128017 2014-01-31 14:26:40 -0800 REGRESSION: Crash in sanitizeStackForVMImpl when scrolling @ lifehacker.com.au 2021-11-03 03:13:34 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) iPhone / iPad All RESOLVED FIXED InRadar P2 Normal --- 1 msaboff msaboff benjamin cmarcelo commit-queue sondracake50 oldest_to_newest 974471 0 msaboff 2014-01-31 14:26:40 -0800 We aren't changing VM::m_lastStackTop when we change threads and therefore stacks. 974487 1 msaboff 2014-01-31 14:43:12 -0800 <rdar://problem/15939497> 974494 2 222858 msaboff 2014-01-31 14:54:47 -0800 Created attachment 222858 Patch 974504 3 222858 ggaren 2014-01-31 15:13:54 -0800 Comment on attachment 222858 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=222858&action=review > Source/JavaScriptCore/runtime/JSLock.cpp:131 > + if (!m_vm->stackPointerAtVMEntry) { > + entryStackPointer = &holder; // A proxy for the current stack pointer. > + m_vm->stackPointerAtVMEntry = entryStackPointer; > + threadData.setSavedReservedZoneSize(m_vm->updateStackLimitWithReservedZoneSize(Options::reservedZoneSize())); > + } If I start executing on Thread A, and then continue executing on Thread B, who sets Thread B's stack limit as the VM's current stack limit? Won't this code allow Thread B to overflow the stack, since Thread B never installs its own stack limit in the VM? 974511 4 msaboff 2014-01-31 15:37:10 -0800 (In reply to comment #3) > (From update of attachment 222858 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=222858&action=review > > > Source/JavaScriptCore/runtime/JSLock.cpp:131 > > + if (!m_vm->stackPointerAtVMEntry) { > > + entryStackPointer = &holder; // A proxy for the current stack pointer. > > + m_vm->stackPointerAtVMEntry = entryStackPointer; > > + threadData.setSavedReservedZoneSize(m_vm->updateStackLimitWithReservedZoneSize(Options::reservedZoneSize())); > > + } > > If I start executing on Thread A, and then continue executing on Thread B, who sets Thread B's stack limit as the VM's current stack limit? > > Won't this code allow Thread B to overflow the stack, since Thread B never installs its own stack limit in the VM? When Thread A drops all locks, we set VM::stackPointerAtVMEntry to nullptr, thus allowing Thread B to install their stack limits. When A reacquires the lock, it will restore its saved stack limit values. 