153908 2016-02-04 20:59:53 -0800 Arrayify for a typed array shouldn't create a monster 2016-07-13 14:07:52 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build All All RESOLVED FIXED P2 Normal --- 1 fpizlo fpizlo andre.bargull commit-queue ggaren keith_miller mark.lam msaboff saam oldest_to_newest 1162304 0 fpizlo 2016-02-04 20:59:53 -0800 Arrayify over a typed array will repurpose the indexing header for something different than what typed arrays expect, leading to an object that's in a bizarre state. 1162305 1 270724 fpizlo 2016-02-04 21:02:09 -0800 Created attachment 270724 the patch 1162420 2 270724 mark.lam 2016-02-05 10:03:55 -0800 Comment on attachment 270724 the patch View in context: https://bugs.webkit.org/attachment.cgi?id=270724&action=review > Source/JavaScriptCore/runtime/JSObject.cpp:597 > - // this case if we ever cared. > - enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, ensureArrayStorageSlow(vm)); > + // this case if we ever cared. Note that ensureArrayStorage() can return null if the object > + // doesn't support traditional indexed properties. At the time of writing, this just affects > + // typed arrays. > + if (ArrayStorage* storage = ensureArrayStorageSlow(vm)) > + enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, storage); JSObject::enterDictionaryIndexingMode() seems to be called from JSArray::setLengthWritable() and JSObject::preventExtensions() with the assumption that it will succeed in entering indexing mode. Can you please explain why it is ok to simply do nothing is we fail to ensureArrayStorageSlow()? > Source/JavaScriptCore/runtime/JSObject.cpp:2548 > - > - return Butterfly::createOrGrowPropertyStorage(m_butterfly.get(this), vm, this, structure(vm), oldSize, newSize); > + > + Butterfly* result = Butterfly::createOrGrowPropertyStorage(m_butterfly.get(this), vm, this, structure(vm), oldSize, newSize); > + > + return result; I think this is not needed. Please revert. 1162427 3 fpizlo 2016-02-05 10:34:14 -0800 (In reply to comment #2) > Comment on attachment 270724 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=270724&action=review > > > Source/JavaScriptCore/runtime/JSObject.cpp:597 > > - // this case if we ever cared. > > - enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, ensureArrayStorageSlow(vm)); > > + // this case if we ever cared. Note that ensureArrayStorage() can return null if the object > > + // doesn't support traditional indexed properties. At the time of writing, this just affects > > + // typed arrays. > > + if (ArrayStorage* storage = ensureArrayStorageSlow(vm)) > > + enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, storage); > > JSObject::enterDictionaryIndexingMode() seems to be called from > JSArray::setLengthWritable() and JSObject::preventExtensions() with the > assumption that it will succeed in