124611 2013-11-19 15:17:56 -0800 ARMv7: Crash due to use after free of AssemblerBuffer 2013-11-20 13:17:52 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All Windows 2000 RESOLVED FIXED InRadar P2 Normal --- 1 msaboff msaboff buildbot commit-queue rniwa oldest_to_newest 952262 0 msaboff 2013-11-19 15:17:56 -0800 One crash trace seen is: * thread #1: tid = 0x18ef, 0x0015ffe2 JavaScriptCore`JSC::ARMv7Assembler::executableOffsetFor(int) + 58, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0x361672c) frame #0: 0x0015ffe2 JavaScriptCore`JSC::ARMv7Assembler::executableOffsetFor(int) + 58 frame #1: 0x0015ffa2 JavaScriptCore`JSC::MacroAssemblerARMv7::executableOffsetFor(int) + 18 frame #2: 0x0015ff80 JavaScriptCore`JSC::AssemblerLabel JSC::LinkBuffer::applyOffset<JSC::AssemblerLabel>(JSC::AssemblerLabel) + 20 frame #3: 0x0015eb94 JavaScriptCore`JSC::LinkBuffer::locationOf(JSC::AbstractMacroAssembler<JSC::ARMv7Assembler>::Label) + 32 frame #4: 0x0018e0ca JavaScriptCore`JSC::DFG::JITFinalizer::finalizeFunction() + 38 frame #5: 0x001c18ba JavaScriptCore`JSC::DFG::Plan::finalizeWithoutNotifyingCallback() + 62 frame #6: 0x00161504 JavaScriptCore`JSC::DFG::compileImpl(JSC::VM&, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>, JSC::DFG::Worklist*) + 932 frame #7: 0x00161116 JavaScriptCore`JSC::DFG::compile(JSC::VM&, JSC::CodeBlock*, JSC::DFG::CompilationMode, unsigned int, JSC::Operands<JSC::JSValue, JSC::OperandValueTraits<JSC::JSValue> > const&, WTF::PassRefPtr<JSC::DeferredCompilationCallback>, JSC::DFG::Worklist*) + 138 frame #8: 0x0027fdbc JavaScriptCore`operationOptimize + 1480 frame #9: 0x44230b79 The issue is that the ARMv7Assembler object is a local in Plan::compileInThreadImpl() and has been freed. ANother more obscure stack trace is: * thread #1: tid = 0x15f8, 0x00488726 JavaScriptCore`WTFCrash + 58 at Assertions.cpp:341, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=1, address=0xbbadbeef) frame #0: 0x00488726 JavaScriptCore`WTFCrash + 58 at Assertions.cpp:341 frame #1: 0x000ce5e0 JavaScriptCore`WTF::CrashOnOverflow::overflowed() + 8 at CheckedArithmetic.h:80 frame #2: 0x000aa67e JavaScriptCore`WTF::Vector<WTF::Vector<JSC::DFG::OSRExit, 8ul, WTF::CrashOnOverflow>*, 0ul, WTF::CrashOnOverflow>::at(this=0x0125deb4, i=848195) + 54 at Vector.h:584 frame #3: 0x000aa642 JavaScriptCore`WTF::Vector<WTF::Vector<JSC::DFG::OSRExit, 8ul, WTF::CrashOnOverflow>*, 0ul, WTF::CrashOnOverflow>::operator[](this=0x0125deb4, i=848195) + 