161109 2016-08-23 15:02:15 -0700 REGRESSION(204854): ASan is unhappy 2016-08-23 19:06:04 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build All All RESOLVED FIXED P2 Normal --- 161117 1 fpizlo fpizlo ap ddkilzer ryanhaddad oldest_to_newest 1222443 0 fpizlo 2016-08-23 15:02:15 -0700 See here: https://build-safari.apple.com/results/Trunk%20El%20Capitan%20ASan%20Release%20WK2%20Tests/r204854_86469%20(1539)/results.html For example: ==28827==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000160260 at pc 0x000110f1fa4b bp 0x7fff52724740 sp 0x7fff52724738 READ of size 8 at 0x615000160260 thread T0 #0 0x110f1fa4a in JSC::WeakSet::vm() const (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x3fa4a) #1 0x11220f4a7 in JSC::constructRegExp(JSC::ExecState*, JSC::JSGlobalObject*, JSC::ArgList const&, JSC::JSObject*, JSC::JSValue) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x132f4a7) #2 0x112215dfc in JSC::callRegExpConstructor(JSC::ExecState*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1335dfc) #3 0x111f9ea08 in JSC::LLInt::handleHostCall(JSC::ExecState*, JSC::Instruction*, JSC::JSValue, JSC::CodeSpecializationKind) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10bea08) #4 0x111fa32aa in JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10c32aa) #5 0x111fabf1f in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf1f) #6 0x111fabebb in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbebb) #7 0x111fabf2d in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf2d) #8 0x111fabf2d in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf2d) #9 0x111fabf2d in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf2d) #10 0x111fac327 in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cc327) #11 0x111fac327 in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cc327) #12 0x111fabf2d in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf2d) #13 0x111fabf2d in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf2d) #14 0x111fabf2d in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf2d) #15 0x111fabf2d in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf2d) #16 0x111fabf2d in llint_entry (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10cbf2d) #17 0x111fa5b7a in vmEntryToJavaScript (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x10c5b7a) #18 0x111c4b0ed in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xd6b0ed) #19 0x111bb9865 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xcd9865) #20 0x111448e6e in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x568e6e) #21 0x1114490ae in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x5690ae) #22 0x1161e75a3 in WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x1f805a3) #23 0x1161e385a in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x1f7c85a) #24 0x1161f4126 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x1f8d126) #25 0x1161f1b58 in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x1f8ab58) #26 0x114e0fb9f in WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xba8b9f) #27 0x114e0f8c5 in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xba88c5) #28 0x114d43742 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadc742) #29 0x114d43d12 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadcd12) #30 0x114d42f77 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadbf77) #31 0x114d44bcd