160470 CVE-2016-4768 2016-08-02 15:13:35 -0700 ZDI-CAN-3852: Apple Safari HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability 2017-10-11 10:30:03 -0700 1 1 1 Unclassified WebKit Media WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ddkilzer eric.carlson bfulgham darin eric.carlson jonlee webkit-bug-importer oldest_to_newest 1216628 0 ddkilzer 2016-08-02 15:13:35 -0700 ZDI-CAN-3852: Apple Safari HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability 1216629 1 ddkilzer 2016-08-02 15:13:44 -0700 <rdar://problem/27313234> 1216647 2 285151 eric.carlson 2016-08-02 15:44:38 -0700 Created attachment 285151 Proposed patch. 1216651 3 285151 ddkilzer 2016-08-02 15:51:19 -0700 Comment on attachment 285151 Proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=285151&action=review r=me > Source/WebCore/html/track/AudioTrack.cpp:170 > + ASSERT(element()); Did you mean to do this instead? Maybe it doesn't matter. ASSERT(mediaElement()); > LayoutTests/ChangeLog:4 > + Need a short description (OOPS!). > + Need the bug URL (OOPS!). Oops! Copy and paste title and URL from Source/WebCore/ChangeLog. 1216655 4 285151 eric.carlson 2016-08-02 15:57:37 -0700 Comment on attachment 285151 Proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=285151&action=review >> Source/WebCore/html/track/AudioTrack.cpp:170 >> + ASSERT(element()); > > Did you mean to do this instead? Maybe it doesn't matter. > > ASSERT(mediaElement()); They are functionally equivalent, but your suggestion is semantically correct. Fixed. >> LayoutTests/ChangeLog:4 >> + Need the bug URL (OOPS!). > > Oops! Copy and paste title and URL from Source/WebCore/ChangeLog. OOPS! Fixed. 1216658 5 eric.carlson 2016-08-02 16:05:35 -0700 Committed r204050: https://trac.webkit.org/r204050 1216750 6 darin 2016-08-02 19:32:07 -0700 There is a mistake in this patch. The call to clearElement in TrackListBase::~TrackListBase will not call TextTrackList::clearElement, because as part of the destruction process we have already turned the TextTrackList into a TrackListBase. 1216751 7 285151 darin 2016-08-02 19:34:34 -0700 Comment on attachment 285151 Proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=285151&action=review > Source/WebCore/html/track/AudioTrack.cpp:172 > + if (mediaElement()) > + mediaElement()->removeAudioTrack(*this); I do not understand why we are adding this null check as part of this patch. I don’t see the relevance. If the media element can be null, then the assertion