16888 2008-01-15 22:17:15 -0800 -webkit-border-image crash/invalid free 2008-01-24 06:20:08 -0800 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) PC All RESOLVED FIXED HasReduction, InRadar P1 Major --- 1 michael.goddard webkit-unassigned hausmann oldest_to_newest 67339 0 michael.goddard 2008-01-15 22:17:15 -0800 There's an error in the CSSParser when parsing the width components of -webkit-border-image. A pointer to the middle of an array is stored in an OwnPtr and gets freed. Can cause crashes/memory corruption. Testcase/patch to be attached. 67340 1 18465 michael.goddard 2008-01-15 22:17:43 -0800 Created attachment 18465 Testcase and patch 67341 2 michael.goddard 2008-01-15 22:18:53 -0800 The test case style for the <div> could probably be removed. 67342 3 18465 sam 2008-01-15 23:07:35 -0800 Comment on attachment 18465 Testcase and patch There are some tabs in the patch and I don't understand the ChangeLog entirely. Where is the OwnPtr that you are storing to? 67391 4 18465 hyatt 2008-01-16 11:26:30 -0800 Comment on attachment 18465 Testcase and patch I don't quite understand this patch either. I don't see why a Value would have to be copied. 67419 5 18485 michael.goddard 2008-01-16 16:13:14 -0800 Created attachment 18485 Fix memory corruption - just store Values as member vars, don't allocate them In the original code, m_borderTop etc were OwnPtr<Value>s, and so we needed to give them a valid pointer (hence the allocation in the previous patch, rather than the middle of an array). Since the BorderImageParseContext is stack allocated anyway, just make it slightly larger to hold actual Values and copy them in. This needs an extra variable to track which Values are valid. 67545 6 michael.goddard 2008-01-17 15:36:35 -0800 Another option would be to just store pointers to the middle of the callers ValueList, since hopefully the lifetime is longer than the BorderImageParseContext. 67550 7 18516 michael.goddard 2008-01-17 15:54:47 -0800 Created attachment 18516 Use naked pointers rather than OwnPtrs since the source pointers are in the middle of an array Simpler than previous patch and avoids any extra allocations. 