124756 2013-11-21 18:06:53 -0800 Ensure that arity fixups honor stack alignment requirements 2013-11-22 12:30:47 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 116888 1 mark.lam mark.lam fpizlo ggaren mhahnenberg msaboff oliver oldest_to_newest 953379 0 mark.lam 2013-11-21 18:06:53 -0800 Patch coming. 953380 1 217638 mark.lam 2013-11-21 18:15:06 -0800 Created attachment 217638 the patch. 953384 2 217638 mark.lam 2013-11-21 18:18:17 -0800 Comment on attachment 217638 the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=217638&action=review > Source/JavaScriptCore/runtime/CommonSlowPaths.h:60 > + // However, to simplify the calcultation, we'll assume the caller has allocated none typo: "calcultation" => "calculation". Will fix before landing. 953598 3 217638 ggaren 2013-11-22 09:46:32 -0800 Comment on attachment 217638 the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=217638&action=review > Source/JavaScriptCore/runtime/CommonSlowPaths.h:65 > + int neededStackIncrease = newCodeBlock->numParameters() - virtualRegisterForLocal(newCodeBlock->m_numCalleeRegisters).offset() + stackAlignmentRegisters(); No need to add in m_numCalleeRegisters. The function entry point we return to will check that for us. Let's focus this function on just our arguments. It's not good to use one variable to check the stack limit and a separate variable to hold the actual stack change we're going to make, with the two variables having different values. We want our stack check to check the value we're actually going to use. Otherwise, we introduce the possibility of a security bug, and code that's harder to reason about. If you checked the actual value you were going to use, you wouldn't need a long comment explaining how this fake value correlates to the actual value. How about this: ASSERT(argumentCountIncludingThis < newCodeBlock->numParameters()); int missingArgumentCount = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), newCodeBlock->numParameters() - argumentCountIncludingThis); if (!stack->grow(exec->registers() - (missingArgumentCount * sizeof(Register))) // FAIL if (!vm.isSafeToRecurse(missingArgumentCount * sizeof(Register))) // FAIL return