974517 5 msaboff 2014-01-31 15:49:14 -0800 Committed r163214: <http://trac.webkit.org/changeset/163214> 222858 2014-01-31 14:54:47 -0800 2014-01-31 15:13:54 -0800 Patch 128017.patch text/plain 10453 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTYzMjA1KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI3IEBA CisyMDE0LTAxLTMxICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIFJFR1JFU1NJT046IENyYXNoIGluIHNhbml0aXplU3RhY2tGb3JWTUltcGwgd2hlbiBzY3Jv bGxpbmcgQCBsaWZlaGFja2VyLmNvbS5hdQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9MTI4MDE3CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChP T1BTISkuCisKKyAgICAgICAgTW92ZWQgdGhlIHNldHRpbmcgYW5kIHNhdmluZyBvZiBWTTo6c3Rh Y2tQb2ludGVyQXRWTUVudHJ5IGFuZCB0aGUgY29ycmVzcG9uZGluZyBzdGFjayBsaW1pdAorICAg ICAgICB0byBKU0xvY2sgYW5kIEpTTG9jazo6RHJvcEFsbExvY2tzLiAgVGhlIHNhdmVkIGRhdGEg aXMgbm93IHN0b3JlZCBpbiBwZXItdGhyZWFkIGluCisgICAgICAgIFdURlRocmVhZERhdGEuCisK KyAgICAgICAgKiBydW50aW1lL0luaXRpYWxpemVUaHJlYWRpbmcuY3BwOgorICAgICAgICAoSlND Ojppbml0aWFsaXplVGhyZWFkaW5nKToKKyAgICAgICAgKiBydW50aW1lL0pTTG9jay5jcHA6Cisg ICAgICAgIChKU0M6OkpTTG9jazo6bG9jayk6CisgICAgICAgIChKU0M6OkpTTG9jazo6dW5sb2Nr KToKKyAgICAgICAgKEpTQzo6SlNMb2NrOjpEcm9wQWxsTG9ja3M6OkRyb3BBbGxMb2Nrcyk6Cisg ICAgICAgIChKU0M6OkpTTG9jazo6RHJvcEFsbExvY2tzOjp+RHJvcEFsbExvY2tzKToKKyAgICAg ICAgKiBydW50aW1lL0pTTG9jay5oOgorICAgICAgICAqIHJ1bnRpbWUvVk1FbnRyeVNjb3BlLmNw cDoKKyAgICAgICAgKEpTQzo6Vk1FbnRyeVNjb3BlOjpWTUVudHJ5U2NvcGUpOgorICAgICAgICAo SlNDOjpWTUVudHJ5U2NvcGU6On5WTUVudHJ5U2NvcGUpOgorICAgICAgICAqIHJ1bnRpbWUvVk1F bnRyeVNjb3BlLmg6CisKIDIwMTQtMDEtMzEgIE9saXZlciBIdW50ICA8b2xpdmVyQGFwcGxlLmNv bT4KIAogICAgICAgICBGaXggd2luZG93cwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL3J1 bnRpbWUvSW5pdGlhbGl6ZVRocmVhZGluZy5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFT Y3JpcHRDb3JlL3J1bnRpbWUvSW5pdGlhbGl6ZVRocmVhZGluZy5jcHAJKHJldmlzaW9uIDE2MzIw NSkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0luaXRpYWxpemVUaHJlYWRpbmcu Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC03Miw2ICs3MiwxMCBAQCB2b2lkIGluaXRpYWxpemVUaHJl YWRpbmcoKQogI2lmbmRlZiBOREVCVUcKICAgICAgICAgRGlzYWxsb3dHQzo6aW5pdGlhbGl6ZSgp OwogI2VuZGlmCisgICAgICAgIFdURlRocmVhZERhdGEmIHRocmVhZERhdGEgPSB3dGZUaHJlYWRE