67676 8 ddkilzer 2008-01-19 02:07:36 -0800 Loading the test case, the following is printed to the console for times per page load on a debug build of WebKit r29623: Safari(28864,0xa000ed88) malloc: *** Deallocation of a pointer not malloced: 0xc199030; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug 67677 9 ddkilzer 2008-01-19 02:09:41 -0800 <rdar://problem/5696235> 67947 10 18516 darin 2008-01-22 08:37:01 -0800 Comment on attachment 18516 Use naked pointers rather than OwnPtrs since the source pointers are in the middle of an array r=me 68111 11 hausmann 2008-01-24 06:20:08 -0800 Landed in r29764 18465 2008-01-15 22:17:43 -0800 2008-01-16 16:13:14 -0800 Testcase and patch border-image-crash text/plain 2818 michael.goddard ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCAyMTkxYWQzLi4yYTQyNDhjIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTIgQEAKKzIwMDgtMDEt MTUgIE1pY2hhZWwgR29kZGFyZCAgPG1pY2hhZWwuZ29kZGFyZEB0cm9sbHRlY2guY29tPgorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFkZCBhIHRlc3Qg Zm9yIGEgY3Jhc2ggZW5jb3VudGVyZWQgd2l0aCAtd2Via2l0LWJvcmRlci1pbWFnZS4KKworICAg ICAgICAqIGZhc3QvY3NzL2JvcmRlci1pbWFnZS1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgor ICAgICAgICAqIGZhc3QvY3NzL2JvcmRlci1pbWFnZS1jcmFzaC5odG1sOiBBZGRlZC4KKwogMjAw OC0wMS0wMiAgTWFyayBSb3dlICA8bXJvd2VAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2Vk IGJ5IFNhbSBXZWluaWcuCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9ib3JkZXIt aW1hZ2UtY3Jhc2gtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvZmFzdC9jc3MvYm9yZGVyLWlt YWdlLWNyYXNoLWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAw Li44MjQ5NTg2Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFzdC9jc3MvYm9yZGVy LWltYWdlLWNyYXNoLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxLDMgQEAKK1Rlc3QgZm9yIGNyYXNo IGRpc2NvdmVyZWQgd2l0aCAtd2Via2l0LWJvcmRlci1pbWFnZS4gSWYgdGhpcyB0ZXh0IGFwcGVh cnMsIHRoZSB0ZXN0IHBhc3NlZC4KKworCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2Nz cy9ib3JkZXItaW1hZ2UtY3Jhc2guaHRtbCBiL0xheW91dFRlc3RzL2Zhc3QvY3NzL2JvcmRlci1p bWFnZS1jcmFzaC5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLmFhMjEw OGQKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9ib3JkZXItaW1hZ2Ut Y3Jhc2guaHRtbApAQCAtMCwwICsxLDE5IEBACis8aHRtbD4KKzxoZWFkPgorICAgIDx0aXRsZT48 L3RpdGxlPgorICAgIDxzdHlsZT4KKyAgICAgICAgZGl2IHsgd2lkdGg6IDEwcHg7IGhlaWdodDog MTBweDsgb3V0bGluZTogMnB4IHNvbGlkIGdyZWVuOyBkaXNwbGF5OiBpbmxpbmUtYmxvY2s7IH0K KyAgICA8L3N0eWxlPgorICAgIDxzY3JpcHQ+CisgICAgICAgIGlmICh3aW5kb3cubGF5b3V0VGVz dENvbnRyb2xsZXIpCisgICAgICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0 KCk7CisgICAgPC9zY3JpcHQ+Cis8L2hlYWQ+Cis8Ym9keT4KKyAgICA8cD4KKyAgICAgICAgVGVz dCBmb3IgY3Jhc2ggZGlzY292ZXJlZCB3aXRoIC13ZWJraXQtYm9yZGVyLWltYWdlLiAgSWYgdGhp