141317 2015-02-05 18:25:30 -0800 MachineThreads should be ref counted 2015-02-24 16:06:09 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 mark.lam mark.lam benjamin fpizlo ggaren mark.lam mmirman msaboff oliver webkit-bug-importer oldest_to_newest 1067277 0 mark.lam 2015-02-05 18:25:30 -0800 The VM's MachineThreads registry object is being referenced from other threads as a raw pointer. In a scenario where the VM is destructed on the main thread, there is no guarantee that another thread isn't still holding a reference to the registry and will eventually invoke removeThread() on it on thread exit. Hence, there's a possible use after free scenario here. The fix is to make MachineThreads ThreadSafeRefCounted, and have all threads that references keep a RefPtr to it to ensure that it stays alive until the very last thread is done with it. 1067278 1 webkit-bug-importer 2015-02-05 18:27:21 -0800 <rdar://problem/19739959> 1067302 2 246146 mark.lam 2015-02-05 20:44:03 -0800 Created attachment 246146 the patch. 1067401 3 246146 fpizlo 2015-02-06 12:41:23 -0800 Comment on attachment 246146 the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=246146&action=review > Source/JavaScriptCore/API/tests/testapi.mm:507 > + while (!mainThreadIsReadyToJoin) > + sleep(1); This feels super shady. 1067402 4 246146 mark.lam 2015-02-06 12:46:31 -0800 Comment on attachment 246146 the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=246146&action=review > Source/JavaScriptCore/API/tests/testapi.mm:1427 > + sleep(10); Eeek ... this is not supposed to be here. Leftover debugging code. Will remove. 1067404 5 246146 fpizlo 2015-02-06 12:47:54 -0800 Comment on attachment 246146 the patch. r=me but reduce the sleep(1) to something shorter, like a usleep(10000) 1067405 6 mark.lam 2015-02-06 12:59:53 -0800 Thanks for the review. Reduced the sleep time as suggested. Landed in r179753: <http://trac.webkit.org/r179753>. 1068514 7 246146 ggaren 2015-02-11 15:52:47 -0800 Comment on attachment 246146 the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=246146&action=review > Source/JavaScriptCore/heap/Heap.cpp:350 > + // We need to remove the main thread explicitly here because the main thread > + // may not terminate for a while though the Heap (and VM) is being shut down. > + m_machineThreads->removeCurrentThread(); This is super weird. (1) The comment claims to be about the main thread, but this code runs on any thread. (2) A class that never called addCurrentThread calls removeCurrentThread, seemingly over-releasing a resource. > Source/JavaScriptCore/heap/MachineStackMarker.h:67 > + uint64_t m_magicNumber; // Only used for detecting use after free. Why is this better than using MallocScribble or libgmalloc? 