18 at Vector.h:604 frame #4: 0x000aa5ac JavaScriptCore`WTF::SegmentedVector<JSC::DFG::OSRExit, 8ul, 32ul>::segmentFor(this=0x0125deb0, index=6785564) + 28 at SegmentedVector.h:217 frame #5: 0x000aa574 JavaScriptCore`WTF::SegmentedVector<JSC::DFG::OSRExit, 8ul, 32ul>::at(this=0x0125deb0, index=6785564) + 20 at SegmentedVector.h:128 frame #6: 0x000aa18a JavaScriptCore`WTF::SegmentedVector<JSC::DFG::OSRExit, 8ul, 32ul>::operator[](this=0x0125deb0, index=6785564) + 18 at SegmentedVector.h:138 frame #7: 0x001ba486 JavaScriptCore`compileOSRExit(exec=0x02bff7d8) + 246 at DFGOSRExitCompiler.cpp:61 frame #8: 0x5dec2ca7 frame #9: 0x0034e900 JavaScriptCore`llint_op_call + 218 … 952263 1 msaboff 2013-11-19 15:18:10 -0800 <rdar://problem/15452643> 952267 2 217341 msaboff 2013-11-19 15:24:12 -0800 Created attachment 217341 Patch 952270 3 commit-queue 2013-11-19 15:26:16 -0800 Attachment 217341 did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/JavaScriptCore/ChangeLog', u'Source/JavaScriptCore/assembler/MacroAssembler.cpp', u'Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp', u'Source/JavaScriptCore/dfg/DFGJITFinalizer.h']" exit_code: 1 Source/JavaScriptCore/assembler/MacroAssembler.cpp:1: Missing spaces around / [whitespace/operators] [3] Total errors found: 1 in 4 files If any of these errors are false positives, please file a bug against check-webkit-style. 952271 4 217341 buildbot 2013-11-19 15:26:21 -0800 Comment on attachment 217341 Patch Attachment 217341 did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/28628031 952273 5 217344 msaboff 2013-11-19 15:29:03 -0800 Created attachment 217344 Fixed inadvertent typo 952281 6 217344 ggaren 2013-11-19 15:45:08 -0800 Comment on attachment 217344 Fixed inadvertent typo View in context: https://bugs.webkit.org/attachment.cgi?id=217344&action=review > Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp:44 > + if (m_arityCheck.isSet()) The old code didn't check m_arityCheck.isSet(). Why do we need to check it now? > Source/JavaScriptCore/dfg/DFGJITFinalizer.h:54 > MacroAssembler::Label m_arityCheck; > + MacroAssemblerCodePtr m_withArityCheck; It's not so great to have two data members with equivalent names, one of which works, and the other of which crashes your program. Can we remove the Label version of arityCheck? It appears to be used only in the JITFinalizer constructor function. 