entering indexing mode. Can you please > explain why it is ok to simply do nothing is we fail to > ensureArrayStorageSlow()? JSArray will always return non-null from ensureArrayStorageSlow(), since a JSArray is not a typed array. > > > Source/JavaScriptCore/runtime/JSObject.cpp:2548 > > - > > - return Butterfly::createOrGrowPropertyStorage(m_butterfly.get(this), vm, this, structure(vm), oldSize, newSize); > > + > > + Butterfly* result = Butterfly::createOrGrowPropertyStorage(m_butterfly.get(this), vm, this, structure(vm), oldSize, newSize); > > + > > + return result; > > I think this is not needed. Please revert. Sure. 1162432 4 fpizlo 2016-02-05 10:36:56 -0800 (In reply to comment #3) > (In reply to comment #2) > > Comment on attachment 270724 [details] > > the patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=270724&action=review > > > > > Source/JavaScriptCore/runtime/JSObject.cpp:597 > > > - // this case if we ever cared. > > > - enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, ensureArrayStorageSlow(vm)); > > > + // this case if we ever cared. Note that ensureArrayStorage() can return null if the object > > > + // doesn't support traditional indexed properties. At the time of writing, this just affects > > > + // typed arrays. > > > + if (ArrayStorage* storage = ensureArrayStorageSlow(vm)) > > > + enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, storage); > > > > JSObject::enterDictionaryIndexingMode() seems to be called from > > JSArray::setLengthWritable() and JSObject::preventExtensions() with the > > assumption that it will succeed in entering indexing mode. Can you please > > explain why it is ok to simply do nothing is we fail to > > ensureArrayStorageSlow()? > > JSArray will always return non-null from ensureArrayStorageSlow(), since a > JSArray is not a typed array. And typed arrays are unaffected by things like preventExtensions(). Broadly, there's no effect on typed arrays from doing enterDictionaryIndexingMode() since typed arrays override normal JS indexing behavior already and so we just need to make sure that the usual JSObject indexing stuff doesn't do anything. In trunk, JSObject indexing stuff sometimes corrupts the typed array's state, and this patch fixes that. 1162435 5 270724 mark.lam 2016-02-05 10:40:08 -0800 Comment on attachment 270724 the patch View in context: https://bugs.webkit.org/attachment.cgi?id=270724&action=review r=me >>>> Source/JavaScriptCore/runtime/JSObject.cpp:597 >>>> + enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, storage); >>> >>> JSObject::enterDictionaryIndexingMode() seems to be called from JSArray::setLengthWritable() and JSObject::preventExtensions() with the assumption that it will succeed in entering indexing mode. Can you please explain why it is ok to simply do nothing is we fail to ensureArrayStorageSlow()? >> >> JSArray