is incorrect. If it can’t, then it seems peculiar to add the code as part of this security fix that we would like to keep as simple and minimal as possible. > Source/WebCore/html/track/TrackListBase.cpp:49 > + clearElement(); This will not call TextTrackList::clearElement. We will have to do something in ~TextTrackList if we want to be sure that code runs when destroying the text track list because by the time this destructor is called, the virtual table will be the one from TrackListBase. 1216920 8 285151 eric.carlson 2016-08-03 08:09:11 -0700 Comment on attachment 285151 Proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=285151&action=review >> Source/WebCore/html/track/AudioTrack.cpp:172 >> + mediaElement()->removeAudioTrack(*this); > > I do not understand why we are adding this null check as part of this patch. I don’t see the relevance. > > If the media element can be null, then the assertion is incorrect. If it can’t, then it seems peculiar to add the code as part of this security fix that we would like to keep as simple and minimal as possible. Agreed, it isn't necessary. >> Source/WebCore/html/track/TrackListBase.cpp:49 >> + clearElement(); > > This will not call TextTrackList::clearElement. We will have to do something in ~TextTrackList if we want to be sure that code runs when destroying the text track list because by the time this destructor is called, the virtual table will be the one from TrackListBase. Fixed. 1216921 9 285231 eric.carlson 2016-08-03 08:09:25 -0700 Created attachment 285231 Updated Patch. Add 1217019 10 285231 bfulgham 2016-08-03 11:11:03 -0700 Comment on attachment 285231 Updated Patch. Looks good! r=me. 1217026 11 eric.carlson 2016-08-03 11:19:42 -0700 Committed r204089: https://trac.webkit.org/r204089 285151 2016-08-02 15:44:38 -0700 2016-08-02 15:51:19 -0700 Proposed patch. track_list_crash_patch_3.txt text/plain 8281 eric.carlson SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIwNDA0NSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI3IEBACisyMDE2LTA4LTAyICBFcmljIENh cmxzb24gIDxlcmljLmNhcmxzb25AYXBwbGUuY29tPgorCisgICAgICAgIENsZWFudXAgSFRNTE1l ZGlhRWxlbWVudCB0cmFjayBsaXN0cy4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTE2MDQ3MAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09Q UyEpLgorCisgICAgICAgIFRlc3Q6IG1lZGlhL3JhbmdlLWV4dHJhY3QtY29udGVudHMtY3Jhc2gu aHRtbAorCisgICAgICAgICogaHRtbC9IVE1MTWVkaWFFbGVtZW50LmNwcDoKKyAgICAgICAgKFdl YkNvcmU6OkhUTUxNZWRpYUVsZW1lbnQ6On5IVE1MTWVkaWFFbGVtZW50KTogCisKKyAgICAgICAg