153727 2016-01-31 11:16:10 -0800 REGRESSION(r195770): Use-after-free in ResourceLoaderOptions::cachingPolicy 2016-02-10 09:23:28 -0800 1 1 1 Unclassified WebKit Page Loading WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED EasyFix, InRadar P2 Normal --- 1 ap jer.noble beidson cdumez commit-queue darin japhet jer.noble webkit-bug-importer oldest_to_newest 1160659 0 ap 2016-01-31 11:16:10 -0800 Application Specific Information: ================================================================ ==86812==ERROR: AddressSanitizer: heap-use-after-free on address 0x61b00026ff9c at pc 0x0001084cb848 bp 0x7fff5c7b33f0 sp 0x7fff5c7b33e8 READ of size 1 at 0x61b00026ff9c thread T0 #0 0x1084cb847 in WebCore::ResourceLoaderOptions::cachingPolicy() const (WebCore.framework/Versions/A/WebCore+0x69b847) #1 0x1084c99ef in WebCore::CachedResource::allowsCaching() const (WebCore.framework/Versions/A/WebCore+0x6999ef) #2 0x107fa1668 in WebCore::CachedResource::removeClient(WebCore::CachedResourceClient*) (WebCore.framework/Versions/A/WebCore+0x171668) #3 0x10801deeb in WebCore::ImageLoader::updateFromElement() (WebCore.framework/Versions/A/WebCore+0x1edeeb) #4 0x108d986aa in WebCore::HTMLImageElement::selectImageSource() (WebCore.framework/Versions/A/WebCore+0xf686aa) #5 0x10801cfa7 in WebCore::HTMLImageElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) (WebCore.framework/Versions/A/WebCore+0x1ecfa7) #6 0x108a8ff8e in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) (WebCore.framework/Versions/A/WebCore+0xc5ff8e) #7 0x108a97981 in WebCore::Element::didModifyAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&) (WebCore.framework/Versions/A/WebCore+0xc67981) #8 0x107fa3a05 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (WebCore.framework/Versions/A/WebCore+0x173a05) #9 0x10940ec48 in WebCore::setJSHTMLImageElementSrc(JSC::ExecState*, JSC::JSObject*, long long, long long) (WebCore.framework/Versions/A/WebCore+0x15dec48) #10 0x106c13cec in JSC::JSObject::putInlineSlow(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0xe58cec) #11 0x10604121b in llint_slow_path_put_by_id (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x28621b) #12 0x106d6acf0 in llint_entry (JavaScriptCore.framework/Versions/A/JavaScriptCore+0xfafcf0) #13 0x106d67c6a in vmEntryToJavaScript (JavaScriptCore.framework/Versions/A/JavaScriptCore+0xfacc6a) #14 0x106b0099d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0xd4599d) #15 0x105e21b64 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x66b64) #16 0x105e217c1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x667c1) #17 0x10638aa21 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x5cfa21) #18 0x10638ad56 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x5cfd56) #19 0x109162fce in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebCore.framework/Versions/A/WebCore+0x1332fce) #20 0x107fe5169 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (WebCore.framework/Versions/A/WebCore+0x1b5169) #21 