will always return non-null from ensureArrayStorageSlow(), since a JSArray is not a typed array. > > And typed arrays are unaffected by things like preventExtensions(). Broadly, there's no effect on typed arrays from doing enterDictionaryIndexingMode() since typed arrays override normal JS indexing behavior already and so we just need to make sure that the usual JSObject indexing stuff doesn't do anything. > > In trunk, JSObject indexing stuff sometimes corrupts the typed array's state, and this patch fixes that. Sounds good. I feel like we should have an else case here for when !storage, and ASSERT that the self object is a TypedArray in that case. 1162442 6 fpizlo 2016-02-05 11:20:30 -0800 (In reply to comment #5) > Comment on attachment 270724 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=270724&action=review > > r=me > > >>>> Source/JavaScriptCore/runtime/JSObject.cpp:597 > >>>> + enterDictionaryIndexingModeWhenArrayStorageAlreadyExists(vm, storage); > >>> > >>> JSObject::enterDictionaryIndexingMode() seems to be called from JSArray::setLengthWritable() and JSObject::preventExtensions() with the assumption that it will succeed in entering indexing mode. Can you please explain why it is ok to simply do nothing is we fail to ensureArrayStorageSlow()? > >> > >> JSArray will always return non-null from ensureArrayStorageSlow(), since a JSArray is not a typed array. > > > > And typed arrays are unaffected by things like preventExtensions(). Broadly, there's no effect on typed arrays from doing enterDictionaryIndexingMode() since typed arrays override normal JS indexing behavior already and so we just need to make sure that the usual JSObject indexing stuff doesn't do anything. > > > > In trunk, JSObject indexing stuff sometimes corrupts the typed array's state, and this patch fixes that. > > Sounds good. I feel like we should have an else case here for when > !storage, and ASSERT that the self object is a TypedArray in that case. If anything the assert would say something about hijacksIndexingHeader(). I created that method to make it easier to add other typed-array-like objects in the future. 1162449 7 fpizlo 2016-02-05 11:52:45 -0800 Landed in http://trac.webkit.org/changeset/196179 1210676 8 mark.lam 2016-07-13 14:07:52 -0700 *** Bug 153487 has been marked as a duplicate of this bug. *** 270724 2016-02-04 21:02:09 -0800 2016-02-05 10:40:08 -0800 the patch blah.patch text/plain 11197 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTk2MTY0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDMzIEBA CisyMDE2LTAyLTA0ICBGaWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CisKKyAgICAgICAg QXJyYXlpZnkgZm9yIGEgdHlwZWQgYXJyYXkgc2hvdWxkbid0IGNyZWF0ZSBhIG1vbnN0ZXIKKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE1MzkwOAorICAg