107556 2013-01-22 07:38:34 -0800 [chromium] Use after free in plugins/geturlnotify-during-document-teardown.html 2013-01-31 12:16:51 -0800 1 1 1 Unclassified WebKit Tools / Tests 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 107553 1 jochen webkit-unassigned arv dcarney dglazkov fishd peter tony webkit.review.bot oldest_to_newest 813029 0 jochen 2013-01-22 07:38:34 -0800 The layout test invokes didAddMessageToConsole on a deleted WebViewHost. If you apply the attched patch and run the test, I get the following output: ~0x7f15b70b9a20 0x7f15b70b9a20:didAddMessageToConsole CONSOLE MESSAGE: PLUGIN: NPP_Destroy Content-Type: text/plain This tests that performing a load during document teardown does not cause a crash. Bug #38797 #EOF #EOF ~0x7f15b8f05e20 LEAK: 17 WebCoreNode 813030 1 183985 jochen 2013-01-22 07:39:06 -0800 Created attachment 183985 Patch 813034 2 jochen 2013-01-22 07:53:08 -0800 Here's the backtrace to the WebViewHost destructor: #0 WebViewHost::~WebViewHost (this=0x7fffea69e820, vtt=0x5e62ab8 <VTT for WebTestRunner::WebTestProxy<WebViewHost, TestShell*>+8>) at ../../Tools/DumpRenderTree/chromium/WebViewHost.cpp:1137 #1 0x000000000044ac88 in WebTestRunner::WebTestProxy<WebViewHost, TestShell*>::~WebTestProxy (this=0x7fffea69e820, vtt=0x5e62ab0 <VTT for WebTestRunner::WebTestProxy<WebViewHost, TestShell*>>) at ../../Tools/DumpRenderTree/chromium/TestRunner/public/WebTestProxy.h:159 #2 0x0000000000449120 in WebTestRunner::WebTestProxy<WebViewHost, TestShell*>::~WebTestProxy (this=0x7fffea69e820) at ../../Tools/DumpRenderTree/chromium/TestRunner/public/WebTestProxy.h:159 #3 0x0000000000449159 in WebTestRunner::WebTestProxy<WebViewHost, TestShell*>::~WebTestProxy (this=0x7fffea69e820) at ../../Tools/DumpRenderTree/chromium/TestRunner/public/WebTestProxy.h:159 #4 0x000000000044377d in TestShell::closeWindow (this=0x7fffffffdc08, window=0x7fffea69e820) at ../../Tools/DumpRenderTree/chromium/TestShell.cpp:798 #5 0x000000000045258b in WebViewHost::closeWidget (this=0x7fffea69e820) at ../../Tools/DumpRenderTree/chromium/WebViewHost.cpp:562 #6 0x000000000045c58b in WebViewHost::HostMethodTask::runIfValid (this=0x7fffe99fef80) at ../../Tools/DumpRenderTree/chromium/WebViewHost.h:297 #7 0x000000000045c4cf in WebTestRunner::WebMethodTask<WebViewHost>::run (this=0x7fffe99fef80) at ../../Tools/DumpRenderTree/chromium/TestRunner/public/WebTask.h:84 #8 0x000000000043f23d in (anonymous namespace)::TaskWrapper::Run (this=0x7fffe9e1f3e0) at ../../Tools/DumpRenderTree/chromium/Task.cpp:62 #9 