KiBodG1sL3RyYWNrL0F1ZGlvVHJhY2suY3BwOgorICAgICAgICAoV2ViQ29yZTo6QXVkaW9UcmFj azo6d2lsbFJlbW92ZSk6IEFTU0VSVCBpZiBtZWRpYSBlbGVtZW50IGlzIE5VTEwuCisKKyAgICAg ICAgKiBodG1sL3RyYWNrL1RleHRUcmFja0xpc3QuY3BwOgorICAgICAgICAoVGV4dFRyYWNrTGlz dDo6Y2xlYXJFbGVtZW50KTogQ2xlYXIgdHJhY2sgbWVkaWEgZWxlbWVudCBwb2ludGVycyBhbmQg Y2xpZW50LgorICAgICAgICAqIGh0bWwvdHJhY2svVGV4dFRyYWNrTGlzdC5oOgorCisgICAgICAg ICogaHRtbC90cmFjay9UcmFja0xpc3RCYXNlLmNwcDoKKyAgICAgICAgKFRyYWNrTGlzdEJhc2U6 On5UcmFja0xpc3RCYXNlKTogQ2FsbCBjbGVhckVsZW1lbnQuCisgICAgICAgIChUcmFja0xpc3RC YXNlOjpjbGVhckVsZW1lbnQpOiBDbGVhciB0cmFjayBtZWRpYSBlbGVtZW50IHBvaW50ZXJzIGFu ZCBjbGllbnQuCisgICAgICAgICogaHRtbC90cmFjay9UcmFja0xpc3RCYXNlLmg6CisKIDIwMTYt MDgtMDIgIENocmlzIER1bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KIAogICAgICAgICBOYW1lZCAv IEluZGV4ZWQgcHJvcGVydGllcyBzaG91bGQgYmUgY29uZmlndXJhYmxlCkluZGV4OiBTb3VyY2Uv V2ViQ29yZS9odG1sL0hUTUxNZWRpYUVsZW1lbnQuY3BwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9X ZWJDb3JlL2h0bWwvSFRNTE1lZGlhRWxlbWVudC5jcHAJKHJldmlzaW9uIDIwNDAyNCkKKysrIFNv dXJjZS9XZWJDb3JlL2h0bWwvSFRNTE1lZGlhRWxlbWVudC5jcHAJKHdvcmtpbmcgY29weSkKQEAg LTUwOSwyMiArNTA5LDEyIEBAIEhUTUxNZWRpYUVsZW1lbnQ6On5IVE1MTWVkaWFFbGVtZW50KCkK ICAgICB1bnJlZ2lzdGVyV2l0aERvY3VtZW50KGRvY3VtZW50KCkpOwogCiAjaWYgRU5BQkxFKFZJ REVPX1RSQUNLKQotICAgIGlmIChtX2F1ZGlvVHJhY2tzKSB7CisgICAgaWYgKG1fYXVkaW9UcmFj a3MpCiAgICAgICAgIG1fYXVkaW9UcmFja3MtPmNsZWFyRWxlbWVudCgpOwotICAgICAgICBmb3Ig KHVuc2lnbmVkIGkgPSAwOyBpIDwgbV9hdWRpb1RyYWNrcy0+bGVuZ3RoKCk7ICsraSkKLSAgICAg ICAgICAgIG1fYXVkaW9UcmFja3MtPml0ZW0oaSktPmNsZWFyQ2xpZW50KCk7Ci0gICAgfQogICAg IGlmIChtX3RleHRUcmFja3MpCiAgICAgICAgIG1fdGV4dFRyYWNrcy0+Y2xlYXJFbGVtZW50KCk7 Ci0gICAgaWYgKG1fdGV4dFRyYWNrcykgewotICAgICAgICBmb3IgKHVuc2lnbmVkIGkgPSAwOyBp IDwgbV90ZXh0VHJhY2tzLT5sZW5ndGgoKTsgKytpKQotICAgICAgICAgICAgbV90ZXh0VHJhY2tz LT5pdGVtKGkpLT5jbGVhckNsaWVudCgpOwotICAgIH0KLSAgICBpZiAobV92aWRlb1RyYWNrcykg eworICAgIGlmIChtX3ZpZGVvVHJhY2tzKQogICAgICAgICBtX3ZpZGVvVHJhY2tzLT5jbGVhckVs ZW1lbnQoKTsKLSAgICAgICAgZm9yICh1bnNpZ25lZCBpID0gMDsgaSA8IG1fdmlkZW9UcmFja3Mt Pmxlbmd0aCgpOyArK2kpCi0gICAgICAgICAgICBtX3ZpZGVvVHJhY2tzLT5pdGVtKGkpLT5jbGVh ckNsaWVudCgpOwotICAgIH0KICNlbmRpZgogCiAjaWYgRU5BQkxFKFdJUkVMRVNTX1BMQVlCQUNL X1RBUkdFVCkKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2h0bWwvdHJhY2svQXVkaW9UcmFjay5jcHAK PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvaHRtbC90cmFjay9BdWRpb1RyYWNrLmNwcAko cmV2aXNpb24gMjA0MDI0KQorKysgU291cmNlL1dlYkNvcmUvaHRtbC90cmFjay9BdWRpb1RyYWNr