952283 7 217344 ggaren 2013-11-19 15:47:38 -0800 Comment on attachment 217344 Fixed inadvertent typo View in context: https://bugs.webkit.org/attachment.cgi?id=217344&action=review > Source/JavaScriptCore/ChangeLog:9 > + Changed JITFinalizer constructor to calculate and save the with-arity-check entry point. > + At that point, the assembler object is still valid. In finalizeFunction(), we use that value Which assembler object are you talking about? Was it locationOf() that was using the invalid assembler? Is there a risk that finalizeCodeWithoutDisassembly() will use the invalid assembler? 952288 8 msaboff 2013-11-19 15:56:39 -0800 (In reply to comment #7) > (From update of attachment 217344 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=217344&action=review > > > Source/JavaScriptCore/ChangeLog:9 > > + Changed JITFinalizer constructor to calculate and save the with-arity-check entry point. > > + At that point, the assembler object is still valid. In finalizeFunction(), we use that value > > Which assembler object are you talking about? Was it locationOf() that was using the invalid assembler? Is there a risk that finalizeCodeWithoutDisassembly() will use the invalid assembler? The assembler object is the MacroAssembler* m_assembler in LinkBuffer. Yes, it was LinkBuffer::locationOf() that was using the freed assembler. finalizeCodeWithoutDisassembly() is making the buffer ready for execution. It doesn't access the assembler. The only reason that locationOf() accesses the assembler is due to branch compaction. We store the delta in the assembler buffer as part of the compaction. I didn't find any other uses of m_assembler after the code has been linked. 952388 9 217374 msaboff 2013-11-19 19:55:45 -0800 Created attachment 217374 Updated patch Changed the JITFinalizer() to take a resolved MacroAssemblerCodePtr instead of a MacroAssembler::Label. 952708 10 217374 ggaren 2013-11-20 11:52:19 -0800 Comment on attachment 217374 Updated patch r=me It looks like, for the FTL JITFinalizer, we'll need to make a similar move away from Labels and toward post-relaxation pointers. Can you file a bug about that? 952743 11 msaboff 2013-11-20 13:12:59 -0800 Committed r159577: <http://trac.webkit.org/changeset/159577> 952748 12 msaboff 2013-11-20 13:17:52 -0800 (In reply to comment #10) > (From update of attachment 217374 [details]) > r=me > > It looks like, for the FTL JITFinalizer, we'll need to make a similar move away from Labels and toward post-relaxation pointers. Can you file a bug about that? Added