in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xaddbcd) #32 0x114d44e91 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadde91) #33 0x1144ac9e7 in WebCore::CachedResource::checkNotify() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x2459e7) #34 0x1164d3298 in WebCore::SubresourceLoader::didFinishLoading(double) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x226c298) #35 0x10dd22785 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit+0x835785) #36 0x10dd21d5d in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit+0x834d5d) #37 0x10d75f8da in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit+0x2728da) #38 0x10d595903 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit+0xa8903) #39 0x10d59bf74 in IPC::Connection::dispatchOneMessage() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/WebKit+0xaef74) #40 0x11242b55f in WTF::RunLoop::performWork() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x154b55f) #41 0x11242bcfe in WTF::RunLoop::performWork(void*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x154bcfe) #42 0x7fff8fbbe880 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa880) #43 0x7fff8fb9dfbb in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x89fbb) #44 0x7fff8fb9d4de in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x894de) #45 0x7fff8fb9ced7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88ed7) #46 0x7fff85d00934 in RunCurrentEventLoopInMode (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x30934) #47 0x7fff85d0076e in ReceiveNextEventCommon (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x3076e) #48 0x7fff85d005ae in _BlockUntilNextEventMatchingListInModeWithFilter (/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox+0x305ae) #49 0x7fff86442ef9 in _DPSNextEvent (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48ef9) #50 0x7fff86442329 in -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x48329) #51 0x7fff86436e83 in -[NSApplication run] (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x3ce83) #52 0x7fff8640046b in NSApplicationMain (/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit+0x646b) #53 0x7fff96149193 in _xpc_objc_main (/usr/lib/system/libxpc.dylib+0x11193) #54 0x7fff96147bbd in xpc_main (/usr/lib/system/libxpc.dylib+0xfbbd) #55 0x10d4d5c3b in main (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.WebContent.Development.xpc/Contents/MacOS/com.apple.WebKit.WebContent.Development+0x100001c3b) #56 0x7fff8e29d5ac in start (/usr/lib/system/libdyld.dylib+0x35ac) #57 0x0 (<unknown module>) 0x615000160260 is located 352 bytes inside of 512-byte region [0x615000160100,0x615000160300) freed by thread T0 here: #0 0x10f876109 in wrap_free (/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/lib/clang/7.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x43109) #1 0x112477fa7 in bmalloc::Deallocator::deallocateSlowCase(void*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x1597fa7) #2 0x115602167 in WTF::Vector<WebCore::CSSParserValue, 4ul, WTF::CrashOnOverflow, 16ul>::expandCapacity(unsigned long, WebCore::CSSParserValue*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x139b167) #3 0x115602071 in void WTF::Vector<WebCore::CSSParserValue, 4ul, WTF::CrashOnOverflow, 16ul>::appendSlowCase<WebCore::CSSParserValue const&>(WebCore::CSSParserValue const&&&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x139b071) #4 