LmNwcAkod29ya2luZyBjb3B5KQpAQCAtMTY3LDcgKzE2Nyw5IEBAIHZvaWQgQXVkaW9UcmFjazo6 bGFuZ3VhZ2VDaGFuZ2VkKFRyYWNrUHIKIHZvaWQgQXVkaW9UcmFjazo6d2lsbFJlbW92ZShUcmFj a1ByaXZhdGVCYXNlKiB0cmFja1ByaXZhdGUpCiB7CiAgICAgQVNTRVJUX1VOVVNFRCh0cmFja1By aXZhdGUsIHRyYWNrUHJpdmF0ZSA9PSBtX3ByaXZhdGUpOwotICAgIG1lZGlhRWxlbWVudCgpLT5y ZW1vdmVBdWRpb1RyYWNrKCp0aGlzKTsKKyAgICBBU1NFUlQoZWxlbWVudCgpKTsKKyAgICBpZiAo bWVkaWFFbGVtZW50KCkpCisgICAgICAgIG1lZGlhRWxlbWVudCgpLT5yZW1vdmVBdWRpb1RyYWNr KCp0aGlzKTsKIH0KIAogdm9pZCBBdWRpb1RyYWNrOjp1cGRhdGVLaW5kRnJvbVByaXZhdGUoKQpJ bmRleDogU291cmNlL1dlYkNvcmUvaHRtbC90cmFjay9UZXh0VHJhY2tMaXN0LmNwcAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9odG1sL3RyYWNrL1RleHRUcmFja0xpc3QuY3BwCShyZXZp c2lvbiAyMDQwMjQpCisrKyBTb3VyY2UvV2ViQ29yZS9odG1sL3RyYWNrL1RleHRUcmFja0xpc3Qu Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC00Niw2ICs0NiwxOSBAQCBUZXh0VHJhY2tMaXN0Ojp+VGV4 dFRyYWNrTGlzdCgpCiB7CiB9CiAKK3ZvaWQgVGV4dFRyYWNrTGlzdDo6Y2xlYXJFbGVtZW50KCkK K3sKKyAgICBUcmFja0xpc3RCYXNlOjpjbGVhckVsZW1lbnQoKTsKKyAgICBmb3IgKGF1dG8mIHRy YWNrIDogbV9lbGVtZW50VHJhY2tzKSB7CisgICAgICAgIHRyYWNrLT5zZXRNZWRpYUVsZW1lbnQo bnVsbHB0cik7CisgICAgICAgIHRyYWNrLT5jbGVhckNsaWVudCgpOworICAgIH0KKyAgICBmb3Ig KGF1dG8mIHRyYWNrIDogbV9hZGRUcmFja1RyYWNrcykgeworICAgICAgICB0cmFjay0+c2V0TWVk aWFFbGVtZW50KG51bGxwdHIpOworICAgICAgICB0cmFjay0+Y2xlYXJDbGllbnQoKTsKKyAgICB9 Cit9CisKIHVuc2lnbmVkIFRleHRUcmFja0xpc3Q6Omxlbmd0aCgpIGNvbnN0CiB7CiAgICAgcmV0 dXJuIG1fYWRkVHJhY2tUcmFja3Muc2l6ZSgpICsgbV9lbGVtZW50VHJhY2tzLnNpemUoKSArIG1f aW5iYW5kVHJhY2tzLnNpemUoKTsKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2h0bWwvdHJhY2svVGV4 dFRyYWNrTGlzdC5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2h0bWwvdHJhY2svVGV4 dFRyYWNrTGlzdC5oCShyZXZpc2lvbiAyMDQwMjQpCisrKyBTb3VyY2UvV2ViQ29yZS9odG1sL3Ry YWNrL1RleHRUcmFja0xpc3QuaAkod29ya2luZyBjb3B5KQpAQCAtNDIsNiArNDIsOCBAQCBwdWJs aWM6CiAgICAgfQogICAgIHZpcnR1YWwgflRleHRUcmFja0xpc3QoKTsKIAorICAgIHZvaWQgY2xl YXJFbGVtZW50KCkgb3ZlcnJpZGU7CisKICAgICB1bnNpZ25lZCBsZW5ndGgoKSBjb25zdCBvdmVy cmlkZTsKICAgICBpbnQgZ2V0VHJhY2tJbmRleChUZXh0VHJhY2smKTsKICAgICBpbnQgZ2V0VHJh Y2tJbmRleFJlbGF0aXZlVG9SZW5kZXJlZFRyYWNrcyhUZXh0VHJhY2smKTsKSW5kZXg6IFNvdXJj ZS9XZWJDb3JlL2h0bWwvdHJhY2svVHJhY2tMaXN0QmFzZS5jcHAKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL1dlYkNvcmUvaHRtbC90cmFjay9UcmFja0xpc3RCYXNlLmNwcAkocmV2aXNpb24gMjA0MDI0 KQorKysgU291cmNlL1dlYkNvcmUvaHRtbC90cmFjay9UcmFja0xpc3RCYXNlLmNwcAkod29ya2lu ZyBjb3B5KQpAQCAtNDYsNiArNDYsMTYgQEAgVHJhY2tMaXN0QmFzZTo6VHJhY2tMaXN0QmFzZShI