182006 2018-01-23 12:55:40 -0800 Use precise index masking for FTL GetByArgumentByVal 2018-02-01 20:56:40 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build All All RESOLVED FIXED InRadar P2 Normal --- 182419 1 fpizlo fpizlo ews-watchlist keith_miller mark.lam msaboff saam webkit-bug-importer oldest_to_newest 1392216 0 fpizlo 2018-01-23 12:55:40 -0800 rdar://problem/36286370 1392250 1 332074 fpizlo 2018-01-23 14:21:51 -0800 Created attachment 332074 the patch 1392251 2 webkit-bug-importer 2018-01-23 14:22:13 -0800 <rdar://problem/36793736> 1392262 3 mark.lam 2018-01-23 14:33:30 -0800 <rdar://problem/36286370> 1392298 4 332074 keith_miller 2018-01-23 15:28:10 -0800 Comment on attachment 332074 the patch View in context: https://bugs.webkit.org/attachment.cgi?id=332074&action=review r=me with comments. > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:3987 > + LValue limit = m_out.sub(originalLimit, m_out.int32One); Nit: I would make this LValue thisSize = m_out.int32One; LValue limit = m_out.sub(originalLimit, thisSize); I feel like I'll forget that the -1 is for this. > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:4009 > + index = m_out.add(index, m_out.constInt32(1)); Nit: m_out.constInt32(1) => m_out.int32One. Also, ditto on the thisSize. > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:4017 > + index = m_out.bitAnd( > + index, > + m_out.aShr( > + m_out.sub( > + index, > + m_out.opaque(originalLimit)), > + m_out.constInt32(31))); Nit: I would do this math on 64-bit values. That avoids people passing very large 32-bit indices and causes issues here. E.g. arguments[UINT_MAX - epsilon] would produce a non-zero mask. 1392299 5 fpizlo 2018-01-23 15:29:38 -0800 (In reply to Keith Miller from comment #4) > Comment on attachment 332074 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=332074&action=review > > r=me with comments. > > > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:3987 > > + LValue limit = m_out.sub(originalLimit, m_out.int32One); > > Nit: I would make this > > LValue thisSize = m_out.int32One; > LValue limit = m_out.sub(originalLimit, thisSize); > > I feel like I'll forget that the -1 is for this. > > > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:4009 > > + index = m_out.add(index, m_out.constInt32(1)); > > Nit: m_out.constInt32(1) => m_out.int32One. Oops. Fixed. > > Also, ditto on the thisSize. > > > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:4017 > > + index = m_out.bitAnd( > > + index, > > + m_out.aShr( > > + m_out.sub( > > + index, > > + m_out.opaque(originalLimit)), > > + m_out.constInt32(31))); > > Nit: I would do this math on 64-bit values. That avoids people passing very > large 32-bit