https://bugs.webkit.org/show_bug.cgi?id=124674 - "FTLJITFinalizer shouldn't keep Labels to the contained generated code" 217341 2013-11-19 15:24:12 -0800 2013-11-19 15:29:03 -0800 Patch 124611.patch text/plain 2989 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTU5NTI1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIwIEBA CisyMDEzLTExLTE5ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIEFSTXY3OiBDcmFzaCBkdWUgdG8gdXNlIGFmdGVyIGZyZWUgb2YgQXNzZW1ibGVyQnVmZmVy CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjQ2MTEK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDaGFuZ2Vk IEpJVEZpbmFsaXplciBjb25zdHJ1Y3RvciB0byBjYWxjdWxhdGUgYW5kIHNhdmUgdGhlIHdpdGgt YXJpdHktY2hlY2sgZW50cnkgcG9pbnQuCisgICAgICAgIEF0IHRoYXQgcG9pbnQsIHRoZSBhc3Nl bWJsZXIgb2JqZWN0IGlzIHN0aWxsIHZhbGlkLiAgSW4gZmluYWxpemVGdW5jdGlvbigpLCB3ZSB1 c2UgdGhhdCB2YWx1ZQorICAgICAgICBpbnN0ZWFkIG9mIGNhbGN1bGF0aW5nIGl0LgorCisgICAg ICAgICogYXNzZW1ibGVyL01hY3JvQXNzZW1ibGVyLmNwcDoKKyAgICAgICAgKiBkZmcvREZHSklU RmluYWxpemVyLmNwcDoKKyAgICAgICAgKEpTQzo6REZHOjpKSVRGaW5hbGl6ZXI6OkpJVEZpbmFs aXplcik6CisgICAgICAgIChKU0M6OkRGRzo6SklURmluYWxpemVyOjpmaW5hbGl6ZUZ1bmN0aW9u KToKKyAgICAgICAgKiBkZmcvREZHSklURmluYWxpemVyLmg6CisKIDIwMTMtMTEtMTggIE1pY2hh ZWwgU2Fib2ZmICA8bXNhYm9mZkBhcHBsZS5jb20+CiAKICAgICAgICAgUkVHUkVTU0lPTiAocjE1 OTM5NSk6IEVycm9yIGNvbXBpbGluZyBmb3IgQVJNdjcKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0 Q29yZS9hc3NlbWJsZXIvTWFjcm9Bc3NlbWJsZXIuY3BwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9hc3NlbWJsZXIvTWFjcm9Bc3NlbWJsZXIuY3BwCShyZXZpc2lvbiAxNTk1 MjIpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvYXNzZW1ibGVyL01hY3JvQXNzZW1ibGVyLmNw cAkod29ya2luZyBjb3B5KQpAQCAtMSw0ICsxLDQgQEAKLS8qCisGLyoKICAqIENvcHlyaWdodCAo QykgMjAxMiBBcHBsZSBJbmMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiAgKgogICogUmVkaXN0cmli dXRpb24gYW5kIHVzZSBpbiBzb3VyY2UgYW5kIGJpbmFyeSBmb3Jtcywgd2l0aCBvciB3aXRob3V0 CkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR0pJVEZpbmFsaXplci5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdKSVRGaW5hbGl6ZXIuY3Bw CShyZXZpc2lvbiAxNTk1MjIpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR0pJVEZp bmFsaXplci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTM5LDcgKzM5LDEwIEBAIEpJVEZpbmFsaXpl cjo6SklURmluYWxpemVyKFBsYW4mIHBsYW4sIFAKICAgICAsIG1faml0Q29kZShqaXRDb2RlKQog ICAgICwgbV9saW5rQnVmZmVyKGxpbmtCdWZmZXIpCiAgICAgLCBtX2FyaXR5Q2hlY2soYXJpdHlD aGVjaykKKyAgICAsIG1fd2l0aEFyaXR5Q2hlY2soTWFjcm9Bc3NlbWJsZXJDb2RlUHRyKE1hY3Jv