0x0000000000461192 in base::internal::RunnableAdapter<void (webkit_support::TaskAdaptor::*)()>::Run (this=0x7fffffffc7e0, object=0x7fffe9e1f3e0) at ../../Source/WebKit/chromium/base/bind_internal.h:134 #10 0x00000000004610fc in base::internal::InvokeHelper<false, void, base::internal::RunnableAdapter<void (webkit_support::TaskAdaptor::*)()>, void (webkit_support::TaskAdaptor*)>::MakeItSo(base::internal::RunnableAdapter<void (webkit_support::TaskAdaptor::*)()>, webkit_support::TaskAdaptor*) (runnable=..., a1=0x7fffe9e1f3e0) at ../../Source/WebKit/chromium/base/bind_internal.h:871 #11 0x00000000004610a5 in base::internal::Invoker<1, base::internal::BindState<base::internal::RunnableAdapter<void (webkit_support::TaskAdaptor::*)()>, void (webkit_support::TaskAdaptor*), void (base::internal::OwnedWrapper<webkit_support::TaskAdaptor>)>, void (webkit_support::TaskAdaptor*)>::Run(base::internal::BindStateBase*) (base=0x7fffe99fe020) at ../../Source/WebKit/chromium/base/bind_internal.h:1173 #12 0x00000000005ee64e in base::Callback<void ()>::Run() const (this=0x7fffffffcb98) at ../../Source/WebKit/chromium/base/callback.h:396 #13 0x0000000001b6e6e0 in MessageLoop::RunTask (this=0x7ffff7ea5b20, pending_task=...) at ../../Source/WebKit/chromium/base/message_loop.cc:473 #14 0x0000000001b6ea9b in MessageLoop::DeferOrRunPendingTask (this=0x7ffff7ea5b20, pending_task=...) at ../../Source/WebKit/chromium/base/message_loop.cc:485 #15 0x0000000001b6ec45 in MessageLoop::DoWork (this=0x7ffff7ea5b20) at ../../Source/WebKit/chromium/base/message_loop.cc:668 #16 0x0000000001be90b2 in base::MessagePumpGlib::RunWithDispatcher (this=0x7ffff7ea6f20, delegate=0x7ffff7ea5b20, dispatcher=0x0) at ../../Source/WebKit/chromium/base/message_pump_glib.cc:203 #17 0x0000000001be9689 in base::MessagePumpGlib::Run (this=0x7ffff7ea6f20, delegate=0x7ffff7ea5b20) at ../../Source/WebKit/chromium/base/message_pump_glib.cc:296 #18 0x0000000001b6e146 in MessageLoop::RunInternal (this=0x7ffff7ea5b20) at ../../Source/WebKit/chromium/base/message_loop.cc:430 #19 0x0000000001b6dff5 in MessageLoop::RunHandler (this=0x7ffff7ea5b20) at ../../Source/WebKit/chromium/base/message_loop.cc:403 #20 0x0000000001ba15d2 in base::RunLoop::Run (this=0x7fffffffd038) at ../../Source/WebKit/chromium/base/run_loop.cc:45 #21 0x0000000001b6d891 in MessageLoop::Run (this=0x7ffff7ea5b20) at ../../Source/WebKit/chromium/base/message_loop.cc:310 #22 0x000000000045e821 in webkit_support::RunMessageLoop () at ../../Source/WebKit/chromium/webkit/support/webkit_support.cc:571 #23 0x000000000044f278 in TestShell::waitTestFinished (this=0x7fffffffdc08) at ../../Tools/DumpRenderTree/chromium/TestShellPosix.cpp:66 #24 0x0000000000443c94 in TestShell::runFileTest (this=0x7fffffffdc08, params=..., shouldDumpPixels=false) at ../../Tools/DumpRenderTree/chromium/TestShell.cpp:304 #25 0x0000000000420c0d in runTest (shell=..., params=..., inputLine=..., forceDumpPixels=false) at ../../Tools/DumpRenderTree/chromium/DumpRenderTree.cpp:115 #26 0x000000000042084e in main (argc=3, argv=0x7fffffffdff8) at ../../Tools/DumpRenderTree/chromium/DumpRenderTree.cpp:275 813036 3 jochen 2013-01-22 07:54:09 -0800 and here's the backtrace to didAddMessageToConsole: #0 WebViewHost::didAddMessageToConsole (this=0x7fffea69e820, message=..., sourceName=..., sourceLine=0) at ../../Tools/DumpRenderTree/chromium/WebViewHost.cpp:226 #1 0x00000000005106ba in WebKit::ChromeClientImpl::addMessageToConsole (this=0x7fffe9ba30a0, source=WebCore::ConsoleAPIMessageSource, level=WebCore::LogMessageLevel, message=..., lineNumber=0, sourceID=...) at ../../Source/WebKit/chromium/src/ChromeClientImpl.cpp:421 #2 0x0000000000514e32 in WebCore::ChromeClient::addMessageToConsole (this=0x7fffe9ba30a0, source=WebCore::ConsoleAPIMessageSource, level=WebCore::LogMessageLevel, message=..., lineNumber=0, sourceID=...) at ../../Source/WebCore/page/ChromeClient.h:137 #3 0x0000000003044fe6 in WebCore::internalAddMessage (page=0x7fffea694a20, type=WebCore::LogMessageType, level=WebCore::LogMessageLevel, state=0x7fffe9ac24d0, prpArguments=..., acceptNoArguments=false, printTrace=false) at ../../Source/WebCore/page/Console.cpp:210 #4 0x0000000003044cc7 in WebCore::Console::log (this=0x7fffe9ceb890, state=0x7fffe9ac24d0, arguments=...) at ../../Source/WebCore/page/Console.cpp:252 #5 0x0000000000896a7d in WebCore::ConsoleV8Internal::logCallback (args=...) at gen/webcore/bindings/V8Console.cpp:124 #6 0x00000000023b6685 in v8::internal::HandleApiCallHelper<false> (args=..., isolate=0x7ffff7e62020) at ../../Source/WebKit/chromium/v8/src/builtins.cc:1350 #7 0x00000000023b6263 in v8::internal::Builtin_Impl_HandleApiCall (args=..., isolate=0x7ffff7e62020) at ../../Source/WebKit/chromium/v8/src/builtins.cc:1368 #8 0x00000000023af58c in v8::internal::Builtin_HandleApiCall (args=..., isolate=0x7ffff7e62020) at ../../Source/WebKit/chromium/v8/src/builtins.cc:1367 813037 4 jochen 2013-01-22 07:56:46 -0800 I guess the bt to closeWidgetSoon is also interesting: #0 WebViewHost::closeWidgetSoon (this=0x7fffea6b3820) at ../../Tools/DumpRenderTree/chromium/WebViewHost.cpp:568 #1 0x000000000051087e in WebKit::ChromeClientImpl::closeWindowSoon (this=0x7fffe9d298a0) at ../../Source/WebKit/chromium/src/ChromeClientImpl.cpp:451 #2 0x0000000003041e6d in WebCore::Chrome::closeWindowSoon (this=0x7fffe9d76db0) at ../../Source/WebCore/page/Chrome.cpp:301 #3 0x000000000306b275 in WebCore::DOMWindow::close (this=0x7fffea7bd3a0, context=0x7fffea6360c0) at ../../Source/WebCore/page/DOMWindow.cpp:989 #4 0x0000000000a1becc in WebCore::DOMWindowV8Internal::closeCallback (args=...) at gen/webcore/bindings/V8DOMWindow.cpp:2708 #5 0x00000000023b6685 in v8::internal::HandleApiCallHelper<false> (args=..., isolate=0x7ffff7e62020) at ../../Source/WebKit/chromium/v8/src/builtins.cc:1350 #6 0x00000000023b6263 in v8::internal::Builtin_Impl_HandleApiCall (args=..., isolate=0x7ffff7e62020) at ../../Source/WebKit/chromium/v8/src/builtins.cc:1368 #7 0x00000000023af58c in v8::internal::Builtin_HandleApiCall (args=..., isolate=0x7ffff7e62020) at ../../Source/WebKit/chromium/v8/src/builtins.cc:1367 813429 5 jochen 2013-01-22 14:43:05 -0800 There's also http://crbug.com/108833 that says this test crashes on Windows and consequently it's disabled on chromium-win Adding Tony who filed the bug, and Darin who might know about WebWidget / ChromeClientImpl lifetime 814107 6 184204 jochen 2013-01-23 05:01:39 -0800 Created attachment 184204 Patch 814266 7 184204 tony 2013-01-23 09:39:45 -0800 Comment on attachment 184204 Patch FWIW, this LGTM. 814273 8 tony 2013-01-23 09:40:46 -0800 To be clear, there's no security bug in Chromium, right? This is just a use-after-free in DRT and test_shell. 814283 9 jochen 2013-01-23 09:50:02 -0800 Right, it only affects chromium DRT. Removing the security labels.. 814432 10 184204 webkit.review.bot 2013-01-23 11:47:21 -0800 Comment on attachment 184204 Patch Clearing flags on attachment: 184204 Committed r140561: <http://trac.webkit.org/changeset/140561> 814433 11 webkit.review.bot 2013-01-23 11:47:25 -0800 All reviewed patches have been landed. Closing bug. 815707 12 arv 2013-01-24 12:12:05 -0800 Reverted r140561 for reason: Suspected to break Android which prevens WebKit roll Committed r140703: <http://trac.webkit.org/changeset/140703> 815710 13 arv 2013-01-24 12:13:29 -0800 This patch seems to expose a bug with Android WebView implementation. 815713 14 tony 2013-01-24 12:16:24 -0800 (In reply to comment #13) > This patch seems to expose a bug with Android WebView implementation. That doesn't make sense. This is only code in DumpRenderTree. 