0x114716d2c in cssyyparse(WebCore::CSSParser*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x4afd2c) #5 0x1166f4de2 in WebCore::CSSParser::parseSheet(WebCore::StyleSheetContents*, WTF::String const&, WTF::TextPosition const&, WTF::Vector<WTF::Ref<WebCore::CSSRuleSourceData>, 0ul, WTF::CrashOnOverflow, 16ul>*, bool) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x248dde2) #6 0x1164b8f24 in WebCore::StyleSheetContents::parseStringAtPosition(WTF::String const&, WTF::TextPosition const&, bool) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x2251f24) #7 0x1164b8dbf in WebCore::StyleSheetContents::parseString(WTF::String const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x2251dbf) #8 0x1146cbbc8 in WebCore::parseUASheet(WTF::String const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x464bc8) #9 0x1146cb6ca in WebCore::CSSDefaultStyleSheets::loadFullDefaultStyle() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x4646ca) #10 0x1146cbf56 in WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement(WebCore::Element const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x464f56) #11 0x11648c41b in WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*, WebCore::SelectorFilter const*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x222541b) #12 0x1149f2bd9 in WebCore::Element::resolveStyle(WebCore::RenderStyle const*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x78bbd9) #13 0x114880bb6 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element&, WebCore::RenderStyle const*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x619bb6) #14 0x1149fb572 in WebCore::Element::resolveComputedStyle() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x794572) #15 0x1149fb803 in WebCore::Element::computedStyle(WebCore::PseudoId) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x794803) #16 0x114e3cf10 in WebCore::HTMLTitleElement::computedTextWithDirection() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbd5f10) #17 0x114e3cddf in WebCore::HTMLTitleElement::childrenChanged(WebCore::ContainerNode::ChildChange const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbd5ddf) #18 0x1145b319a in WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x34c19a) #19 0x1145b231d in WebCore::ContainerNode::parserAppendChild(WebCore::Node&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x34b31d) #20 0x114d1eafc in WebCore::executeInsertTask(WebCore::HTMLConstructionSiteTask&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xab7afc) #21 0x114d1d82c in WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xab682c) #22 0x114e59039 in WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbf2039) #23 0x114e58021 in WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbf1021) #24 0x114e551de in WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbee1de) #25 0x114d43f48 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadcf48) #26 0x114d43cb2 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadccb2) #27 0x114d42f77 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadbf77) #28 0x114d44668 in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadd668) #29 0x1148089aa in WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x5a19aa) previously allocated by thread T0 here: #0 0x10f875f40 in wrap_malloc (/Applications/Xcode.app/Contents/Developer/Toolchains/OSX10.11.xctoolchain/usr/lib/clang/7.0.0/lib/darwin/libclang_rt.asan_osx_dynamic.dylib+0x42f40) #1 