missingArgumentCount; > Source/JavaScriptCore/runtime/CommonSlowPaths.h:71 > + // The caller may or may not have already allocated some space for the incoming args. > + // However, to simplify the calcultation, we'll just conservatively allocate space > + // for the expected number of parameters + the number of callee registers. In addition, > + // we'll conservatively add the amount of Please remove. > Source/JavaScriptCore/runtime/VM.h:376 > + return (&curr - neededStackInBytes) >= m_stackLimit; This calculation will underflow if neededStackInBytes is too big. You need &curr >= m_stackLimit && &curr - m_stackLimit >= neededStackInBytes 953635 4 ggaren 2013-11-22 11:51:04 -0800 > How about this: > > ASSERT(argumentCountIncludingThis < newCodeBlock->numParameters()); > int missingArgumentCount = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), newCodeBlock->numParameters() - argumentCountIncludingThis); Actually, this is not quite right, because you also need to account for the size of the call frame header. (It is not guaranteed to be an aligned number.) So, you need: size_t alignedArgumentCount = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), newCodeBlock->numParameters() + CallFrameHeaderSize) - CallFrameHeaderSize; ASSERT(argumentCountIncludingThis < alignedArgumentCount); return alignedArgumentCount - argumentCountIncludingThis; 953636 5 mark.lam 2013-11-22 11:59:27 -0800 (In reply to comment #4) > > How about this: > > > > ASSERT(argumentCountIncludingThis < newCodeBlock->numParameters()); > > int missingArgumentCount = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), newCodeBlock->numParameters() - argumentCountIncludingThis); > > Actually, this is not quite right, because you also need to account for the size of the call frame header. (It is not guaranteed to be an aligned number.) So, you need: > > size_t alignedArgumentCount = WTF::roundUpToMultipleOf(stackAlignmentRegisters(), newCodeBlock->numParameters() + CallFrameHeaderSize) - CallFrameHeaderSize; > ASSERT(argumentCountIncludingThis < alignedArgumentCount); > return alignedArgumentCount - argumentCountIncludingThis; Hmmm, I don't think that that is needed. Consider this example: 1. Upon entry to this