VE1MTWVkaWFFbAogCiBUcmFja0xpc3RCYXNlOjp+VHJhY2tMaXN0QmFzZSgpCiB7CisgICAgY2xl YXJFbGVtZW50KCk7Cit9CisKK3ZvaWQgVHJhY2tMaXN0QmFzZTo6Y2xlYXJFbGVtZW50KCkKK3sK KyAgICBtX2VsZW1lbnQgPSBudWxscHRyOworICAgIGZvciAoYXV0byYgdHJhY2sgOiBtX2luYmFu ZFRyYWNrcykgeworICAgICAgICB0cmFjay0+c2V0TWVkaWFFbGVtZW50KG51bGxwdHIpOworICAg ICAgICB0cmFjay0+Y2xlYXJDbGllbnQoKTsKKyAgICB9CiB9CiAKIEVsZW1lbnQqIFRyYWNrTGlz dEJhc2U6OmVsZW1lbnQoKSBjb25zdApJbmRleDogU291cmNlL1dlYkNvcmUvaHRtbC90cmFjay9U cmFja0xpc3RCYXNlLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvaHRtbC90cmFjay9U cmFja0xpc3RCYXNlLmgJKHJldmlzaW9uIDIwNDAyNCkKKysrIFNvdXJjZS9XZWJDb3JlL2h0bWwv dHJhY2svVHJhY2tMaXN0QmFzZS5oCSh3b3JraW5nIGNvcHkpCkBAIC01Niw3ICs1Niw3IEBAIHB1 YmxpYzoKICAgICB1c2luZyBSZWZDb3VudGVkPFRyYWNrTGlzdEJhc2U+OjpkZXJlZjsKICAgICBT Y3JpcHRFeGVjdXRpb25Db250ZXh0KiBzY3JpcHRFeGVjdXRpb25Db250ZXh0KCkgY29uc3QgZmlu YWwgeyByZXR1cm4gbV9jb250ZXh0OyB9CiAKLSAgICB2b2lkIGNsZWFyRWxlbWVudCgpIHsgbV9l bGVtZW50ID0gMDsgfQorICAgIHZpcnR1YWwgdm9pZCBjbGVhckVsZW1lbnQoKTsKICAgICBFbGVt ZW50KiBlbGVtZW50KCkgY29uc3Q7CiAgICAgSFRNTE1lZGlhRWxlbWVudCogbWVkaWFFbGVtZW50 KCkgY29uc3QgeyByZXR1cm4gbV9lbGVtZW50OyB9CiAKSW5kZXg6IExheW91dFRlc3RzL0NoYW5n ZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDIwNDAy NCkKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEz IEBACisyMDE2LTA4LTAyICBFcmljIENhcmxzb24gIDxlcmljLmNhcmxzb25AYXBwbGUuY29tPgor CisgICAgICAgIE5lZWQgYSBzaG9ydCBkZXNjcmlwdGlvbiAoT09QUyEpLgorICAgICAgICBOZWVk IHRoZSBidWcgVVJMIChPT1BTISkuCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgKiBtZWRpYS9yYW5nZS1leHRyYWN0LWNvbnRlbnRzLWNyYXNoLWV4cGVj dGVkLnR4dDogQWRkZWQuCisgICAgICAgICogbWVkaWEvcmFuZ2UtZXh0cmFjdC1jb250ZW50cy1j cmFzaC5odG1sOiBBZGRlZC4KKwogMjAxNi0wOC0wMiAgUGVyIEFybmUgVm9sbGFuICA8cHZvbGxh bkBhcHBsZS5jb20+CiAKICAgICAgICAgVW5yZXZpZXdlZCB0ZXN0IGdhcmRlbmluZy4KSW5kZXg6 IExheW91dFRlc3RzL21lZGlhL3JhbmdlLWV4dHJhY3QtY29udGVudHMtY3Jhc2gtZXhwZWN0ZWQu dHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL21lZGlhL3JhbmdlLWV4dHJhY3QtY29udGVu dHMtY3Jhc2gtZXhwZWN0ZWQudHh0CShub25leGlzdGVudCkKKysrIExheW91dFRlc3RzL21lZGlh L3JhbmdlLWV4dHJhY3QtY29udGVudHMtY3Jhc2gtZXhwZWN0ZWQudHh0CSh3b3JraW5nIGNvcHkp CkBAIC0wLDAgKzEsNCBAQAorCitUZXN0cyB0aGF0IG1vdmluZyBhIHZpZGVvIGVsZW1lbnQgZnJv bSB0aGUgZG9jdW1lbnQgdHJlZSBpbnRvIGEgRG9jdW1lbnRGcmFnbWVudCBkb2VzIG5vdCBjcmFz aC4KKworSWYgdGhpcyB0ZXN0IGRvZXMgbm90IGNyYXNoLCBpdCBwYXNzZXMuCkluZGV4OiBMYXlv dXRUZXN0cy9tZWRpYS9yYW5nZS1leHRyYWN0LWNvbnRlbnRzLWNyYXNoLmh0bWwKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gTGF5b3V0VGVzdHMvbWVkaWEvcmFuZ2UtZXh0cmFjdC1jb250ZW50cy1jcmFzaC5odG1s