0x11246ce44 in bmalloc::Allocator::allocateSlowCase(unsigned long) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x158ce44) #2 0x11240f645 in bmalloc::Allocator::allocate(unsigned long) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x152f645) #3 0x11560238f in WTF::VectorBufferBase<WebCore::CSSParserValue>::allocateBuffer(unsigned long) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x139b38f) #4 0x115602213 in WTF::Vector<WebCore::CSSParserValue, 4ul, WTF::CrashOnOverflow, 16ul>::reserveCapacity(unsigned long) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x139b213) #5 0x115602167 in WTF::Vector<WebCore::CSSParserValue, 4ul, WTF::CrashOnOverflow, 16ul>::expandCapacity(unsigned long, WebCore::CSSParserValue*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x139b167) #6 0x115602071 in void WTF::Vector<WebCore::CSSParserValue, 4ul, WTF::CrashOnOverflow, 16ul>::appendSlowCase<WebCore::CSSParserValue const&>(WebCore::CSSParserValue const&&&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x139b071) #7 0x114716d14 in cssyyparse(WebCore::CSSParser*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x4afd14) #8 0x1166f4de2 in WebCore::CSSParser::parseSheet(WebCore::StyleSheetContents*, WTF::String const&, WTF::TextPosition const&, WTF::Vector<WTF::Ref<WebCore::CSSRuleSourceData>, 0ul, WTF::CrashOnOverflow, 16ul>*, bool) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x248dde2) #9 0x1164b8f24 in WebCore::StyleSheetContents::parseStringAtPosition(WTF::String const&, WTF::TextPosition const&, bool) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x2251f24) #10 0x1164b8dbf in WebCore::StyleSheetContents::parseString(WTF::String const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x2251dbf) #11 0x1146cbbc8 in WebCore::parseUASheet(WTF::String const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x464bc8) #12 0x1146cb6ca in WebCore::CSSDefaultStyleSheets::loadFullDefaultStyle() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x4646ca) #13 0x1146cbf56 in WebCore::CSSDefaultStyleSheets::ensureDefaultStyleSheetsForElement(WebCore::Element const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x464f56) #14 0x11648c41b in WebCore::StyleResolver::styleForElement(WebCore::Element const&, WebCore::RenderStyle const*, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*, WebCore::SelectorFilter const*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x222541b) #15 0x1149f2bd9 in WebCore::Element::resolveStyle(WebCore::RenderStyle const*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x78bbd9) #16 0x114880bb6 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element&, WebCore::RenderStyle const*) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x619bb6) #17 0x1149fb572 in WebCore::Element::resolveComputedStyle() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x794572) #18 0x1149fb803 in WebCore::Element::computedStyle(WebCore::PseudoId) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x794803) #19 0x114e3cf10 in WebCore::HTMLTitleElement::computedTextWithDirection() (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbd5f10) #20 0x114e3cddf in WebCore::HTMLTitleElement::childrenChanged(WebCore::ContainerNode::ChildChange const&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbd5ddf) #21 0x1145b319a in WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x34c19a) #22 0x1145b231d in WebCore::ContainerNode::parserAppendChild(WebCore::Node&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0x34b31d) #23 0x114d1eafc in WebCore::executeInsertTask(WebCore::HTMLConstructionSiteTask&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xab7afc) #24 0x114d1d82c in WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xab682c) #25 0x114e59039 in WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbf2039) #26 0x114e58021 in WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbf1021) #27 0x114e551de in WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xbee1de) #28 0x114d43f48 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadcf48) #29 0x114d43cb2 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (/Volumes/Data/slave/elcapitan-asan-release-wk2-tests/build/buildToTest/WebCore.framework/Versions/A/WebCore+0xadccb2) SUMMARY: AddressSanitizer: heap-use-after-free ??:0 JSC::WeakSet::vm() const Shadow bytes around the buggy address: 0x1c2a0002bff0: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0x1c2a0002c000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 0x1c2a0002c010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c2a0002c020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c2a0002c030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x1c2a0002c040: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd 0x1c2a0002c050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c2a0002c060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c2a0002c070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x1c2a0002c080: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc 0x1c2a0002c090: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==28827==ABORTING 1222455 1 fpizlo 2016-08-23 15:18:07 -0700 Looking at this now. 1222469 2 fpizlo 2016-08-23 15:37:51 -0700 I think I found the issue. RegExpConstructor is a large allocation! I'm working on a fix. 1222489 3 286800 fpizlo 2016-08-23 16:09:26 -0700 Created attachment 286800 the patch 1222493 4 286800 ggaren 2016-08-23 16:13:29 -0700 Comment on attachment 286800 the patch r=me 1222499 5 fpizlo 2016-08-23 16:21:49 -0700 Landed in http://trac.webkit.org/changeset/204866 286800 2016-08-23 16:09:26 -0700 2016-08-23 16:13:29 -0700 the patch blah.patch text/plain 8612 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjA0ODY0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDMxIEBA CisyMDE2LTA4LTIzICBGaWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CisKKyAgICAgICAg UkVHUkVTU0lPTigyMDQ4NTQpOiBBU2FuIGlzIHVuaGFwcHkKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE2MTEwOQorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorICAgICAgICAKKyAgICAgICAgSSBtZXNzZWQgdXAgUmVnRXhwQ29u c3RydWN0b3I6IGl0IGVuZHMgdXAgYmVpbmcgYSBjYWxsZWUgYW5kIGEgbGFyZ2UgYWxsb2NhdGlv bi4KKyAgICAgICAgCisgICAgICAgIFRoaXMgZml4ZXMgaXQgdG8gbm90IGJlIGEgbGFyZ2UgYWxs b2NhdGlvbi4KKworICAgICAgICAqIGRmZy9ERkdTdHJlbmd0aFJlZHVjdGlvblBoYXNlLmNwcDoK KyAgICAgICAgKEpTQzo6REZHOjpTdHJlbmd0aFJlZHVjdGlvblBoYXNlOjpoYW5kbGVOb2RlKToK KyAgICAgICAgKiBydW50aW1lL0ludGVybmFsRnVuY3Rpb24uY3BwOgorICAgICAgICAoSlNDOjpJ bnRlcm5hbEZ1bmN0aW9uOjpJbnRlcm5hbEZ1bmN0aW9uKToKKyAgICAgICAgKiBydW50aW1lL1Jl Z0V4cC5jcHA6CisgICAgICAgIChKU0M6OlJlZ0V4cDo6bWF0Y2gpOgorICAgICAgICAoSlNDOjpS ZWdFeHA6Om1hdGNoQ29uY3VycmVudGx5KToKKyAgICAgICAgKEpTQzo6UmVnRXhwOjptYXRjaENv