YXRhKCk7CisgICAgICAgIAorICAgICAgICB0aHJlYWREYXRhLnNldFNhdmVkTGFzdFN0YWNrVG9w KHRocmVhZERhdGEuc3RhY2soKS5vcmlnaW4oKSk7CisgICAgICAgIHRocmVhZERhdGEuc2V0U2F2 ZWRSZXNlcnZlZFpvbmVTaXplKE9wdGlvbnM6OnJlc2VydmVkWm9uZVNpemUoKSk7CiAgICAgfSk7 CiB9CiAKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTTG9jay5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNMb2NrLmNwcAkocmV2 aXNpb24gMTYzMjA1KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNMb2NrLmNw cAkod29ya2luZyBjb3B5KQpAQCAtMTIxLDYgKzEyMSwxNiBAQCB2b2lkIEpTTG9jazo6bG9jaygp CiAgICAgICAgIG1fb3duZXJUaHJlYWQgPSBjdXJyZW50VGhyZWFkOwogICAgICAgICBBU1NFUlQo IW1fbG9ja0NvdW50KTsKICAgICAgICAgbV9sb2NrQ291bnQgPSAxOworCisgICAgICAgIFdURlRo cmVhZERhdGEmIHRocmVhZERhdGEgPSB3dGZUaHJlYWREYXRhKCk7CisKKyAgICAgICAgaWYgKCFt X3ZtLT5zdGFja1BvaW50ZXJBdFZNRW50cnkpIHsKKyAgICAgICAgICAgIGVudHJ5U3RhY2tQb2lu dGVyID0gJmhvbGRlcjsgLy8gQSBwcm94eSBmb3IgdGhlIGN1cnJlbnQgc3RhY2sgcG9pbnRlci4K KyAgICAgICAgICAgIG1fdm0tPnN0YWNrUG9pbnRlckF0Vk1FbnRyeSA9IGVudHJ5U3RhY2tQb2lu dGVyOworICAgICAgICAgICAgdGhyZWFkRGF0YS5zZXRTYXZlZFJlc2VydmVkWm9uZVNpemUobV92 bS0+dXBkYXRlU3RhY2tMaW1pdFdpdGhSZXNlcnZlZFpvbmVTaXplKE9wdGlvbnM6OnJlc2VydmVk Wm9uZVNpemUoKSkpOworICAgICAgICB9CisKKyAgICAgICAgbV92bS0+c2V0TGFzdFN0YWNrVG9w KHRocmVhZERhdGEuc2F2ZWRMYXN0U3RhY2tUb3AoKSk7CiAgICAgfQogfQogCkBAIC0xMzEsOCAr MTQxLDEzIEBAIHZvaWQgSlNMb2NrOjp1bmxvY2soKQogCiAgICAgbV9sb2NrQ291bnQtLTsKIAot ICAgIGlmICghbV9sb2NrQ291bnQpCisgICAgaWYgKCFtX2xvY2tDb3VudCkgeworICAgICAgICBp ZiAobV92bSAmJiBtX3ZtLT5zdGFja1BvaW50ZXJBdFZNRW50cnkgPT0gZW50cnlTdGFja1BvaW50 ZXIpIHsKKyAgICAgICAgICAgIG1fdm0tPnN0YWNrUG9pbnRlckF0Vk1FbnRyeSA9IG51bGxwdHI7 CisgICAgICAgICAgICBtX3ZtLT51cGRhdGVTdGFja0xpbWl0V2l0aFJlc2VydmVkWm9uZVNpemUo d3RmVGhyZWFkRGF0YSgpLnNhdmVkUmVzZXJ2ZWRab25lU2l6ZSgpKTsKKyAgICAgICAgfQogICAg ICAgICBtX2xvY2sudW5sb2NrKCk7CisgICAgfQogfQogCiB2b2lkIEpTTG9jazo6bG9jayhFeGVj U3RhdGUqIGV4ZWMpCkBAIC0yOTAsOCArMzA1LDEzIEBAIEpTTG9jazo6RHJvcEFsbExvY2tzOjpE cm9wQWxsTG9ja3MoRXhlY1MKICNpZiBQTEFURk9STShJT1MpCiAgICAgU3BpbkxvY2tIb2xkZXIg aG9sZGVyKCZzcGluTG9jayk7CiAjZW5kaWYKLSAgICBtX3NhdmVkUmVzZXJ2ZWRab25lU2l6ZSA9 IG1fdm0tPnJlc2VydmVkWm9uZVNpemUoKTsKLSAgICBtX3NhdmVkU3RhY2tQb2ludGVyQXRWTUVu dHJ5ID0gbV92bS0+c3RhY2tQb2ludGVyQXRWTUVudHJ5OworCisgICAgV1RGVGhyZWFkRGF0YSYg dGhyZWFkRGF0YSA9IHd0ZlRocmVhZERhdGEoKTsKKyAgICAKKyAgICB0aHJlYWREYXRhLnNldFNh