148500 2015-08-26 17:02:58 -0700 MarkedBlock::allocateBlock will have the wrong allocation size when (sizeof(MarkedBlock) + bytes) is divisible by WTF::pageSize() 2015-08-26 22:58:24 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 saam saam basile_clement benjamin fpizlo ggaren mark.lam mmirman msaboff oliver ysuzuki oldest_to_newest 1121102 0 saam 2015-08-26 17:02:58 -0700 Consider the following scenario: - On OS X, WTF::pageSize() is 4*1024 bytes. - JSEnvironmentRecord::allocationSizeForScopeSize(6621) == 53000 - sizeof(MarkedBlock) == 248 - (248 + 53000) is a multiple of 4*1024. - (248 + 53000)/(4*1024) == 13 We will allocate a chunk of memory of size 53248 bytes that looks like this: 0 248 256 53248 53256 [Marked Block | 8 bytes | payload ...... ] 8 bytes | ^ ^ Our Environment record starts here. ^ ^ Our last JSValue in the environment record will go from byte 53248 to 53256. But, we don't own this memory. 1121158 1 260019 saam 2015-08-26 19:12:31 -0700 Created attachment 260019 patch 1121165 2 260019 fpizlo 2015-08-26 19:39:35 -0700 Comment on attachment 260019 patch View in context: https://bugs.webkit.org/attachment.cgi?id=260019&action=review I think there is an even lower-risk fix. > Source/JavaScriptCore/ChangeLog:24 > + All that we care about is that we allocate space for MarkedBlock > + on an atomSize boundary that is larger than sizeof(MarkedBlock). I think that we care about first rounding up sizeof(MarkedBlock). The old code was assuming that sizeof(MarkedBlock)+bytes is the amount of memory that is needed for the marked block, when in reality, it's roundUp<atomSize>(sizeof(MarkedBlock))+bytes. Hence, we would sometimes forget to allocate the 8 bytes for the gap between the MarkedBlock header and the payload. On the other hand, this sentence makes it seem like the bug was that we were rounding up to something other than atomSize. > Source/JavaScriptCore/heap/MarkedAllocator.cpp:178 > - size_t minAllocationSize = WTF::roundUpToMultipleOf(WTF::pageSize(), sizeof(MarkedBlock) + bytes); > + size_t minAllocationSize = WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(sizeof(MarkedBlock)) + WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(bytes); I think that this contains an unnecessary behavior change: marked block allocation size will no longer be a multiple of system page size. You could fix the bug more directly by saying: size_t minAllocationSize = WTF::roundUpToMultipleOf(WTF::pageSize(), WTF::roundUpToMultipleOf<MarkedBlock::atomSize>(sizeof(MarkedBlock)) + bytes); This way, you'd be preserving the page size alignment behavior. 