bXBhcmVXaXRoSW50ZXJwcmV0ZXIpOgorICAgICAgICAqIHJ1bnRpbWUvUmVnRXhwLmg6CisgICAg ICAgICogcnVudGltZS9SZWdFeHBDb25zdHJ1Y3Rvci5oOgorICAgICAgICAqIHJ1bnRpbWUvUmVn RXhwSW5saW5lcy5oOgorICAgICAgICAoSlNDOjpSZWdFeHA6Om1hdGNoSW5saW5lKToKKyAgICAg ICAgKiBydW50aW1lL1JlZ0V4cFByb3RvdHlwZS5jcHA6CisgICAgICAgIChKU0M6OmdlbmVyaWNT cGxpdCk6CisgICAgICAgICogdGVzdFJlZ0V4cC5jcHA6CisgICAgICAgICh0ZXN0T25lUmVnRXhw KToKKwogMjAxNi0wOC0yMyAgU2FhbSBCYXJhdGkgIDxzYmFyYXRpQGFwcGxlLmNvbT4KIAogICAg ICAgICBzdHJpY3QgbW9kZSBldmFsIHNob3VsZCBub3QgZmlyZSB0aGUgdmFyIGluamVjdGlvbiB3 YXRjaCBwb2ludApJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RSZWdFeHAuY3BwCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0UmVnRXhwLmNwcAkocmV2aXNp b24gMjA0ODYwKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3Rlc3RSZWdFeHAuY3BwCSh3b3Jr aW5nIGNvcHkpCkBAIC0xOTEsNyArMTkxLDcgQEAgaW50IG1haW4oaW50IGFyZ2MsIGNoYXIqKiBh cmd2KQogc3RhdGljIGJvb2wgdGVzdE9uZVJlZ0V4cChWTSYgdm0sIFJlZ0V4cCogcmVnZXhwLCBS ZWdFeHBUZXN0KiByZWdFeHBUZXN0LCBib29sIHZlcmJvc2UsIHVuc2lnbmVkIGludCBsaW5lTnVt YmVyKQogewogICAgIGJvb2wgcmVzdWx0ID0gdHJ1ZTsKLSAgICBWZWN0b3I8aW50LCAzMj4gb3V0 VmVjdG9yOworICAgIFZlY3RvcjxpbnQ+IG91dFZlY3RvcjsKICAgICBvdXRWZWN0b3IucmVzaXpl KHJlZ0V4cFRlc3QtPmV4cGVjdFZlY3Rvci5zaXplKCkpOwogICAgIGludCBtYXRjaFJlc3VsdCA9 IHJlZ2V4cC0+bWF0Y2godm0sIHJlZ0V4cFRlc3QtPnN1YmplY3QsIHJlZ0V4cFRlc3QtPm9mZnNl dCwgb3V0VmVjdG9yKTsKIApJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL2RmZy9ERkdTdHJl bmd0aFJlZHVjdGlvblBoYXNlLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENv cmUvZGZnL0RGR1N0cmVuZ3RoUmVkdWN0aW9uUGhhc2UuY3BwCShyZXZpc2lvbiAyMDQ4NjApCisr KyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR1N0cmVuZ3RoUmVkdWN0aW9uUGhhc2UuY3Bw CSh3b3JraW5nIGNvcHkpCkBAIC00NjksNyArNDY5LDcgQEAgcHJpdmF0ZToKICAgICAgICAgICAg IEZyb3plblZhbHVlKiBjb25zdHJ1Y3RvckZyb3plblZhbHVlID0gbV9ncmFwaC5mcmVlemUoY29u c3RydWN0b3IpOwogCiAgICAgICAgICAgICBNYXRjaFJlc3VsdCByZXN1bHQ7Ci0gICAgICAgICAg ICBWZWN0b3I8aW50LCAzMj4gb3ZlY3RvcjsKKyAgICAgICAgICAgIFZlY3RvcjxpbnQ+IG92ZWN0 b3I7CiAgICAgICAgICAgICAvLyBXZSBoYXZlIHRvIGNhbGwgdGhlIGtpbmQgb2YgbWF0Y2ggZnVu Y3Rpb24gdGhhdCB0aGUgbWFpbiB0aHJlYWQgd291bGQgaGF2ZSBjYWxsZWQuCiAgICAgICAgICAg ICAvLyBPdGhlcndpc2UsIHdlIG1pZ2h0IG5vdCBoYXZlIHRoZSBkZXNpcmVkIFlhcnIgY29kZSBj b21waWxlZCwgYW5kIHRoZSBtYXRjaCB3aWxsIGZhaWwuCiAgICAgICAgICAgICBpZiAobV9ub2Rl LT5vcCgpID09IFJlZ0V4cEV4ZWMpIHsKQEAgLTY1MSw3ICs2NTEsNyBAQCBwcml2YXRlOgogICAg ICAgICAgICAgYm9vbCBvayA9IHRydWU7CiAgICAgICAgICAgICBkbyB7CiAgICAgICAgICAgICAg ICAgTWF0Y2hSZXN1bHQgcmVzdWx0OwotICAgICAgICAgICAgICAgIFZlY3RvcjxpbnQsIDMyPiBv dmVjdG9yOworICAgICAgICAgICAgICAgIFZlY3RvcjxpbnQ+IG92ZWN0b3I7CiAgICAgICAgICAg ICAgICAgLy8gTW9kZWwgd2hpY2ggdmVyc2lvbiBvZiBtYXRjaCgpIGlzIGNhbGxlZCBieSB0aGUg bWFpbiB0aHJlYWQuCiAgICAgICAgICAgICAgICAgaWYgKHJlcGxhY2UuaXNFbXB0eSgpICYmIHJl Z0V4cC0+Z2xvYmFsKCkpIHsKICAgICAgICAgICAgICAgICAgICAgaWYgKCFyZWdFeHAtPm1hdGNo Q29uY3VycmVudGx5KHZtKCksIHN0cmluZywgc3RhcnRQb3NpdGlvbiwgcmVzdWx0KSkgewpJbmRl eDogU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSW50ZXJuYWxGdW5jdGlvbi5jcHAKPT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvSW50ZXJuYWxGdW5jdGlv bi5jcHAJKHJldmlzaW9uIDIwNDg2MCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1l L0ludGVybmFsRnVuY3Rpb24uY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0zNyw2ICszNyw4IEBAIGNv bnN0IENsYXNzSW5mbyBJbnRlcm5hbEZ1bmN0aW9uOjpzX2luZm8KIEludGVybmFsRnVuY3Rpb246 