dmVkU3RhY2tQb2ludGVyQXRWTUVudHJ5KG1fdm0tPnN0YWNrUG9pbnRlckF0Vk1FbnRyeSk7Cisg ICAgdGhyZWFkRGF0YS5zZXRTYXZlZExhc3RTdGFja1RvcChtX3ZtLT5sYXN0U3RhY2tUb3AoKSk7 CisgICAgdGhyZWFkRGF0YS5zZXRTYXZlZFJlc2VydmVkWm9uZVNpemUobV92bS0+cmVzZXJ2ZWRa b25lU2l6ZSgpKTsKKwogICAgIG1fdm0tPnN0YWNrUG9pbnRlckF0Vk1FbnRyeSA9IG51bGxwdHI7 CiAKICAgICBpZiAoYWx3YXlzRHJvcExvY2tzKQpAQCAtMzEwLDggKzMzMCwxMyBAQCBKU0xvY2s6 OkRyb3BBbGxMb2Nrczo6RHJvcEFsbExvY2tzKFZNKiB2CiAjaWYgUExBVEZPUk0oSU9TKQogICAg IFNwaW5Mb2NrSG9sZGVyIGhvbGRlcigmc3BpbkxvY2spOwogI2VuZGlmCi0gICAgbV9zYXZlZFJl c2VydmVkWm9uZVNpemUgPSBtX3ZtLT5yZXNlcnZlZFpvbmVTaXplKCk7Ci0gICAgbV9zYXZlZFN0 YWNrUG9pbnRlckF0Vk1FbnRyeSA9IG1fdm0tPnN0YWNrUG9pbnRlckF0Vk1FbnRyeTsKKworICAg IFdURlRocmVhZERhdGEmIHRocmVhZERhdGEgPSB3dGZUaHJlYWREYXRhKCk7CisgICAgCisgICAg dGhyZWFkRGF0YS5zZXRTYXZlZFN0YWNrUG9pbnRlckF0Vk1FbnRyeShtX3ZtLT5zdGFja1BvaW50 ZXJBdFZNRW50cnkpOworICAgIHRocmVhZERhdGEuc2V0U2F2ZWRMYXN0U3RhY2tUb3AobV92bS0+ bGFzdFN0YWNrVG9wKCkpOworICAgIHRocmVhZERhdGEuc2V0U2F2ZWRSZXNlcnZlZFpvbmVTaXpl KG1fdm0tPnJlc2VydmVkWm9uZVNpemUoKSk7CisKICAgICBtX3ZtLT5zdGFja1BvaW50ZXJBdFZN RW50cnkgPSBudWxscHRyOwogCiAgICAgaWYgKGFsd2F5c0Ryb3BMb2NrcykKQEAgLTMzMCw4ICsz NTUsMTEgQEAgSlNMb2NrOjpEcm9wQWxsTG9ja3M6On5Ecm9wQWxsTG9ja3MoKQogI2VuZGlmCiAg ICAgbV92bS0+YXBpTG9jaygpLmdyYWJBbGxMb2NrcyhtX2xvY2tDb3VudCwgc3BpbkxvY2spOwog Ci0gICAgbV92bS0+c3RhY2tQb2ludGVyQXRWTUVudHJ5ID0gbV9zYXZlZFN0YWNrUG9pbnRlckF0 Vk1FbnRyeTsKLSAgICBtX3ZtLT51cGRhdGVTdGFja0xpbWl0V2l0aFJlc2VydmVkWm9uZVNpemUo bV9zYXZlZFJlc2VydmVkWm9uZVNpemUpOworICAgIFdURlRocmVhZERhdGEmIHRocmVhZERhdGEg PSB3dGZUaHJlYWREYXRhKCk7CisKKyAgICBtX3ZtLT5zdGFja1BvaW50ZXJBdFZNRW50cnkgPSB0 aHJlYWREYXRhLnNhdmVkU3RhY2tQb2ludGVyQXRWTUVudHJ5KCk7CisgICAgbV92bS0+c2V0TGFz dFN0YWNrVG9wKHRocmVhZERhdGEuc2F2ZWRMYXN0U3RhY2tUb3AoKSk7CisgICAgbV92bS0+dXBk YXRlU3RhY2tMaW1pdFdpdGhSZXNlcnZlZFpvbmVTaXplKHRocmVhZERhdGEuc2F2ZWRSZXNlcnZl ZFpvbmVTaXplKCkpOwogfQogCiB9IC8vIG5hbWVzcGFjZSBKU0MKSW5kZXg6IFNvdXJjZS9KYXZh U2NyaXB0Q29yZS9ydW50aW1lL0pTTG9jay5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2Ny aXB0Q29yZS9ydW50aW1lL0pTTG9jay5oCShyZXZpc2lvbiAxNjMyMDUpCisrKyBTb3VyY2UvSmF2 YVNjcmlwdENvcmUvcnVudGltZS9KU0xvY2suaAkod29ya2luZyBjb3B5KQpAQCAtMTEwLDggKzEx MCw2IEBAIG5hbWVzcGFjZSBKU0MgewogICAgICAgICBwcml2YXRlOgogICAgICAgICAgICAgaW50 cHRyX3QgbV9sb2NrQ291bnQ7CiAgICAgICAgICAgICBSZWZQdHI8Vk0+IG1fdm07Ci0gICAgICAg