1068518 8 246146 oliver 2015-02-11 16:17:49 -0800 Comment on attachment 246146 the patch. View in context: https://bugs.webkit.org/attachment.cgi?id=246146&action=review >> Source/JavaScriptCore/heap/MachineStackMarker.h:67 >> + uint64_t m_magicNumber; // Only used for detecting use after free. > > Why is this better than using MallocScribble or libgmalloc? Presumably lower cost in a debug build? 1071821 9 mark.lam 2015-02-24 15:51:38 -0800 After reading more into how pthread_key_delete() and _pthread_tsd_cleanup() works, we determined that this fix is invalid. Before the fix, there was indeed a race condition with a very small window that could result in a use after free scenario. I will roll out the patch and implement the fix from scratch with a different approach. 1071827 10 mark.lam 2015-02-24 16:06:09 -0800 r179753 was rolled out in r180591: <http://trac.webkit.org/r180591>. 246146 2015-02-05 20:44:03 -0800 2015-02-06 12:47:54 -0800 the patch. bug-141317.patch text/plain 12331 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTc5NzM2KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDQ3IEBA CisyMDE1LTAyLTA1ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBN YWNoaW5lVGhyZWFkcyBzaG91bGQgYmUgcmVmIGNvdW50ZWQuCisgICAgICAgIDxodHRwczovL3dl YmtpdC5vcmcvYi8xNDEzMTc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgVGhlIFZNJ3MgTWFjaGluZVRocmVhZHMgcmVnaXN0cnkgb2JqZWN0IGlzIGJl aW5nIHJlZmVyZW5jZWQgZnJvbSBvdGhlcgorICAgICAgICB0aHJlYWRzIGFzIGEgcmF3IHBvaW50 ZXIuICBJbiBhIHNjZW5hcmlvIHdoZXJlIHRoZSBWTSBpcyBkZXN0cnVjdGVkIG9uCisgICAgICAg IHRoZSBtYWluIHRocmVhZCwgdGhlcmUgaXMgbm8gZ3VhcmFudGVlIHRoYXQgYW5vdGhlciB0aHJl YWQgaXNuJ3Qgc3RpbGwKKyAgICAgICAgaG9sZGluZyBhIHJlZmVyZW5jZSB0byB0aGUgcmVnaXN0 cnkgYW5kIHdpbGwgZXZlbnR1YWxseSBpbnZva2UKKyAgICAgICAgcmVtb3ZlVGhyZWFkKCkgb24g aXQgb24gdGhyZWFkIGV4aXQuICBIZW5jZSwgdGhlcmUncyBhIHBvc3NpYmxlIHVzZQorICAgICAg ICBhZnRlciBmcmVlIHNjZW5hcmlvIGhlcmUuCisKKyAgICAgICAgVGhlIGZpeCBpcyB0byBtYWtl IE1hY2hpbmVUaHJlYWRzIFRocmVhZFNhZmVSZWZDb3VudGVkLCBhbmQgaGF2ZSBhbGwKKyAgICAg ICAgdGhyZWFkcyB0aGF0IHJlZmVyZW5jZXMga2VlcCBhIFJlZlB0ciB0byBpdCB0byBlbnN1cmUg dGhhdCBpdCBzdGF5cworICAgICAgICBhbGl2ZSB1bnRpbCB0aGUgdmVyeSBsYXN0IHRocmVhZCBp cyBkb25lIHdpdGggaXQuCisKKyAgICAgICAgKiBBUEkvdGVzdHMvdGVzdGFwaS5tbToKKyAgICAg