cyB0ZXh0IGFwcGVhcnMsIHRoZSB0ZXN0IHBhc3NlZC4KKyAgICA8L3A+CisgICAgPHA+CisgICAg ICAgIDxkaXYgc3R5bGU9Ii13ZWJraXQtYm9yZGVyLWltYWdlOiB1cmwocmVzb3VyY2VzL2dyZWVu Ym94LnBuZykgMCA3IDAgMTMgLyAwIDcgMCAxMyBzdHJldGNoIHN0cmV0Y2g7Ij48L2Rpdj48L3A+ Cis8L2JvZHk+Cis8L2h0bWw+CmRpZmYgLS1naXQgYS9XZWJDb3JlL0NoYW5nZUxvZyBiL1dlYkNv cmUvQ2hhbmdlTG9nCmluZGV4IDg1NTNmNmYuLmI5YTY4N2EgMTAwNjQ0Ci0tLSBhL1dlYkNvcmUv Q2hhbmdlTG9nCisrKyBiL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTYgQEAKKzIwMDgt MDEtMTUgIE1pY2hhZWwgR29kZGFyZCAgPG1pY2hhZWwuZ29kZGFyZEB0cm9sbHRlY2guY29tPgor CisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFdoaWxlIHBh cnNpbmcgLXdlYmtpdC1ib3JkZXItaW1hZ2UsIG1ha2UgYQorCWRlZXAgY29weSBvZiBhIHZhcmlh YmxlIHRvIHN0b3JlIGluIGFuCisJT3duUHRyLCBvdGhlcndpc2Ugd2UgdHJ5IHRvIGZyZWUgc29t ZXRoaW5nCisJaW4gdGhlIG1pZGRsZSBvZiBhbiBhcnJheS4KKworICAgICAgICBUZXN0OiBmYXN0 L2Nzcy9ib3JkZXItaW1hZ2UtY3Jhc2guaHRtbAorCisgICAgICAgICogY3NzL0NTU1BhcnNlci5j cHA6CisKIDIwMDctMTItMjAgIE1hcmsgUm93ZSAgPG1yb3dlQGFwcGxlLmNvbT4KIAogICAgICAg ICBNZXJnZSByMjgwNTcgdG8gU2FmYXJpLTMtYnJhbmNoLgpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9j c3MvQ1NTUGFyc2VyLmNwcCBiL1dlYkNvcmUvY3NzL0NTU1BhcnNlci5jcHAKaW5kZXggYzY5ZGJh MC4uOWQ2ZjVmZiAxMDA2NDQKLS0tIGEvV2ViQ29yZS9jc3MvQ1NTUGFyc2VyLmNwcAorKysgYi9X ZWJDb3JlL2Nzcy9DU1NQYXJzZXIuY3BwCkBAIC0yNzYwLDcgKzI3NjAsOCBAQCBzdHJ1Y3QgQm9y ZGVySW1hZ2VQYXJzZUNvbnRleHQKICAgICAgICAgbV9hbGxvd051bWJlciA9ICFtX2xlZnQ7CiAg ICAgfQogICAgIHZvaWQgY29tbWl0U2xhc2goKSB7IG1fYWxsb3dCcmVhayA9IG1fYWxsb3dTbGFz aCA9IG1fYWxsb3dOdW1iZXIgPSBmYWxzZTsgbV9hbGxvd1dpZHRoID0gdHJ1ZTsgfQotICAgIHZv aWQgY29tbWl0V2lkdGgoVmFsdWUqIHZhbCkgeworICAgIHZvaWQgY29tbWl0V2lkdGgoVmFsdWUq IHYpIHsKKyAgICAgICAgVmFsdWUqIHZhbCA9IG5ldyBWYWx1ZSgqdik7CiAgICAgICAgIGlmICgh bV9ib3JkZXJUb3ApCiAgICAgICAgICAgICBtX2JvcmRlclRvcC5zZXQodmFsKTsKICAgICAgICAg ZWxzZSBpZiAoIW1fYm9yZGVyUmlnaHQpCg== 18485 2008-01-16 16:13:14 -0800 2008-01-17 15:54:47 -0800 Fix memory corruption - just store Values as member vars, don't allocate them border-image-crash2.patch text/plain 5721 michael.goddard ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCAyMTkxYWQzLi4yYTQyNDhjIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTIgQEAKKzIwMDgtMDEt MTUgIE1pY2hhZWwgR29kZGFyZCAgPG1pY2hhZWwuZ29kZGFyZEB0cm9sbHRlY2guY29tPgorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFkZCBhIHRlc3Qg Zm9yIGEgY3Jhc2ggZW5jb3VudGVyZWQgd2l0aCAtd2Via2l0LWJvcmRlci1pbWFnZS4KKworICAg