0x108add101 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) (WebCore.framework/Versions/A/WebCore+0xcad101) #22 0x108adcb11 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (WebCore.framework/Versions/A/WebCore+0xcacb11) #23 0x108ab9618 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const (WebCore.framework/Versions/A/WebCore+0xc89618) #24 0x108abb333 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) (WebCore.framework/Versions/A/WebCore+0xc8b333) #25 0x108aba95e in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::Event&) (WebCore.framework/Versions/A/WebCore+0xc8a95e) #26 0x108028ec3 in WebCore::HTMLImageLoader::dispatchLoadEvent() (WebCore.framework/Versions/A/WebCore+0x1f8ec3) #27 0x108028ce6 in WebCore::ImageLoader::dispatchPendingLoadEvent() (WebCore.framework/Versions/A/WebCore+0x1f8ce6) #28 0x108028c04 in WebCore::ImageLoader::dispatchPendingEvent(WebCore::EventSender<WebCore::ImageLoader>*) (WebCore.framework/Versions/A/WebCore+0x1f8c04) #29 0x107f1aaaa in WebCore::EventSender<WebCore::ImageLoader>::dispatchPendingEvents() (WebCore.framework/Versions/A/WebCore+0xeaaaa) #30 0x107e50c74 in WebCore::ThreadTimers::sharedTimerFiredInternal() (WebCore.framework/Versions/A/WebCore+0x20c74) #31 0x107e50a8f in WebCore::timerFired(__CFRunLoopTimer*, void*) (WebCore.framework/Versions/A/WebCore+0x20a8f) #32 0x7fff88184bc3 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xb4bc3) #33 0x7fff88184852 in __CFRunLoopDoTimer (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xb4852) #34 0x7fff88202e69 in __CFRunLoopDoTimers (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x132e69) #35 0x7fff8813fcd0 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x6fcd0) #36 0x7fff8813f337 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x6f337) #37 0x7fff97b2c934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #38 0x7fff97b2c76e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #39 0x7fff97b2c5ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #40 0x7fff8a2420ed in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x8a0ed) #41 0x7fff8a60e942 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x456942) #42 0x7fff8a237fc7 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x7ffc7) #43 0x7fff8a1ba51f in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x251f) #44 0x7fff9c563f6b in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x16f6b) #45 0x7fff9c5656ba in xpc_main (/usr/lib/system/libxpc.dylib+0x186ba) #46 0x103448b1b in ?? (WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001b1b) #47 0x7fff9a8325ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #48 0x0 (<unknown module>) 0x61b00026ff9c is located 284 bytes inside of 1456-byte region [0x61b00026fe80,0x61b000270430) freed by thread T0 here: #0 0x104b71109 in wrap_free (/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/lib/clang/7.