ICAgKHVzZVZNRnJvbU90aGVyVGhyZWFkKTogLSBSZW5hbWVkIHRvIGJlIG1vcmUgZGVzY3JpcHRp dmUuCisgICAgICAgICh1c2VWTUZyb21PdGhlclRocmVhZEFuZE91dGxpdmVWTSk6CisgICAgICAg IC0gQWRkZWQgYSB0ZXN0IHRoYXQgaGFzIGFub3RoZXIgdGhyZWFkIHdoaWNoIHVzZXMgdGhlIFZN IG91dGxpdmUgdGhlCisgICAgICAgICAgVk0gdG8gY29uZmlybSB0aGF0IHRoZXJlIGlzIG5vIGNy YXNoLgorCisgICAgICAgICAgSG93ZXZlciwgSSB3YXMgbm90IGFjdHVhbGx5IGFibGUgdG8gZ2V0 IHRoZSBWTSB0byBjcmFzaCB3aXRob3V0IHRoaXMKKyAgICAgICAgICBwYXRjaCBiZWNhdXNlIEkg d2Fzbid0IGFsd2F5cyBhYmxlIHRvIHRoZSB0aHJlYWQgZGVzdHJ1Y3RvciB0byBiZQorICAgICAg ICAgIGNhbGxlZC4gIFdpdGggdGhpcyBwYXRjaCBhcHBsaWVkLCBJIGRpZCB2ZXJpZnkgd2l0aCBz b21lIGxvZ2dpbmcgdGhhdAorICAgICAgICAgIHRoZSBNYWNoaW5lVGhyZWFkcyByZWdpc3RyeSBp cyBvbmx5IGRlc3RydWN0ZWQgYWZ0ZXIgYWxsIHRocmVhZHMKKyAgICAgICAgICBoYXZlIHJlbW92 ZWQgdGhlbXNlbHZlcyBmcm9tIGl0LgorCisgICAgICAgICh0aHJlYWRNYWluKTogRGVsZXRlZC4K KworICAgICAgICAqIGhlYXAvSGVhcC5jcHA6CisgICAgICAgIChKU0M6OkhlYXA6OkhlYXApOgor ICAgICAgICAoSlNDOjpIZWFwOjp+SGVhcCk6CisgICAgICAgIChKU0M6OkhlYXA6OmdhdGhlclN0 YWNrUm9vdHMpOgorICAgICAgICAqIGhlYXAvSGVhcC5oOgorICAgICAgICAoSlNDOjpIZWFwOjpt YWNoaW5lVGhyZWFkcyk6CisgICAgICAgICogaGVhcC9NYWNoaW5lU3RhY2tNYXJrZXIuY3BwOgor ICAgICAgICAoSlNDOjpNYWNoaW5lVGhyZWFkczo6VGhyZWFkOjpUaHJlYWQpOgorICAgICAgICAo SlNDOjpNYWNoaW5lVGhyZWFkczo6YWRkQ3VycmVudFRocmVhZCk6CisgICAgICAgIChKU0M6Ok1h Y2hpbmVUaHJlYWRzOjpyZW1vdmVDdXJyZW50VGhyZWFkKToKKyAgICAgICAgKiBoZWFwL01hY2hp bmVTdGFja01hcmtlci5oOgorCiAyMDE1LTAyLTA1ICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZA YXBwbGUuY29tPgogCiAgICAgICAgIENvZGVDYWNoZSBpcyBub3QgdGhyZWFkIHNhZmUgd2hlbiBh ZGRpbmcgdGhlIHNhbWUgc291cmNlIGZyb20gdHdvIGRpZmZlcmVudCB0aHJlYWRzCkluZGV4OiBT b3VyY2UvSmF2YVNjcmlwdENvcmUvQVBJL3Rlc3RzL3Rlc3RhcGkubW0KPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g U291cmNlL0phdmFTY3JpcHRDb3JlL0FQSS90ZXN0cy90ZXN0YXBpLm1tCShyZXZpc2lvbiAxNzk2 OTkpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQVBJL3Rlc3RzL3Rlc3RhcGkubW0JKHdvcmtp bmcgY29weSkKQEAgLTQ3Miw3ICs0NzIsNyBAQCBzdGF0aWMgYm9vbCBibG9ja1NpZ25hdHVyZUNv bnRhaW5zQ2xhc3MoCiAgICAgcmV0dXJuIGNvbnRhaW5zQ2xhc3M7CiB9CiAKLXN0YXRpYyB2b2lk KiB0aHJlYWRNYWluKHZvaWQqIGNvbnRleHRQdHIpCitzdGF0aWMgdm9pZCogdXNlVk1Gcm9tT3Ro ZXJUaHJlYWQodm9pZCogY29udGV4dFB0cikKIHsKICAgICBKU0NvbnRleHQgKmNvbnRleHQgPSAo X19icmlkZ2UgSlNDb250ZXh0Kiljb250ZXh0UHRyOwogCkBAIC00ODIsNiArNDgyLDMyIEBAIHN0 YXRpYyB2b2lkKiB0aHJlYWRNYWluKHZvaWQqIGNvbnRleHRQdHIKICAgICBwdGhyZWFkX2V4aXQo bnVsbHB0cik7CiB9CiAKK3N0cnVjdCBUaHJlYWRBcmdzIHsKKyAgICBKU0NvbnRleHQqIGNvbnRl eHQ7CisgICAgdm9sYXRpbGUgYm9vbCogbWFpblRocmVhZElzUmVhZHlUb0pvaW47CisgICAgdm9s