ICAgICBzaXplX3QgbV9zYXZlZFJlc2VydmVkWm9uZVNpemU7Ci0gICAgICAgICAgICB2b2lkKiBt X3NhdmVkU3RhY2tQb2ludGVyQXRWTUVudHJ5OwogICAgICAgICB9OwogCiAgICAgcHJpdmF0ZToK QEAgLTEyNSw2ICsxMjMsNyBAQCBuYW1lc3BhY2UgSlNDIHsKICAgICAgICAgaW50cHRyX3QgbV9s b2NrQ291bnQ7CiAgICAgICAgIHVuc2lnbmVkIG1fbG9ja0Ryb3BEZXB0aDsKICAgICAgICAgVk0q IG1fdm07CisgICAgICAgIHZvaWQqIGVudHJ5U3RhY2tQb2ludGVyOwogICAgIH07CiAKIH0gLy8g bmFtZXNwYWNlCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9WTUVudHJ5U2Nv cGUuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1ZNRW50 cnlTY29wZS5jcHAJKHJldmlzaW9uIDE2MzIwNSkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9y dW50aW1lL1ZNRW50cnlTY29wZS5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTUxLDMxICs1MSwyMCBA QCBWTUVudHJ5U2NvcGU6OlZNRW50cnlTY29wZShWTSYgdm0sIEpTR2xvCiAgICAgICAgIHZtLnJl c2V0RGF0ZUNhY2hlKCk7CiAgICAgfQogCi0gICAgaWYgKCF2bS5zdGFja1BvaW50ZXJBdFZNRW50 cnkpIHsKLSAgICAgICAgdm0uc3RhY2tQb2ludGVyQXRWTUVudHJ5ID0gdGhpczsKLSAgICAgICAg bV9zYXZlZFJlc2VydmVkWm9uZVNpemUgPSB2bS51cGRhdGVTdGFja0xpbWl0V2l0aFJlc2VydmVk Wm9uZVNpemUoT3B0aW9uczo6cmVzZXJ2ZWRab25lU2l6ZSgpKTsKLSAgICB9Ci0KICAgICAvLyBD bGVhciB0aGUgY2FwdHVyZWQgZXhjZXB0aW9uIHN0YWNrIGJldHdlZW4gZW50cmllcwogICAgIHZt LmNsZWFyRXhjZXB0aW9uU3RhY2soKTsKIH0KIAogVk1FbnRyeVNjb3BlOjp+Vk1FbnRyeVNjb3Bl KCkKIHsKLSAgICBpZiAobV92bS5lbnRyeVNjb3BlID09IHRoaXMpCi0gICAgICAgIG1fdm0uZW50 cnlTY29wZSA9IG51bGxwdHI7Ci0gICAgaWYgKG1fdm0uc3RhY2tQb2ludGVyQXRWTUVudHJ5ID09 IHRoaXMpIHsKLSAgICAgICAgbV92bS5zdGFja1BvaW50ZXJBdFZNRW50cnkgPSBudWxscHRyOwot ICAgICAgICBtX3ZtLnVwZGF0ZVN0YWNrTGltaXRXaXRoUmVzZXJ2ZWRab25lU2l6ZShtX3NhdmVk UmVzZXJ2ZWRab25lU2l6ZSk7Ci0gICAgfQorICAgIGlmIChtX3ZtLmVudHJ5U2NvcGUgIT0gdGhp cykKKyAgICAgICAgcmV0dXJuOworCisgICAgbV92bS5lbnRyeVNjb3BlID0gbnVsbHB0cjsKIAog ICAgIGlmIChtX3JlY29tcGlsYXRpb25OZWVkZWQpIHsKLSAgICAgICAgaWYgKG1fdm0uZW50cnlT Y29wZSkKLSAgICAgICAgICAgIG1fdm0uZW50cnlTY29wZS0+c2V0UmVjb21waWxhdGlvbk5lZWRl ZCh0cnVlKTsKLSAgICAgICAgZWxzZSB7Ci0gICAgICAgICAgICBpZiAoRGVidWdnZXIqIGRlYnVn Z2VyID0gbV9nbG9iYWxPYmplY3QtPmRlYnVnZ2VyKCkpCi0gICAgICAgICAgICAgICAgZGVidWdn ZXItPnJlY29tcGlsZUFsbEpTRnVuY3Rpb25zKCZtX3ZtKTsKLSAgICAgICAgfQorICAgICAgICBp ZiAoRGVidWdnZXIqIGRlYnVnZ2VyID0gbV9nbG9iYWxPYmplY3QtPmRlYnVnZ2VyKCkpCisgICAg ICAgICAgICBkZWJ1Z2dlci0+cmVjb21waWxlQWxsSlNGdW5jdGlvbnMoJm1fdm0pOwogICAgIH0K