1121167 3 260019 mark.lam 2015-08-26 19:49:43 -0700 Comment on attachment 260019 patch View in context: https://bugs.webkit.org/attachment.cgi?id=260019&action=review >> Source/JavaScriptCore/ChangeLog:24 >> + on an atomSize boundary that is larger than sizeof(MarkedBlock). > > I think that we care about first rounding up sizeof(MarkedBlock). The old code was assuming that sizeof(MarkedBlock)+bytes is the amount of memory that is needed for the marked block, when in reality, it's roundUp<atomSize>(sizeof(MarkedBlock))+bytes. Hence, we would sometimes forget to allocate the 8 bytes for the gap between the MarkedBlock header and the payload. > > On the other hand, this sentence makes it seem like the bug was that we were rounding up to something other than atomSize. Oh, I get it now. When I was reading this earlier, I didn’t find the ChangeLog adequate to shed light on what the issue is (although it was there in the illustration). I suggest you state clearly that the bug is that we need to start our JSValues (and hence the JSEnvironment) on an atomSize boundary, but the computation of minAllocationSize did not account for the needed padding between the MarkedBlock header and where the JSEnvironment needs to start. And FWIW, I agree with Fil’s proposed alternate fix. 1121205 4 260033 saam 2015-08-26 22:29:54 -0700 Created attachment 260033 patch 1121206 5 260033 mark.lam 2015-08-26 22:34:23 -0700 Comment on attachment 260033 patch View in context: https://bugs.webkit.org/attachment.cgi?id=260033&action=review r=me > Source/JavaScriptCore/ChangeLog:3 > + MarkedBlock::allocateBlock may have the wrong allocation size when (sizeof(MarkedBlock) + bytes) is divisible by WTF::pageSize() Did you mean "will" instead of "may" here? 1121208 6 saam 2015-08-26 22:37:03 -0700 (In reply to comment #5) > Comment on attachment 260033 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=260033&action=review > > r=me > > > Source/JavaScriptCore/ChangeLog:3 > > + MarkedBlock::allocateBlock may have the wrong allocation size when (sizeof(MarkedBlock) + bytes) is divisible by WTF::pageSize() > > Did you mean "will" instead of "may" here? Yes. 1121214 7 saam 2015-08-26 22:58:17 -0700 landed in: http://trac.webkit.org/changeset/189012 260019 2015-08-26 19:12:31 -0700 2015-08-26 22:29:54 -0700 