YXRpbGUgYm9vbCogb3RoZXJUaHJlYWRJc0RvbmVXaXRoSlNXb3JrOworfTsKKworc3RhdGljIHZv aWQqIHVzZVZNRnJvbU90aGVyVGhyZWFkQW5kT3V0bGl2ZVZNKHZvaWQqIGRhdGEpCit7CisgICAg VGhyZWFkQXJncyogYXJncyA9IHJlaW50ZXJwcmV0X2Nhc3Q8VGhyZWFkQXJncyo+KGRhdGEpOwor ICAgIHZvbGF0aWxlIGJvb2wmIG1haW5UaHJlYWRJc1JlYWR5VG9Kb2luID0gKmFyZ3MtPm1haW5U aHJlYWRJc1JlYWR5VG9Kb2luOworICAgIHZvbGF0aWxlIGJvb2wmIG90aGVyVGhyZWFkSXNEb25l V2l0aEpTV29yayA9ICphcmdzLT5vdGhlclRocmVhZElzRG9uZVdpdGhKU1dvcms7CisKKyAgICBA YXV0b3JlbGVhc2Vwb29sIHsKKyAgICAgICAgSlNDb250ZXh0ICpjb250ZXh0ID0gYXJncy0+Y29u dGV4dDsKKworICAgICAgICAvLyBEbyBzb21ldGhpbmcgdG8gZW50ZXIgdGhlIFZNLgorICAgICAg ICBUZXN0T2JqZWN0ICp0ZXN0T2JqZWN0ID0gW1Rlc3RPYmplY3QgdGVzdE9iamVjdF07CisgICAg ICAgIGNvbnRleHRbQCJ0ZXN0T2JqZWN0Il0gPSB0ZXN0T2JqZWN0OworICAgIH0KKyAgICBvdGhl clRocmVhZElzRG9uZVdpdGhKU1dvcmsgPSB0cnVlOworCisgICAgd2hpbGUgKCFtYWluVGhyZWFk SXNSZWFkeVRvSm9pbikKKyAgICAgICAgc2xlZXAoMSk7CisgICAgcHRocmVhZF9leGl0KG51bGxw dHIpOworfQorCiB2b2lkIHRlc3RPYmplY3RpdmVDQVBJKCkKIHsKICAgICBOU0xvZyhAIlRlc3Rp bmcgT2JqZWN0aXZlLUMgQVBJIik7CkBAIC0xMzc1LDEzICsxNDAxLDM0IEBAIHZvaWQgdGVzdE9i amVjdGl2ZUNBUEkoKQogICAgICAgICBKU0NvbnRleHQgKmNvbnRleHQgPSBbW0pTQ29udGV4dCBh bGxvY10gaW5pdF07CiAgICAgICAgIAogICAgICAgICBwdGhyZWFkX3QgdGhyZWFkSUQ7Ci0gICAg ICAgIHB0aHJlYWRfY3JlYXRlKCZ0aHJlYWRJRCwgTlVMTCwgJnRocmVhZE1haW4sIChfX2JyaWRn ZSB2b2lkKiljb250ZXh0KTsKKyAgICAgICAgcHRocmVhZF9jcmVhdGUoJnRocmVhZElELCBOVUxM LCAmdXNlVk1Gcm9tT3RoZXJUaHJlYWQsIChfX2JyaWRnZSB2b2lkKiljb250ZXh0KTsKICAgICAg ICAgcHRocmVhZF9qb2luKHRocmVhZElELCBudWxscHRyKTsKICAgICAgICAgSlNTeW5jaHJvbm91 c0dhcmJhZ2VDb2xsZWN0Rm9yRGVidWdnaW5nKFtjb250ZXh0IEpTR2xvYmFsQ29udGV4dFJlZl0p OwogCiAgICAgICAgIGNoZWNrUmVzdWx0KEAiRGlkIG5vdCBjcmFzaCBhZnRlciBlbnRlcmluZyB0 aGUgVk0gZnJvbSBhbm90aGVyIHRocmVhZCIsIHRydWUpOwogICAgIH0KLSAgICAKKworICAgIEBh dXRvcmVsZWFzZXBvb2wgeworICAgICAgICBwdGhyZWFkX3QgdGhyZWFkSUQ7CisgICAgICAgIHZv bGF0aWxlIGJvb2wgbWFpblRocmVhZElzUmVhZHlUb0pvaW4gPSBmYWxzZTsKKyAgICAgICAgdm9s YXRpbGUgYm9vbCBvdGhlclRocmVhZElzRG9uZVdpdGhKU1dvcmsgPSBmYWxzZTsKKyAgICAgICAg QGF1dG9yZWxlYXNlcG9vbCB7CisgICAgICAgICAgICBKU0NvbnRleHQgKmNvbnRleHQgPSBbW0pT Q29udGV4dCBhbGxvY10gaW5pdF07CisgICAgICAgICAgICBUaHJlYWRBcmdzIGFyZ3MgPSB7IGNv bnRleHQsICZtYWluVGhyZWFkSXNSZWFkeVRvSm9pbiwgJm90aGVyVGhyZWFkSXNEb25lV2l0aEpT V29yayB9OworCisgICAgICAgICAgICBwdGhyZWFkX2NyZWF0ZSgmdGhyZWFkSUQsIE5VTEwsICZ1 c2VWTUZyb21PdGhlclRocmVhZEFuZE91dGxpdmVWTSwgJmFyZ3MpOworICAgICAgICAgICAgSlNT eW5jaHJvbm91c0dhcmJhZ2VDb2xsZWN0Rm9yRGVidWdnaW5nKFtjb250ZXh0IEpTR2xvYmFsQ29u