ICAgICByZGFyOi8vcHJvYmxlbS8yNDI5MDYzOQorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIFByZXZpb3VzbHkgaWYgeW91IGNvbnZpbmNlZCB0aGUgREZH IHRvIGVtaXQgYW4gQXJyYXlpZnkgdG8gQXJyYXlTdG9yYWdlIGFuZCB0aGVuIGdhdmUgaXQgYQor ICAgICAgICB0eXBlZCBhcnJheSwgeW91J2QgY29ycnVwdCB0aGUgb2JqZWN0LgorCisgICAgICAg ICogcnVudGltZS9KU0FycmF5QnVmZmVyVmlldy5jcHA6CisgICAgICAgIChXVEY6OnByaW50SW50 ZXJuYWwpOgorICAgICAgICAqIHJ1bnRpbWUvSlNBcnJheUJ1ZmZlclZpZXcuaDoKKyAgICAgICAg KiBydW50aW1lL0pTR2VuZXJpY1R5cGVkQXJyYXlWaWV3SW5saW5lcy5oOgorICAgICAgICAoSlND OjpKU0dlbmVyaWNUeXBlZEFycmF5VmlldzxBZGFwdG9yPjo6dmlzaXRDaGlsZHJlbik6CisgICAg ICAgIChKU0M6OkpTR2VuZXJpY1R5cGVkQXJyYXlWaWV3PEFkYXB0b3I+OjpzbG93RG93bkFuZFdh c3RlTWVtb3J5KToKKyAgICAgICAgKiBydW50aW1lL0pTT2JqZWN0LmNwcDoKKyAgICAgICAgKEpT Qzo6SlNPYmplY3Q6OmNvcHlCdXR0ZXJmbHkpOgorICAgICAgICAoSlNDOjpKU09iamVjdDo6ZW50 ZXJEaWN0aW9uYXJ5SW5kZXhpbmdNb2RlKToKKyAgICAgICAgKEpTQzo6SlNPYmplY3Q6OmVuc3Vy ZUludDMyU2xvdyk6CisgICAgICAgIChKU0M6OkpTT2JqZWN0OjplbnN1cmVEb3VibGVTbG93KToK KyAgICAgICAgKEpTQzo6SlNPYmplY3Q6OmVuc3VyZUNvbnRpZ3VvdXNTbG93KToKKyAgICAgICAg KEpTQzo6SlNPYmplY3Q6OmVuc3VyZUFycmF5U3RvcmFnZVNsb3cpOgorICAgICAgICAoSlNDOjpK U09iamVjdDo6Z3Jvd091dE9mTGluZVN0b3JhZ2UpOgorICAgICAgICAoSlNDOjpnZXRCb3VuZFNs b3RCYXNlRnVuY3Rpb25Gb3JHZXR0ZXJTZXR0ZXIpOgorICAgICAgICAqIHJ1bnRpbWUvU3RydWN0 dXJlLmg6CisgICAgICAgICogdGVzdHMvc3RyZXNzL2FycmF5aWZ5LWFycmF5LXN0b3JhZ2UtdHlw ZWQtYXJyYXkuanM6IEFkZGVkLiBUaGlzIHRlc3QgZmFpbGVkLgorICAgICAgICAqIHRlc3RzL3N0 cmVzcy9hcnJheWlmeS1pbnQzMi10eXBlZC1hcnJheS5qczogQWRkZWQuIFRoaXMgdGVzdCBjYXNl IGFscmVhZHkgaGFkIG90aGVyIHByb3RlY3Rpb25zLCBidXQgd2UgYmVlZmVkIHRoZW0gdXAuCisK IDIwMTYtMDItMDQgIEtlaXRoIE1pbGxlciAgPGtlaXRoX21pbGxlckBhcHBsZS5jb20+CiAKICAg ICAgICAgQXJyYXlQcm90b3R5cGUgc2hvdWxkIGhhdmUgYSBkZXN0cm95IGZ1bmN0aW9uCkluZGV4 OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0FycmF5QnVmZmVyVmlldy5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSlNBcnJheUJ1ZmZlclZp ZXcuY3BwCShyZXZpc2lvbiAxOTYxNDEpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGlt ZS9KU0FycmF5QnVmZmVyVmlldy5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTEsNSArMSw1IEBACiAv KgotICogQ29weXJpZ2h0IChDKSAyMDEzIEFwcGxlIEluYy4gQWxsIHJpZ2h0cyByZXNlcnZlZC4K KyAqIENvcHlyaWdodCAoQykgMjAxMywgMjAxNiBBcHBsZSBJbmMuIEFsbCByaWdodHMgcmVzZXJ2 ZWQuCiAgKgogICogUmVkaXN0cmlidXRpb24gYW5kIHVzZSBpbiBzb3VyY2UgYW5kIGJpbmFyeSBm b3Jtcywgd2l0aCBvciB3aXRob3V0CiAgKiBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJv dmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMKQEAgLTIwNywzICsyMDcsMjggQEAg dm9pZCBKU0FycmF5QnVmZmVyVmlldzo6ZmluYWxpemUoSlNDZWxsKgogCiB9IC8vIG5hbWVzcGFj ZSBKU0MKIAorbmFtZXNwYWNlIFdURiB7CisKK3VzaW5nIG5hbWVzcGFjZSBKU0M7CisKK3ZvaWQg cHJpbnRJbnRlcm5hbChQcmludFN0cmVhbSYgb3V0LCBUeXBlZEFycmF5TW9kZSBtb2RlKQorewor ICAgIHN3aXRjaCAobW9kZSkgeworICAgIGNhc2UgRmFzdFR5cGVkQXJyYXk6CisgICAgICAgIG91 dC5wcmludCgiRmFzdFR5cGVkQXJyYXkiKTsKKyAgICAgICAgcmV0dXJuOworICAgIGNhc2UgT3Zl