QXNzZW1ibGVyQ29kZVB0cjo6RW1wdHlWYWx1ZSkpCiB7CisgICAgaWYgKG1fYXJpdHlDaGVjay5p c1NldCgpKQorICAgICAgICBtX3dpdGhBcml0eUNoZWNrID0gbV9saW5rQnVmZmVyLT5sb2NhdGlv bk9mKG1fYXJpdHlDaGVjayk7CiB9CiAKIEpJVEZpbmFsaXplcjo6fkpJVEZpbmFsaXplcigpCkBA IC01OCw5ICs2MSw5IEBAIGJvb2wgSklURmluYWxpemVyOjpmaW5hbGl6ZSgpCiAKIGJvb2wgSklU RmluYWxpemVyOjpmaW5hbGl6ZUZ1bmN0aW9uKCkKIHsKLSAgICBNYWNyb0Fzc2VtYmxlckNvZGVQ dHIgd2l0aEFyaXR5Q2hlY2sgPSBtX2xpbmtCdWZmZXItPmxvY2F0aW9uT2YobV9hcml0eUNoZWNr KTsKKyAgICBSRUxFQVNFX0FTU0VSVCghbV93aXRoQXJpdHlDaGVjay5pc0VtcHR5VmFsdWUoKSk7 CiAgICAgbV9qaXRDb2RlLT5pbml0aWFsaXplQ29kZVJlZihtX2xpbmtCdWZmZXItPmZpbmFsaXpl Q29kZVdpdGhvdXREaXNhc3NlbWJseSgpKTsKLSAgICBtX3BsYW4uY29kZUJsb2NrLT5zZXRKSVRD b2RlKG1faml0Q29kZSwgd2l0aEFyaXR5Q2hlY2spOworICAgIG1fcGxhbi5jb2RlQmxvY2stPnNl dEpJVENvZGUobV9qaXRDb2RlLCBtX3dpdGhBcml0eUNoZWNrKTsKICAgICAKICAgICBmaW5hbGl6 ZUNvbW1vbigpOwogICAgIApJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdKSVRG aW5hbGl6ZXIuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR0pJ VEZpbmFsaXplci5oCShyZXZpc2lvbiAxNTk1MjIpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUv ZGZnL0RGR0pJVEZpbmFsaXplci5oCSh3b3JraW5nIGNvcHkpCkBAIC01MSw2ICs1MSw3IEBAIHBy aXZhdGU6CiAgICAgUmVmUHRyPEpJVENvZGU+IG1faml0Q29kZTsKICAgICBPd25QdHI8TGlua0J1 ZmZlcj4gbV9saW5rQnVmZmVyOwogICAgIE1hY3JvQXNzZW1ibGVyOjpMYWJlbCBtX2FyaXR5Q2hl Y2s7CisgICAgTWFjcm9Bc3NlbWJsZXJDb2RlUHRyIG1fd2l0aEFyaXR5Q2hlY2s7CiB9OwogCiB9 IH0gLy8gbmFtZXNwYWNlIEpTQzo6REZHCg== 217344 2013-11-19 15:29:03 -0800 2013-11-19 19:55:45 -0800 Fixed inadvertent typo 124611-2.patch text/plain 2565 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTU5NTI1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIwIEBA CisyMDEzLTExLTE5ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIEFSTXY3OiBDcmFzaCBkdWUgdG8gdXNlIGFmdGVyIGZyZWUgb2YgQXNzZW1ibGVyQnVmZmVy CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjQ2MTEK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDaGFuZ2Vk IEpJVEZpbmFsaXplciBjb25zdHJ1Y3RvciB0byBjYWxjdWxhdGUgYW5kIHNhdmUgdGhlIHdpdGgt YXJpdHktY2hlY2sgZW50cnkgcG9pbnQuCisgICAgICAgIEF0IHRoYXQgcG9pbnQsIHRoZSBhc3Nl bWJsZXIgb2JqZWN0IGlzIHN0aWxsIHZhbGlkLiAgSW4gZmluYWxpemVGdW5jdGlvbigpLCB3ZSB1 c2UgdGhhdCB2YWx1ZQorICAgICAgICBpbnN0ZWFkIG9mIGNhbGN1bGF0aW5nIGl0LgorCisgICAg ICAgICogYXNzZW1ibGVyL01hY3JvQXNzZW1ibGVyLmNwcDoKKyAgICAgICAgKiBkZmcvREZHSklU RmluYWxpemVyLmNwcDoKKyAgICAgICAgKEpTQzo6REZHOjpKSVRGaW5hbGl6ZXI6OkpJVEZpbmFs aXplcik6CisgICAgICAgIChKU0M6OkRGRzo6SklURmluYWxpemVyOjpmaW5hbGl6ZUZ1bmN0aW9u