dGV4dFJlZl0pOworCisgICAgICAgICAgICB3aGlsZSAoIW90aGVyVGhyZWFkSXNEb25lV2l0aEpT V29yaykKKyAgICAgICAgICAgICAgICBzbGVlcCgxKTsKKyAgICAgICAgfQorCisgICAgICAgIG1h aW5UaHJlYWRJc1JlYWR5VG9Kb2luID0gdHJ1ZTsKKyAgICAgICAgc2xlZXAoMTApOworICAgICAg ICBwdGhyZWFkX2pvaW4odGhyZWFkSUQsIG51bGxwdHIpOworICAgICAgICBjaGVja1Jlc3VsdChA IkRpZCBub3QgY3Jhc2ggaWYgdGhlIFZNIGlzIGRlc3RydWN0ZWQgYmVmb3JlIGFub3RoZXIgdGhy ZWFkIHVzaW5nIHRoZSBWTSBlbmRzIiwgdHJ1ZSk7CisgICAgfQorCiAgICAgY3VycmVudFRoaXNJ bnNpZGVCbG9ja0dldHRlclRlc3QoKTsKICAgICBydW5EYXRlVGVzdHMoKTsKICAgICBydW5KU0V4 cG9ydFRlc3RzKCk7CkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9IZWFwLmNwcAo9 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9IZWFwLmNwcAkocmV2aXNp b24gMTc5Njk5KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAvSGVhcC5jcHAJKHdvcmtp bmcgY29weSkKQEAgLTMxMiw3ICszMTIsNiBAQCBIZWFwOjpIZWFwKFZNKiB2bSwgSGVhcFR5cGUg aGVhcFR5cGUpCiAgICAgLCBtX29iamVjdFNwYWNlKHRoaXMpCiAgICAgLCBtX3N0b3JhZ2VTcGFj ZSh0aGlzKQogICAgICwgbV9leHRyYU1lbW9yeVVzYWdlKDApCi0gICAgLCBtX21hY2hpbmVUaHJl YWRzKHRoaXMpCiAgICAgLCBtX3NoYXJlZERhdGEodm0pCiAgICAgLCBtX3Nsb3RWaXNpdG9yKG1f c2hhcmVkRGF0YSkKICAgICAsIG1fY29weVZpc2l0b3IobV9zaGFyZWREYXRhKQpAQCAtMzM4LDYg KzMzNyw3IEBAIEhlYXA6OkhlYXAoVk0qIHZtLCBIZWFwVHlwZSBoZWFwVHlwZSkKICNlbmRpZgog ICAgICwgbV9kZWZlcnJhbERlcHRoKDApCiB7CisgICAgbV9tYWNoaW5lVGhyZWFkcyA9IGFkb3B0 UmVmKG5ldyBNYWNoaW5lVGhyZWFkcyh0aGlzKSk7CiAgICAgbV9zdG9yYWdlU3BhY2UuaW5pdCgp OwogICAgIGlmIChPcHRpb25zOjp2ZXJpZnlIZWFwKCkpCiAgICAgICAgIG1fdmVyaWZpZXIgPSBz dGQ6Om1ha2VfdW5pcXVlPEhlYXBWZXJpZmllcj4odGhpcywgT3B0aW9uczo6bnVtYmVyT2ZHQ0N5 Y2xlc1RvUmVjb3JkRm9yVmVyaWZpY2F0aW9uKCkpOwpAQCAtMzQ1LDYgKzM0NSw5IEBAIEhlYXA6 OkhlYXAoVk0qIHZtLCBIZWFwVHlwZSBoZWFwVHlwZSkKIAogSGVhcDo6fkhlYXAoKQogeworICAg IC8vIFdlIG5lZWQgdG8gcmVtb3ZlIHRoZSBtYWluIHRocmVhZCBleHBsaWNpdGx5IGhlcmUgYmVj YXVzZSB0aGUgbWFpbiB0aHJlYWQKKyAgICAvLyBtYXkgbm90IHRlcm1pbmF0ZSBmb3IgYSB3aGls ZSB0aG91Z2ggdGhlIEhlYXAgKGFuZCBWTSkgaXMgYmVpbmcgc2h1dCBkb3duLgorICAgIG1fbWFj aGluZVRocmVhZHMtPnJlbW92ZUN1cnJlbnRUaHJlYWQoKTsKIH0KIAogYm9vbCBIZWFwOjppc1Bh Z2VkT3V0KGRvdWJsZSBkZWFkbGluZSkKQEAgLTU3MSw3ICs1NzQsNyBAQCB2b2lkIEhlYXA6Omdh dGhlclN0YWNrUm9vdHMoQ29uc2VydmF0aXZlCiB7CiAgICAgR0NQSEFTRShHYXRoZXJTdGFja1Jv b3RzKTsKICAgICBtX2ppdFN0dWJSb3V0aW5lcy5jbGVhck1hcmtzKCk7Ci0gICAgbV9tYWNoaW5l VGhyZWFkcy5nYXRoZXJDb25zZXJ2YXRpdmVSb290cyhyb290cywgbV9qaXRTdHViUm91dGluZXMs IG1fY29kZUJsb2NrcywgZHVtbXksIHJlZ2lzdGVycyk7CisgICAgbV9tYWNoaW5lVGhyZWFkcy0+ Z2F0aGVyQ29uc2VydmF0aXZlUm9vdHMocm9vdHMsIG1faml0U3R1YlJvdXRpbmVzLCBtX2NvZGVC