IH0KIApJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvVk1FbnRyeVNjb3BlLmgK PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvVk1FbnRyeVNjb3Bl LmgJKHJldmlzaW9uIDE2MzIwNSkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1ZN RW50cnlTY29wZS5oCSh3b3JraW5nIGNvcHkpCkBAIC00NiwxMyArNDYsMTAgQEAgcHVibGljOgog CiBwcml2YXRlOgogICAgIFZNJiBtX3ZtOwotICAgIFN0YWNrU3RhdHM6OkNoZWNrUG9pbnQgbV9z dGFja0NoZWNrUG9pbnQ7CiAgICAgSlNHbG9iYWxPYmplY3QqIG1fZ2xvYmFsT2JqZWN0OwotICAg IHNpemVfdCBtX3NhdmVkUmVzZXJ2ZWRab25lU2l6ZTsKICAgICBib29sIG1fcmVjb21waWxhdGlv bk5lZWRlZDsKIH07CiAKIH0gLy8gbmFtZXNwYWNlIEpTQwogCiAjZW5kaWYgLy8gVk1FbnRyeVNj b3BlX2gKLQpJbmRleDogU291cmNlL1dURi9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNl L1dURi9DaGFuZ2VMb2cJKHJldmlzaW9uIDE2MzIwNSkKKysrIFNvdXJjZS9XVEYvQ2hhbmdlTG9n CSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjQgQEAKKzIwMTQtMDEtMzEgIE1pY2hhZWwgU2Fi b2ZmICA8bXNhYm9mZkBhcHBsZS5jb20+CisKKyAgICAgICAgUkVHUkVTU0lPTjogQ3Jhc2ggaW4g c2FuaXRpemVTdGFja0ZvclZNSW1wbCB3aGVuIHNjcm9sbGluZyBAIGxpZmVoYWNrZXIuY29tLmF1 CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjgwMTcK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBNb3ZlZCB0 aGUgc2V0dGluZyBhbmQgc2F2aW5nIG9mIFZNOjpzdGFja1BvaW50ZXJBdFZNRW50cnkgYW5kIHRo ZSBjb3JyZXNwb25kaW5nIHN0YWNrIGxpbWl0CisgICAgICAgIHRvIEpTTG9jayBhbmQgSlNMb2Nr OjpEcm9wQWxsTG9ja3MuICBUaGUgc2F2ZWQgZGF0YSBpcyBub3cgc3RvcmVkIGluIHBlci10aHJl YWQgaW4KKyAgICAgICAgV1RGVGhyZWFkRGF0YS4KKworICAgICAgICAqIHd0Zi9XVEZUaHJlYWRE YXRhLmNwcDoKKyAgICAgICAgKFdURjo6V1RGVGhyZWFkRGF0YTo6V1RGVGhyZWFkRGF0YSk6Cisg ICAgICAgICogd3RmL1dURlRocmVhZERhdGEuaDoKKyAgICAgICAgKFdURjo6V1RGVGhyZWFkRGF0 YTo6c2F2ZWRTdGFja1BvaW50ZXJBdFZNRW50cnkpOgorICAgICAgICAoV1RGOjpXVEZUaHJlYWRE YXRhOjpzZXRTYXZlZFN0YWNrUG9pbnRlckF0Vk1FbnRyeSk6CisgICAgICAgIChXVEY6OldURlRo cmVhZERhdGE6OnNhdmVkTGFzdFN0YWNrVG9wKToKKyAgICAgICAgKFdURjo6V1RGVGhyZWFkRGF0 YTo6c2V0U2F2ZWRMYXN0U3RhY2tUb3ApOgorICAgICAgICAoV1RGOjpXVEZUaHJlYWREYXRhOjpz YXZlZFJlc2VydmVkWm9uZVNpemUpOgorICAgICAgICAoV1RGOjpXVEZUaHJlYWREYXRhOjpzZXRT YXZlZFJlc2VydmVkWm9uZVNpemUpOgorCiAyMDE0LTAxLTMwICBBbmRyZWkgQnVjdXIgIDxhYnVj dXJAYWRvYmUuY29tPgogCiAgICAgICAgIFJlbW92ZSB0aGUgQUNDRUxFUkFURURfQ09NUE9TSVRJ TkcgZmxhZwpJbmRleDogU291cmNlL1dURi93dGYvV1RGVGhyZWFkRGF0YS5jcHAKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gU291cmNlL1dURi93dGYvV1RGVGhyZWFkRGF0YS5jcHAJKHJldmlzaW9uIDE2MzIwNSkK