cnNpemVUeXBlZEFycmF5OgorICAgICAgICBvdXQucHJpbnQoIk92ZXJzaXplVHlwZWRBcnJheSIp OworICAgICAgICByZXR1cm47CisgICAgY2FzZSBXYXN0ZWZ1bFR5cGVkQXJyYXk6CisgICAgICAg IG91dC5wcmludCgiV2FzdGVmdWxUeXBlZEFycmF5Iik7CisgICAgICAgIHJldHVybjsKKyAgICBj YXNlIERhdGFWaWV3TW9kZToKKyAgICAgICAgb3V0LnByaW50KCJEYXRhVmlld01vZGUiKTsKKyAg ICAgICAgcmV0dXJuOworICAgIH0KKyAgICBSRUxFQVNFX0FTU0VSVF9OT1RfUkVBQ0hFRCgpOwor fQorCit9IC8vIG5hbWVzcGFjZSBXVEYKKwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL3J1 bnRpbWUvSlNBcnJheUJ1ZmZlclZpZXcuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlw dENvcmUvcnVudGltZS9KU0FycmF5QnVmZmVyVmlldy5oCShyZXZpc2lvbiAxOTYxNDEpCisrKyBT b3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0FycmF5QnVmZmVyVmlldy5oCSh3b3JraW5n IGNvcHkpCkBAIC0xLDUgKzEsNSBAQAogLyoKLSAqIENvcHlyaWdodCAoQykgMjAxMyBBcHBsZSBJ bmMuIEFsbCByaWdodHMgcmVzZXJ2ZWQuCisgKiBDb3B5cmlnaHQgKEMpIDIwMTMsIDIwMTYgQXBw bGUgSW5jLiBBbGwgcmlnaHRzIHJlc2VydmVkLgogICoKICAqIFJlZGlzdHJpYnV0aW9uIGFuZCB1 c2UgaW4gc291cmNlIGFuZCBiaW5hcnkgZm9ybXMsIHdpdGggb3Igd2l0aG91dAogICogbW9kaWZp Y2F0aW9uLCBhcmUgcGVybWl0dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRp b25zCkBAIC0xOTMsNSArMTkzLDExIEBAIHByb3RlY3RlZDoKIAogfSAvLyBuYW1lc3BhY2UgSlND CiAKK25hbWVzcGFjZSBXVEYgeworCit2b2lkIHByaW50SW50ZXJuYWwoUHJpbnRTdHJlYW0mLCBK U0M6OlR5cGVkQXJyYXlNb2RlKTsKKworfSAvLyBuYW1lc3BhY2UgV1RGCisKICNlbmRpZiAvLyBK U0FycmF5QnVmZmVyVmlld19oCiAKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1l L0pTR2VuZXJpY1R5cGVkQXJyYXlWaWV3SW5saW5lcy5oCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTR2VuZXJpY1R5cGVkQXJyYXlWaWV3SW5saW5lcy5oCShy ZXZpc2lvbiAxOTYxNDEpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9KU0dlbmVy aWNUeXBlZEFycmF5Vmlld0lubGluZXMuaAkod29ya2luZyBjb3B5KQpAQCAtMSw1ICsxLDUgQEAK IC8qCi0gKiBDb3B5cmlnaHQgKEMpIDIwMTMgQXBwbGUgSW5jLiBBbGwgcmlnaHRzIHJlc2VydmVk LgorICogQ29weXJpZ2h0IChDKSAyMDEzLCAyMDE2IEFwcGxlIEluYy4gQWxsIHJpZ2h0cyByZXNl cnZlZC4KICAqCiAgKiBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQgYmluYXJ5 IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKICAqIG1vZGlmaWNhdGlvbiwgYXJlIHBlcm1pdHRlZCBw cm92aWRlZCB0aGF0IHRoZSBmb2xsb3dpbmcgY29uZGl0aW9ucwpAQCAtNDI0LDYgKzQyNCw3IEBA IHZvaWQgSlNHZW5lcmljVHlwZWRBcnJheVZpZXc8QWRhcHRvcj46OnYKICAgICB9CiAgICAgICAg IAogICAgIGNhc2UgV2FzdGVmdWxUeXBlZEFycmF5OgorICAgICAgICBSRUxFQVNFX0FTU0VSVCh0 aGlzT2JqZWN0LT5leGlzdGluZ0J1ZmZlckluQnV0dGVyZmx5KCkpOwogICAgICAgICBicmVhazsK ICAgICAgICAgCiAgICAgY2FzZSBEYXRhVmlld01vZGU6CkBAIC00ODQsNiArNDg1LDcgQEAgQXJy YXlCdWZmZXIqIEpTR2VuZXJpY1R5cGVkQXJyYXlWaWV3PEFkYQogICAgICAgICB0aGlzT2JqZWN0 LT5tX2J1dHRlcmZseS5zZXRXaXRob3V0QmFycmllcigKICAgICAgICAgICAgIGJpdHdpc2VfY2Fz dDxJbmRleGluZ0hlYWRlcio+KHRoaXNPYmplY3QtPnZlY3RvcigpKS0+YnV0dGVyZmx5KCkpOwog ICAgIH0gZWxzZSB7CisgICAgICAgIFJFTEVBU0VfQVNTRVJUKCF0aGlzT2JqZWN0LT5oYXNJbmRl eGluZ0hlYWRlcigpKTsKICAgICAgICAgVk0mIHZtID0gKmhlYXAtPnZtKCk7CiAgICAgICAgIHRo