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x43109) #1 0x1070dc2b0 in bmalloc::Deallocator::deallocateSlowCase(void*) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x13212b0) #2 0x107fd59b6 in WebCore::CachedResource::deleteIfPossible() (WebCore.framework/Versions/A/WebCore+0x1a59b6) #3 0x107fa165d in WebCore::CachedResource::removeClient(WebCore::CachedResourceClient*) (WebCore.framework/Versions/A/WebCore+0x17165d) #4 0x10801deeb in WebCore::ImageLoader::updateFromElement() (WebCore.framework/Versions/A/WebCore+0x1edeeb) #5 0x108d986aa in WebCore::HTMLImageElement::selectImageSource() (WebCore.framework/Versions/A/WebCore+0xf686aa) #6 0x10801cfa7 in WebCore::HTMLImageElement::parseAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) (WebCore.framework/Versions/A/WebCore+0x1ecfa7) #7 0x108a8ff8e in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) (WebCore.framework/Versions/A/WebCore+0xc5ff8e) #8 0x108a97981 in WebCore::Element::didModifyAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&) (WebCore.framework/Versions/A/WebCore+0xc67981) #9 0x107fa3a05 in WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute) (WebCore.framework/Versions/A/WebCore+0x173a05) #10 0x10940ec48 in WebCore::setJSHTMLImageElementSrc(JSC::ExecState*, JSC::JSObject*, long long, long long) (WebCore.framework/Versions/A/WebCore+0x15dec48) #11 0x106c13cec in JSC::JSObject::putInlineSlow(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0xe58cec) #12 0x10604121b in llint_slow_path_put_by_id (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x28621b) #13 0x106d6acf0 in llint_entry (JavaScriptCore.framework/Versions/A/JavaScriptCore+0xfafcf0) #14 0x106d67c6a in vmEntryToJavaScript (JavaScriptCore.framework/Versions/A/JavaScriptCore+0xfacc6a) #15 0x106b0099d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0xd4599d) #16 0x105e21b64 in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x66b64) #17 0x105e217c1 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x667c1) #18 0x10638aa21 in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x5cfa21) #19 0x10638ad56 in JSC::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (JavaScriptCore.framework/Versions/A/JavaScriptCore+0x5cfd56) #20 0x109162fce in WebCore::JSMainThreadExecState::profiledCall(JSC::ExecState*, JSC::ProfilingReason, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (WebCore.framework/Versions/A/WebCore+0x1332fce) #21 0x107fe5169 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (WebCore.framework/Versions/A/WebCore+0x1b5169) #22 0x108add101 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow, 16ul>&) (WebCore.framework/Versions/A/WebCore+0xcad101) #23 0x108adcb11 in WebCore::EventTarget::fireEventListeners(WebCore::Event&) (WebCore.framework/Versions/A/WebCore+0xcacb11) #24 0x108ab9618 in WebCore::EventContext::handleLocalEvents(WebCore::Event&) const (WebCore.framework/Versions/A/WebCore+0xc89618) #25 0x108abb333 in WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&, WebCore::WindowEventContext&) (WebC abort() called CRASHING TEST: /contentextensions/make-https.html 1160660 1 webkit-bug-importer 2016-01-31 11:16:25 -0800 <rdar://problem/24429886> 1160858 2 darin 2016-02-01 08:59:02 -0800 Simplest fix is to move the !deleted check before the allowsCaching() check inside the if statement. 