patch a-backup.diff text/plain 4621 saam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTg5MDA0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDMxIEBA CisyMDE1LTA4LTI2ICBTYWFtIGJhcmF0aSAgPHNiYXJhdGlAYXBwbGUuY29tPgorCisgICAgICAg IE1hcmtlZEJsb2NrOjphbGxvY2F0ZUJsb2NrIG1heSBoYXZlIHRoZSB3cm9uZyBhbGxvY2F0aW9u IHNpemUgd2hlbiAoc2l6ZW9mKE1hcmtlZEJsb2NrKSArIGJ5dGVzKSBpcyBkaXZpc2libGUgYnkg V1RGOjpwYWdlU2l6ZSgpCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0xNDg1MDAKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKwor ICAgICAgICBDb25zaWRlciB0aGUgZm9sbG93aW5nIHNjZW5hcmlvOgorICAgICAgICAtIE9uIE9T IFgsIFdURjo6cGFnZVNpemUoKSBpcyA0KjEwMjQgYnl0ZXMuCisgICAgICAgIC0gSlNFbnZpcm9u bWVudFJlY29yZDo6YWxsb2NhdGlvblNpemVGb3JTY29wZVNpemUoNjYyMSkgPT0gNTMwMDAKKyAg ICAgICAgLSBzaXplb2YoTWFya2VkQmxvY2spID09IDI0OAorICAgICAgICAtICgyNDggKyA1MzAw MCkgaXMgYSBtdWx0aXBsZSBvZiA0KjEwMjQuCisgICAgICAgIC0gKDI0OCArIDUzMDAwKS8oNCox MDI0KSA9PSAxMworCisgICAgICAgIFdlIHdpbGwgYWxsb2NhdGUgYSBjaHVuayBvZiBtZW1vcnkg b2Ygc2l6ZSA1MzI0OCBieXRlcyB0aGF0IGxvb2tzIGxpa2UgdGhpczoKKyAgICAgICAgMCAgICAg ICAgICAgIDI0OCAgICAgICAyNTYgICAgICAgICAgICAgICAgICAgICAgIDUzMjQ4ICAgICAgIDUz MjU2CisgICAgICAgIFtNYXJrZWQgQmxvY2sgfCA4IGJ5dGVzIHwgIHBheWxvYWQgICAgIC4uLi4u LiAgICAgIF0gIDggYnl0ZXMgIHwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXgorICAgICAgICAgICAgICAgICAg ICAgICAgICAgT3VyIEVudmlyb25tZW50IHJlY29yZCBzdGFydHMgaGVyZS4gICAgICAgICBeCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIF4KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgT3VyIGxhc3QgSlNWYWx1ZSBpbiB0aGUgZW52aXJvbm1l bnQgcmVjb3JkIHdpbGwgZ28gZnJvbSBieXRlIDUzMjQ4IHRvIDUzMjU2LiBCdXQsIHdlIGRvbid0 IG93biB0aGlzIG1lbW9yeS4KKworICAgICAgICBBbGwgdGhhdCB3ZSBjYXJlIGFib3V0IGlzIHRo YXQgd2UgYWxsb2NhdGUgc3BhY2UgZm9yIE1hcmtlZEJsb2NrCisgICAgICAgIG9uIGFuIGF0b21T aXplIGJvdW5kYXJ5IHRoYXQgaXMgbGFyZ2VyIHRoYW4gc2l6ZW9mKE1hcmtlZEJsb2NrKS4KKwor ICAgICAgICAqIGhlYXAvTWFya2VkQWxsb2NhdG9yLmNwcDoKKyAgICAgICAgKEpTQzo6TWFya2Vk QWxsb2NhdG9yOjphbGxvY2F0ZUJsb2NrKToKKwogMjAxNS0wOC0yNiAgSm9zZXBoIFBlY29yYXJv ICA8cGVjb3Jhcm9AYXBwbGUuY29tPgogCiAgICAgICAgIFdlYiBJbnNwZWN0b3I6IEltcGxlbWVu dCB0cmFja2luZyBvZiBhY3RpdmUgc3R5bGVzaGVldHMgaW4gdGhlIGZyb250ZW5kCkluZGV4OiBT b3VyY2UvSmF2YVNjcmlwdENvcmUvaGVhcC9NYXJrZWRBbGxvY2F0b3IuY3BwCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL01hcmtlZEFsbG9jYXRvci5jcHAJKHJldmlz aW9uIDE4OTAwNCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL01hcmtlZEFsbG9jYXRv