KToKKyAgICAgICAgKiBkZmcvREZHSklURmluYWxpemVyLmg6CisKIDIwMTMtMTEtMTggIE1pY2hh ZWwgU2Fib2ZmICA8bXNhYm9mZkBhcHBsZS5jb20+CiAKICAgICAgICAgUkVHUkVTU0lPTiAocjE1 OTM5NSk6IEVycm9yIGNvbXBpbGluZyBmb3IgQVJNdjcKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0 Q29yZS9kZmcvREZHSklURmluYWxpemVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNj cmlwdENvcmUvZGZnL0RGR0pJVEZpbmFsaXplci5jcHAJKHJldmlzaW9uIDE1OTUyMikKKysrIFNv dXJjZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHSklURmluYWxpemVyLmNwcAkod29ya2luZyBjb3B5 KQpAQCAtMzksNyArMzksMTAgQEAgSklURmluYWxpemVyOjpKSVRGaW5hbGl6ZXIoUGxhbiYgcGxh biwgUAogICAgICwgbV9qaXRDb2RlKGppdENvZGUpCiAgICAgLCBtX2xpbmtCdWZmZXIobGlua0J1 ZmZlcikKICAgICAsIG1fYXJpdHlDaGVjayhhcml0eUNoZWNrKQorICAgICwgbV93aXRoQXJpdHlD aGVjayhNYWNyb0Fzc2VtYmxlckNvZGVQdHIoTWFjcm9Bc3NlbWJsZXJDb2RlUHRyOjpFbXB0eVZh bHVlKSkKIHsKKyAgICBpZiAobV9hcml0eUNoZWNrLmlzU2V0KCkpCisgICAgICAgIG1fd2l0aEFy aXR5Q2hlY2sgPSBtX2xpbmtCdWZmZXItPmxvY2F0aW9uT2YobV9hcml0eUNoZWNrKTsKIH0KIAog SklURmluYWxpemVyOjp+SklURmluYWxpemVyKCkKQEAgLTU4LDkgKzYxLDkgQEAgYm9vbCBKSVRG aW5hbGl6ZXI6OmZpbmFsaXplKCkKIAogYm9vbCBKSVRGaW5hbGl6ZXI6OmZpbmFsaXplRnVuY3Rp b24oKQogewotICAgIE1hY3JvQXNzZW1ibGVyQ29kZVB0ciB3aXRoQXJpdHlDaGVjayA9IG1fbGlu a0J1ZmZlci0+bG9jYXRpb25PZihtX2FyaXR5Q2hlY2spOworICAgIFJFTEVBU0VfQVNTRVJUKCFt X3dpdGhBcml0eUNoZWNrLmlzRW1wdHlWYWx1ZSgpKTsKICAgICBtX2ppdENvZGUtPmluaXRpYWxp emVDb2RlUmVmKG1fbGlua0J1ZmZlci0+ZmluYWxpemVDb2RlV2l0aG91dERpc2Fzc2VtYmx5KCkp OwotICAgIG1fcGxhbi5jb2RlQmxvY2stPnNldEpJVENvZGUobV9qaXRDb2RlLCB3aXRoQXJpdHlD aGVjayk7CisgICAgbV9wbGFuLmNvZGVCbG9jay0+c2V0SklUQ29kZShtX2ppdENvZGUsIG1fd2l0 aEFyaXR5Q2hlY2spOwogICAgIAogICAgIGZpbmFsaXplQ29tbW9uKCk7CiAgICAgCkluZGV4OiBT b3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR0pJVEZpbmFsaXplci5oCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHSklURmluYWxpemVyLmgJKHJldmlzaW9uIDE1 OTUyMikKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHSklURmluYWxpemVyLmgJKHdv cmtpbmcgY29weSkKQEAgLTUxLDYgKzUxLDcgQEAgcHJpdmF0ZToKICAgICBSZWZQdHI8SklUQ29k ZT4gbV9qaXRDb2RlOwogICAgIE93blB0cjxMaW5rQnVmZmVyPiBtX2xpbmtCdWZmZXI7CiAgICAg TWFjcm9Bc3NlbWJsZXI6OkxhYmVsIG1fYXJpdHlDaGVjazsKKyAgICBNYWNyb0Fzc2VtYmxlckNv ZGVQdHIgbV93aXRoQXJpdHlDaGVjazsKIH07CiAKIH0gfSAvLyBuYW1lc3BhY2UgSlNDOjpERkcK 217374 2013-11-19 19:55:45 -0800 2013-11-20 11:52:19 -0800 Updated patch 124611-3.patch text/plain 4007 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTU5NTMyKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE5IEBA