OkludGVybmFsRnVuY3Rpb24oVk0mIHZtLCBTdHJ1Y3R1cmUqIHN0cnVjdHVyZSkKICAgICA6IEpT RGVzdHJ1Y3RpYmxlT2JqZWN0KHZtLCBzdHJ1Y3R1cmUpCiB7CisgICAgLy8gZXhlYy0+dm0oKSB3 YW50cyBjYWxsZWVzIHRvIG5vdCBiZSBsYXJnZSBhbGxvY2F0aW9ucy4KKyAgICBSRUxFQVNFX0FT U0VSVCghaXNMYXJnZUFsbG9jYXRpb24oKSk7CiB9CiAKIHZvaWQgSW50ZXJuYWxGdW5jdGlvbjo6 ZmluaXNoQ3JlYXRpb24oVk0mIHZtLCBjb25zdCBTdHJpbmcmIG5hbWUpCkluZGV4OiBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvcnVudGltZS9SZWdFeHAuY3BwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9ydW50aW1lL1JlZ0V4cC5jcHAJKHJldmlzaW9uIDIwNDg2MCkKKysrIFNv dXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1JlZ0V4cC5jcHAJKHdvcmtpbmcgY29weSkKQEAg LTI5NiwxMyArMjk2LDEzIEBAIHZvaWQgUmVnRXhwOjpjb21waWxlKFZNKiB2bSwgWWFycjo6WWFy ckMKICAgICBtX3JlZ0V4cEJ5dGVjb2RlID0gWWFycjo6Ynl0ZUNvbXBpbGUocGF0dGVybiwgJnZt LT5tX3JlZ0V4cEFsbG9jYXRvciwgJnZtLT5tX3JlZ0V4cEFsbG9jYXRvckxvY2spOwogfQogCi1p bnQgUmVnRXhwOjptYXRjaChWTSYgdm0sIGNvbnN0IFN0cmluZyYgcywgdW5zaWduZWQgc3RhcnRP ZmZzZXQsIFZlY3RvcjxpbnQsIDMyPiYgb3ZlY3RvcikKK2ludCBSZWdFeHA6Om1hdGNoKFZNJiB2 bSwgY29uc3QgU3RyaW5nJiBzLCB1bnNpZ25lZCBzdGFydE9mZnNldCwgVmVjdG9yPGludD4mIG92 ZWN0b3IpCiB7CiAgICAgcmV0dXJuIG1hdGNoSW5saW5lKHZtLCBzLCBzdGFydE9mZnNldCwgb3Zl Y3Rvcik7CiB9CiAKIGJvb2wgUmVnRXhwOjptYXRjaENvbmN1cnJlbnRseSgKLSAgICBWTSYgdm0s IGNvbnN0IFN0cmluZyYgcywgdW5zaWduZWQgc3RhcnRPZmZzZXQsIGludCYgcG9zaXRpb24sIFZl Y3RvcjxpbnQsIDMyPiYgb3ZlY3RvcikKKyAgICBWTSYgdm0sIGNvbnN0IFN0cmluZyYgcywgdW5z aWduZWQgc3RhcnRPZmZzZXQsIGludCYgcG9zaXRpb24sIFZlY3RvcjxpbnQ+JiBvdmVjdG9yKQog ewogICAgIENvbmN1cnJlbnRKSVRMb2NrZXIgbG9ja2VyKG1fbG9jayk7CiAKQEAgLTM4Miw3ICsz ODIsNyBAQCB2b2lkIFJlZ0V4cDo6ZGVsZXRlQ29kZSgpCiB2b2lkIFJlZ0V4cDo6bWF0Y2hDb21w YXJlV2l0aEludGVycHJldGVyKGNvbnN0IFN0cmluZyYgcywgaW50IHN0YXJ0T2Zmc2V0LCBpbnQq IG9mZnNldFZlY3RvciwgaW50IGppdFJlc3VsdCkKIHsKICAgICBpbnQgb2Zmc2V0VmVjdG9yU2l6 ZSA9IChtX251bVN1YnBhdHRlcm5zICsgMSkgKiAyOwotICAgIFZlY3RvcjxpbnQsIDMyPiBpbnRl cnByZXRlck92ZWN0b3I7CisgICAgVmVjdG9yPGludD4gaW50ZXJwcmV0ZXJPdmVjdG9yOwogICAg IGludGVycHJldGVyT3ZlY3Rvci5yZXNpemUob2Zmc2V0VmVjdG9yU2l6ZSk7CiAgICAgaW50KiBp bnRlcnByZXRlck9mZnNldFZlY3RvciA9IGludGVycHJldGVyT3ZlY3Rvci5kYXRhKCk7CiAgICAg aW50IGludGVycHJldGVyUmVzdWx0ID0gMDsKSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9y dW50aW1lL1JlZ0V4cC5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50 aW1lL1JlZ0V4cC5oCShyZXZpc2lvbiAyMDQ4NjApCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUv cnVudGltZS9SZWdFeHAuaAkod29ya2luZyBjb3B5KQpAQCAtNjQsMTcgKzY0LDE4IEBAIHB1Ymxp YzoKICAgICBib29sIGlzVmFsaWQoKSBjb25zdCB7IHJldHVybiAhbV9jb25zdHJ1Y3Rpb25FcnJv ciAmJiBtX2ZsYWdzICE9IEludmFsaWRGbGFnczsgfQogICAgIGNvbnN0IGNoYXIqIGVycm9yTWVz c2FnZSgpIGNvbnN0IHsgcmV0dXJuIG1fY29uc3RydWN0aW9uRXJyb3I7IH0KIAotICAgIEpTX0VY UE9SVF9QUklWQVRFIGludCBtYXRjaChWTSYsIGNvbnN0IFN0cmluZyYsIHVuc2lnbmVkIHN0YXJ0 T2Zmc2V0LCBWZWN0b3I8aW50LCAzMj4mIG92ZWN0b3IpOworICAgIEpTX0VYUE9SVF9QUklWQVRF IGludCBtYXRjaChWTSYsIGNvbnN0IFN0cmluZyYsIHVuc2lnbmVkIHN0YXJ0T2Zmc2V0LCBWZWN0 b3I8aW50PiYgb3ZlY3Rvcik7CiAKICAgICAvLyBSZXR1cm5zIGZhbHNlIGlmIHdlIGNvdWxkbid0 IHJ1biB0aGUgcmVndWxhciBleHByZXNzaW9uIGZvciBhbnkgcmVhc29uLgotICAgIGJvb2wgbWF0 Y2hDb25jdXJyZW50bHkoVk0mLCBjb25zdCBTdHJpbmcmLCB1bnNpZ25lZCBzdGFydE9mZnNldCwg aW50JiBwb3NpdGlvbiwgVmVjdG9yPGludCwgMzI+JiBvdmVjdG9yKTsKKyAgICBib29sIG1hdGNo Q29uY3VycmVudGx5KFZNJiwgY29uc3QgU3RyaW5nJiwgdW5zaWduZWQgc3RhcnRPZmZzZXQsIGlu dCYgcG9zaXRpb24sIFZlY3RvcjxpbnQ+JiBvdmVjdG9yKTsKICAgICAKICAgICBKU19FWFBPUlRf