ci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTE3NSw3ICsxNzUsNyBAQCB2b2lkKiBNYXJrZWRBbGxv Y2F0b3I6OmFsbG9jYXRlU2xvd0Nhc2UoCiBNYXJrZWRCbG9jayogTWFya2VkQWxsb2NhdG9yOjph bGxvY2F0ZUJsb2NrKHNpemVfdCBieXRlcykKIHsKICAgICBzaXplX3QgbWluQmxvY2tTaXplID0g TWFya2VkQmxvY2s6OmJsb2NrU2l6ZTsKLSAgICBzaXplX3QgbWluQWxsb2NhdGlvblNpemUgPSBX VEY6OnJvdW5kVXBUb011bHRpcGxlT2YoV1RGOjpwYWdlU2l6ZSgpLCBzaXplb2YoTWFya2VkQmxv Y2spICsgYnl0ZXMpOworICAgIHNpemVfdCBtaW5BbGxvY2F0aW9uU2l6ZSA9IFdURjo6cm91bmRV cFRvTXVsdGlwbGVPZjxNYXJrZWRCbG9jazo6YXRvbVNpemU+KHNpemVvZihNYXJrZWRCbG9jaykp ICsgV1RGOjpyb3VuZFVwVG9NdWx0aXBsZU9mPE1hcmtlZEJsb2NrOjphdG9tU2l6ZT4oYnl0ZXMp OwogICAgIHNpemVfdCBibG9ja1NpemUgPSBzdGQ6Om1heChtaW5CbG9ja1NpemUsIG1pbkFsbG9j YXRpb25TaXplKTsKIAogICAgIHNpemVfdCBjZWxsU2l6ZSA9IG1fY2VsbFNpemUgPyBtX2NlbGxT aXplIDogV1RGOjpyb3VuZFVwVG9NdWx0aXBsZU9mPE1hcmtlZEJsb2NrOjphdG9tU2l6ZT4oYnl0 ZXMpOwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVzcy9oZWFwLWFsbG9j YXRvci1hbGxvY2F0ZXMtaW5jb3JyZWN0LXNpemUtZm9yLWFjdGl2YXRpb24uanMKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVzcy9oZWFwLWFsbG9jYXRvci1h bGxvY2F0ZXMtaW5jb3JyZWN0LXNpemUtZm9yLWFjdGl2YXRpb24uanMJKHJldmlzaW9uIDApCisr KyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvdGVzdHMvc3RyZXNzL2hlYXAtYWxsb2NhdG9yLWFsbG9j YXRlcy1pbmNvcnJlY3Qtc2l6ZS1mb3ItYWN0aXZhdGlvbi5qcwkod29ya2luZyBjb3B5KQpAQCAt MCwwICsxLDQxIEBACisKKy8vIENvbnNpZGVyIHRoZSBmb2xsb3dpbmcgc2NlbmFyaW86CisvLyAt IE9uIE9TIFgsIFdURjo6cGFnZVNpemUoKSBpcyA0KjEwMjQgYnl0ZXMuCisvLyAtIEpTRW52aXJv bm1lbnRSZWNvcmQ6OmFsbG9jYXRpb25TaXplRm9yU2NvcGVTaXplKDY2MjEpID09IDUzMDAwCisv LyAtIHNpemVvZihNYXJrZWRCbG9jaykgPT0gMjQ4CisvLyAtICgyNDggKyA1MzAwMCkgaXMgYSBt dWx0aXBsZSBvZiA0KjEwMjQuCisvLyAtICgyNDggKyA1MzAwMCkvKDQqMTAyNCkgPT0gMTMKKwor Ly8gV2Ugd2lsbCBhbGxvY2F0ZSBhIGNodW5rIG9mIG1lbW9yeSBvZiBzaXplIDUzMjQ4IGJ5dGVz IHRoYXQgbG9va3MgbGlrZSB0aGlzOgorLy8gMCAgICAgICAgICAgIDI0OCAgICAgICAyNTYgICAg ICAgICAgICAgICAgICAgICAgIDUzMjQ4ICAgICAgIDUzMjU2CisvLyBbTWFya2VkIEJsb2NrIHwg OCBieXRlcyB8ICBwYXlsb2FkICAgICAuLi4uLi4gICAgICBdICA4IGJ5dGVzICB8CisvLyAgICAg ICAgICAgICAgICAgICAgICAgICBeICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICBeCisvLyAgICAgICAgICAgICAgICAgICAgT3VyIEVudmlyb25tZW50IHJlY29yZCBzdGFydHMg aGVyZS4gICAgICAgICBeCisvLyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICBeCisvLyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgT3VyIGxhc3QgSlNWYWx1ZSBpbiB0aGUgZW52 aXJvbm1lbnQgcmVjb3JkIHdpbGwgZ28gZnJvbSBieXRlIDUzMjQ4IHRvIDUzMjU2LiBCdXQsIHdl IGRvbid0IG93biB0aGlzIG1lbW9yeS4KKwordmFyIG51bWJlck9mQ2FwdHVyZWRWYXJpYWJsZXMg