code, the callFrame pointer is guaranteed to be aligned, independent on how many bytes the CallFrameHeader is. 2. Alignment requires 16 bytes. Let's say we need 8 bytes for 1 more slot. We'll on need to move the frame by a delta of 16 (rounded up from 8). Regardless of the size of the CallFrameHeader, because we're guaranteed that the callFrame pointer is aligned by the time we get here, all we have to do is ensure that the delta we are introducing is also padded to the required alignment because that's how many bytes we'll shift the frame by. The callFrame pointer will remain aligned after the shift regardless of the size of the CallFrameHeader. 953637 6 217705 mark.lam 2013-11-22 12:09:29 -0800 Created attachment 217705 patch 2: addressed Geoff's feedback. 953640 7 217705 ggaren 2013-11-22 12:26:29 -0800 Comment on attachment 217705 patch 2: addressed Geoff's feedback. r=me 953643 8 mark.lam 2013-11-22 12:30:47 -0800 Thanks. Landed in r159706: <http://trac.webkit.org/r159706>. 217638 2013-11-21 18:15:06 -0800 2013-11-22 12:09:29 -0800 the patch. bug-124756.patch text/plain 5229 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTU5NjU4KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI1IEBA CisyMDEzLTExLTIxICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBF bnN1cmUgdGhhdCBhcml0eSBmaXh1cHMgaG9ub3Igc3RhY2sgYWxpZ25tZW50IHJlcXVpcmVtZW50 cy4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEyNDc1 Ni4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGUg TExJTlQgYW5kIGFsbCB0aGUgSklUcyByZWx5IG9uIENvbW1vblNsb3dQYXRoczo6YXJpdHlDaGVj a0ZvcigpIHRvCisgICAgICAgIGNvbXB1dGUgdGhlIGFyZyBjb3VudCBhZGp1c3RtZW50IGZvciB0 aGUgYXJpdHkgZml4dXAuIFdlIHRha2UgYWR2YW50YWdlCisgICAgICAgIG9mIHRoaXMgY2hva2Ug cG9pbnQgYW5kIGludHJvZHVjZSB0aGUgc3RhY2sgYWxpZ25tZW50IHBhZGRpbmcgdGhlcmUgaW4K KyAgICAgICAgdGhlIGd1aXNlIG9mIGFkZGl0aW9uYWwgYXJncy4KKworICAgICAgICBUaGUgb25s eSBjb3N0IG9mIHRoaXMgYXBwcm9hY2ggaXMgdGhhdCB0aGUgcGFkZGluZyB3aWxsIGFsc28gYmUK KyAgICAgICAgaW5pdGlhbGl6ZWQgdG8gdW5kZWZpbmVkIHZhbHVlcyBhcyBpZiB0aGV5IHdlcmUg YXJncy4gU2luY2UgYXJpdHkgZml4dXBzCisgICAgICAgIGFyZSBjb25zaWRlcmVkIGEgc2xvdyBw YXRoIHRoYXQgaXMgcmFyZWx5IHRha2VuLCB0aGlzIGNvc3QgaXMgbm90IGEKKyAgICAgICAgY29u