CShub25leGlzdGVudCkKKysrIExheW91dFRlc3RzL21lZGlhL3JhbmdlLWV4dHJhY3QtY29udGVu dHMtY3Jhc2guaHRtbAkod29ya2luZyBjb3B5KQpAQCAtMCwwICsxLDY0IEBACis8IURPQ1RZUEUg SFRNTD4KKzxodG1sPgorPGhlYWQ+Cis8c2NyaXB0IHNyYz0iLi4vcmVzb3VyY2VzL2djLmpzIj48 L3NjcmlwdD4KKzxzY3JpcHQ+CisgICAgaWYgKHdpbmRvdy50ZXN0UnVubmVyKSB7CisgICAgICAg IHdpbmRvdy50ZXN0UnVubmVyLmR1bXBBc1RleHQoKTsKKyAgICAgICAgd2luZG93LnRlc3RSdW5u ZXIud2FpdFVudGlsRG9uZSgpOworICAgIH0KKworICAgIGxldCB0cmFja3MgPSBbXTsKKworICAg IGZ1bmN0aW9uIHJ1blRlc3QoKQorICAgIHsKKyAgICAgICAgZGl2ID0gZG9jdW1lbnQuZ2V0RWxl bWVudHNCeVRhZ05hbWUoJ2RpdicpWzBdOworCisgICAgICAgIGF1ZGlvID0gZG9jdW1lbnQuY3Jl YXRlRWxlbWVudCgiYXVkaW8iKTsKKyAgICAgICAgZGl2LmFwcGVuZENoaWxkKGF1ZGlvKTsKKwor ICAgICAgICB2aWRlbyA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoInZpZGVvIik7CisgICAgICAg IGRpdi5hcHBlbmRDaGlsZCh2aWRlbyk7CisKKyAgICAgICAgZm9yIChsZXQgaSA9IDA7IGkgPCAx MDsgaSsrKSB7CisgICAgICAgICAgICBsZXQgdHJhY2sgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50 KCJ0cmFjayIpOworICAgICAgICAgICAgdHJhY2suc3JjID0gJ2RhdGE6dGV4dC92dHQsJytlbmNv ZGVVUklDb21wb25lbnQoJ1dFQlZUVFxuXG4wMDowMDowMC4wMDAgLS0+IDAwOjAwOjAxLjAwMFxu dGVzdFxuJyk7CisgICAgICAgICAgICB0cmFjay5raW5kID0gImNhcHRpb24iOworICAgICAgICAg ICAgdHJhY2suc3JjbGFuZyA9ICJmciI7CisgICAgICAgICAgICB2aWRlby5hcHBlbmRDaGlsZCh0 cmFjayk7CisgICAgICAgICAgICB0cmFja3MucHVzaCh0cmFjayk7CisgICAgICAgIH0KKworICAg ICAgICBvYmplY3QgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCJvYmplY3QiKTsKKyAgICAgICAg dmlkZW8uYXBwZW5kQ2hpbGQob2JqZWN0KTsKKworICAgICAgICByYW5nZSA9IGRvY3VtZW50LmNy ZWF0ZVJhbmdlKCk7CisgICAgICAgIHJhbmdlLnNlbGVjdE5vZGVDb250ZW50cyhhdWRpbyk7Cisg ICAgICAgIHJhbmdlLnNldEVuZEJlZm9yZShvYmplY3QpOworICAgICAgICBzZXRUaW1lb3V0KHN0 ZXAxLCAwKTsKKyAgICAgICAgZ2MoKTsKKyAgICB9CisKKyAgICBmdW5jdGlvbiBzdGVwMSgpCisg ICAgeworICAgICAgICByYW5nZS5leHRyYWN0Q29udGVudHMoKTsKKyAgICAgICAgZ2MoKTsKKyAg ICAgICAgc2V0VGltZW91dChzdGVwMiwgMCk7CisgICAgfQorCisgICAgZnVuY3Rpb24gc3RlcDIo KQorICAgIHsKKyAgICAgICAgZm9yIChsZXQgaSA9IDA7IGkgPCAxMDsgaSsrKQorICAgICAgICAg ICAgdHJhY2tzW2ldLnNyY2xhbmcgPSAiZW4iOworCisgICAgICAgIGlmICh3aW5kb3cudGVzdFJ1 bm5lcikKKyAgICAgICAgICAgIHdpbmRvdy50ZXN0UnVubmVyLm5vdGlmeURvbmUoKTsKKyAgICB9 Cis8L3NjcmlwdD4KKzwvaGVhZD4KKzxib2R5IG9ubG9hZD0icnVuVGVzdCgpIj4KKyAgICA8ZGl2 PjwvZGl2PgorICAgIDxwPlRlc3RzIHRoYXQgbW92aW5nIGEgdmlkZW8gZWxlbWVudCBmcm9tIHRo ZSBkb2N1bWVudCB0cmVlIGludG8gYSBEb2N1bWVudEZyYWdtZW50IGRvZXMgbm90IGNyYXNoLjwv