PSA2NjIxOworZnVuY3Rpb24gdXNlKCkgeyB9CitmdW5jdGlvbiBtYWtlRnVuY3Rpb24oKSB7IAor ICAgIHZhciB2YXJOYW1lOworICAgIHZhciBvdXRlckZ1bmN0aW9uID0gIiI7CisgICAgdmFyIGlu bmVyRnVuY3Rpb24gPSAiIjsKKworICAgIGZvciAodmFyIGkgPSAwOyBpIDwgbnVtYmVyT2ZDYXB0 dXJlZFZhcmlhYmxlczsgaSsrKSB7CisgICAgICAgIHZhck5hbWUgPSAiXyIgKyBpOworICAgICAg ICBvdXRlckZ1bmN0aW9uICs9ICJ2YXIgIiArIHZhck5hbWUgKyAiOyI7CisgICAgICAgIGlubmVy RnVuY3Rpb24gKz0gInVzZSgiICsgdmFyTmFtZSArICIpOyI7CisgICAgfQorICAgIG91dGVyRnVu Y3Rpb24gKz0gImZ1bmN0aW9uIGZvbygpIHsiICsgaW5uZXJGdW5jdGlvbiArICJ9IjsKKyAgICB2 YXIgZnVuY3Rpb25TdHJpbmcgPSAiKGZ1bmN0aW9uKCkgeyAiICsgb3V0ZXJGdW5jdGlvbiArICJ9 KSI7CisgICAgdmFyIHJlc3VsdCA9IGV2YWwoZnVuY3Rpb25TdHJpbmcpOworICAgIHJldHVybiBy ZXN1bHQ7Cit9CisKK3ZhciBhcnIgPSBbXTsKK2ZvciAodmFyIGkgPSAwOyBpIDwgNTA7IGkrKykg eworICAgIHZhciBmID0gbWFrZUZ1bmN0aW9uKCk7CisgICAgZigpOworICAgIGZ1bGxHQygpOwor fQorCg== 260033 2015-08-26 22:29:54 -0700 2015-08-26 22:34:23 -0700 patch a-backup.diff text/plain 5032 saam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTg5MDA0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDM2IEBA CisyMDE1LTA4LTI2ICBTYWFtIGJhcmF0aSAgPHNiYXJhdGlAYXBwbGUuY29tPgorCisgICAgICAg IE1hcmtlZEJsb2NrOjphbGxvY2F0ZUJsb2NrIG1heSBoYXZlIHRoZSB3cm9uZyBhbGxvY2F0aW9u IHNpemUgd2hlbiAoc2l6ZW9mKE1hcmtlZEJsb2NrKSArIGJ5dGVzKSBpcyBkaXZpc2libGUgYnkg V1RGOjpwYWdlU2l6ZSgpCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0xNDg1MDAKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKwor ICAgICAgICBDb25zaWRlciB0aGUgZm9sbG93aW5nIHNjZW5hcmlvOgorICAgICAgICAtIE9uIE9T IFgsIFdURjo6cGFnZVNpemUoKSBpcyA0KjEwMjQgYnl0ZXMuCisgICAgICAgIC0gSlNFbnZpcm9u bWVudFJlY29yZDo6YWxsb2NhdGlvblNpemVGb3JTY29wZVNpemUoNjYyMSkgPT0gNTMwMDAKKyAg ICAgICAgLSBzaXplb2YoTWFya2VkQmxvY2spID09IDI0OAorICAgICAgICAtICgyNDggKyA1MzAw MCkgaXMgYSBtdWx0aXBsZSBvZiA0KjEwMjQuCisgICAgICAgIC0gKDI0OCArIDUzMDAwKS8oNCox MDI0KSA9PSAxMworCisgICAgICAgIFdlIHdpbGwgYWxsb2NhdGUgYSBjaHVuayBvZiBtZW1vcnkg b2Ygc2l6ZSA1MzI0OCBieXRlcyB0aGF0IGxvb2tzIGxpa2UgdGhpczoKKyAgICAgICAgMCAgICAg ICAgICAgIDI0OCAgICAgICAyNTYgICAgICAgICAgICAgICAgICAgICAgIDUzMjQ4ICAgICAgIDUz MjU2CisgICAgICAgIFtNYXJrZWQgQmxvY2sgfCA4IGJ5dGVzIHwgIHBheWxvYWQgICAgIC4uLi4u LiAgICAgIF0gIDggYnl0ZXMgIHwKKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXiAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXgorICAgICAgICAgICAgICAgICAg