Y2Vybi4KKworICAgICAgICAqIHJ1bnRpbWUvQ29tbW9uU2xvd1BhdGhzLmg6CisgICAgICAgIChK U0M6OkNvbW1vblNsb3dQYXRoczo6YXJpdHlDaGVja0Zvcik6CisgICAgICAgICogcnVudGltZS9W TS5oOgorICAgICAgICAoSlNDOjpWTTo6aXNTYWZlVG9SZWN1cnNlKToKKwogMjAxMy0xMS0yMSAg TWljaGFlbCBTYWJvZmYgIDxtc2Fib2ZmQGFwcGxlLmNvbT4KIAogICAgICAgICBBUk02NDogSW1w bGVtZW50IHB1c2gvcG9wIGVxdWl2YWxlbnRzIGluIExMSW50CkluZGV4OiBTb3VyY2UvSmF2YVNj cmlwdENvcmUvcnVudGltZS9Db21tb25TbG93UGF0aHMuaAo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvcnVudGltZS9Db21tb25TbG93UGF0aHMuaAkocmV2aXNpb24gMTU5NjUw KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvQ29tbW9uU2xvd1BhdGhzLmgJKHdv cmtpbmcgY29weSkKQEAgLTMxLDcgKzMxLDEwIEBACiAjaW5jbHVkZSAiRXhjZXB0aW9uSGVscGVy cy5oIgogI2luY2x1ZGUgIkpTU3RhY2tJbmxpbmVzLmgiCiAjaW5jbHVkZSAiTmFtZUluc3RhbmNl LmgiCisjaW5jbHVkZSAiU3RhY2tBbGlnbm1lbnQuaCIKKyNpbmNsdWRlICJWTS5oIgogI2luY2x1 ZGUgPHd0Zi9QbGF0Zm9ybS5oPgorI2luY2x1ZGUgPHd0Zi9TdGRMaWJFeHRyYXMuaD4KIAogI2lm IEVOQUJMRShKSVQpIHx8IEVOQUJMRShMTElOVCkKIApAQCAtNTMsMTUgKzU2LDQwIEBAIEFMV0FZ U19JTkxJTkUgaW50IGFyaXR5Q2hlY2tGb3IoRXhlY1N0YXQKICAgICBDb2RlQmxvY2sqIG5ld0Nv ZGVCbG9jayA9IGNhbGxlZS0+anNFeGVjdXRhYmxlKCktPmNvZGVCbG9ja0ZvcihraW5kKTsKICAg ICBpbnQgYXJndW1lbnRDb3VudEluY2x1ZGluZ1RoaXMgPSBleGVjLT5hcmd1bWVudENvdW50SW5j bHVkaW5nVGhpcygpOwogICAgIAotICAgIC8vIFRoaXMgZW5zdXJlcyBlbm91Z2ggc3BhY2UgZm9y IHRoZSB3b3JzdCBjYXNlIHNjZW5hcmlvIG9mIHplcm8gYXJndW1lbnRzIHBhc3NlZCBieSB0aGUg Y2FsbGVyLgotICAgIGlmICghc3RhY2stPmdyb3coZXhlYy0+cmVnaXN0ZXJzKCkgLSBuZXdDb2Rl QmxvY2stPm51bVBhcmFtZXRlcnMoKSArIHZpcnR1YWxSZWdpc3RlckZvckxvY2FsKG5ld0NvZGVC bG9jay0+bV9udW1DYWxsZWVSZWdpc3RlcnMpLm9mZnNldCgpKSkKKyAgICAvLyBUaGUgY2FsbGVy IG1heSBvciBtYXkgbm90IGhhdmUgYWxyZWFkeSBhbGxvY2F0ZWQgc29tZSBzcGFjZSBmb3IgdGhl IGluY29taW5nIGFyZ3MuCisgICAgLy8gSG93ZXZlciwgdG8gc2ltcGxpZnkgdGhlIGNhbGN1bHRh dGlvbiwgd2UnbGwgYXNzdW1lIHRoZSBjYWxsZXIgaGFzIGFsbG9jYXRlZCBub25lCisgICAgLy8g YW5kIGNvbnNlcnZhdGl2ZWx5IGFsbG9jYXRlIHNwYWNlIGZvciB0aGUgZXhwZWN0ZWQgbnVtYmVy IG9mIHBhcmFtZXRlcnMgKyB0aGUgbnVtYmVyCisgICAgLy8gb2YgY2FsbGVlIHJlZ2lzdGVycy4g SW4gYWRkaXRpb24sIHdlJ2xsIGNvbnNlcnZhdGl2ZWx5IGFkZCB0aGUgc3RhY2tBbGlnbm1lbnRS ZWdpc3RlcnMKKyAgICAvLyBhcyB3ZWxsIGluIGNhc2Ugd2UgbmVlZCB0byBwYWQgdGhlIGFyZ3Vt ZW50cy4KKworICAgIGludCBuZWVkZWRTdGFja0luY3JlYXNlID0gbmV3Q29kZUJsb2NrLT5udW1Q