aXNPYmplY3QtPm1fYnV0dGVyZmx5LnNldCh2bSwgdGhpc09iamVjdCwgQnV0dGVyZmx5OjpjcmVh dGVPckdyb3dBcnJheVJpZ2h0KAogICAgICAgICAgICAgdGhpc09iamVjdC0+YnV0dGVyZmx5KCks IHZtLCB0aGlzT2JqZWN0LCB0aGlzT2JqZWN0LT5zdHJ1Y3R1cmUoKSwKSW5kZXg6IFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTT2JqZWN0LmNwcAo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvcnVudGltZS9KU09iamVjdC5jcHAJKHJldmlzaW9uIDE5NjE0MSkKKysr IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0pTT2JqZWN0LmNwcAkod29ya2luZyBjb3B5 KQpAQCAtMTA1LDcgKzEwNSw3IEBAIEFMV0FZU19JTkxJTkUgdm9pZCBKU09iamVjdDo6Y29weUJ1 dHRlcmYKICAgICBzaXplX3QgY2FwYWNpdHlJbkJ5dGVzID0gQnV0dGVyZmx5Ojp0b3RhbFNpemUo cHJlQ2FwYWNpdHksIHByb3BlcnR5Q2FwYWNpdHksIGhhc0luZGV4aW5nSGVhZGVyLCBpbmRleGlu Z1BheWxvYWRTaXplSW5CeXRlcyk7CiAgICAgaWYgKHZpc2l0b3IuY2hlY2tJZlNob3VsZENvcHko YnV0dGVyZmx5LT5iYXNlKHByZUNhcGFjaXR5LCBwcm9wZXJ0eUNhcGFjaXR5KSkpIHsKICAgICAg ICAgQnV0dGVyZmx5KiBuZXdCdXR0ZXJmbHkgPSBCdXR0ZXJmbHk6OmNyZWF0ZVVuaW5pdGlhbGl6 ZWREdXJpbmdDb2xsZWN0aW9uKHZpc2l0b3IsIHByZUNhcGFjaXR5LCBwcm9wZXJ0eUNhcGFjaXR5 LCBoYXNJbmRleGluZ0hlYWRlciwgaW5kZXhpbmdQYXlsb2FkU2l6ZUluQnl0ZXMpOwotICAgICAg ICAKKwogICAgICAgICAvLyBDb3B5IHRoZSBwcm9wZXJ0aWVzLgogICAgICAgICBQcm9wZXJ0eVN0 b3JhZ2UgY3VycmVudFRhcmdldCA9IG5ld0J1dHRlcmZseS0+cHJvcGVydHlTdG9yYWdlKCk7CiAg ICAgICAgIFByb3BlcnR5U3RvcmFnZSBjdXJyZW50U291cmNlID0gYnV0dGVyZmx5LT5wcm9wZXJ0 eVN0b3JhZ2UoKTsKQEAgLTU5MCw4ICs1OTAsMTEgQEAgdm9pZCBKU09iamVjdDo6ZW50ZXJEaWN0 aW9uYXJ5SW5kZXhpbmdNbwogICAgIGNhc2UgQUxMX0RPVUJMRV9JTkRFWElOR19UWVBFUzoKICAg ICBjYXNlIEFMTF9DT05USUdVT1VTX0lOREVYSU5HX1RZUEVTOgogICAgICAgICAvLyBOT1RFOiB0 aGlzIGlzIGhvcnJpYmx5IGluZWZmaWNpZW50LCBhcyBpdCB3aWxsIHBlcmZvcm0gdHdvIGNvbnZl cnNpb25zLiBXZSBjb3VsZCBvcHRpbWl6ZQotICAgICAgICAvLyB0aGlzIGNhc2UgaWYgd2UgZXZl ciBjYXJlZC4KLSAgICAgICAgZW50ZXJEaWN0aW9uYXJ5SW5kZXhpbmdNb2RlV2hlbkFycmF5U3Rv cmFnZUFscmVhZHlFeGlzdHModm0sIGVuc3VyZUFycmF5U3RvcmFnZVNsb3codm0pKTsKKyAgICAg ICAgLy8gdGhpcyBjYXNlIGlmIHdlIGV2ZXIgY2FyZWQuIE5vdGUgdGhhdCBlbnN1cmVBcnJheVN0 b3JhZ2UoKSBjYW4gcmV0dXJuIG51bGwgaWYgdGhlIG9iamVjdAorICAgICAgICAvLyBkb2Vzbid0 IHN1cHBvcnQgdHJhZGl0aW9uYWwgaW5kZXhlZCBwcm9wZXJ0aWVzLiBBdCB0aGUgdGltZSBvZiB3 cml0aW5nLCB0aGlzIGp1c3QgYWZmZWN0cworICAgICAgICAvLyB0eXBlZCBhcnJheXMuCisgICAg ICAgIGlmIChBcnJheVN0b3JhZ2UqIHN0b3JhZ2UgPSBlbnN1cmVBcnJheVN0b3JhZ2VTbG93KHZt KSkKKyAgICAgICAgICAgIGVudGVyRGljdGlvbmFyeUluZGV4aW5nTW9kZVdoZW5BcnJheVN0b3Jh Z2VBbHJlYWR5RXhpc3RzKHZtLCBzdG9yYWdlKTsKICAgICAgICAgYnJlYWs7CiAgICAgY2FzZSBB TExfQVJSQVlfU1RPUkFHRV9JTkRFWElOR19UWVBFUzoKICAgICAgICAgZW50ZXJEaWN0aW9uYXJ5 SW5kZXhpbmdNb2RlV2hlbkFycmF5U3RvcmFnZUFscmVhZHlFeGlzdHModm0sIG1fYnV0dGVyZmx5 LmdldCh0aGlzKS0+YXJyYXlTdG9yYWdlKCkpOwpAQCAtOTY4LDYgKzk3MSw5IEBAIENvbnRpZ3Vv dXNKU1ZhbHVlcyBKU09iamVjdDo6ZW5zdXJlSW50MzIKIHsKICAgICBBU1NFUlQoaW5oZXJpdHMo aW5mbygpKSk7CiAgICAgCisgICAgaWYgKHN0cnVjdHVyZSh2bSktPmhpamFja3NJbmRleGluZ0hl