815789 15 arv 2013-01-24 13:36:49 -0800 I'm still getting the same Android test errors. I'm going to rollback the rollback. 815791 16 arv 2013-01-24 13:39:18 -0800 Reverted r140703 for reason: r140561 was not the reason for the Android breakage Committed r140717: <http://trac.webkit.org/changeset/140717> 183985 2013-01-22 07:39:06 -0800 2013-01-23 05:01:35 -0800 Patch bug-107556-20130122163600.patch text/plain 1005 jochen U3VidmVyc2lvbiBSZXZpc2lvbjogMTQwNDE4CmRpZmYgLS1naXQgYS9Ub29scy9EdW1wUmVuZGVy VHJlZS9jaHJvbWl1bS9XZWJWaWV3SG9zdC5jcHAgYi9Ub29scy9EdW1wUmVuZGVyVHJlZS9jaHJv bWl1bS9XZWJWaWV3SG9zdC5jcHAKaW5kZXggZGI3MTBhZjE0MTQ4ZWIxMjg3NjMxODI0ZDQ2NjI3 ZjUzOGQ0NjY3My4uMGJmMzg5ZGQ3ZTEwM2Q3NDRlN2Q0NGYwNWY2MDQyMDdjZWQ0OWM2ZiAxMDA2 NDQKLS0tIGEvVG9vbHMvRHVtcFJlbmRlclRyZWUvY2hyb21pdW0vV2ViVmlld0hvc3QuY3BwCisr KyBiL1Rvb2xzL0R1bXBSZW5kZXJUcmVlL2Nocm9taXVtL1dlYlZpZXdIb3N0LmNwcApAQCAtMjIz LDYgKzIyMyw3IEBAIFdlYkNvbXBvc2l0b3JPdXRwdXRTdXJmYWNlKiBXZWJWaWV3SG9zdDo6Y3Jl YXRlT3V0cHV0U3VyZmFjZSgpCiAKIHZvaWQgV2ViVmlld0hvc3Q6OmRpZEFkZE1lc3NhZ2VUb0Nv bnNvbGUoY29uc3QgV2ViQ29uc29sZU1lc3NhZ2UmIG1lc3NhZ2UsIGNvbnN0IFdlYlN0cmluZyYg c291cmNlTmFtZSwgdW5zaWduZWQgc291cmNlTGluZSkKIHsKKyAgICBwcmludGYoIiVwOmRpZEFk ZE1lc3NhZ2VUb0NvbnNvbGVcbiIsIHRoaXMpOwogICAgIC8vIFRoaXMgbWF0Y2hlcyB3aW4gRHVt cFJlbmRlclRyZWUncyBVSURlbGVnYXRlLmNwcC4KICAgICBpZiAoIW1fbG9nQ29uc29sZU91dHB1 dCkKICAgICAgICAgcmV0dXJuOwpAQCAtMTEzNCw2ICsxMTM1LDcgQEAgV2ViVmlld0hvc3Q6Oldl YlZpZXdIb3N0KFRlc3RTaGVsbCogc2hlbGwpCiAKIFdlYlZpZXdIb3N0Ojp+V2ViVmlld0hvc3Qo KQogeworICAgIHByaW50ZigifiVwXG4iLCB0aGlzKTsKICAgICAvLyBEZXZUb29scyBmcm9udGVu ZCBwYWdlIGlzIHN1cHBvc2VkIHRvIGJlIG5hdmlnYXRlZCBvbmx5IG9uY2UgYW5kCiAgICAgLy8g bG9hZGluZyBhbm90aGVyIFVSTCBpbiB0aGF0IFBhZ2UgaXMgYW4gZXJyb3IuCiAgICAgaWYgKG1f c2hlbGwtPmRldlRvb2xzV2ViVmlldygpICE9IHRoaXMpIHsK 184204 2013-01-23 05:01:39 -0800 2013-01-23 11:47:21 -0800 Patch bug-107556-20130123135832.patch text/plain 4223 jochen U3VidmVyc2lvbiBSZXZpc2lvbjogMTQwNDE4CmRpZmYgLS1naXQgYS9Ub29scy9DaGFuZ2VMb2cg Yi9Ub29scy9DaGFuZ2VMb2cKaW5kZXggM2QwMGY5NWIzYWM0ODJmYmYxOTMxNGYwODA4OWQyYzI0 OTU2MTYwYy4uNjdkYzVjNmU0Njg0NGU5ODJiYTY5ZWUzZWM0Y2U4YzdjMGE1M2I5MyAxMDA2NDQK LS0tIGEvVG9vbHMvQ2hhbmdlTG9nCisrKyBiL1Rvb2xzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI4 IEBACisyMDEzLTAxLTIzICBKb2NoZW4gRWlzaW5nZXIgIDxqb2NoZW5AY2hyb21pdW0ub3JnPgor CisgICAgICAgIFtjaHJvbWl1bV0gVXNlIGFmdGVyIGZyZWUgaW4gcGx1Z2lucy9nZXR1cmxub3Rp ZnktZHVyaW5nLWRvY3VtZW50LXRlYXJkb3duLmh0bWwKKyAgICAgICAgaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEwNzU1NgorCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIFdlYlZpZXdIb3N0IGluaXRpYXRlcyBhIG5hdmlnYXRp