YXJhbWV0ZXJzKCkgLSB2aXJ0dWFsUmVnaXN0ZXJGb3JMb2NhbChuZXdDb2RlQmxvY2stPm1fbnVt Q2FsbGVlUmVnaXN0ZXJzKS5vZmZzZXQoKSArIHN0YWNrQWxpZ25tZW50UmVnaXN0ZXJzKCk7CisK KyNpZiBVU0UoU0VQQVJBVEVfQ19BTkRfSlNfU1RBQ0spCisgICAgLy8gVGhlIGNhbGxlciBtYXkg b3IgbWF5IG5vdCBoYXZlIGFscmVhZHkgYWxsb2NhdGVkIHNvbWUgc3BhY2UgZm9yIHRoZSBpbmNv bWluZyBhcmdzLgorICAgIC8vIEhvd2V2ZXIsIHRvIHNpbXBsaWZ5IHRoZSBjYWxjdWx0YXRpb24s IHdlJ2xsIGp1c3QgY29uc2VydmF0aXZlbHkgYWxsb2NhdGUgc3BhY2UKKyAgICAvLyBmb3IgdGhl IGV4cGVjdGVkIG51bWJlciBvZiBwYXJhbWV0ZXJzICsgdGhlIG51bWJlciBvZiBjYWxsZWUgcmVn aXN0ZXJzLiBJbiBhZGRpdGlvbiwKKyAgICAvLyB3ZSdsbCBjb25zZXJ2YXRpdmVseSBhZGQgdGhl IGFtb3VudCBvZiAKKyAgICBpZiAoIXN0YWNrLT5ncm93KGV4ZWMtPnJlZ2lzdGVycygpIC0gbmVl ZGVkU3RhY2tJbmNyZWFzZSkpCiAgICAgICAgIHJldHVybiAtMTsKLSAgICAKLSAgICBBU1NFUlQo YXJndW1lbnRDb3VudEluY2x1ZGluZ1RoaXMgPCBuZXdDb2RlQmxvY2stPm51bVBhcmFtZXRlcnMo KSk7Ci0gICAgCisjZWxzZQorICAgIFVOVVNFRF9QQVJBTShzdGFjayk7CisgICAgVk0mIHZtID0g ZXhlYy0+dm0oKTsKKyAgICBzaXplX3QgbmVlZGVkU3RhY2tJbmNyZWFzZUluQnl0ZXMgPSBuZWVk ZWRTdGFja0luY3JlYXNlICogc2l6ZW9mKFJlZ2lzdGVyKTsKKyAgICBpZiAoIXZtLmlzU2FmZVRv UmVjdXJzZShuZWVkZWRTdGFja0luY3JlYXNlSW5CeXRlcykpCisgICAgICAgIHJldHVybiAtMTsK KyNlbmRpZiAvLyBVU0UoU0VQQVJBVEVfQ19BTkRfSlNfU1RBQ0spCisKICAgICAvLyBUb28gZmV3 IGFyZ3VtZW50cywgcmV0dXJuIHRoZSBudW1iZXIgb2YgbWlzc2luZyBhcmd1bWVudHMgc28gdGhl IGNhbGxlciBjYW4KICAgICAvLyBncm93IHRoZSBmcmFtZSBpbiBwbGFjZSBhbmQgZmlsbCBpbiB1 bmRlZmluZWQgdmFsdWVzIGZvciB0aGUgbWlzc2luZyBhcmdzLgotICAgIHJldHVybihuZXdDb2Rl QmxvY2stPm51bVBhcmFtZXRlcnMoKSAtIGFyZ3VtZW50Q291bnRJbmNsdWRpbmdUaGlzKTsKKyAg ICBBU1NFUlQoYXJndW1lbnRDb3VudEluY2x1ZGluZ1RoaXMgPCBuZXdDb2RlQmxvY2stPm51bVBh cmFtZXRlcnMoKSk7CisgICAgaW50IGFyZ0NvdW50QWRqdXN0bWVudHMgPSBuZXdDb2RlQmxvY2st Pm51bVBhcmFtZXRlcnMoKSAtIGFyZ3VtZW50Q291bnRJbmNsdWRpbmdUaGlzOworCisgICAgLy8g U2luY2UgdGhlIGN1cnJlbnQgY2FsbCBmcmFtZSBwb2ludGVyIGlzIGFscmVhZHkgYWxpZ25lZCwg d2UgbmVlZCB0byBwYWQgYW55CisgICAgLy8gYWRqdXN0bWVudHMgc28gdGhhdCB0aGUgY2FsbCBm cmFtZSBwb2ludGVyIHdpbGwgcmVtYWluIGFsaWduZWQuIFdlJ2xsIGp1c3QgdHJlYXQKKyAgICAv LyB0aGUgcGFkZGluZyAoaWYgYWRkZWQpIGFzIGFkZGl0aW9uYWwgbWlzc2luZyBhcmdzLgorICAg IGludCBwYWRkZWRBcmdDb3VudEFkanVzdG1lbnRzID0gV1RGOjpyb3VuZFVwVG9NdWx0aXBsZU9m