ICAgICAqIGZhc3QvY3NzL2JvcmRlci1pbWFnZS1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgor ICAgICAgICAqIGZhc3QvY3NzL2JvcmRlci1pbWFnZS1jcmFzaC5odG1sOiBBZGRlZC4KKwogMjAw OC0wMS0wMiAgTWFyayBSb3dlICA8bXJvd2VAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2Vk IGJ5IFNhbSBXZWluaWcuCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9ib3JkZXIt aW1hZ2UtY3Jhc2gtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvZmFzdC9jc3MvYm9yZGVyLWlt YWdlLWNyYXNoLWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAw Li44MjQ5NTg2Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFzdC9jc3MvYm9yZGVy LWltYWdlLWNyYXNoLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxLDMgQEAKK1Rlc3QgZm9yIGNyYXNo IGRpc2NvdmVyZWQgd2l0aCAtd2Via2l0LWJvcmRlci1pbWFnZS4gSWYgdGhpcyB0ZXh0IGFwcGVh cnMsIHRoZSB0ZXN0IHBhc3NlZC4KKworCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2Nz cy9ib3JkZXItaW1hZ2UtY3Jhc2guaHRtbCBiL0xheW91dFRlc3RzL2Zhc3QvY3NzL2JvcmRlci1p bWFnZS1jcmFzaC5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjBiYmUz NmUKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9ib3JkZXItaW1hZ2Ut Y3Jhc2guaHRtbApAQCAtMCwwICsxLDE2IEBACis8aHRtbD4KKzxoZWFkPgorICAgIDx0aXRsZT48 L3RpdGxlPgorICAgIDxzY3JpcHQ+CisgICAgICAgIGlmICh3aW5kb3cubGF5b3V0VGVzdENvbnRy b2xsZXIpCisgICAgICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7Cisg ICAgPC9zY3JpcHQ+Cis8L2hlYWQ+Cis8Ym9keT4KKyAgICA8cD4KKyAgICAgICAgVGVzdCBmb3Ig Y3Jhc2ggZGlzY292ZXJlZCB3aXRoIC13ZWJraXQtYm9yZGVyLWltYWdlLiAgSWYgdGhpcyB0ZXh0 IGFwcGVhcnMsIHRoZSB0ZXN0IHBhc3NlZC4KKyAgICA8L3A+CisgICAgPHA+CisgICAgICAgIDxk aXYgc3R5bGU9Ii13ZWJraXQtYm9yZGVyLWltYWdlOiB1cmwocmVzb3VyY2VzL2dyZWVuYm94LnBu ZykgMCA3IDAgMTMgLyAwIDcgMCAxMyBzdHJldGNoIHN0cmV0Y2g7IHdpZHRoOjEwMDsgaGVpZ2h0 OjEwMDsiPjwvZGl2PjwvcD4KKzwvYm9keT4KKzwvaHRtbD4KZGlmZiAtLWdpdCBhL1dlYkNvcmUv Q2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggODU1M2Y2Zi4uMTc3N2FhMSAxMDA2 NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNiBAQAorMjAwOC0wMS0xNSAgTWljaGFlbCBHb2RkYXJkICA8bWljaGFlbC5nb2RkYXJk QHRyb2xsdGVjaC5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgV2hpbGUgcGFyc2luZyAtd2Via2l0LWJvcmRlci1pbWFnZSwgc3RvcmUKKyAgICAg ICAgdGhlIGJvcmRlciB3aWR0aHMgaW4gbWVtYmVyIHZhcmlhYmxlcyByYXRoZXIKKyAgICAgICAg dGhhbiBhcyBhbiBPd25QdHIgdG8gdGhlIG1pZGRsZSBvZiBhbiBhcnJheSwKKyAgICAgICAgY2F1 c2luZyBtZW1vcnkgY29ycnVwdGlvbiBhbmQgY3Jhc2hlcy4KKworICAgICAgICBUZXN0OiBmYXN0 L2Nzcy9ib3JkZXItaW1hZ2UtY3Jhc2guaHRtbAorCisgICAgICAgICogY3NzL0NTU1BhcnNlci5j