CisyMDEzLTExLTE5ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIEFSTXY3OiBDcmFzaCBkdWUgdG8gdXNlIGFmdGVyIGZyZWUgb2YgQXNzZW1ibGVyQnVmZmVy CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjQ2MTEK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDaGFuZ2Vk IEpJVEZpbmFsaXplciBjb25zdHJ1Y3RvciB0byB0YWtlIGEgTWFjcm9Bc3NlbWJsZXJDb2RlUHRy IGluc3RlYWQgb2YgYSBMYWJlbC4KKyAgICAgICAgSW4gZmluYWxpemVGdW5jdGlvbigpLCB3ZSB1 c2UgdGhhdCB2YWx1ZSBpbnN0ZWFkIG9mIGNhbGN1bGF0aW5nIGl0IGZyb20gdGhlIGxhYmVsLgor CisgICAgICAgICogYXNzZW1ibGVyL01hY3JvQXNzZW1ibGVyLmNwcDoKKyAgICAgICAgKiBkZmcv REZHSklURmluYWxpemVyLmNwcDoKKyAgICAgICAgKEpTQzo6REZHOjpKSVRGaW5hbGl6ZXI6OkpJ VEZpbmFsaXplcik6CisgICAgICAgIChKU0M6OkRGRzo6SklURmluYWxpemVyOjpmaW5hbGl6ZUZ1 bmN0aW9uKToKKyAgICAgICAgKiBkZmcvREZHSklURmluYWxpemVyLmg6CisKIDIwMTMtMTEtMTkg IE1pY2hhZWwgU2Fib2ZmICA8bXNhYm9mZkBhcHBsZS5jb20+CiAKICAgICAgICAgUkVHUkVTU0lP TigxNTgzODQpIEFSTXY3IHBvaW50IGNoZWNrcyB0b28gcmVzdHJpY3RpdmUgZm9yIG5hdGl2ZSBj YWxscyB0byB0cmFkaXRpb25hbCBBUk0gY29kZQpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3Jl L2RmZy9ERkdKSVRDb21waWxlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRD b3JlL2RmZy9ERkdKSVRDb21waWxlci5jcHAJKHJldmlzaW9uIDE1OTUzMSkKKysrIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9kZmcvREZHSklUQ29tcGlsZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC00 MDIsOSArNDAyLDExIEBAIHZvaWQgSklUQ29tcGlsZXI6OmxpbmtGdW5jdGlvbigpCiAgICAgbGlu a0J1ZmZlci0+bGluayhtX2NhbGxBcml0eUZpeHVwLCBGdW5jdGlvblB0cigobV92bS0+Z2V0Q1RJ U3R1Yihhcml0eUZpeHVwKSkuY29kZSgpLmV4ZWN1dGFibGVBZGRyZXNzKCkpKTsKICAgICAKICAg ICBkaXNhc3NlbWJsZSgqbGlua0J1ZmZlcik7Ci0gICAgCisKKyAgICBNYWNyb0Fzc2VtYmxlckNv ZGVQdHIgd2l0aEFyaXR5Q2hlY2sgPSBsaW5rQnVmZmVyLT5sb2NhdGlvbk9mKG1fYXJpdHlDaGVj ayk7CisKICAgICBtX2dyYXBoLm1fcGxhbi5maW5hbGl6ZXIgPSBhZG9wdFB0cihuZXcgSklURmlu YWxpemVyKAotICAgICAgICBtX2dyYXBoLm1fcGxhbiwgbV9qaXRDb2RlLnJlbGVhc2UoKSwgbGlu a0J1ZmZlci5yZWxlYXNlKCksIG1fYXJpdHlDaGVjaykpOworICAgICAgICBtX2dyYXBoLm1fcGxh biwgbV9qaXRDb2RlLnJlbGVhc2UoKSwgbGlua0J1ZmZlci5yZWxlYXNlKCksIHdpdGhBcml0eUNo ZWNrKSk7CiB9CiAKIHZvaWQgSklUQ29tcGlsZXI6OmRpc2Fzc2VtYmxlKExpbmtCdWZmZXImIGxp bmtCdWZmZXIpCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR0pJVEZpbmFsaXpl ci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdKSVRGaW5h bGl6ZXIuY3BwCShyZXZpc2lvbiAxNTk1MzEpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZn L0RGR0pJVEZpbmFsaXplci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTM0LDExICszNCwxMSBAQAog