KHN0YWNrQWxpZ25tZW50UmVnaXN0ZXJzKCksIGFyZ0NvdW50QWRqdXN0bWVudHMpOworCisgICAg cmV0dXJuIHBhZGRlZEFyZ0NvdW50QWRqdXN0bWVudHM7CiB9CiAKIGlubGluZSBib29sIG9wSW4o RXhlY1N0YXRlKiBleGVjLCBKU1ZhbHVlIHByb3BOYW1lLCBKU1ZhbHVlIGJhc2VWYWwpCkluZGV4 OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9WTS5oCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJj ZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1ZNLmgJKHJldmlzaW9uIDE1OTY1MCkKKysrIFNvdXJj ZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1ZNLmgJKHdvcmtpbmcgY29weSkKQEAgLTM2OSwxMSAr MzY5LDExIEBAIG5hbWVzcGFjZSBKU0MgewogCiAgICAgICAgIHZvaWQqIHN0YWNrTGltaXQoKSB7 IHJldHVybiBtX3N0YWNrTGltaXQ7IH0KICAgICAgICAgdm9pZCBzZXRTdGFja0xpbWl0KHZvaWQq IGxpbWl0KSB7IG1fc3RhY2tMaW1pdCA9IGxpbWl0OyB9Ci0gICAgICAgIGJvb2wgaXNTYWZlVG9S ZWN1cnNlKCkgY29uc3QKKyAgICAgICAgYm9vbCBpc1NhZmVUb1JlY3Vyc2Uoc2l6ZV90IG5lZWRl ZFN0YWNrSW5CeXRlcyA9IDApIGNvbnN0CiAgICAgICAgIHsKICAgICAgICAgICAgIEFTU0VSVCh3 dGZUaHJlYWREYXRhKCkuc3RhY2soKS5pc0dyb3dpbmdEb3dud2FyZCgpKTsKLSAgICAgICAgICAg IHZvaWQqIGN1cnI7Ci0gICAgICAgICAgICByZXR1cm4gJmN1cnIgPj0gbV9zdGFja0xpbWl0Owor ICAgICAgICAgICAgdWludDhfdCogY3VycjsKKyAgICAgICAgICAgIHJldHVybiAoJmN1cnIgLSBu ZWVkZWRTdGFja0luQnl0ZXMpID49IG1fc3RhY2tMaW1pdDsKICAgICAgICAgfQogCiAgICAgICAg IGNvbnN0IENsYXNzSW5mbyogY29uc3QganNBcnJheUNsYXNzSW5mbzsK 217705 2013-11-22 12:09:29 -0800 2013-11-22 12:26:29 -0800 patch 2: addressed Geoff's feedback. bug-124756b.patch text/plain 4097 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTU5NjU4KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI1IEBA CisyMDEzLTExLTIyICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBF bnN1cmUgdGhhdCBhcml0eSBmaXh1cHMgaG9ub3Igc3RhY2sgYWxpZ25tZW50IHJlcXVpcmVtZW50 cy4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEyNDc1 Ni4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGUg TExJTlQgYW5kIGFsbCB0aGUgSklUcyByZWx5IG9uIENvbW1vblNsb3dQYXRoczo6YXJpdHlDaGVj a0ZvcigpIHRvCisgICAgICAgIGNvbXB1dGUgdGhlIGFyZyBjb3VudCBhZGp1c3RtZW50IGZvciB0 aGUgYXJpdHkgZml4dXAuIFdlIHRha2UgYWR2YW50YWdlCisgICAgICAgIG9mIHRoaXMgY2hva2Ug cG9pbnQgYW5kIGludHJvZHVjZSB0aGUgc3RhY2sgYWxpZ25tZW50IHBhZGRpbmcgdGhlcmUgaW4K KyAgICAgICAgdGhlIGd1aXNlIG9mIGFkZGl0aW9uYWwgYXJncy4KKworICAgICAgICBUaGUgb25s