cHA6CisKIDIwMDctMTItMjAgIE1hcmsgUm93ZSAgPG1yb3dlQGFwcGxlLmNvbT4KIAogICAgICAg ICBNZXJnZSByMjgwNTcgdG8gU2FmYXJpLTMtYnJhbmNoLgpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9j c3MvQ1NTUGFyc2VyLmNwcCBiL1dlYkNvcmUvY3NzL0NTU1BhcnNlci5jcHAKaW5kZXggYzY5ZGJh MC4uN2IxOWMxNiAxMDA2NDQKLS0tIGEvV2ViQ29yZS9jc3MvQ1NTUGFyc2VyLmNwcAorKysgYi9X ZWJDb3JlL2Nzcy9DU1NQYXJzZXIuY3BwCkBAIC0yNzMxLDggKzI3MzEsOCBAQCBzdHJ1Y3QgQm9y ZGVySW1hZ2VQYXJzZUNvbnRleHQKIHsKICAgICBCb3JkZXJJbWFnZVBhcnNlQ29udGV4dCgpCiAg ICAgOm1fYWxsb3dCcmVhayhmYWxzZSksIG1fYWxsb3dOdW1iZXIoZmFsc2UpLCBtX2FsbG93U2xh c2goZmFsc2UpLCBtX2FsbG93V2lkdGgoZmFsc2UpLAotICAgICBtX2FsbG93UnVsZShmYWxzZSks IG1faW1hZ2UoMCksIG1fdG9wKDApLCBtX3JpZ2h0KDApLCBtX2JvdHRvbSgwKSwgbV9sZWZ0KDAp LCBtX2JvcmRlclRvcCgwKSwgbV9ib3JkZXJSaWdodCgwKSwgbV9ib3JkZXJCb3R0b20oMCksCi0g ICAgIG1fYm9yZGVyTGVmdCgwKSwgbV9ob3Jpem9udGFsUnVsZSgwKSwgbV92ZXJ0aWNhbFJ1bGUo MCkKKyAgICAgbV9hbGxvd1J1bGUoZmFsc2UpLCBtX2ltYWdlKDApLCBtX3RvcCgwKSwgbV9yaWdo dCgwKSwgbV9ib3R0b20oMCksIG1fbGVmdCgwKSwgbV9ib3JkZXJzUGFyc2VkKDApLAorICAgICBt X2hvcml6b250YWxSdWxlKDApLCBtX3ZlcnRpY2FsUnVsZSgwKQogICAgIHt9CiAgICAgCiAgICAg Ym9vbCBhbGxvd0JyZWFrKCkgY29uc3QgeyByZXR1cm4gbV9hbGxvd0JyZWFrOyB9CkBAIC0yNzYx LDE5ICsyNzYxLDI4IEBAIHN0cnVjdCBCb3JkZXJJbWFnZVBhcnNlQ29udGV4dAogICAgIH0KICAg ICB2b2lkIGNvbW1pdFNsYXNoKCkgeyBtX2FsbG93QnJlYWsgPSBtX2FsbG93U2xhc2ggPSBtX2Fs bG93TnVtYmVyID0gZmFsc2U7IG1fYWxsb3dXaWR0aCA9IHRydWU7IH0KICAgICB2b2lkIGNvbW1p dFdpZHRoKFZhbHVlKiB2YWwpIHsKLSAgICAgICAgaWYgKCFtX2JvcmRlclRvcCkKLSAgICAgICAg ICAgIG1fYm9yZGVyVG9wLnNldCh2YWwpOwotICAgICAgICBlbHNlIGlmICghbV9ib3JkZXJSaWdo dCkKLSAgICAgICAgICAgIG1fYm9yZGVyUmlnaHQuc2V0KHZhbCk7Ci0gICAgICAgIGVsc2UgaWYg KCFtX2JvcmRlckJvdHRvbSkKLSAgICAgICAgICAgIG1fYm9yZGVyQm90dG9tLnNldCh2YWwpOwot ICAgICAgICBlbHNlIHsKLSAgICAgICAgICAgIEFTU0VSVCghbV9ib3JkZXJMZWZ0KTsKLSAgICAg ICAgICAgIG1fYm9yZGVyTGVmdC5zZXQodmFsKTsKKyAgICAgICAgc3dpdGNoKG1fYm9yZGVyc1Bh cnNlZCkgeworICAgICAgICAgICAgY2FzZSAwOgorICAgICAgICAgICAgICAgIG1fYm9yZGVyVG9w ID0gKnZhbDsKKyAgICAgICAgICAgICAgICBicmVhazsKKyAgICAgICAgICAgIGNhc2UgMToKKyAg ICAgICAgICAgICAgICBtX2JvcmRlclJpZ2h0ID0gKnZhbDsKKyAgICAgICAgICAgICAgICBicmVh azsKKyAgICAgICAgICAgIGNhc2UgMjoKKyAgICAgICAgICAgICAgICBtX2JvcmRlckJvdHRvbSA9 ICp2YWw7CisgICAgICAgICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICBjYXNlIDM6CisgICAg ICAgICAgICAgICAgbV9ib3JkZXJMZWZ0ID0gKnZhbDsKKyAgICAgICAgICAgICAgICBicmVhazsK KyAgICAgICAgICAgIGRlZmF1bHQ6CisgICAgICAgICAgICAgICAgQVNTRVJUKG1fYm9yZGVyc1Bh