSB7CisgICAgaWYgKCFpbnB1dCB8fCBpbnB1dC0+ZGlzYWJsZWQoKSB8fCBpbnB1dC0+ cmVhZE9ubHkoKSkgewogICAgICAgICBpZiAoIWV2ZW50LT5kZWZhdWx0SGFuZGxlZCgpKQogICAg ICAgICAgICAgSFRNTERpdkVsZW1lbnQ6OmRlZmF1bHRFdmVudEhhbmRsZXIoZXZlbnQpOwogICAg ICAgICByZXR1cm47CkBAIC0zMzMsNyArMzMzLDcgQEAgdm9pZCBJbnB1dEZpZWxkU3BlZWNoQnV0 dG9uRWxlbWVudDo6ZGVmYXVsdEV2ZW50SGFuZGxlcihFdmVudCogZXZlbnQpCiBib29sIElucHV0 RmllbGRTcGVlY2hCdXR0b25FbGVtZW50Ojp3aWxsUmVzcG9uZFRvTW91c2VDbGlja0V2ZW50cygp CiB7CiAgICAgY29uc3QgSFRNTElucHV0RWxlbWVudCogaW5wdXQgPSBzdGF0aWNfY2FzdDxIVE1M SW5wdXRFbGVtZW50Kj4oc2hhZG93SG9zdCgpKTsKLSAgICBpZiAoIWlucHV0LT5kaXNhYmxlZCgp ICYmICFpbnB1dC0+cmVhZE9ubHkoKSkKKyAgICBpZiAoaW5wdXQgJiYgIWlucHV0LT5kaXNhYmxl ZCgpICYmICFpbnB1dC0+cmVhZE9ubHkoKSkKICAgICAgICAgcmV0dXJuIHRydWU7CiAKICAgICBy ZXR1cm4gSFRNTERpdkVsZW1lbnQ6OndpbGxSZXNwb25kVG9Nb3VzZUNsaWNrRXZlbnRzKCk7CkBA IC0zNzAsNyArMzcwLDcgQEAgdm9pZCBJbnB1dEZpZWxkU3BlZWNoQnV0dG9uRWxlbWVudDo6c2V0 UmVjb2duaXRpb25SZXN1bHQoaW50LCBjb25zdCBTcGVlY2hJbnB1dFIKICAgICAvLyByZW1vdmUg dGhlIGlucHV0IGVsZW1lbnQgZnJvbSBET00uIFRvIG1ha2Ugc3VyZSBpdCByZW1haW5zIHZhbGlk IHVudGlsIHdlIGZpbmlzaCBvdXIgd29yawogICAgIC8vIGhlcmUsIHdlIHRha2UgYSB0ZW1wb3Jh cnkgcmVmZXJlbmNlLgogICAgIFJlZlB0cjxIVE1MSW5wdXRFbGVtZW50PiBpbnB1dChzdGF0aWNf Y2FzdDxIVE1MSW5wdXRFbGVtZW50Kj4oc2hhZG93SG9zdCgpKSk7Ci0gICAgaWYgKGlucHV0LT5k aXNhYmxlZCgpIHx8IGlucHV0LT5yZWFkT25seSgpKQorICAgIGlmICghaW5wdXQgfHwgaW5wdXQt PmRpc2FibGVkKCkgfHwgaW5wdXQtPnJlYWRPbmx5KCkpCiAgICAgICAgIHJldHVybjsKIAogICAg IFJlZlB0cjxJbnB1dEZpZWxkU3BlZWNoQnV0dG9uRWxlbWVudD4gaG9sZFJlZkJ1dHRvbih0aGlz KTsKLS0gCjEuNy45LjUKCg==