eSBjb3N0IG9mIHRoaXMgYXBwcm9hY2ggaXMgdGhhdCB0aGUgcGFkZGluZyB3aWxsIGFsc28gYmUK KyAgICAgICAgaW5pdGlhbGl6ZWQgdG8gdW5kZWZpbmVkIHZhbHVlcyBhcyBpZiB0aGV5IHdlcmUg YXJncy4gU2luY2UgYXJpdHkgZml4dXBzCisgICAgICAgIGFyZSBjb25zaWRlcmVkIGEgc2xvdyBw YXRoIHRoYXQgaXMgcmFyZWx5IHRha2VuLCB0aGlzIGNvc3QgaXMgbm90IGEKKyAgICAgICAgY29u Y2Vybi4KKworICAgICAgICAqIHJ1bnRpbWUvQ29tbW9uU2xvd1BhdGhzLmg6CisgICAgICAgIChK U0M6OkNvbW1vblNsb3dQYXRoczo6YXJpdHlDaGVja0Zvcik6CisgICAgICAgICogcnVudGltZS9W TS5oOgorICAgICAgICAoSlNDOjpWTTo6aXNTYWZlVG9SZWN1cnNlKToKKwogMjAxMy0xMS0yMSAg TWljaGFlbCBTYWJvZmYgIDxtc2Fib2ZmQGFwcGxlLmNvbT4KIAogICAgICAgICBBUk02NDogSW1w bGVtZW50IHB1c2gvcG9wIGVxdWl2YWxlbnRzIGluIExMSW50CkluZGV4OiBTb3VyY2UvSmF2YVNj cmlwdENvcmUvcnVudGltZS9Db21tb25TbG93UGF0aHMuaAo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvcnVudGltZS9Db21tb25TbG93UGF0aHMuaAkocmV2aXNpb24gMTU5NjUw KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvQ29tbW9uU2xvd1BhdGhzLmgJKHdv cmtpbmcgY29weSkKQEAgLTMxLDcgKzMxLDEwIEBACiAjaW5jbHVkZSAiRXhjZXB0aW9uSGVscGVy cy5oIgogI2luY2x1ZGUgIkpTU3RhY2tJbmxpbmVzLmgiCiAjaW5jbHVkZSAiTmFtZUluc3RhbmNl LmgiCisjaW5jbHVkZSAiU3RhY2tBbGlnbm1lbnQuaCIKKyNpbmNsdWRlICJWTS5oIgogI2luY2x1 ZGUgPHd0Zi9QbGF0Zm9ybS5oPgorI2luY2x1ZGUgPHd0Zi9TdGRMaWJFeHRyYXMuaD4KIAogI2lm IEVOQUJMRShKSVQpIHx8IEVOQUJMRShMTElOVCkKIApAQCAtNTMsMTUgKzU2LDIwIEBAIEFMV0FZ U19JTkxJTkUgaW50IGFyaXR5Q2hlY2tGb3IoRXhlY1N0YXQKICAgICBDb2RlQmxvY2sqIG5ld0Nv ZGVCbG9jayA9IGNhbGxlZS0+anNFeGVjdXRhYmxlKCktPmNvZGVCbG9ja0ZvcihraW5kKTsKICAg ICBpbnQgYXJndW1lbnRDb3VudEluY2x1ZGluZ1RoaXMgPSBleGVjLT5hcmd1bWVudENvdW50SW5j bHVkaW5nVGhpcygpOwogICAgIAotICAgIC8vIFRoaXMgZW5zdXJlcyBlbm91Z2ggc3BhY2UgZm9y IHRoZSB3b3JzdCBjYXNlIHNjZW5hcmlvIG9mIHplcm8gYXJndW1lbnRzIHBhc3NlZCBieSB0aGUg Y2FsbGVyLgotICAgIGlmICghc3RhY2stPmdyb3coZXhlYy0+cmVnaXN0ZXJzKCkgLSBuZXdDb2Rl QmxvY2stPm51bVBhcmFtZXRlcnMoKSArIHZpcnR1YWxSZWdpc3RlckZvckxvY2FsKG5ld0NvZGVC bG9jay0+bV9udW1DYWxsZWVSZWdpc3RlcnMpLm9mZnNldCgpKSkKLSAgICAgICAgcmV0dXJuIC0x OwotICAgIAogICAgIEFTU0VSVChhcmd1bWVudENvdW50SW5jbHVkaW5nVGhpcyA8IG5ld0NvZGVC bG9jay0+bnVtUGFyYW1ldGVycygpKTsKLSAgICAKLSAgICAvLyBUb28gZmV3IGFyZ3VtZW50cywg cmV0dXJuIHRoZSBudW1iZXIgb2YgbWlzc2luZyBhcmd1bWVudHMgc28gdGhlIGNhbGxlciBjYW4K LSAgICAvLyBncm93IHRoZSBmcmFtZSBpbiBwbGFjZSBhbmQgZmlsbCBpbiB1bmRlZmluZWQgdmFs