b24gdG8gYWJvdXQ6YmxhbmsgaW4gaXRzIGRlc3RydWN0b3IuCisgICAgICAgIEhvd2V2ZXIsIHNp bmNlIFdlYlRlc3RQcm94eSBpbmhlcml0cyBmcm9tIFdlYlZpZXdIb3N0LCBhdCB0aGlzIHBvaW50 CisgICAgICAgIHRoZSBXZWJWaWV3Q2xpZW50IGFuZCBXZWJGcmFtZUNsaWVudCBpbnRlcmZhY2Vz IGFyZSBhbHJlYWR5IHBhcnRpYWxseQorICAgICAgICBkZXN0cnVjdGVkIHJlc3VsdGluZyBpbiB0 aGUgdXNlIGFmdGVyIGZyZWUuCisKKyAgICAgICAgVGhpcyBkb2VzIG5vdCBhZmZlY3QgdGhlIGNo cm9taXVtIGltcGxlbWVudGF0aW9uIHNpbmNlIGl0IGRvZXNuJ3QKKyAgICAgICAgaW52b2tlIFdl YktpdCBBUEkgbWV0aG9kcyBpbiBpdHMgZGVzdHJ1Y3Rvci4KKworICAgICAgICAqIER1bXBSZW5k ZXJUcmVlL2Nocm9taXVtL1Rlc3RTaGVsbC5jcHA6CisgICAgICAgIChUZXN0U2hlbGw6On5UZXN0 U2hlbGwpOgorICAgICAgICAoVGVzdFNoZWxsOjpjbG9zZVdpbmRvdyk6CisgICAgICAgICogRHVt cFJlbmRlclRyZWUvY2hyb21pdW0vV2ViVmlld0hvc3QuY3BwOgorICAgICAgICAoV2ViVmlld0hv c3Q6OldlYlZpZXdIb3N0KToKKyAgICAgICAgKFdlYlZpZXdIb3N0Ojp+V2ViVmlld0hvc3QpOgor ICAgICAgICAoV2ViVmlld0hvc3Q6OnNodXRkb3duKToKKyAgICAgICAgKiBEdW1wUmVuZGVyVHJl ZS9jaHJvbWl1bS9XZWJWaWV3SG9zdC5oOgorICAgICAgICAoV2ViVmlld0hvc3QpOgorCiAyMDEz LTAxLTIyICBFdWdlbmUgS2x5dWNobmlrb3YgIDxldXN0YXNAY2hyb21pdW0ub3JnPgogCiAgICAg ICAgIEFkZCBteXNlbGYgdG8gY29tbWl0ZXJzLnB5CmRpZmYgLS1naXQgYS9Ub29scy9EdW1wUmVu ZGVyVHJlZS9jaHJvbWl1bS9UZXN0U2hlbGwuY3BwIGIvVG9vbHMvRHVtcFJlbmRlclRyZWUvY2hy b21pdW0vVGVzdFNoZWxsLmNwcAppbmRleCAyZjQzZDBiNDZlZDc0Y2U3YTMwNjhjYzU2ZTllMzM4 OTA0MTE4MjI3Li42NWQ3OWZkZmYyMGQxMzUzNjcwN2I4YjQ5YmI5MGNjMWZjZjRmNDMwIDEwMDY0 NAotLS0gYS9Ub29scy9EdW1wUmVuZGVyVHJlZS9jaHJvbWl1bS9UZXN0U2hlbGwuY3BwCisrKyBi L1Rvb2xzL0R1bXBSZW5kZXJUcmVlL2Nocm9taXVtL1Rlc3RTaGVsbC5jcHAKQEAgLTIwMiw2ICsy MDIsOCBAQCBUZXN0U2hlbGw6On5UZXN0U2hlbGwoKQogICAgIG1fdGVzdFJ1bm5lci0+c2V0RGVs ZWdhdGUoMCk7CiAgICAgbV90ZXN0UnVubmVyLT5zZXRXZWJWaWV3KDApOwogICAgIG1fZHJ0RGV2 VG9vbHNBZ2VudC0+c2V0V2ViVmlldygwKTsKKyAgICBpZiAobV93ZWJWaWV3SG9zdCkKKyAgICAg ICAgbV93ZWJWaWV3SG9zdC0+c2h1dGRvd24oKTsKIH0KIAogdm9pZCBUZXN0U2hlbGw6OmNyZWF0 ZURSVERldlRvb2xzQ2xpZW50KERSVERldlRvb2xzQWdlbnQqIGFnZW50KQpAQCAtNzk1LDYgKzc5 Nyw3IEBAIHZvaWQgVGVzdFNoZWxsOjpjbG9zZVdpbmRvdyhXZWJWaWV3SG9zdCogd2luZG93KQog ICAgIGlmICh3aW5kb3ctPndlYldpZGdldCgpID09IG1fZm9jdXNlZFdpZGdldCkKICAgICAgICAg Zm9jdXNlZFdpZGdldCA9IDA7CiAKKyAgICB3aW5kb3ctPnNodXRkb3duKCk7CiAgICAgZGVsZXRl IHdpbmRvdzsKICAgICAvLyBXZSBzZXQgdGhlIGZvY3VzZWQgd2lkZ2V0IGFmdGVyIGRlbGV0aW5n IHRoZSB3ZWIgdmlldyBob3N0IGJlY2F1c2UgaXQKICAgICAvLyBjYW4gY2hhbmdlIHRoZSBmb2N1 cy4KZGlmZiAtLWdpdCBhL1Rvb2xzL0R1bXBSZW5kZXJUcmVlL2Nocm9taXVtL1dlYlZpZXdIb3N0 LmNwcCBiL1Rvb2xzL0R1bXBSZW5kZXJUcmVlL2Nocm9taXVtL1dlYlZpZXdIb3N0LmNwcAppbmRl