YWRlcigpKQorICAgICAgICByZXR1cm4gQ29udGlndW91c0pTVmFsdWVzKCk7CisgICAgCiAgICAg c3dpdGNoIChpbmRleGluZ1R5cGUoKSkgewogICAgIGNhc2UgQUxMX0JMQU5LX0lOREVYSU5HX1RZ UEVTOgogICAgICAgICBpZiAoVU5MSUtFTFkoaW5kZXhpbmdTaG91bGRCZVNwYXJzZSgpIHx8IHN0 cnVjdHVyZSh2bSktPm5lZWRzU2xvd1B1dEluZGV4aW5nKCkpKQpAQCAtOTkyLDYgKzk5OCw5IEBA IENvbnRpZ3VvdXNEb3VibGVzIEpTT2JqZWN0OjplbnN1cmVEb3VibGUKIHsKICAgICBBU1NFUlQo aW5oZXJpdHMoaW5mbygpKSk7CiAgICAgCisgICAgaWYgKHN0cnVjdHVyZSh2bSktPmhpamFja3NJ bmRleGluZ0hlYWRlcigpKQorICAgICAgICByZXR1cm4gQ29udGlndW91c0RvdWJsZXMoKTsKKyAg ICAKICAgICBzd2l0Y2ggKGluZGV4aW5nVHlwZSgpKSB7CiAgICAgY2FzZSBBTExfQkxBTktfSU5E RVhJTkdfVFlQRVM6CiAgICAgICAgIGlmIChVTkxJS0VMWShpbmRleGluZ1Nob3VsZEJlU3BhcnNl KCkgfHwgc3RydWN0dXJlKHZtKS0+bmVlZHNTbG93UHV0SW5kZXhpbmcoKSkpCkBAIC0xMDE4LDYg KzEwMjcsOSBAQCBDb250aWd1b3VzSlNWYWx1ZXMgSlNPYmplY3Q6OmVuc3VyZUNvbnRpCiB7CiAg ICAgQVNTRVJUKGluaGVyaXRzKGluZm8oKSkpOwogICAgIAorICAgIGlmIChzdHJ1Y3R1cmUodm0p LT5oaWphY2tzSW5kZXhpbmdIZWFkZXIoKSkKKyAgICAgICAgcmV0dXJuIENvbnRpZ3VvdXNKU1Zh bHVlcygpOworICAgIAogICAgIHN3aXRjaCAoaW5kZXhpbmdUeXBlKCkpIHsKICAgICBjYXNlIEFM TF9CTEFOS19JTkRFWElOR19UWVBFUzoKICAgICAgICAgaWYgKFVOTElLRUxZKGluZGV4aW5nU2hv dWxkQmVTcGFyc2UoKSB8fCBzdHJ1Y3R1cmUodm0pLT5uZWVkc1Nsb3dQdXRJbmRleGluZygpKSkK QEAgLTEwNDUsNiArMTA1Nyw5IEBAIENvbnRpZ3VvdXNKU1ZhbHVlcyBKU09iamVjdDo6ZW5zdXJl Q29udGkKIEFycmF5U3RvcmFnZSogSlNPYmplY3Q6OmVuc3VyZUFycmF5U3RvcmFnZVNsb3coVk0m IHZtKQogewogICAgIEFTU0VSVChpbmhlcml0cyhpbmZvKCkpKTsKKworICAgIGlmIChzdHJ1Y3R1 cmUodm0pLT5oaWphY2tzSW5kZXhpbmdIZWFkZXIoKSkKKyAgICAgICAgcmV0dXJuIG51bGxwdHI7 CiAgICAgCiAgICAgc3dpdGNoIChpbmRleGluZ1R5cGUoKSkgewogICAgIGNhc2UgQUxMX0JMQU5L X0lOREVYSU5HX1RZUEVTOgpAQCAtMjUyNyw4ICsyNTQyLDEwIEBAIEJ1dHRlcmZseSogSlNPYmpl Y3Q6Omdyb3dPdXRPZkxpbmVTdG9yYWcKIAogICAgIC8vIEl0J3MgaW1wb3J0YW50IHRoYXQgdGhp cyBmdW5jdGlvbiBub3QgcmVseSBvbiBzdHJ1Y3R1cmUoKSwgZm9yIHRoZSBwcm9wZXJ0eQogICAg IC8vIGNhcGFjaXR5LCBzaW5jZSB3ZSBtaWdodCBoYXZlIGFscmVhZHkgbXV0YXRlZCB0aGUgc3Ry dWN0dXJlIGluLXBsYWNlLgotICAgIAotICAgIHJldHVybiBCdXR0ZXJmbHk6OmNyZWF0ZU9yR3Jv d1Byb3BlcnR5U3RvcmFnZShtX2J1dHRlcmZseS5nZXQodGhpcyksIHZtLCB0aGlzLCBzdHJ1Y3R1 cmUodm0pLCBvbGRTaXplLCBuZXdTaXplKTsKKworICAgIEJ1dHRlcmZseSogcmVzdWx0ID0gQnV0 dGVyZmx5OjpjcmVhdGVPckdyb3dQcm9wZXJ0eVN0b3JhZ2UobV9idXR0ZXJmbHkuZ2V0KHRoaXMp LCB2bSwgdGhpcywgc3RydWN0dXJlKHZtKSwgb2xkU2l6ZSwgbmV3U2l6ZSk7CisKKyAgICByZXR1 cm4gcmVzdWx0OwogfQogCiBzdGF0aWMgSlNCb3VuZFNsb3RCYXNlRnVuY3Rpb24qIGdldEJvdW5k U2xvdEJhc2VGdW5jdGlvbkZvckdldHRlclNldHRlcihFeGVjU3RhdGUqIGV4ZWMsIFByb3BlcnR5 TmFtZSBwcm9wZXJ0eU5hbWUsIEpTQzo6UHJvcGVydHlTbG90JiBzbG90LCBDdXN0b21HZXR0ZXJT ZXR0ZXIqIGdldHRlclNldHRlciwgSlNCb3VuZFNsb3RCYXNlRnVuY3Rpb246OlR5cGUgdHlwZSkK SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1N0cnVjdHVyZS5oCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1N0cnVjdHVyZS5oCShyZXZpc2lv biAxOTYxNDEpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9TdHJ1Y3R1cmUuaAko