1160859 3 darin 2016-02-01 08:59:33 -0800 It’s just an && and we need to short circuit before calling allowsCaching() if deleted is true. 1160861 4 jer.noble 2016-02-01 09:00:19 -0800 Looking into this now. 1160866 5 jer.noble 2016-02-01 09:02:45 -0800 (In reply to comment #3) > It’s just an && and we need to short circuit before calling allowsCaching() > if deleted is true. Yep. It also looks like this is the only place where we call allowsCaching() after deleteIfPossible(). 1160870 6 270388 jer.noble 2016-02-01 09:10:11 -0800 Created attachment 270388 Patch 1160873 7 270388 cdumez 2016-02-01 09:16:34 -0800 Comment on attachment 270388 Patch r=me 1160896 8 270388 darin 2016-02-01 09:50:58 -0800 Comment on attachment 270388 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=270388&action=review I like the patch. I would have suggested the smaller one that just reorders the delete check, but it’s good to look over all the logic carefully. Generally I am ever so slightly worried that we have too many allowsCaching() checks. > Source/WebCore/loader/cache/CachedResource.cpp:486 > + // `this` object is dead here. What’s with the peculiar quoting here? I’ve never seen someone use backquotes like this. > Source/WebCore/loader/cache/CachedResource.cpp:499 > + if (!m_switchingClientsToRevalidatedResource) > + allClientsRemoved(); I don’t understand why it’s OK to skip this step when allowsCaching is false. Nothing in the function name "allClientsRemoved" makes that clear, even if in practice the code isn’t needed. > Source/WebCore/loader/cache/CachedResource.cpp:500 > + destroyDecodedDataIfNeeded(); Unclear on the sequence of the code, why it’s best to do this in this order. Also unclear why we want to skip this step when allowsCaching is false. 1160918 9 270388 commit-queue 2016-02-01 10:15:31 -0800 Comment on attachment 270388 Patch Clearing flags on attachment: 270388 Committed r195965: <http://trac.webkit.org/changeset/195965> 1160919 10 commit-queue 2016-02-01 10:15:34 -0800 All reviewed patches have been landed. Closing bug. 1160962 11 270388 jer.noble 2016-02-01 11:48:25 -0800 Comment on attachment 270388 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=270388&action=review I'll address these comments in a follow up patch. >> Source/WebCore/loader/cache/CachedResource.cpp:486 >> + // `this` object is dead here. > > What’s with the peculiar quoting here? I’ve never seen someone use backquotes like this. It's a GitHub / Markdown ism. It translates as "[code]this[/code]". "this" is a ambiguous word, so I just wanted to emphasize that I was talking about the "this" pointer, not some other English-language "this". >> Source/WebCore/loader/cache/CachedResource.cpp:499 >> + allClientsRemoved(); > > I don’t understand why it’s OK to skip this step when allowsCaching is false. Nothing in the function name "allClientsRemoved" makes that clear, even if in practice the code isn’t needed. You're right; we should just be protecting access to the memory cache. >> Source/WebCore/loader/cache/CachedResource.cpp:500 >> + destroyDecodedDataIfNeeded(); > > Unclear on the sequence of the code, why it’s best to do this in this order. Also unclear why we want to skip this step when allowsCaching is false. Since destroyDecodedDataIfNeeded() just starts a timer, I don't think the order matters here. 1161284 12 jer.noble 2016-02-02 09:01:31 -0800 Reopening to attach new patch. 1161285 13 270491 jer.noble 2016-02-02 09:01:34 -0800 Created attachment 270491 Follow up patch 1161313 14 jer.noble 2016-02-02 10:37:28 -0800 (iOS build error appears unrelated: "Code Sign error: The file “WebContent-iOS-no-sandbox.entitlements” couldn’t be opened because there is no such file.: (null)") 1163481 15 270491 commit-queue 2016-02-10 09:23:24 -0800 Comment on attachment 270491 Follow up patch Clearing flags on attachment: 270491 Committed r196367: <http://trac.webkit.org/changeset/196367> 1163482 16 commit-queue 2016-02-10 09:23:28 -0800 All reviewed patches have been landed. Closing bug. 270388 2016-02-01 09:10:11 -0800 2016-02-01 10:15:31 -0800 Patch bug-153727-20160201090951.patch text/plain 3498 jer.noble U3VidmVyc2lvbiBSZXZpc2lvbjogMTk1OTYwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNGJiNTZjZWY2NzQ4OTJj N2Q0MWZkOGZkOTBhZjllNjk0YjA5Nzk2Mi4uZDAwM2NmYTMzNzljMjBmMTcxMTg5N2JiMTU1NTdm MjFjMTZlYzk4NyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE4IEBACisyMDE2LTAyLTAxICBKZXIg Tm9ibGUgIDxqZXIubm9ibGVAYXBwbGUuY29tPgorCisgICAgICAgIFJFR1JFU1NJT04ocjE5NTc3 MCk6IFVzZS1hZnRlci1mcmVlIGluIFJlc291cmNlTG9hZGVyT3B0aW9uczo6Y2FjaGluZ1BvbGlj eQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTUzNzI3 CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS8yNDQyOTg4Nj4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGUgYHRoaXNgIG9iamVjdCBtYXkgYmUgZnJl ZWQgYWZ0ZXIgY2FsbGluZyBkZWxldGVJZlBvc3NpYmxlKCkuIE1ha2UgdGhlIGVhcmx5LXJldHVy bi1pZi0KKyAgICAgICAgZGVsZXRlZCBtb3JlIGV4cGxpY2l0LCBhbmQgb25seSBjaGVjayBhbGxv d3NDYWNoaW5nKCkgYWZ0ZXIgdGhlIGRlbGV0ZUlmUG9zc2libGUoKSByZXR1cm4KKyAgICAgICAg dmFsdWUgY2hlY2suCisKKyAgICAgICAgKiBsb2FkZXIvY2FjaGUvQ2FjaGVkUmVzb3VyY2UuY3Bw OgorICAgICAgICAoV2ViQ29yZTo6Q2FjaGVkUmVzb3VyY2U6OnJlbW92ZUNsaWVudCk6CisKIDIw MTUtMDUtMTMgIEplciBOb2JsZSAgPGplci5ub2JsZUBhcHBsZS5jb20+CiAKICAgICAgICAgQWRk IGEgZmFzdCBGb3JtYXRDb252ZXJ0ZXIgdXNpbmcgQWNjZWxlcmF0ZS5mcmFtZXdvcmsuCmRpZmYg LS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIvY2FjaGUvQ2FjaGVkUmVzb3VyY2UuY3BwIGIv U291cmNlL1dlYkNvcmUvbG9hZGVyL2NhY2hlL0NhY2hlZFJlc291cmNlLmNwcAppbmRleCA3Mjdh NzJlOTVlYThmYTdlNzQyYzRkMjZmN2ZiMDVhMzhmZmQ3ZmU0Li4zZWU0ZmVmOGMwYWMyMDk4MmJl MWE4NDYyYWJmZDVlYzdkOTNlMDg5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9sb2FkZXIv