dWVzIGZvciB0aGUgbWlzc2luZyBhcmdzLgotICAgIHJldHVybihuZXdDb2RlQmxvY2stPm51bVBh cmFtZXRlcnMoKSAtIGFyZ3VtZW50Q291bnRJbmNsdWRpbmdUaGlzKTsKKyAgICBpbnQgbWlzc2lu Z0FyZ3VtZW50Q291bnQgPSBuZXdDb2RlQmxvY2stPm51bVBhcmFtZXRlcnMoKSAtIGFyZ3VtZW50 Q291bnRJbmNsdWRpbmdUaGlzOworICAgIGludCBwYWRkZWRNaXNzaW5nQXJndW1lbnRDb3VudCA9 IFdURjo6cm91bmRVcFRvTXVsdGlwbGVPZihzdGFja0FsaWdubWVudFJlZ2lzdGVycygpLCBtaXNz aW5nQXJndW1lbnRDb3VudCk7CisKKyNpZiBVU0UoU0VQQVJBVEVfQ19BTkRfSlNfU1RBQ0spCisg ICAgaWYgKCFzdGFjay0+Z3JvdyhleGVjLT5yZWdpc3RlcnMoKSAtIHBhZGRlZE1pc3NpbmdBcmd1 bWVudENvdW50KSkKKyAgICAgICAgcmV0dXJuIC0xOworI2Vsc2UKKyAgICBVTlVTRURfUEFSQU0o c3RhY2spOworICAgIGlmICghZXhlYy0+dm0oKS5pc1NhZmVUb1JlY3Vyc2UocGFkZGVkTWlzc2lu Z0FyZ3VtZW50Q291bnQgKiBzaXplb2YoUmVnaXN0ZXIpKSkKKyAgICAgICAgcmV0dXJuIC0xOwor I2VuZGlmIC8vIFVTRShTRVBBUkFURV9DX0FORF9KU19TVEFDSykKKworICAgIHJldHVybiBwYWRk ZWRNaXNzaW5nQXJndW1lbnRDb3VudDsKIH0KIAogaW5saW5lIGJvb2wgb3BJbihFeGVjU3RhdGUq IGV4ZWMsIEpTVmFsdWUgcHJvcE5hbWUsIEpTVmFsdWUgYmFzZVZhbCkKSW5kZXg6IFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9ydW50aW1lL1ZNLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3Jp cHRDb3JlL3J1bnRpbWUvVk0uaAkocmV2aXNpb24gMTU5NjUwKQorKysgU291cmNlL0phdmFTY3Jp cHRDb3JlL3J1bnRpbWUvVk0uaAkod29ya2luZyBjb3B5KQpAQCAtMzY5LDExICszNjksMTIgQEAg bmFtZXNwYWNlIEpTQyB7CiAKICAgICAgICAgdm9pZCogc3RhY2tMaW1pdCgpIHsgcmV0dXJuIG1f c3RhY2tMaW1pdDsgfQogICAgICAgICB2b2lkIHNldFN0YWNrTGltaXQodm9pZCogbGltaXQpIHsg bV9zdGFja0xpbWl0ID0gbGltaXQ7IH0KLSAgICAgICAgYm9vbCBpc1NhZmVUb1JlY3Vyc2UoKSBj b25zdAorICAgICAgICBib29sIGlzU2FmZVRvUmVjdXJzZShzaXplX3QgbmVlZGVkU3RhY2tJbkJ5 dGVzID0gMCkgY29uc3QKICAgICAgICAgewogICAgICAgICAgICAgQVNTRVJUKHd0ZlRocmVhZERh dGEoKS5zdGFjaygpLmlzR3Jvd2luZ0Rvd253YXJkKCkpOwotICAgICAgICAgICAgdm9pZCogY3Vy cjsKLSAgICAgICAgICAgIHJldHVybiAmY3VyciA+PSBtX3N0YWNrTGltaXQ7CisgICAgICAgICAg ICBpbnQ4X3QqIGN1cnIgPSByZWludGVycHJldF9jYXN0PGludDhfdCo+KCZjdXJyKTsKKyAgICAg ICAgICAgIGludDhfdCogbGltaXQgPSByZWludGVycHJldF9jYXN0PGludDhfdCo+KG1fc3RhY2tM aW1pdCk7CisgICAgICAgICAgICByZXR1cm4gY3VyciA+PSBsaW1pdCAmJiBzdGF0aWNfY2FzdDxz aXplX3Q+KGN1cnIgLSBsaW1pdCkgPj0gbmVlZGVkU3RhY2tJbkJ5dGVzOwogICAgICAgICB9CiAK ICAgICAgICAgY29uc3QgQ2xhc3NJbmZvKiBjb25zdCBqc0FycmF5Q2xhc3NJbmZvOwo=