indices and causes issues here. > > E.g. arguments[UINT_MAX - epsilon] would produce a non-zero mask. Good call. I'll try that. 1392337 6 fpizlo 2018-01-23 16:40:44 -0800 Landed in https://trac.webkit.org/changeset/227462/webkit 1395638 7 332074 saam 2018-02-01 14:39:50 -0800 Comment on attachment 332074 the patch View in context: https://bugs.webkit.org/attachment.cgi?id=332074&action=review > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:3990 > + if (m_node->numberOfArgumentsToSkip()) > + limit = m_out.sub(limit, m_out.constInt32(m_node->numberOfArgumentsToSkip())); How did this fix an overflow situation? It introduced an overflow situation. Both limit and numberOfArugmnetsToSkip are user controlled. For example: ``` function foo(a, b, ...args) { return args[0]; } foo(10); ``` here, limit = 0 argsToSkip = 2 limit - argsToSkip = bad time 1395640 8 saam 2018-02-01 14:54:25 -0800 (In reply to Saam Barati from comment #7) > Comment on attachment 332074 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=332074&action=review > > > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:3990 > > + if (m_node->numberOfArgumentsToSkip()) > > + limit = m_out.sub(limit, m_out.constInt32(m_node->numberOfArgumentsToSkip())); > > How did this fix an overflow situation? It introduced an overflow situation. > Both limit and numberOfArugmnetsToSkip are user controlled. For example: > > ``` > function foo(a, b, ...args) { > return args[0]; > } > foo(10); > ``` > > here, > limit = 0 > argsToSkip = 2 > limit - argsToSkip = bad time What we need here is to go back to the old code, but to perform an overflow check on the original add. Or we need to do some branch before this sub. Either would work. 1395743 9 mark.lam 2018-02-01 20:55:45 -0800 (In reply to Saam Barati from comment #8) > > here, > > limit = 0 > > argsToSkip = 2 > > limit - argsToSkip = bad time > > What we need here is to go back to the old code, but to perform an overflow > check on the original add. Or we need to do some branch before this sub. > Either would work. We're fixing this in https://bugs.webkit.org/show_bug.cgi?id=182419. 332074 2018-01-23 14:21:51 -0800 2018-01-23 15:28:10 -0800 the patch blah.patch text/plain 7660 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjI3NDQzKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI3IEBA CisyMDE4LTAxLTIzICBGaWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CisKKyAgICAgICAg VXNlIHByZWNpc2UgaW5kZXggbWFza2luZyBmb3IgRlRMIEdldEJ5QXJndW1lbnRCeVZhbAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTgyMDA2CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisgICAgICAgIAorICAgICAgICBUaGlz IHByb3RlY3RzIHNwZWN1bGF0aXZlIG91dC1vZi1ib3VuZHMgb24gYXJndW1lbnRzW2luZGV4XS4K