Y2FjaGUvQ2FjaGVkUmVzb3VyY2UuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9jYWNo ZS9DYWNoZWRSZXNvdXJjZS5jcHAKQEAgLTQ4MiwyNiArNDgyLDMwIEBAIHZvaWQgQ2FjaGVkUmVz b3VyY2U6OnJlbW92ZUNsaWVudChDYWNoZWRSZXNvdXJjZUNsaWVudCogY2xpZW50KQogICAgICAg ICBkaWRSZW1vdmVDbGllbnQoY2xpZW50KTsKICAgICB9CiAKLSAgICBib29sIGRlbGV0ZWQgPSBk ZWxldGVJZlBvc3NpYmxlKCk7Ci0gICAgaWYgKGFsbG93c0NhY2hpbmcoKSAmJiAhZGVsZXRlZCAm JiAhaGFzQ2xpZW50cygpKSB7Ci0gICAgICAgIGF1dG8mIG1lbW9yeUNhY2hlID0gTWVtb3J5Q2Fj aGU6OnNpbmdsZXRvbigpOwotICAgICAgICBpZiAoaW5DYWNoZSgpKSB7Ci0gICAgICAgICAgICBt ZW1vcnlDYWNoZS5yZW1vdmVGcm9tTGl2ZVJlc291cmNlc1NpemUoKnRoaXMpOwotICAgICAgICAg ICAgbWVtb3J5Q2FjaGUucmVtb3ZlRnJvbUxpdmVEZWNvZGVkUmVzb3VyY2VzTGlzdCgqdGhpcyk7 Ci0gICAgICAgIH0KLSAgICAgICAgaWYgKCFtX3N3aXRjaGluZ0NsaWVudHNUb1JldmFsaWRhdGVk UmVzb3VyY2UpCi0gICAgICAgICAgICBhbGxDbGllbnRzUmVtb3ZlZCgpOwotICAgICAgICBkZXN0 cm95RGVjb2RlZERhdGFJZk5lZWRlZCgpOwotICAgICAgICBpZiAocmVzcG9uc2UoKS5jYWNoZUNv bnRyb2xDb250YWluc05vU3RvcmUoKSAmJiB1cmwoKS5wcm90b2NvbElzKCJodHRwcyIpKSB7Ci0g ICAgICAgICAgICAvLyBSRkMyNjE2IDE0LjkuMjoKLSAgICAgICAgICAgIC8vICJuby1zdG9yZTog Li4uIE1VU1QgbWFrZSBhIGJlc3QtZWZmb3J0IGF0dGVtcHQgdG8gcmVtb3ZlIHRoZSBpbmZvcm1h dGlvbiBmcm9tIHZvbGF0aWxlIHN0b3JhZ2UgYXMgcHJvbXB0bHkgYXMgcG9zc2libGUiCi0gICAg ICAgICAgICAvLyAiLi4uIEhpc3RvcnkgYnVmZmVycyBNQVkgc3RvcmUgc3VjaCByZXNwb25zZXMg YXMgcGFydCBvZiB0aGVpciBub3JtYWwgb3BlcmF0aW9uLiIKLSAgICAgICAgICAgIC8vIFdlIGFs bG93IG5vbi1zZWN1cmUgY29udGVudCB0byBiZSByZXVzZWQgaW4gaGlzdG9yeSwgYnV0IHdlIGRv IG5vdCBhbGxvdyBzZWN1cmUgY29udGVudCB0byBiZSByZXVzZWQuCi0gICAgICAgICAgICBtZW1v cnlDYWNoZS5yZW1vdmUoKnRoaXMpOwotICAgICAgICB9Ci0gICAgICAgIG1lbW9yeUNhY2hlLnBy dW5lU29vbigpOworICAgIGlmIChkZWxldGVJZlBvc3NpYmxlKCkpIHsKKyAgICAgICAgLy8gYHRo aXNgIG9iamVjdCBpcyBkZWFkIGhlcmUuCisgICAgICAgIHJldHVybjsKKyAgICB9CisKKyAgICBp ZiAoIWFsbG93c0NhY2hpbmcoKSB8fCBoYXNDbGllbnRzKCkpCisgICAgICAgIHJldHVybjsKKwor ICAgIGF1dG8mIG1lbW9yeUNhY2hlID0gTWVtb3J5Q2FjaGU6OnNpbmdsZXRvbigpOworICAgIGlm IChpbkNhY2hlKCkpIHsKKyAgICAgICAgbWVtb3J5Q2FjaGUucmVtb3ZlRnJvbUxpdmVSZXNvdXJj ZXNTaXplKCp0aGlzKTsKKyAgICAgICAgbWVtb3J5Q2FjaGUucmVtb3ZlRnJvbUxpdmVEZWNvZGVk UmVzb3VyY2VzTGlzdCgqdGhpcyk7CisgICAgfQorICAgIGlmICghbV9zd2l0Y2hpbmdDbGllbnRz VG9SZXZhbGlkYXRlZFJlc291cmNlKQorICAgICAgICBhbGxDbGllbnRzUmVtb3ZlZCgpOworICAg IGRlc3Ryb3lEZWNvZGVkRGF0YUlmTmVlZGVkKCk7CisgICAgaWYgKHJlc3BvbnNlKCkuY2FjaGVD b250cm9sQ29udGFpbnNOb1N0b3JlKCkgJiYgdXJsKCkucHJvdG9jb2xJcygiaHR0cHMiKSkgewor ICAgICAgICAvLyBSRkMyNjE2IDE0LjkuMjoKKyAgICAgICAgLy8gIm5vLXN0b3JlOiAuLi4gTVVT VCBtYWtlIGEgYmVzdC1lZmZvcnQgYXR0ZW1wdCB0byByZW1vdmUgdGhlIGluZm9ybWF0aW9uIGZy b20gdm9sYXRpbGUgc3RvcmFnZSBhcyBwcm9tcHRseSBhcyBwb3NzaWJsZSIKKyAgICAgICAgLy8g Ii4uLiBIaXN0b3J5IGJ1ZmZlcnMgTUFZIHN0b3JlIHN1Y2ggcmVzcG9uc2VzIGFzIHBhcnQgb2Yg dGhlaXIgbm9ybWFsIG9wZXJhdGlvbi4iCisgICAgICAgIC8vIFdlIGFsbG93IG5vbi1zZWN1cmUg Y29udGVudCB0byBiZSByZXVzZWQgaW4gaGlzdG9yeSwgYnV0IHdlIGRvIG5vdCBhbGxvdyBzZWN1 cmUgY29udGVudCB0byBiZSByZXVzZWQuCisgICAgICAgIG1lbW9yeUNhY2hlLnJlbW92ZSgqdGhp cyk7CiAgICAgfQotICAgIC8vIFRoaXMgb2JqZWN0IG1heSBiZSBkZWFkIGhlcmUuCisgICAgbWVt