ICAgICAgICAgT3VyIEVudmlyb25tZW50IHJlY29yZCBzdGFydHMgaGVyZS4gICAgICAgICBeCisg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgIF4KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgT3VyIGxhc3QgSlNWYWx1ZSBpbiB0aGUgZW52aXJvbm1l bnQgcmVjb3JkIHdpbGwgZ28gZnJvbSBieXRlIDUzMjQ4IHRvIDUzMjU2LiBCdXQsIHdlIGRvbid0 IG93biB0aGlzIG1lbW9yeS4KKworICAgICAgICBXZSBuZWVkIHRvIGVuc3VyZSB0aGF0IHdlIHJv dW5kIHVwIHNpemVvZihNYXJrZWRCbG9jaykgdG8gYW4KKyAgICAgICAgYXRvbVNpemUgYm91bmRh cnkuIFdlIG5lZWQgdG8gZG8gdGhpcyBiZWNhdXNlIHRoZSBmaXJzdCBhdG9tCisgICAgICAgIGlu c2lkZSB0aGUgTWFya2VkQmxvY2sgd2lsbCBzdGFydCBhdCB0aGUgcm91bmRlZCB1cCBtdWx0aXBs ZQorICAgICAgICBvZiBhdG9tU2l6ZSBwYXN0IE1hcmtlZEJsb2NrLiBJZiB3ZSBlbmQgdXAgd2l0 aCBhbiBhbGxvY2F0aW9uCisgICAgICAgIHRoYXQgaXMgcGVyZmVjdGx5IGFsaWduZWQgdG8gdGhl IHBhZ2Ugc2l6ZSwgdGhlbiB3ZSB3aWxsIGJlIHNob3J0CisgICAgICAgIDggYnl0ZXMgKGluIHRo ZSBjdXJyZW50IGltcGxlbWVudGF0aW9uIHdoZXJlIGF0b21TaXplIGlzIDE2IGJ5dGVzLAorICAg ICAgICBhbmQgTWFya2VkQmxvY2sgaXMgMjQ4IGJ5dGVzKS4KKworICAgICAgICAqIGhlYXAvTWFy a2VkQWxsb2NhdG9yLmNwcDoKKyAgICAgICAgKEpTQzo6TWFya2VkQWxsb2NhdG9yOjphbGxvY2F0 ZUJsb2NrKToKKwogMjAxNS0wOC0yNiAgSm9zZXBoIFBlY29yYXJvICA8cGVjb3Jhcm9AYXBwbGUu Y29tPgogCiAgICAgICAgIFdlYiBJbnNwZWN0b3I6IEltcGxlbWVudCB0cmFja2luZyBvZiBhY3Rp dmUgc3R5bGVzaGVldHMgaW4gdGhlIGZyb250ZW5kCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENv cmUvaGVhcC9NYXJrZWRBbGxvY2F0b3IuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2Ny aXB0Q29yZS9oZWFwL01hcmtlZEFsbG9jYXRvci5jcHAJKHJldmlzaW9uIDE4OTAwNCkKKysrIFNv dXJjZS9KYXZhU2NyaXB0Q29yZS9oZWFwL01hcmtlZEFsbG9jYXRvci5jcHAJKHdvcmtpbmcgY29w eSkKQEAgLTE3NSw3ICsxNzUsOCBAQCB2b2lkKiBNYXJrZWRBbGxvY2F0b3I6OmFsbG9jYXRlU2xv d0Nhc2UoCiBNYXJrZWRCbG9jayogTWFya2VkQWxsb2NhdG9yOjphbGxvY2F0ZUJsb2NrKHNpemVf dCBieXRlcykKIHsKICAgICBzaXplX3QgbWluQmxvY2tTaXplID0gTWFya2VkQmxvY2s6OmJsb2Nr U2l6ZTsKLSAgICBzaXplX3QgbWluQWxsb2NhdGlvblNpemUgPSBXVEY6OnJvdW5kVXBUb011bHRp cGxlT2YoV1RGOjpwYWdlU2l6ZSgpLCBzaXplb2YoTWFya2VkQmxvY2spICsgYnl0ZXMpOworICAg IHNpemVfdCBtaW5BbGxvY2F0aW9uU2l6ZSA9IFdURjo6cm91bmRVcFRvTXVsdGlwbGVPZjxNYXJr ZWRCbG9jazo6YXRvbVNpemU+KHNpemVvZihNYXJrZWRCbG9jaykpICsgV1RGOjpyb3VuZFVwVG9N dWx0aXBsZU9mPE1hcmtlZEJsb2NrOjphdG9tU2l6ZT4oYnl0ZXMpOworICAgIG1pbkFsbG9jYXRp b25TaXplID0gV1RGOjpyb3VuZFVwVG9NdWx0aXBsZU9mKFdURjo6cGFnZVNpemUoKSwgbWluQWxs b2NhdGlvblNpemUpOwogICAgIHNpemVfdCBibG9ja1NpemUgPSBzdGQ6Om1heChtaW5CbG9ja1Np emUsIG1pbkFsbG9jYXRpb25TaXplKTsKIAogICAgIHNpemVfdCBjZWxsU2l6ZSA9IG1fY2VsbFNp emUgPyBtX2NlbGxTaXplIDogV1RGOjpyb3VuZFVwVG9NdWx0aXBsZU9mPE1hcmtlZEJsb2NrOjph dG9tU2l6ZT4oYnl0ZXMpOwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVz cy9oZWFwLWFsbG9jYXRvci1hbGxvY2F0ZXMtaW5jb3JyZWN0LXNpemUtZm9yLWFjdGl2YXRpb24u anMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVzcy9oZWFw LWFsbG9jYXRvci1hbGxvY2F0ZXMtaW5jb3JyZWN0LXNpemUtZm9yLWFjdGl2YXRpb24uanMJKHJl dmlzaW9uIDApCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvdGVzdHMvc3RyZXNzL2hlYXAtYWxs b2NhdG9yLWFsbG9jYXRlcy1pbmNvcnJlY3Qtc2l6ZS1mb3ItYWN0aXZhdGlvbi5qcwkod29ya2lu ZyBjb3B5KQpAQCAtMCwwICsxLDQxIEBACisKKy8vIENvbnNpZGVyIHRoZSBmb2xsb3dpbmcgc2Nl bmFyaW86CisvLyAtIE9uIE9TIFgsIFdURjo6cGFnZVNpemUoKSBpcyA0KjEwMjQgYnl0ZXMuCisv LyAtIEpTRW52aXJvbm1lbnRSZWNvcmQ6OmFsbG9jYXRpb25TaXplRm9yU2NvcGVTaXplKDY2MjEp ID09IDUzMDAwCisvLyAtIHNpemVvZihNYXJrZWRCbG9jaykgPT0gMjQ4CisvLyAtICgyNDggKyA1 MzAwMCkgaXMgYSBtdWx0aXBsZSBvZiA0KjEwMjQuCisvLyAtICgyNDggKyA1MzAwMCkvKDQqMTAy NCkgPT0gMTMKKworLy8gV2Ugd2lsbCBhbGxvY2F0ZSBhIGNodW5rIG9mIG1lbW9yeSBvZiBzaXpl IDUzMjQ4IGJ5dGVzIHRoYXQgbG9va3MgbGlrZSB0aGlzOgorLy8gMCAgICAgICAgICAgIDI0OCAg ICAgICAyNTYgICAgICAgICAgICAgICAgICAgICAgIDUzMjQ4ICAgICAgIDUzMjU2CisvLyBbTWFy a2VkIEJsb2NrIHwgOCBieXRlcyB8ICBwYXlsb2FkICAgICAuLi4uLi4gICAgICBdICA4IGJ5dGVz ICB8CisvLyAgICAgICAgICAgICAgICAgICAgICAgICBeICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICBeCisvLyAgICAgICAgICAgICAgICAgICAgT3VyIEVudmlyb25tZW50IHJl Y29yZCBzdGFydHMgaGVyZS4gICAgICAgICBeCisvLyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBeCisvLyAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgT3VyIGxhc3QgSlNWYWx1 ZSBpbiB0aGUgZW52aXJvbm1lbnQgcmVjb3JkIHdpbGwgZ28gZnJvbSBieXRlIDUzMjQ4IHRvIDUz MjU2LiBCdXQsIHdlIGRvbid0IG93biB0aGlzIG1lbW9yeS4KKwordmFyIG51bWJlck9mQ2FwdHVy ZWRWYXJpYWJsZXMgPSA2NjIxOworZnVuY3Rpb24gdXNlKCkgeyB9CitmdW5jdGlvbiBtYWtlRnVu Y3Rpb24oKSB7IAorICAgIHZhciB2YXJOYW1lOworICAgIHZhciBvdXRlckZ1bmN0aW9uID0gIiI7 CisgICAgdmFyIGlubmVyRnVuY3Rpb24gPSAiIjsKKworICAgIGZvciAodmFyIGkgPSAwOyBpIDwg bnVtYmVyT2ZDYXB0dXJlZFZhcmlhYmxlczsgaSsrKSB7CisgICAgICAgIHZhck5hbWUgPSAiXyIg KyBpOworICAgICAgICBvdXRlckZ1bmN0aW9uICs9ICJ2YXIgIiArIHZhck5hbWUgKyAiOyI7Cisg ICAgICAgIGlubmVyRnVuY3Rpb24gKz0gInVzZSgiICsgdmFyTmFtZSArICIpOyI7CisgICAgfQor ICAgIG91dGVyRnVuY3Rpb24gKz0gImZ1bmN0aW9uIGZvbygpIHsiICsgaW5uZXJGdW5jdGlvbiAr ICJ9IjsKKyAgICB2YXIgZnVuY3Rpb25TdHJpbmcgPSAiKGZ1bmN0aW9uKCkgeyAiICsgb3V0ZXJG dW5jdGlvbiArICJ9KSI7CisgICAgdmFyIHJlc3VsdCA9IGV2YWwoZnVuY3Rpb25TdHJpbmcpOwor ICAgIHJldHVybiByZXN1bHQ7Cit9CisKK3ZhciBhcnIgPSBbXTsKK2ZvciAodmFyIGkgPSAwOyBp IDwgNTA7IGkrKykgeworICAgIHZhciBmID0gbWFrZUZ1bmN0aW9uKCk7CisgICAgZigpOworICAg IGZ1bGxHQygpOworfQorCg==