cnNlZCA8IDQpOworICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICB9CiAKKyAgICAgICAg KyttX2JvcmRlcnNQYXJzZWQ7CisKICAgICAgICAgbV9hbGxvd0JyZWFrID0gbV9hbGxvd1J1bGUg PSB0cnVlOwotICAgICAgICBtX2FsbG93V2lkdGggPSAhbV9ib3JkZXJMZWZ0OworICAgICAgICBt X2FsbG93V2lkdGggPSAobV9ib3JkZXJzUGFyc2VkIDwgNCk7CiAgICAgfQogICAgIHZvaWQgY29t bWl0UnVsZShpbnQga2V5d29yZCkgewogICAgICAgICBpZiAoIW1faG9yaXpvbnRhbFJ1bGUpCkBA IC0yODE0LDE1ICsyODIzLDE1IEBAIHN0cnVjdCBCb3JkZXJJbWFnZVBhcnNlQ29udGV4dAogICAg ICAgICAgICAgCiAgICAgICAgIC8vIE5vdyB3ZSBoYXZlIHRvIGRlYWwgd2l0aCB0aGUgYm9yZGVy IHdpZHRocy4gIFRoZSBiZXN0IHdheSB0byBkZWFsIHdpdGggdGhlc2UgaXMgdG8gYWN0dWFsbHkg cHV0IHRoZXNlIHZhbHVlcyBpbnRvIGEgdmFsdWUKICAgICAgICAgLy8gbGlzdCBhbmQgdGhlbiBt YWtlIG91ciBwYXJzaW5nIG1hY2hpbmVyeSBkbyB0aGUgcGFyc2luZy4KLSAgICAgICAgaWYgKG1f Ym9yZGVyVG9wKSB7CisgICAgICAgIGlmIChtX2JvcmRlcnNQYXJzZWQgPiAwKSB7CiAgICAgICAg ICAgICBWYWx1ZUxpc3QgbmV3TGlzdDsKLSAgICAgICAgICAgIG5ld0xpc3QuYWRkVmFsdWUoKm1f Ym9yZGVyVG9wKTsKLSAgICAgICAgICAgIGlmIChtX2JvcmRlclJpZ2h0KQotICAgICAgICAgICAg ICAgIG5ld0xpc3QuYWRkVmFsdWUoKm1fYm9yZGVyUmlnaHQpOwotICAgICAgICAgICAgaWYgKG1f Ym9yZGVyQm90dG9tKQotICAgICAgICAgICAgICAgIG5ld0xpc3QuYWRkVmFsdWUoKm1fYm9yZGVy Qm90dG9tKTsKLSAgICAgICAgICAgIGlmIChtX2JvcmRlckxlZnQpCi0gICAgICAgICAgICAgICAg bmV3TGlzdC5hZGRWYWx1ZSgqbV9ib3JkZXJMZWZ0KTsKKyAgICAgICAgICAgIG5ld0xpc3QuYWRk VmFsdWUobV9ib3JkZXJUb3ApOworICAgICAgICAgICAgaWYgKG1fYm9yZGVyc1BhcnNlZCA+IDEp CisgICAgICAgICAgICAgICAgbmV3TGlzdC5hZGRWYWx1ZShtX2JvcmRlclJpZ2h0KTsKKyAgICAg ICAgICAgIGlmIChtX2JvcmRlcnNQYXJzZWQgPiAyKQorICAgICAgICAgICAgICAgIG5ld0xpc3Qu YWRkVmFsdWUobV9ib3JkZXJCb3R0b20pOworICAgICAgICAgICAgaWYgKG1fYm9yZGVyc1BhcnNl ZCA+IDMpCisgICAgICAgICAgICAgICAgbmV3TGlzdC5hZGRWYWx1ZShtX2JvcmRlckxlZnQpOwog ICAgICAgICAgICAgcC0+dmFsdWVMaXN0ID0gJm5ld0xpc3Q7CiAgICAgICAgICAgICBwLT5wYXJz ZVZhbHVlKENTU19QUk9QX0JPUkRFUl9XSURUSCwgaW1wb3J0YW50KTsKICAgICAgICAgICAgIHAt PnZhbHVlTGlzdCA9IDA7CkBAIC0yODQyLDEwICsyODUxLDExIEBAIHN0cnVjdCBCb3JkZXJJbWFn ZVBhcnNlQ29udGV4dAogICAgIFJlZlB0cjxDU1NQcmltaXRpdmVWYWx1ZT4gbV9ib3R0b207CiAg ICAgUmVmUHRyPENTU1ByaW1pdGl2ZVZhbHVlPiBtX2xlZnQ7CiAgICAgCi0gICAgT3duUHRyPFZh bHVlPiBtX2JvcmRlclRvcDsKLSAgICBPd25QdHI8VmFsdWU+IG1fYm9yZGVyUmlnaHQ7Ci0gICAg T3duUHRyPFZhbHVlPiBtX2JvcmRlckJvdHRvbTsKLSAgICBPd25QdHI8VmFsdWU+IG1fYm9yZGVy TGVmdDsKKyAgICBpbnQgbV9ib3JkZXJzUGFyc2VkOworICAgIFZhbHVlIG1fYm9yZGVyVG9wOwor ICAgIFZhbHVlIG1fYm9yZGVyUmlnaHQ7CisgICAgVmFsdWUgbV9ib3JkZXJCb3R0b207CisgICAg VmFsdWUgbV9ib3JkZXJMZWZ0OwogICAgIAogICAgIGludCBtX2hvcml6b250YWxSdWxlOwogICAg