b3J5Q2FjaGUucHJ1bmVTb29uKCk7CiB9CiAKIHZvaWQgQ2FjaGVkUmVzb3VyY2U6OmRlc3Ryb3lE ZWNvZGVkRGF0YUlmTmVlZGVkKCkK 270491 2016-02-02 09:01:34 -0800 2016-02-10 09:23:24 -0800 Follow up patch bug-153727-20160202090113.patch text/plain 2082 jer.noble U3VidmVyc2lvbiBSZXZpc2lvbjogMTk1OTYwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNTMwYjlkY2I3OGMwOGI0 ZDkyZTY4YmZiOWM3OGQ5NDgwNTY2N2NmYS4uY2QxNjRkYWI4YTA3MDY5YTgwZDQwMGZiNDFkNGNk NTFiOGZkZWE5ZCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDE2LTAyLTAyICBKZXIg Tm9ibGUgIDxqZXIubm9ibGVAYXBwbGUuY29tPgorCisgICAgICAgIFJFR1JFU1NJT04ocjE5NTc3 MCk6IFVzZS1hZnRlci1mcmVlIGluIFJlc291cmNlTG9hZGVyT3B0aW9uczo6Y2FjaGluZ1BvbGlj eQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTUzNzI3 CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS8yNDQyOTg4Nj4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBGb2xsb3ctdXAgYWZ0ZXIgcjE5NTk2NS4gT25s eSBwcm90ZWN0IHRob3NlIHBhcnRzIG9mIENhY2hlZFJlc291cmNlOjpyZW1vdmVDbGllbnQoKSB3 aGljaAorICAgICAgICBhZmZlY3QgdGhlIE1lbW9yeUNhY2hlIHdoZW4gYWxsb3dzQ2FjaGluZygp IGlzIGZhbHNlLgorCisgICAgICAgICogbG9hZGVyL2NhY2hlL0NhY2hlZFJlc291cmNlLmNwcDoK KyAgICAgICAgKFdlYkNvcmU6OkNhY2hlZFJlc291cmNlOjpyZW1vdmVDbGllbnQpOgorCiAyMDE2 LTAyLTAxICBKZXIgTm9ibGUgIDxqZXIubm9ibGVAYXBwbGUuY29tPgogCiAgICAgICAgIFJFR1JF U1NJT04ocjE5NTc3MCk6IFVzZS1hZnRlci1mcmVlIGluIFJlc291cmNlTG9hZGVyT3B0aW9uczo6 Y2FjaGluZ1BvbGljeQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvbG9hZGVyL2NhY2hlL0Nh Y2hlZFJlc291cmNlLmNwcCBiL1NvdXJjZS9XZWJDb3JlL2xvYWRlci9jYWNoZS9DYWNoZWRSZXNv dXJjZS5jcHAKaW5kZXggM2VlNGZlZjhjMGFjMjA5ODJiZTFhODQ2MmFiZmQ1ZWM3ZDkzZTA4OS4u YWVhYTlhNjU1MzUxNTQyODFkYTA5MDQ0OTMwZTJkYzdjYjdjMzJjMSAxMDA2NDQKLS0tIGEvU291 cmNlL1dlYkNvcmUvbG9hZGVyL2NhY2hlL0NhY2hlZFJlc291cmNlLmNwcAorKysgYi9Tb3VyY2Uv V2ViQ29yZS9sb2FkZXIvY2FjaGUvQ2FjaGVkUmVzb3VyY2UuY3BwCkBAIC00ODcsMTcgKzQ4Nywy MSBAQCB2b2lkIENhY2hlZFJlc291cmNlOjpyZW1vdmVDbGllbnQoQ2FjaGVkUmVzb3VyY2VDbGll bnQqIGNsaWVudCkKICAgICAgICAgcmV0dXJuOwogICAgIH0KIAotICAgIGlmICghYWxsb3dzQ2Fj aGluZygpIHx8IGhhc0NsaWVudHMoKSkKKyAgICBpZiAoaGFzQ2xpZW50cygpKQogICAgICAgICBy ZXR1cm47CiAKICAgICBhdXRvJiBtZW1vcnlDYWNoZSA9IE1lbW9yeUNhY2hlOjpzaW5nbGV0b24o KTsKLSAgICBpZiAoaW5DYWNoZSgpKSB7CisgICAgaWYgKGFsbG93c0NhY2hpbmcoKSAmJiBpbkNh Y2hlKCkpIHsKICAgICAgICAgbWVtb3J5Q2FjaGUucmVtb3ZlRnJvbUxpdmVSZXNvdXJjZXNTaXpl KCp0aGlzKTsKICAgICAgICAgbWVtb3J5Q2FjaGUucmVtb3ZlRnJvbUxpdmVEZWNvZGVkUmVzb3Vy Y2VzTGlzdCgqdGhpcyk7CiAgICAgfQogICAgIGlmICghbV9zd2l0Y2hpbmdDbGllbnRzVG9SZXZh bGlkYXRlZFJlc291cmNlKQogICAgICAgICBhbGxDbGllbnRzUmVtb3ZlZCgpOwogICAgIGRlc3Ry b3lEZWNvZGVkRGF0YUlmTmVlZGVkKCk7CisKKyAgICBpZiAoIWFsbG93c0NhY2hpbmcoKSkKKyAg ICAgICAgcmV0dXJuOworCiAgICAgaWYgKHJlc3BvbnNlKCkuY2FjaGVDb250cm9sQ29udGFpbnNO b1N0b3JlKCkgJiYgdXJsKCkucHJvdG9jb2xJcygiaHR0cHMiKSkgewogICAgICAgICAvLyBSRkMy NjE2IDE0LjkuMjoKICAgICAgICAgLy8gIm5vLXN0b3JlOiAuLi4gTVVTVCBtYWtlIGEgYmVzdC1l ZmZvcnQgYXR0ZW1wdCB0byByZW1vdmUgdGhlIGluZm9ybWF0aW9uIGZyb20gdm9sYXRpbGUgc3Rv cmFnZSBhcyBwcm9tcHRseSBhcyBwb3NzaWJsZSIK