cD4KKyAgICA8cD5JZiB0aGlzIHRlc3QgZG9lcyBub3QgY3Jhc2gsIGl0IHBhc3Nlcy48L3A+Cis8 L2JvZHk+Cis8L2h0bWw+Cg== 285231 2016-08-03 08:09:25 -0700 2016-08-03 11:11:03 -0700 Updated Patch. update_patch.txt text/plain 1857 eric.carlson SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIwNDA3OSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE3IEBACisyMDE2LTA4LTAzICBFcmljIENh cmxzb24gIDxlcmljLmNhcmxzb25AYXBwbGUuY29tPgorCisgICAgICAgIENsZWFudXAgSFRNTE1l ZGlhRWxlbWVudCB0cmFjayBsaXN0cy4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTE2MDQ3MAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09Q UyEpLgorCisgICAgICAgICogaHRtbC90cmFjay9BdWRpb1RyYWNrLmNwcDoKKyAgICAgICAgKFdl YkNvcmU6OkF1ZGlvVHJhY2s6OndpbGxSZW1vdmUpOiBSZW1vdmUgdW5uZWNlc3NhcnkgQVNTRVJU IGFuZCBOVUxMIGNoZWNrLgorCisgICAgICAgICogaHRtbC90cmFjay9UZXh0VHJhY2tMaXN0LmNw cDoKKyAgICAgICAgKFRleHRUcmFja0xpc3Q6On5UZXh0VHJhY2tMaXN0KTogQ2FsbCBjbGVhckVs ZW1lbnQgc28gbWVkaWEgZWxlbWVudCBhbmQgY2xpZW50IHBvaW50ZXJzIGFyZQorICAgICAgICBj bGVhcmVkLgorCiAyMDE2LTA4LTAyICBGcmVkZXJpYyBXYW5nICA8ZndhbmdAaWdhbGlhLmNvbT4K IAogICAgICAgICBNb3ZlIGRldGVybWluYXRpb24gb2Ygb3BlcmF0b3IgZGlyZWN0aW9uIGludG8g RE9NIGNsYXNzIGFuZCByZWR1Y2UgcmVsYXlvdXQKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2h0bWwv dHJhY2svQXVkaW9UcmFjay5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvaHRtbC90 cmFjay9BdWRpb1RyYWNrLmNwcAkocmV2aXNpb24gMjA0MDUwKQorKysgU291cmNlL1dlYkNvcmUv aHRtbC90cmFjay9BdWRpb1RyYWNrLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMTY3LDkgKzE2Nyw3 IEBAIHZvaWQgQXVkaW9UcmFjazo6bGFuZ3VhZ2VDaGFuZ2VkKFRyYWNrUHIKIHZvaWQgQXVkaW9U cmFjazo6d2lsbFJlbW92ZShUcmFja1ByaXZhdGVCYXNlKiB0cmFja1ByaXZhdGUpCiB7CiAgICAg QVNTRVJUX1VOVVNFRCh0cmFja1ByaXZhdGUsIHRyYWNrUHJpdmF0ZSA9PSBtX3ByaXZhdGUpOwot ICAgIEFTU0VSVChtZWRpYUVsZW1lbnQoKSk7Ci0gICAgaWYgKG1lZGlhRWxlbWVudCgpKQotICAg ICAgICBtZWRpYUVsZW1lbnQoKS0+cmVtb3ZlQXVkaW9UcmFjaygqdGhpcyk7CisgICAgbWVkaWFF bGVtZW50KCktPnJlbW92ZUF1ZGlvVHJhY2soKnRoaXMpOwogfQogCiB2b2lkIEF1ZGlvVHJhY2s6 OnVwZGF0ZUtpbmRGcm9tUHJpdmF0ZSgpCkluZGV4OiBTb3VyY2UvV2ViQ29yZS9odG1sL3RyYWNr L1RleHRUcmFja0xpc3QuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2h0bWwvdHJh Y2svVGV4dFRyYWNrTGlzdC5jcHAJKHJldmlzaW9uIDIwNDA1MCkKKysrIFNvdXJjZS9XZWJDb3Jl L2h0bWwvdHJhY2svVGV4dFRyYWNrTGlzdC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTQ0LDYgKzQ0 LDcgQEAgVGV4dFRyYWNrTGlzdDo6VGV4dFRyYWNrTGlzdChIVE1MTWVkaWFFbAogCiBUZXh0VHJh Y2tMaXN0Ojp+VGV4dFRyYWNrTGlzdCgpCiB7CisgICAgY2xlYXJFbGVtZW50KCk7CiB9CiAKIHZv aWQgVGV4dFRyYWNrTGlzdDo6Y2xlYXJFbGVtZW50KCkK