eCBkYjcxMGFmMTQxNDhlYjEyODc2MzE4MjRkNDY2MjdmNTM4ZDQ2NjczLi5iNDE2OGNkYmQ1ZGRl ZjhjM2QyZDk4ZDJhNjYzMjkwNjc0NTJkNWJmIDEwMDY0NAotLS0gYS9Ub29scy9EdW1wUmVuZGVy VHJlZS9jaHJvbWl1bS9XZWJWaWV3SG9zdC5jcHAKKysrIGIvVG9vbHMvRHVtcFJlbmRlclRyZWUv Y2hyb21pdW0vV2ViVmlld0hvc3QuY3BwCkBAIC0xMTI4LDEyICsxMTI4LDIyIEBAIFdlYlZpZXdI b3N0OjpXZWJWaWV3SG9zdChUZXN0U2hlbGwqIHNoZWxsKQogICAgIDogbV9zaGVsbChzaGVsbCkK ICAgICAsIG1fcHJveHkoMCkKICAgICAsIG1fd2ViV2lkZ2V0KDApCisgICAgLCBtX3NodXRkb3du V2FzSW52b2tlZChmYWxzZSkKIHsKICAgICByZXNldCgpOwogfQogCiBXZWJWaWV3SG9zdDo6fldl YlZpZXdIb3N0KCkKIHsKKyAgICBBU1NFUlQobV9zaHV0ZG93bldhc0ludm9rZWQpOworICAgIGlm IChtX2luTW9kYWxMb29wKQorICAgICAgICB3ZWJraXRfc3VwcG9ydDo6UXVpdE1lc3NhZ2VMb29w KCk7Cit9CisKK3ZvaWQgV2ViVmlld0hvc3Q6OnNodXRkb3duKCkKK3sKKyAgICBBU1NFUlQoIW1f c2h1dGRvd25XYXNJbnZva2VkKTsKKwogICAgIC8vIERldlRvb2xzIGZyb250ZW5kIHBhZ2UgaXMg c3VwcG9zZWQgdG8gYmUgbmF2aWdhdGVkIG9ubHkgb25jZSBhbmQKICAgICAvLyBsb2FkaW5nIGFu b3RoZXIgVVJMIGluIHRoYXQgUGFnZSBpcyBhbiBlcnJvci4KICAgICBpZiAobV9zaGVsbC0+ZGV2 VG9vbHNXZWJWaWV3KCkgIT0gdGhpcykgewpAQCAtMTE0OCw4ICsxMTU4LDggQEAgV2ViVmlld0hv c3Q6On5XZWJWaWV3SG9zdCgpCiAKICAgICBtX2xheWVyVHJlZVZpZXcuY2xlYXIoKTsKICAgICB3 ZWJXaWRnZXQoKS0+Y2xvc2UoKTsKLSAgICBpZiAobV9pbk1vZGFsTG9vcCkKLSAgICAgICAgd2Vi a2l0X3N1cHBvcnQ6OlF1aXRNZXNzYWdlTG9vcCgpOworICAgIG1fd2ViV2lkZ2V0ID0gMDsKKyAg ICBtX3NodXRkb3duV2FzSW52b2tlZCA9IHRydWU7CiB9CiAKIHZvaWQgV2ViVmlld0hvc3Q6OnNl dFdlYldpZGdldChXZWJLaXQ6OldlYldpZGdldCogd2lkZ2V0KQpkaWZmIC0tZ2l0IGEvVG9vbHMv RHVtcFJlbmRlclRyZWUvY2hyb21pdW0vV2ViVmlld0hvc3QuaCBiL1Rvb2xzL0R1bXBSZW5kZXJU cmVlL2Nocm9taXVtL1dlYlZpZXdIb3N0LmgKaW5kZXggNjE0YWRhOGViYjA4ZjM5ZjU0MWYyNDk3 MDg0NzUwNWY1YmEyYmY4OC4uODkxYTAxNTg5NThmNWMzZTNjNmEyNWEyYzI3MDdlNzFlMGM3NDVl NCAxMDA2NDQKLS0tIGEvVG9vbHMvRHVtcFJlbmRlclRyZWUvY2hyb21pdW0vV2ViVmlld0hvc3Qu aAorKysgYi9Ub29scy9EdW1wUmVuZGVyVHJlZS9jaHJvbWl1bS9XZWJWaWV3SG9zdC5oCkBAIC03 OSw2ICs3OSw3IEBAIGNsYXNzIFdlYlZpZXdIb3N0IDogcHVibGljIFdlYktpdDo6V2ViVmlld0Ns aWVudCwgcHVibGljIFdlYktpdDo6V2ViRnJhbWVDbGllbnQsCiAgcHVibGljOgogICAgIFdlYlZp ZXdIb3N0KFRlc3RTaGVsbCopOwogICAgIHZpcnR1YWwgfldlYlZpZXdIb3N0KCk7CisgICAgdm9p ZCBzaHV0ZG93bigpOwogICAgIHZvaWQgc2V0V2ViV2lkZ2V0KFdlYktpdDo6V2ViV2lkZ2V0Kik7 CiAgICAgV2ViS2l0OjpXZWJWaWV3KiB3ZWJWaWV3KCkgY29uc3Q7CiAgICAgV2ViS2l0OjpXZWJX aWRnZXQqIHdlYldpZGdldCgpIGNvbnN0OwpAQCAtMzcyLDYgKzM3Myw5IEBAIHByaXZhdGU6CiAK ICAgICBib29sIG1faGFzV2luZG93OwogICAgIGJvb2wgbV9pbk1vZGFsTG9vcDsKKworICAgIGJv b2wgbV9zaHV0ZG93bldhc0ludm9rZWQ7CisKICAgICBXZWJLaXQ6OldlYlJlY3QgbV93aW5kb3dS ZWN0OwogCiAgICAgLy8gdHJ1ZSBpZiB3ZSB3YW50IHRvIGVuYWJsZSBzbWFydCBpbnNlcnQvZGVs ZXRlLgo=