IGludCBtX3ZlcnRpY2FsUnVsZTsK 18516 2008-01-17 15:54:47 -0800 2008-01-22 08:37:01 -0800 Use naked pointers rather than OwnPtrs since the source pointers are in the middle of an array border-image-crash3.patch text/plain 3454 michael.goddard ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCAyMTkxYWQzLi4yYTQyNDhjIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTIgQEAKKzIwMDgtMDEt MTUgIE1pY2hhZWwgR29kZGFyZCAgPG1pY2hhZWwuZ29kZGFyZEB0cm9sbHRlY2guY29tPgorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFkZCBhIHRlc3Qg Zm9yIGEgY3Jhc2ggZW5jb3VudGVyZWQgd2l0aCAtd2Via2l0LWJvcmRlci1pbWFnZS4KKworICAg ICAgICAqIGZhc3QvY3NzL2JvcmRlci1pbWFnZS1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgor ICAgICAgICAqIGZhc3QvY3NzL2JvcmRlci1pbWFnZS1jcmFzaC5odG1sOiBBZGRlZC4KKwogMjAw OC0wMS0wMiAgTWFyayBSb3dlICA8bXJvd2VAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2Vk IGJ5IFNhbSBXZWluaWcuCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9ib3JkZXIt aW1hZ2UtY3Jhc2gtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvZmFzdC9jc3MvYm9yZGVyLWlt YWdlLWNyYXNoLWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAw Li44MjQ5NTg2Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFzdC9jc3MvYm9yZGVy LWltYWdlLWNyYXNoLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxLDMgQEAKK1Rlc3QgZm9yIGNyYXNo IGRpc2NvdmVyZWQgd2l0aCAtd2Via2l0LWJvcmRlci1pbWFnZS4gSWYgdGhpcyB0ZXh0IGFwcGVh cnMsIHRoZSB0ZXN0IHBhc3NlZC4KKworCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2Nz cy9ib3JkZXItaW1hZ2UtY3Jhc2guaHRtbCBiL0xheW91dFRlc3RzL2Zhc3QvY3NzL2JvcmRlci1p bWFnZS1jcmFzaC5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLjBiYmUz NmUKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9mYXN0L2Nzcy9ib3JkZXItaW1hZ2Ut Y3Jhc2guaHRtbApAQCAtMCwwICsxLDE2IEBACis8aHRtbD4KKzxoZWFkPgorICAgIDx0aXRsZT48 L3RpdGxlPgorICAgIDxzY3JpcHQ+CisgICAgICAgIGlmICh3aW5kb3cubGF5b3V0VGVzdENvbnRy b2xsZXIpCisgICAgICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7Cisg ICAgPC9zY3JpcHQ+Cis8L2hlYWQ+Cis8Ym9keT4KKyAgICA8cD4KKyAgICAgICAgVGVzdCBmb3Ig Y3Jhc2ggZGlzY292ZXJlZCB3aXRoIC13ZWJraXQtYm9yZGVyLWltYWdlLiAgSWYgdGhpcyB0ZXh0 IGFwcGVhcnMsIHRoZSB0ZXN0IHBhc3NlZC4KKyAgICA8L3A+CisgICAgPHA+CisgICAgICAgIDxk aXYgc3R5bGU9Ii13ZWJraXQtYm9yZGVyLWltYWdlOiB1cmwocmVzb3VyY2VzL2dyZWVuYm94LnBu ZykgMCA3IDAgMTMgLyAwIDcgMCAxMyBzdHJldGNoIHN0cmV0Y2g7IHdpZHRoOjEwMDsgaGVpZ2h0 OjEwMDsiPjwvZGl2PjwvcD4KKzwvYm9keT4KKzwvaHRtbD4KZGlmZiAtLWdpdCBhL1dlYkNvcmUv