bG9ja3MsIGR1bW15LCByZWdpc3RlcnMpOwogfQogCiB2b2lkIEhlYXA6OmdhdGhlckpTU3RhY2tS b290cyhDb25zZXJ2YXRpdmVSb290cyYgcm9vdHMpCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENv cmUvaGVhcC9IZWFwLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAv SGVhcC5oCShyZXZpc2lvbiAxNzk2OTkpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9I ZWFwLmgJKHdvcmtpbmcgY29weSkKQEAgLTExOCw3ICsxMTgsNyBAQCBwdWJsaWM6CiAKICAgICBW TSogdm0oKSBjb25zdCB7IHJldHVybiBtX3ZtOyB9CiAgICAgTWFya2VkU3BhY2UmIG9iamVjdFNw YWNlKCkgeyByZXR1cm4gbV9vYmplY3RTcGFjZTsgfQotICAgIE1hY2hpbmVUaHJlYWRzJiBtYWNo aW5lVGhyZWFkcygpIHsgcmV0dXJuIG1fbWFjaGluZVRocmVhZHM7IH0KKyAgICBNYWNoaW5lVGhy ZWFkcyYgbWFjaGluZVRocmVhZHMoKSB7IHJldHVybiAqbV9tYWNoaW5lVGhyZWFkczsgfQogCiAg ICAgY29uc3QgU2xvdFZpc2l0b3ImIHNsb3RWaXNpdG9yKCkgY29uc3QgeyByZXR1cm4gbV9zbG90 VmlzaXRvcjsgfQogCkBAIC0zNTUsNyArMzU1LDcgQEAgcHJpdmF0ZToKICAgICBWZWN0b3I8VmVj dG9yPFZhbHVlU3RyaW5nUGFpciwgMCwgVW5zYWZlVmVjdG9yT3ZlcmZsb3c+Kj4gbV90ZW1wU29y dGluZ1ZlY3RvcnM7CiAgICAgc3RkOjp1bmlxdWVfcHRyPEhhc2hTZXQ8TWFya2VkQXJndW1lbnRC dWZmZXIqPj4gbV9tYXJrTGlzdFNldDsKIAotICAgIE1hY2hpbmVUaHJlYWRzIG1fbWFjaGluZVRo cmVhZHM7CisgICAgUmVmUHRyPE1hY2hpbmVUaHJlYWRzPiBtX21hY2hpbmVUaHJlYWRzOwogICAg IAogICAgIEdDVGhyZWFkU2hhcmVkRGF0YSBtX3NoYXJlZERhdGE7CiAgICAgU2xvdFZpc2l0b3Ig bV9zbG90VmlzaXRvcjsKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL01hY2hpbmVT dGFja01hcmtlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAv TWFjaGluZVN0YWNrTWFya2VyLmNwcAkocmV2aXNpb24gMTc5Njk5KQorKysgU291cmNlL0phdmFT Y3JpcHRDb3JlL2hlYXAvTWFjaGluZVN0YWNrTWFya2VyLmNwcAkod29ya2luZyBjb3B5KQpAQCAt OTEsOSArOTEsMTAgQEAgc3RhdGljIHZvaWQgcHRocmVhZFNpZ25hbEhhbmRsZXJTdXNwZW5kUgog Y2xhc3MgTWFjaGluZVRocmVhZHM6OlRocmVhZCB7CiAgICAgV1RGX01BS0VfRkFTVF9BTExPQ0FU RUQ7CiBwdWJsaWM6Ci0gICAgVGhyZWFkKGNvbnN0IFBsYXRmb3JtVGhyZWFkJiBwbGF0VGhyZWFk LCB2b2lkKiBiYXNlKQorICAgIFRocmVhZChQYXNzUmVmUHRyPE1hY2hpbmVUaHJlYWRzPiBtYWNo aW5lVGhyZWFkcywgY29uc3QgUGxhdGZvcm1UaHJlYWQmIHBsYXRUaHJlYWQsIHZvaWQqIGJhc2Up CiAgICAgICAgIDogcGxhdGZvcm1UaHJlYWQocGxhdFRocmVhZCkKICAgICAgICAgLCBzdGFja0Jh c2UoYmFzZSkKKyAgICAgICAgLCBtX21hY2hpbmVUaHJlYWRzKG1hY2hpbmVUaHJlYWRzKQogICAg IHsKICNpZiBVU0UoUFRIUkVBRFMpICYmICFPUyhXSU5ET1dTKSAmJiAhT1MoREFSV0lOKSAmJiBk ZWZpbmVkKFNBX1JFU1RBUlQpCiAgICAgICAgIC8vIGlmIHdlIGhhdmUgU0FfUkVTVEFSVCwgZW5h YmxlIFNJR1VTUjIgZGVidWdnaW5nIG1lY2hhbmlzbQpAQCAtMTEzLDYgKzExNCw3IEBAIHB1Ymxp YzoKICAgICBUaHJlYWQqIG5leHQ7CiAgICAgUGxhdGZvcm1UaHJlYWQgcGxhdGZvcm1UaHJlYWQ7 CiAgICAgdm9pZCogc3RhY2tCYXNlOworICAgIFJlZlB0cjxNYWNoaW5lVGhyZWFkcz4gbV9tYWNo aW5lVGhyZWFkczsKIH07CiAKIE1hY2hpbmVUaHJlYWRzOjpNYWNoaW5lVGhyZWFkcyhIZWFwKiBo