KyAgICAgICAgCisgICAgICAgIE1ha2luZyB0aGlzIHdvcmsgcmlnaHQgaW52b2x2ZWQgZml4aW5n IGEgcG9zc2libGUgb3ZlcmZsb3cgc2l0dWF0aW9uIHdpdGgKKyAgICAgICAgbnVtYmVyT2ZBcmd1 bWVudHNUb1NraXAuCisKKyAgICAgICAgKiBkZmcvREZHQnl0ZUNvZGVQYXJzZXIuY3BwOgorICAg ICAgICAoSlNDOjpERkc6OkJ5dGVDb2RlUGFyc2VyOjpmaW5kQXJndW1lbnRQb3NpdGlvbkZvckxv Y2FsKToKKyAgICAgICAgKiBkZmcvREZHR3JhcGguY3BwOgorICAgICAgICAoSlNDOjpERkc6Okdy YXBoOjpkdW1wKToKKyAgICAgICAgKiBkZmcvREZHTm9kZS5oOgorICAgICAgICAoSlNDOjpERkc6 Ok5vZGU6Omhhc051bWJlck9mQXJndW1lbnRzVG9Ta2lwKToKKyAgICAgICAgKEpTQzo6REZHOjpO b2RlOjpudW1iZXJPZkFyZ3VtZW50c1RvU2tpcCk6CisgICAgICAgICogZGZnL0RGR1N0YWNrTGF5 b3V0UGhhc2UuY3BwOgorICAgICAgICAoSlNDOjpERkc6OlN0YWNrTGF5b3V0UGhhc2U6OnJ1bik6 CisgICAgICAgICogZnRsL0ZUTExvd2VyREZHVG9CMy5jcHA6CisgICAgICAgIChKU0M6OkZUTDo6 REZHOjpMb3dlckRGR1RvQjM6OmNvbXBpbGVHZXRNeUFyZ3VtZW50QnlWYWwpOgorCiAyMDE4LTAx LTIzICBSb2JpbiBNb3Jpc3NldCAgPHJtb3Jpc3NldEBhcHBsZS5jb20+CiAKICAgICAgICAgUm9s bG91dCByMjE5NjM2CkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR0J5dGVDb2Rl UGFyc2VyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR0J5 dGVDb2RlUGFyc2VyLmNwcAkocmV2aXNpb24gMjI3NDMxKQorKysgU291cmNlL0phdmFTY3JpcHRD b3JlL2RmZy9ERkdCeXRlQ29kZVBhcnNlci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTUwMiw4ICs1 MDIsNiBAQCBwcml2YXRlOgogICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICAgICAgaWYg KG9wZXJhbmQub2Zmc2V0KCkgPCBzdGF0aWNfY2FzdDxpbnQ+KGlubGluZUNhbGxGcmFtZS0+c3Rh Y2tPZmZzZXQgKyBDYWxsRnJhbWU6OmhlYWRlclNpemVJblJlZ2lzdGVycykpCiAgICAgICAgICAg ICAgICAgY29udGludWU7Ci0gICAgICAgICAgICBpZiAob3BlcmFuZC5vZmZzZXQoKSA9PSBpbmxp bmVDYWxsRnJhbWUtPnN0YWNrT2Zmc2V0ICsgQ2FsbEZyYW1lOjp0aGlzQXJndW1lbnRPZmZzZXQo KSkKLSAgICAgICAgICAgICAgICBjb250aW51ZTsKICAgICAgICAgICAgIGlmIChvcGVyYW5kLm9m ZnNldCgpID49IHN0YXRpY19jYXN0PGludD4oaW5saW5lQ2FsbEZyYW1lLT5zdGFja09mZnNldCAr IENhbGxGcmFtZTo6dGhpc0FyZ3VtZW50T2Zmc2V0KCkgKyBpbmxpbmVDYWxsRnJhbWUtPmFyZ3Vt ZW50c1dpdGhGaXh1cC5zaXplKCkpKQogICAgICAgICAgICAgICAgIGNvbnRpbnVlOwogICAgICAg ICAgICAgaW50IGFyZ3VtZW50ID0gVmlydHVhbFJlZ2lzdGVyKG9wZXJhbmQub2Zmc2V0KCkgLSBp bmxpbmVDYWxsRnJhbWUtPnN0YWNrT2Zmc2V0KS50b0FyZ3VtZW50KCk7CkluZGV4OiBTb3VyY2Uv SmF2YVNjcmlwdENvcmUvZGZnL0RGR0dyYXBoLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2 YVNjcmlwdENvcmUvZGZnL0RGR0dyYXBoLmNwcAkocmV2aXNpb24gMjI3NDI0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL2RmZy9ERkdHcmFwaC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTIxNyw2 ICsyMTcsOCBAQCB2b2lkIEdyYXBoOjpkdW1wKFByaW50U3RyZWFtJiBvdXQsIGNvbnN0CiAgICAg ICAgIG91dC5wcmludChjb21tYSwgTm9kZUZsYWdzRHVtcChub2RlLT5mbGFncygpKSk7CiAgICAg aWYgKG5vZGUtPnByZWRpY3Rpb24oKSkKICAgICAgICAgb3V0LnByaW50KGNvbW1hLCBTcGVjdWxh dGlvbkR1bXAobm9kZS0+cHJlZGljdGlvbigpKSk7CisgICAgaWYgKG5vZGUtPmhhc051bWJlck9m