d29ya2luZyBjb3B5KQpAQCAtMzIwLDExICszMjAsMTYgQEAgcHVibGljOgogICAgICAgICAgICAg JiYgb2Zmc2V0IDw9IG1fb2Zmc2V0CiAgICAgICAgICAgICAmJiAob2Zmc2V0IDwgbV9pbmxpbmVD YXBhY2l0eSB8fCBvZmZzZXQgPj0gZmlyc3RPdXRPZkxpbmVPZmZzZXQpOwogICAgIH0KKworICAg IGJvb2wgaGlqYWNrc0luZGV4aW5nSGVhZGVyKCkgY29uc3QKKyAgICB7CisgICAgICAgIHJldHVy biBpc1R5cGVkVmlldyhtX2NsYXNzSW5mby0+dHlwZWRBcnJheVN0b3JhZ2VUeXBlKTsKKyAgICB9 CiAgICAgCiAgICAgYm9vbCBjb3VsZEhhdmVJbmRleGluZ0hlYWRlcigpIGNvbnN0CiAgICAgewog ICAgICAgICByZXR1cm4gaGFzSW5kZXhlZFByb3BlcnRpZXMoaW5kZXhpbmdUeXBlKCkpCi0gICAg ICAgICAgICB8fCBpc1R5cGVkVmlldyhtX2NsYXNzSW5mby0+dHlwZWRBcnJheVN0b3JhZ2VUeXBl KTsKKyAgICAgICAgICAgIHx8IGhpamFja3NJbmRleGluZ0hlYWRlcigpOwogICAgIH0KICAgICAK ICAgICBib29sIGhhc0luZGV4aW5nSGVhZGVyKGNvbnN0IEpTQ2VsbCopIGNvbnN0OwpJbmRleDog U291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RzL3N0cmVzcy9hcnJheWlmeS1hcnJheS1zdG9yYWdl LXR5cGVkLWFycmF5LmpzCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0 cy9zdHJlc3MvYXJyYXlpZnktYXJyYXktc3RvcmFnZS10eXBlZC1hcnJheS5qcwkocmV2aXNpb24g MCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy9zdHJlc3MvYXJyYXlpZnktYXJyYXkt c3RvcmFnZS10eXBlZC1hcnJheS5qcwkod29ya2luZyBjb3B5KQpAQCAtMCwwICsxLDM2IEBACitm dW5jdGlvbiBtYWtlMSgpIHsKKyAgICB2YXIgYSA9IFtdOworICAgIGEuX19kZWZpbmVHZXR0ZXJf Xyg0MiwgZnVuY3Rpb24oKSB7IHJldHVybiA0MjsgfSk7CisgICAgcmV0dXJuIGE7Cit9CisKK25v SW5saW5lKG1ha2UxKTsKKworZnVuY3Rpb24gbWFrZTIoKSB7CisgICAgcmV0dXJuIFs0Ml07Cit9 CisKK25vSW5saW5lKG1ha2UyKTsKKworZm9yICh2YXIgaSA9IDA7IGkgPCAxMDAwMDsgKytpKSB7 CisgICAgbWFrZTEoKTsKKyAgICBtYWtlMigpOworfQorCitmdW5jdGlvbiBmb28obykgeworICAg IG9bMF0gPSAwOworfQorCitub0lubGluZShmb28pOworCitmb3IgKHZhciBpID0gMDsgaSA8IDEw MDAwOyArK2kpIHsKKyAgICBmb28obWFrZTEoKSk7CisgICAgZm9vKG1ha2UyKCkpOworfQorCit2 YXIgbyA9IG5ldyBJbnQ4QXJyYXkoMTAwKTsKK3ZhciBiID0gby5idWZmZXI7Citmb28obyk7Citp ZiAoby5idWZmZXIgIT0gYikKKyAgICB0aHJvdyAiRXJyb3I6IGJ1ZmZlciBjaGFuZ2VkLiI7CisK SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy9zdHJlc3MvYXJyYXlpZnktaW50MzIt dHlwZWQtYXJyYXkuanMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3Rz L3N0cmVzcy9hcnJheWlmeS1pbnQzMi10eXBlZC1hcnJheS5qcwkocmV2aXNpb24gMCkKKysrIFNv dXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy9zdHJlc3MvYXJyYXlpZnktaW50MzItdHlwZWQtYXJy YXkuanMJKHdvcmtpbmcgY29weSkKQEAgLTAsMCArMSwzNCBAQAorZnVuY3Rpb24gbWFrZTEoKSB7 CisgICAgcmV0dXJuIFtdOworfQorCitub0lubGluZShtYWtlMSk7CisKK2Z1bmN0aW9uIG1ha2Uy KCkgeworICAgIHJldHVybiBbNDJdOworfQorCitub0lubGluZShtYWtlMik7CisKK2ZvciAodmFy IGkgPSAwOyBpIDwgMTAwMDA7ICsraSkgeworICAgIG1ha2UxKCk7CisgICAgbWFrZTIoKTsKK30K KworZnVuY3Rpb24gZm9vKG8pIHsKKyAgICBvWzBdID0gMDsKK30KKworbm9JbmxpbmUoZm9vKTsK KworZm9yICh2YXIgaSA9IDA7IGkgPCAxMDAwMDsgKytpKSB7CisgICAgZm9vKG1ha2UxKCkpOwor ICAgIGZvbyhtYWtlMigpKTsKK30KKwordmFyIG8gPSBuZXcgSW50OEFycmF5KDEwMCk7Cit2YXIg YiA9IG8uYnVmZmVyOworZm9vKG8pOworaWYgKG8uYnVmZmVyICE9IGIpCisgICAgdGhyb3cgIkVy cm9yOiBidWZmZXIgY2hhbmdlZC4iOworCg==