ZWFwKQpAQCAtMTIwLDYgKzEyMiw3IEBAIE1hY2hpbmVUaHJlYWRzOjpNYWNoaW5lVGhyZWFkcyhI ZWFwKiBoZWEKICAgICAsIG1fdGhyZWFkU3BlY2lmaWMoMCkKICNpZiAhQVNTRVJUX0RJU0FCTEVE CiAgICAgLCBtX2hlYXAoaGVhcCkKKyAgICAsIG1fbWFnaWNOdW1iZXIoMHgxMjM0NTY3ODkwYWJj ZGVmKQogI2VuZGlmCiB7CiAgICAgVU5VU0VEX1BBUkFNKGhlYXApOwpAQCAtMTM2LDYgKzEzOSw5 IEBAIE1hY2hpbmVUaHJlYWRzOjp+TWFjaGluZVRocmVhZHMoKQogICAgICAgICBkZWxldGUgdDsK ICAgICAgICAgdCA9IG5leHQ7CiAgICAgfQorI2lmICFBU1NFUlRfRElTQUJMRUQKKyAgICBtX21h Z2ljTnVtYmVyID0gMHhiYWRkYmVlZmRlYWRiZWVmOworI2VuZGlmCiB9CiAKIHN0YXRpYyBpbmxp bmUgUGxhdGZvcm1UaHJlYWQgZ2V0Q3VycmVudFBsYXRmb3JtVGhyZWFkKCkKQEAgLTE3MCw3ICsx NzYsNyBAQCB2b2lkIE1hY2hpbmVUaHJlYWRzOjphZGRDdXJyZW50VGhyZWFkKCkKICAgICB9CiAK ICAgICB0aHJlYWRTcGVjaWZpY1NldChtX3RocmVhZFNwZWNpZmljLCB0aGlzKTsKLSAgICBUaHJl YWQqIHRocmVhZCA9IG5ldyBUaHJlYWQoZ2V0Q3VycmVudFBsYXRmb3JtVGhyZWFkKCksIHd0ZlRo cmVhZERhdGEoKS5zdGFjaygpLm9yaWdpbigpKTsKKyAgICBUaHJlYWQqIHRocmVhZCA9IG5ldyBU aHJlYWQodGhpcywgZ2V0Q3VycmVudFBsYXRmb3JtVGhyZWFkKCksIHd0ZlRocmVhZERhdGEoKS5z dGFjaygpLm9yaWdpbigpKTsKIAogICAgIE11dGV4TG9ja2VyIGxvY2sobV9yZWdpc3RlcmVkVGhy ZWFkc011dGV4KTsKIApAQCAtMTgwLDYgKzE4Niw3IEBAIHZvaWQgTWFjaGluZVRocmVhZHM6OmFk ZEN1cnJlbnRUaHJlYWQoKQogCiB2b2lkIE1hY2hpbmVUaHJlYWRzOjpyZW1vdmVUaHJlYWQodm9p ZCogcCkKIHsKKyAgICBBU1NFUlQoc3RhdGljX2Nhc3Q8TWFjaGluZVRocmVhZHMqPihwKS0+bV9t YWdpY051bWJlciA9PSAweDEyMzQ1Njc4OTBhYmNkZWYpOwogICAgIHN0YXRpY19jYXN0PE1hY2hp bmVUaHJlYWRzKj4ocCktPnJlbW92ZUN1cnJlbnRUaHJlYWQoKTsKIH0KIApAQCAtMTg3LDYgKzE5 NCwyMSBAQCB2b2lkIE1hY2hpbmVUaHJlYWRzOjpyZW1vdmVDdXJyZW50VGhyZWFkCiB7CiAgICAg UGxhdGZvcm1UaHJlYWQgY3VycmVudFBsYXRmb3JtVGhyZWFkID0gZ2V0Q3VycmVudFBsYXRmb3Jt VGhyZWFkKCk7CiAKKyAgICAvLyBUaGlzIHRocmVhZCBjb3VsZCBiZSB0aGUgbGFzdCBlbnRpdHkg dGhhdCBob2xkcyBhIFJlZlB0ciB0byB0aGUKKyAgICAvLyBNYWNoaW5lVGhyZWFkcyByZWdpc3Ry eS4gV2UgZG9uJ3Qgd2FudCB0aGUgcmVnaXN0cnkgdG8gYmUgZGVsZXRlZCB3aGlsZQorICAgIC8v IHdlJ3JlIGRlbGV0aW5nIHRoZSB0aGUgVGhyZWFkIGVudHJ5LCBiZWNhdXNlOgorICAgIC8vCisg ICAgLy8gMS4gfk1hY2hpbmVUaHJlYWQoKSB3aWxsIGF0dGVtcHQgdG8gbG9jayBpdHMgbV9yZWdp c3RlcmVkVGhyZWFkc011dGV4CisgICAgLy8gICAgYW5kIHdlIGFscmVhZHkgaG9sZCBpdCBoZXJl LiBtX3JlZ2lzdGVyZWRUaHJlYWRzTXV0ZXggaXMgbm90CisgICAgLy8gICAgcmUtZW50cmFudC4K KyAgICAvLyAyLiBUaGUgTXV0ZXhMb2NrZXIgd2lsbCB1bmxvY2sgbV9yZWdpc3RlcmVkVGhyZWFk c011dGV4IGF0IHRoZSBlbmQgb2YKKyAgICAvLyAgICB0aGlzIGZ1bmN0aW9uLiBXZSBjYW4ndCBs ZXQgaXQgYmUgZGVzdHJ1Y3RlZCB1bnRpbCBiZWZvcmUgdGhlbi4KKyAgICAvLworICAgIC8vIFVz aW5nIHRoaXMgUmVmUHRyIGhlcmUgd2lsbCBkZWZlciBkZXN0cnVjdGluZyB0aGUgcmVnaXN0cnkg