KysrIFNvdXJjZS9XVEYvd3RmL1dURlRocmVhZERhdGEuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC00 OSw2ICs0OSw5IEBAIFdURlRocmVhZERhdGE6OldURlRocmVhZERhdGEoKQogI2lmIEVOQUJMRShT VEFDS19TVEFUUykKICAgICAsIG1fc3RhY2tTdGF0cygpCiAjZW5kaWYKKyAgICAsIG1fc2F2ZWRT dGFja1BvaW50ZXJBdFZNRW50cnkoMCkKKyAgICAsIG1fc2F2ZWRMYXN0U3RhY2tUb3Aoc3RhY2so KS5vcmlnaW4oKSkKKyAgICAsIG1fc2F2ZWRSZXNlcnZlZFpvbmVTaXplKDApCiB7CiAjaWYgVVNF KFdFQl9USFJFQUQpCiAgICAgc3RhdGljIEpTQzo6SWRlbnRpZmllclRhYmxlKiBzaGFyZWRJZGVu dGlmaWVyVGFibGUgPSBuZXcgSlNDOjpJZGVudGlmaWVyVGFibGUoKTsKSW5kZXg6IFNvdXJjZS9X VEYvd3RmL1dURlRocmVhZERhdGEuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV1RGL3d0Zi9XVEZU aHJlYWREYXRhLmgJKHJldmlzaW9uIDE2MzIwNSkKKysrIFNvdXJjZS9XVEYvd3RmL1dURlRocmVh ZERhdGEuaAkod29ya2luZyBjb3B5KQpAQCAtMTA2LDYgKzEwNiwzNiBAQCBwdWJsaWM6CiAgICAg fQogI2VuZGlmCiAKKyAgICB2b2lkKiBzYXZlZFN0YWNrUG9pbnRlckF0Vk1FbnRyeSgpCisgICAg eworICAgICAgICByZXR1cm4gbV9zYXZlZFN0YWNrUG9pbnRlckF0Vk1FbnRyeTsKKyAgICB9CisK KyAgICB2b2lkIHNldFNhdmVkU3RhY2tQb2ludGVyQXRWTUVudHJ5KHZvaWQqIHN0YWNrUG9pbnRl ckF0Vk1FbnRyeSkKKyAgICB7CisgICAgICAgIG1fc2F2ZWRTdGFja1BvaW50ZXJBdFZNRW50cnkg PSBzdGFja1BvaW50ZXJBdFZNRW50cnk7CisgICAgfQorCisgICAgdm9pZCogc2F2ZWRMYXN0U3Rh Y2tUb3AoKQorICAgIHsKKyAgICAgICAgcmV0dXJuIG1fc2F2ZWRMYXN0U3RhY2tUb3A7CisgICAg fQorCisgICAgdm9pZCBzZXRTYXZlZExhc3RTdGFja1RvcCh2b2lkKiBsYXN0U3RhY2tUb3ApCisg ICAgeworICAgICAgICBtX3NhdmVkTGFzdFN0YWNrVG9wID0gbGFzdFN0YWNrVG9wOworICAgIH0K KworICAgIHNpemVfdCBzYXZlZFJlc2VydmVkWm9uZVNpemUoKQorICAgIHsKKyAgICAgICAgcmV0 dXJuIG1fc2F2ZWRSZXNlcnZlZFpvbmVTaXplOworICAgIH0KKworICAgIHZvaWQgc2V0U2F2ZWRS ZXNlcnZlZFpvbmVTaXplKHNpemVfdCByZXNlcnZlZFpvbmVTaXplKQorICAgIHsKKyAgICAgICAg bV9zYXZlZFJlc2VydmVkWm9uZVNpemUgPSByZXNlcnZlZFpvbmVTaXplOworICAgIH0KKwogICAg IHZvaWQqIG1fYXBpRGF0YTsKIAogcHJpdmF0ZToKQEAgLTExOCw2ICsxNDgsOSBAQCBwcml2YXRl OgogI2lmIEVOQUJMRShTVEFDS19TVEFUUykKICAgICBTdGFja1N0YXRzOjpQZXJUaHJlYWRTdGF0 cyBtX3N0YWNrU3RhdHM7CiAjZW5kaWYKKyAgICB2b2lkKiBtX3NhdmVkU3RhY2tQb2ludGVyQXRW TUVudHJ5OworICAgIHZvaWQqIG1fc2F2ZWRMYXN0U3RhY2tUb3A7CisgICAgc2l6ZV90IG1fc2F2 ZWRSZXNlcnZlZFpvbmVTaXplOwogCiAgICAgc3RhdGljIFdURl9FWFBPUlREQVRBIFRocmVhZFNw ZWNpZmljPFdURlRocmVhZERhdGE+KiBzdGF0aWNEYXRhOwogICAgIGZyaWVuZCBXVEZUaHJlYWRE YXRhJiB3dGZUaHJlYWREYXRhKCk7Cg==