UFJJVkFURSBNYXRjaFJlc3VsdCBtYXRjaChWTSYsIGNvbnN0IFN0cmluZyYsIHVuc2lnbmVkIHN0 YXJ0T2Zmc2V0KTsKIAogICAgIGJvb2wgbWF0Y2hDb25jdXJyZW50bHkoVk0mLCBjb25zdCBTdHJp bmcmLCB1bnNpZ25lZCBzdGFydE9mZnNldCwgTWF0Y2hSZXN1bHQmKTsKIAogICAgIC8vIENhbGwg dGhlc2UgdmVyc2lvbnMgb2YgdGhlIG1hdGNoIGZ1bmN0aW9ucyBpZiB5b3UncmUgZGVzcGVyYXRl IGZvciBwZXJmb3JtYW5jZS4KLSAgICBpbnQgbWF0Y2hJbmxpbmUoVk0mLCBjb25zdCBTdHJpbmcm LCB1bnNpZ25lZCBzdGFydE9mZnNldCwgVmVjdG9yPGludCwgMzI+JiBvdmVjdG9yKTsKKyAgICB0 ZW1wbGF0ZTx0eXBlbmFtZSBWZWN0b3JUeXBlPgorICAgIGludCBtYXRjaElubGluZShWTSYsIGNv bnN0IFN0cmluZyYsIHVuc2lnbmVkIHN0YXJ0T2Zmc2V0LCBWZWN0b3JUeXBlJiBvdmVjdG9yKTsK ICAgICBNYXRjaFJlc3VsdCBtYXRjaElubGluZShWTSYsIGNvbnN0IFN0cmluZyYsIHVuc2lnbmVk IHN0YXJ0T2Zmc2V0KTsKICAgICAKICAgICB1bnNpZ25lZCBudW1TdWJwYXR0ZXJucygpIGNvbnN0 IHsgcmV0dXJuIG1fbnVtU3VicGF0dGVybnM7IH0KSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29y ZS9ydW50aW1lL1JlZ0V4cENvbnN0cnVjdG9yLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFT Y3JpcHRDb3JlL3J1bnRpbWUvUmVnRXhwQ29uc3RydWN0b3IuaAkocmV2aXNpb24gMjA0ODYwKQor KysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvUmVnRXhwQ29uc3RydWN0b3IuaAkod29y a2luZyBjb3B5KQpAQCAtODAsNyArODAsNyBAQCBwcml2YXRlOgogCiAgICAgUmVnRXhwQ2FjaGVk UmVzdWx0IG1fY2FjaGVkUmVzdWx0OwogICAgIGJvb2wgbV9tdWx0aWxpbmU7Ci0gICAgVmVjdG9y PGludCwgMzI+IG1fb3ZlY3RvcjsKKyAgICBWZWN0b3I8aW50PiBtX292ZWN0b3I7CiB9OwogCiBS ZWdFeHBDb25zdHJ1Y3RvciogYXNSZWdFeHBDb25zdHJ1Y3RvcihKU1ZhbHVlKTsKSW5kZXg6IFNv dXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1JlZ0V4cElubGluZXMuaAo9PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0t LSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9SZWdFeHBJbmxpbmVzLmgJKHJldmlzaW9u IDIwNDg2MCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL1JlZ0V4cElubGluZXMu aAkod29ya2luZyBjb3B5KQpAQCAtOTQsNyArOTQsOCBAQCBBTFdBWVNfSU5MSU5FIHZvaWQgUmVn RXhwOjpjb21waWxlSWZOZWNlCiAgICAgY29tcGlsZSgmdm0sIGNoYXJTaXplKTsKIH0KIAotQUxX QVlTX0lOTElORSBpbnQgUmVnRXhwOjptYXRjaElubGluZShWTSYgdm0sIGNvbnN0IFN0cmluZyYg cywgdW5zaWduZWQgc3RhcnRPZmZzZXQsIFZlY3RvcjxpbnQsIDMyPiYgb3ZlY3RvcikKK3RlbXBs YXRlPHR5cGVuYW1lIFZlY3RvclR5cGU+CitBTFdBWVNfSU5MSU5FIGludCBSZWdFeHA6Om1hdGNo SW5saW5lKFZNJiB2bSwgY29uc3QgU3RyaW5nJiBzLCB1bnNpZ25lZCBzdGFydE9mZnNldCwgVmVj dG9yVHlwZSYgb3ZlY3RvcikKIHsKICNpZiBFTkFCTEUoUkVHRVhQX1RSQUNJTkcpCiAgICAgbV9y dE1hdGNoQ2FsbENvdW50Kys7CkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9S ZWdFeHBQcm90b3R5cGUuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9y dW50aW1lL1JlZ0V4cFByb3RvdHlwZS5jcHAJKHJldmlzaW9uIDIwNDg2MCkKKysrIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9ydW50aW1lL1JlZ0V4cFByb3RvdHlwZS5jcHAJKHdvcmtpbmcgY29weSkK QEAgLTQ2OCwxMiArNDY4LDE0IEBAIHZvaWQgZ2VuZXJpY1NwbGl0KAogICAgIHVuc2lnbmVkJiBt YXRjaFBvc2l0aW9uLCBib29sIHJlZ0V4cElzU3RpY2t5LCBib29sIHJlZ0V4cElzVW5pY29kZSwK ICAgICBjb25zdCBDb250cm9sRnVuYyYgY29udHJvbCwgY29uc3QgUHVzaEZ1bmMmIHB1c2gpCiB7 CisgICAgVmVjdG9yPGludD4gb3ZlY3RvcjsKKyAgICAgICAgCiAgICAgd2hpbGUgKG1hdGNoUG9z aXRpb24gPCBpbnB1dFNpemUpIHsKICAgICAgICAgaWYgKGNvbnRyb2woKSA9PSBBYm9ydFNwbGl0 KQogICAgICAgICAgICAgcmV0dXJuOwogICAgICAgICAKLSAgICAgICAgVmVjdG9yPGludCwgMzI+ IG92ZWN0b3I7Ci0KKyAgICAgICAgb3ZlY3Rvci5yZXNpemUoMCk7CisgICAgICAgIAogICAgICAg ICAvLyBhLiBQZXJmb3JtID8gU2V0KHNwbGl0dGVyLCAibGFzdEluZGV4IiwgcSwgdHJ1ZSkuCiAg ICAgICAgIC8vIGIuIExldCB6IGJlID8gUmVnRXhwRXhlYyhzcGxpdHRlciwgUykuCiAgICAgICAg IGludCBtcG9zID0gcmVnZXhwLT5tYXRjaCh2bSwgaW5wdXQsIG1hdGNoUG9zaXRpb24sIG92ZWN0 b3IpOwo=