dGlsbCBhZnRlcgorICAgIC8vIE11dGV4TG9ja2VyIHJlbGVhc2VzIGl0cyBtX3JlZ2lzdGVyZWRU aHJlYWRzTXV0ZXguCisgICAgUmVmUHRyPE1hY2hpbmVUaHJlYWRzPiByZXRhaW5NYWNoaW5lVGhy ZWFkc1JlZ2lzdHJ5VW50aWxEb25lUmVtb3ZpbmdUaHJlYWQgPSB0aGlzOworCisgICAgQVNTRVJU KG1fbWFnaWNOdW1iZXIgPT0gMHgxMjM0NTY3ODkwYWJjZGVmKTsKICAgICBNdXRleExvY2tlciBs b2NrKG1fcmVnaXN0ZXJlZFRocmVhZHNNdXRleCk7CiAgICAgaWYgKGVxdWFsVGhyZWFkKGN1cnJl bnRQbGF0Zm9ybVRocmVhZCwgbV9yZWdpc3RlcmVkVGhyZWFkcy0+cGxhdGZvcm1UaHJlYWQpKSB7 CiAgICAgICAgIFRocmVhZCogdCA9IG1fcmVnaXN0ZXJlZFRocmVhZHM7CkluZGV4OiBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvaGVhcC9NYWNoaW5lU3RhY2tNYXJrZXIuaAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBT b3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9NYWNoaW5lU3RhY2tNYXJrZXIuaAkocmV2aXNpb24g MTc5Njk5KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2hlYXAvTWFjaGluZVN0YWNrTWFya2Vy LmgJKHdvcmtpbmcgY29weSkKQEAgLTI0LDYgKzI0LDcgQEAKIAogI2luY2x1ZGUgPHNldGptcC5o PgogI2luY2x1ZGUgPHd0Zi9Ob25jb3B5YWJsZS5oPgorI2luY2x1ZGUgPHd0Zi9UaHJlYWRTYWZl UmVmQ291bnRlZC5oPgogI2luY2x1ZGUgPHd0Zi9UaHJlYWRTcGVjaWZpYy5oPgogI2luY2x1ZGUg PHd0Zi9UaHJlYWRpbmdQcmltaXRpdmVzLmg+CiAKQEAgLTM0LDcgKzM1LDcgQEAgbmFtZXNwYWNl IEpTQyB7CiAgICAgY2xhc3MgSGVhcDsKICAgICBjbGFzcyBKSVRTdHViUm91dGluZVNldDsKIAot ICAgIGNsYXNzIE1hY2hpbmVUaHJlYWRzIHsKKyAgICBjbGFzcyBNYWNoaW5lVGhyZWFkcyA6IHB1 YmxpYyBUaHJlYWRTYWZlUmVmQ291bnRlZDxNYWNoaW5lVGhyZWFkcz4gewogICAgICAgICBXVEZf TUFLRV9OT05DT1BZQUJMRShNYWNoaW5lVGhyZWFkcyk7CiAgICAgcHVibGljOgogICAgICAgICB0 eXBlZGVmIGptcF9idWYgUmVnaXN0ZXJTdGF0ZTsKQEAgLTQ2LDYgKzQ3LDggQEAgbmFtZXNwYWNl IEpTQyB7CiAKICAgICAgICAgSlNfRVhQT1JUX1BSSVZBVEUgdm9pZCBhZGRDdXJyZW50VGhyZWFk KCk7IC8vIE9ubHkgbmVlZHMgdG8gYmUgY2FsbGVkIGJ5IGNsaWVudHMgdGhhdCBjYW4gdXNlIHRo ZSBzYW1lIGhlYXAgZnJvbSBtdWx0aXBsZSB0aHJlYWRzLgogCisgICAgICAgIHZvaWQgcmVtb3Zl Q3VycmVudFRocmVhZCgpOworCiAgICAgcHJpdmF0ZToKICAgICAgICAgY2xhc3MgVGhyZWFkOwog CkBAIC01NSwxMyArNTgsMTMgQEAgbmFtZXNwYWNlIEpTQyB7CiAgICAgICAgIGJvb2wgdHJ5Q29w eU90aGVyVGhyZWFkU3RhY2tzKE11dGV4TG9ja2VyJiwgdm9pZCosIHNpemVfdCBjYXBhY2l0eSwg c2l6ZV90Kik7CiAKICAgICAgICAgc3RhdGljIHZvaWQgcmVtb3ZlVGhyZWFkKHZvaWQqKTsKLSAg ICAgICAgdm9pZCByZW1vdmVDdXJyZW50VGhyZWFkKCk7CiAKICAgICAgICAgTXV0ZXggbV9yZWdp c3RlcmVkVGhyZWFkc011dGV4OwogICAgICAgICBUaHJlYWQqIG1fcmVnaXN0ZXJlZFRocmVhZHM7 CiAgICAgICAgIFdURjo6VGhyZWFkU3BlY2lmaWNLZXkgbV90aHJlYWRTcGVjaWZpYzsKICNpZiAh QVNTRVJUX0RJU0FCTEVECiAgICAgICAgIEhlYXAqIG1faGVhcDsKKyAgICAgICAgdWludDY0X3Qg bV9tYWdpY051bWJlcjsgLy8gT25seSB1c2VkIGZvciBkZXRlY3RpbmcgdXNlIGFmdGVyIGZyZWUu CiAjZW5kaWYKICAgICB9OwogCg==