CiBuYW1lc3BhY2UgSlNDIHsgbmFtZXNwYWNlIERGRyB7CiAKLUpJVEZpbmFsaXplcjo6SklURmlu YWxpemVyKFBsYW4mIHBsYW4sIFBhc3NSZWZQdHI8SklUQ29kZT4gaml0Q29kZSwgUGFzc093blB0 cjxMaW5rQnVmZmVyPiBsaW5rQnVmZmVyLCBNYWNyb0Fzc2VtYmxlcjo6TGFiZWwgYXJpdHlDaGVj aykKK0pJVEZpbmFsaXplcjo6SklURmluYWxpemVyKFBsYW4mIHBsYW4sIFBhc3NSZWZQdHI8SklU Q29kZT4gaml0Q29kZSwgUGFzc093blB0cjxMaW5rQnVmZmVyPiBsaW5rQnVmZmVyLCBNYWNyb0Fz c2VtYmxlckNvZGVQdHIgd2l0aEFyaXR5Q2hlY2spCiAgICAgOiBGaW5hbGl6ZXIocGxhbikKICAg ICAsIG1faml0Q29kZShqaXRDb2RlKQogICAgICwgbV9saW5rQnVmZmVyKGxpbmtCdWZmZXIpCi0g ICAgLCBtX2FyaXR5Q2hlY2soYXJpdHlDaGVjaykKKyAgICAsIG1fd2l0aEFyaXR5Q2hlY2sod2l0 aEFyaXR5Q2hlY2spCiB7CiB9CiAKQEAgLTU4LDkgKzU4LDkgQEAgYm9vbCBKSVRGaW5hbGl6ZXI6 OmZpbmFsaXplKCkKIAogYm9vbCBKSVRGaW5hbGl6ZXI6OmZpbmFsaXplRnVuY3Rpb24oKQogewot ICAgIE1hY3JvQXNzZW1ibGVyQ29kZVB0ciB3aXRoQXJpdHlDaGVjayA9IG1fbGlua0J1ZmZlci0+ bG9jYXRpb25PZihtX2FyaXR5Q2hlY2spOworICAgIFJFTEVBU0VfQVNTRVJUKCFtX3dpdGhBcml0 eUNoZWNrLmlzRW1wdHlWYWx1ZSgpKTsKICAgICBtX2ppdENvZGUtPmluaXRpYWxpemVDb2RlUmVm KG1fbGlua0J1ZmZlci0+ZmluYWxpemVDb2RlV2l0aG91dERpc2Fzc2VtYmx5KCkpOwotICAgIG1f cGxhbi5jb2RlQmxvY2stPnNldEpJVENvZGUobV9qaXRDb2RlLCB3aXRoQXJpdHlDaGVjayk7Cisg ICAgbV9wbGFuLmNvZGVCbG9jay0+c2V0SklUQ29kZShtX2ppdENvZGUsIG1fd2l0aEFyaXR5Q2hl Y2spOwogICAgIAogICAgIGZpbmFsaXplQ29tbW9uKCk7CiAgICAgCkluZGV4OiBTb3VyY2UvSmF2 YVNjcmlwdENvcmUvZGZnL0RGR0pJVEZpbmFsaXplci5oCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9kZmcvREZHSklURmluYWxpemVyLmgJKHJldmlzaW9uIDE1OTUzMSkKKysr IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHSklURmluYWxpemVyLmgJKHdvcmtpbmcgY29w eSkKQEAgLTM5LDcgKzM5LDcgQEAgbmFtZXNwYWNlIEpTQyB7IG5hbWVzcGFjZSBERkcgewogCiBj bGFzcyBKSVRGaW5hbGl6ZXIgOiBwdWJsaWMgRmluYWxpemVyIHsKIHB1YmxpYzoKLSAgICBKSVRG aW5hbGl6ZXIoUGxhbiYsIFBhc3NSZWZQdHI8SklUQ29kZT4sIFBhc3NPd25QdHI8TGlua0J1ZmZl cj4sIE1hY3JvQXNzZW1ibGVyOjpMYWJlbCBhcml0eUNoZWNrID0gTWFjcm9Bc3NlbWJsZXI6Okxh YmVsKCkpOworICAgIEpJVEZpbmFsaXplcihQbGFuJiwgUGFzc1JlZlB0cjxKSVRDb2RlPiwgUGFz c093blB0cjxMaW5rQnVmZmVyPiwgTWFjcm9Bc3NlbWJsZXJDb2RlUHRyIHdpdGhBcml0eUNoZWNr ID0gTWFjcm9Bc3NlbWJsZXJDb2RlUHRyKE1hY3JvQXNzZW1ibGVyQ29kZVB0cjo6RW1wdHlWYWx1 ZSkpOwogICAgIHZpcnR1YWwgfkpJVEZpbmFsaXplcigpOwogICAgIAogICAgIHZpcnR1YWwgYm9v bCBmaW5hbGl6ZSgpIE9WRVJSSURFOwpAQCAtNTAsNyArNTAsNyBAQCBwcml2YXRlOgogICAgIAog ICAgIFJlZlB0cjxKSVRDb2RlPiBtX2ppdENvZGU7CiAgICAgT3duUHRyPExpbmtCdWZmZXI+IG1f bGlua0J1ZmZlcjsKLSAgICBNYWNyb0Fzc2VtYmxlcjo6TGFiZWwgbV9hcml0eUNoZWNrOworICAg IE1hY3JvQXNzZW1ibGVyQ29kZVB0ciBtX3dpdGhBcml0eUNoZWNrOwogfTsKIAogfSB9IC8vIG5h bWVzcGFjZSBKU0M6OkRGRwo=