Q2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggODU1M2Y2Zi4uYmI1MzU2ZiAxMDA2 NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEs MyArMSwxNiBAQAorMjAwOC0wMS0xNSAgTWljaGFlbCBHb2RkYXJkICA8bWljaGFlbC5nb2RkYXJk QHRyb2xsdGVjaC5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgV2hpbGUgcGFyc2luZyAtd2Via2l0LWJvcmRlci1pbWFnZSwgc3RvcmUKKyAgICAg ICAgdGhlIGJvcmRlciB3aWR0aHMgYXMgbmFrZWQgcG9pbnRlcnMgcmF0aGVyCisgICAgICAgIHRo YW4gYXMgT3duUHRycywgc2luY2UgdGhleSBwb2ludCB0byB0aGUKKyAgICAgICAgbWlkZGxlIG9m IGFuIGFycmF5LgorCisgICAgICAgIFRlc3Q6IGZhc3QvY3NzL2JvcmRlci1pbWFnZS1jcmFzaC5o dG1sCisKKyAgICAgICAgKiBjc3MvQ1NTUGFyc2VyLmNwcDoKKwogMjAwNy0xMi0yMCAgTWFyayBS b3dlICA8bXJvd2VAYXBwbGUuY29tPgogCiAgICAgICAgIE1lcmdlIHIyODA1NyB0byBTYWZhcmkt My1icmFuY2guCmRpZmYgLS1naXQgYS9XZWJDb3JlL2Nzcy9DU1NQYXJzZXIuY3BwIGIvV2ViQ29y ZS9jc3MvQ1NTUGFyc2VyLmNwcAppbmRleCBjNjlkYmEwLi43YmEzYzhiIDEwMDY0NAotLS0gYS9X ZWJDb3JlL2Nzcy9DU1NQYXJzZXIuY3BwCisrKyBiL1dlYkNvcmUvY3NzL0NTU1BhcnNlci5jcHAK QEAgLTI3NjIsMTQgKzI3NjIsMTQgQEAgc3RydWN0IEJvcmRlckltYWdlUGFyc2VDb250ZXh0CiAg ICAgdm9pZCBjb21taXRTbGFzaCgpIHsgbV9hbGxvd0JyZWFrID0gbV9hbGxvd1NsYXNoID0gbV9h bGxvd051bWJlciA9IGZhbHNlOyBtX2FsbG93V2lkdGggPSB0cnVlOyB9CiAgICAgdm9pZCBjb21t aXRXaWR0aChWYWx1ZSogdmFsKSB7CiAgICAgICAgIGlmICghbV9ib3JkZXJUb3ApCi0gICAgICAg ICAgICBtX2JvcmRlclRvcC5zZXQodmFsKTsKKyAgICAgICAgICAgIG1fYm9yZGVyVG9wID0gdmFs OwogICAgICAgICBlbHNlIGlmICghbV9ib3JkZXJSaWdodCkKLSAgICAgICAgICAgIG1fYm9yZGVy UmlnaHQuc2V0KHZhbCk7CisgICAgICAgICAgICBtX2JvcmRlclJpZ2h0ID0gdmFsOwogICAgICAg ICBlbHNlIGlmICghbV9ib3JkZXJCb3R0b20pCi0gICAgICAgICAgICBtX2JvcmRlckJvdHRvbS5z ZXQodmFsKTsKKyAgICAgICAgICAgIG1fYm9yZGVyQm90dG9tID0gdmFsOwogICAgICAgICBlbHNl IHsKICAgICAgICAgICAgIEFTU0VSVCghbV9ib3JkZXJMZWZ0KTsKLSAgICAgICAgICAgIG1fYm9y ZGVyTGVmdC5zZXQodmFsKTsKKyAgICAgICAgICAgIG1fYm9yZGVyTGVmdCA9IHZhbDsKICAgICAg ICAgfQogCiAgICAgICAgIG1fYWxsb3dCcmVhayA9IG1fYWxsb3dSdWxlID0gdHJ1ZTsKQEAgLTI4 NDIsMTAgKzI4NDIsMTAgQEAgc3RydWN0IEJvcmRlckltYWdlUGFyc2VDb250ZXh0CiAgICAgUmVm UHRyPENTU1ByaW1pdGl2ZVZhbHVlPiBtX2JvdHRvbTsKICAgICBSZWZQdHI8Q1NTUHJpbWl0aXZl VmFsdWU+IG1fbGVmdDsKICAgICAKLSAgICBPd25QdHI8VmFsdWU+IG1fYm9yZGVyVG9wOwotICAg IE93blB0cjxWYWx1ZT4gbV9ib3JkZXJSaWdodDsKLSAgICBPd25QdHI8VmFsdWU+IG1fYm9yZGVy Qm90dG9tOwotICAgIE93blB0cjxWYWx1ZT4gbV9ib3JkZXJMZWZ0OworICAgIFZhbHVlKiBtX2Jv cmRlclRvcDsKKyAgICBWYWx1ZSogbV9ib3JkZXJSaWdodDsKKyAgICBWYWx1ZSogbV9ib3JkZXJC b3R0b207CisgICAgVmFsdWUqIG1fYm9yZGVyTGVmdDsKICAgICAKICAgICBpbnQgbV9ob3Jpem9u dGFsUnVsZTsKICAgICBpbnQgbV92ZXJ0aWNhbFJ1bGU7Cg==