QXJndW1lbnRzVG9Ta2lwKCkpCisgICAgICAgIG91dC5wcmludChjb21tYSwgIm51bWJlck9mQXJn dW1lbnRzVG9Ta2lwID0gIiwgbm9kZS0+bnVtYmVyT2ZBcmd1bWVudHNUb1NraXAoKSk7CiAgICAg aWYgKG5vZGUtPmhhc0FycmF5TW9kZSgpKQogICAgICAgICBvdXQucHJpbnQoY29tbWEsIG5vZGUt PmFycmF5TW9kZSgpKTsKICAgICBpZiAobm9kZS0+aGFzQXJpdGhVbmFyeVR5cGUoKSkKSW5kZXg6 IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHTm9kZS5oCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJj ZS9KYXZhU2NyaXB0Q29yZS9kZmcvREZHTm9kZS5oCShyZXZpc2lvbiAyMjc0MjQpCisrKyBTb3Vy Y2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR05vZGUuaAkod29ya2luZyBjb3B5KQpAQCAtMjY0MCwx MCArMjY0MCwxNSBAQCBwdWJsaWM6CiAgICAgewogICAgICAgICBtX21pc2MuZXBvY2ggPSBlcG9j aC50b1Vuc2lnbmVkKCk7CiAgICAgfQorICAgIAorICAgIGJvb2wgaGFzTnVtYmVyT2ZBcmd1bWVu dHNUb1NraXAoKQorICAgIHsKKyAgICAgICAgcmV0dXJuIG9wKCkgPT0gQ3JlYXRlUmVzdCB8fCBv cCgpID09IFBoYW50b21DcmVhdGVSZXN0IHx8IG9wKCkgPT0gR2V0UmVzdExlbmd0aCB8fCBvcCgp ID09IEdldE15QXJndW1lbnRCeVZhbCB8fCBvcCgpID09IEdldE15QXJndW1lbnRCeVZhbE91dE9m Qm91bmRzOworICAgIH0KIAogICAgIHVuc2lnbmVkIG51bWJlck9mQXJndW1lbnRzVG9Ta2lwKCkK ICAgICB7Ci0gICAgICAgIEFTU0VSVChvcCgpID09IENyZWF0ZVJlc3QgfHwgb3AoKSA9PSBQaGFu dG9tQ3JlYXRlUmVzdCB8fCBvcCgpID09IEdldFJlc3RMZW5ndGggfHwgb3AoKSA9PSBHZXRNeUFy Z3VtZW50QnlWYWwgfHwgb3AoKSA9PSBHZXRNeUFyZ3VtZW50QnlWYWxPdXRPZkJvdW5kcyk7Cisg ICAgICAgIEFTU0VSVChoYXNOdW1iZXJPZkFyZ3VtZW50c1RvU2tpcCgpKTsKICAgICAgICAgcmV0 dXJuIG1fb3BJbmZvLmFzPHVuc2lnbmVkPigpOwogICAgIH0KIApJbmRleDogU291cmNlL0phdmFT Y3JpcHRDb3JlL2RmZy9ERkdTdGFja0xheW91dFBoYXNlLmNwcAo9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3Vy Y2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR1N0YWNrTGF5b3V0UGhhc2UuY3BwCShyZXZpc2lvbiAy Mjc0MjQpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZGZnL0RGR1N0YWNrTGF5b3V0UGhhc2Uu Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xMTIsNyArMTEyLDcgQEAgcHVibGljOgogICAgICAgICAg ICAgICAgICAgICBDYWxsRnJhbWVTbG90Ojphcmd1bWVudENvdW50ICsgaW5saW5lQ2FsbEZyYW1l LT5zdGFja09mZnNldCkudG9Mb2NhbCgpKTsKICAgICAgICAgICAgIH0KICAgICAgICAgICAgIAot ICAgICAgICAgICAgZm9yICh1bnNpZ25lZCBhcmd1bWVudCA9IGlubGluZUNhbGxGcmFtZS0+YXJn dW1lbnRzV2l0aEZpeHVwLnNpemUoKTsgYXJndW1lbnQtLSA+IDE7KSB7CisgICAgICAgICAgICBm b3IgKHVuc2lnbmVkIGFyZ3VtZW50ID0gaW5saW5lQ2FsbEZyYW1lLT5hcmd1bWVudHNXaXRoRml4 dXAuc2l6ZSgpOyBhcmd1bWVudC0tOykgewogICAgICAgICAgICAgICAgIHVzZWRMb2NhbHMuc2V0 KFZpcnR1YWxSZWdpc3RlcigKICAgICAgICAgICAgICAgICAgICAgdmlydHVhbFJlZ2lzdGVyRm9y QXJndW1lbnQoYXJndW1lbnQpLm9mZnNldCgpICsKICAgICAgICAgICAgICAgICAgICAgaW5saW5l Q2FsbEZyYW1lLT5zdGFja09mZnNldCkudG9Mb2NhbCgpKTsKQEAgLTE3OCw3ICsxNzgsNyBAQCBw dWJsaWM6CiAgICAgICAgICAgICAgICAgICAgIGFsbG9jYXRpb24sIFZpcnR1YWxSZWdpc3Rlcihp bmxpbmVDYWxsRnJhbWUtPnN0YWNrT2Zmc2V0ICsgQ2FsbEZyYW1lU2xvdDo6YXJndW1lbnRDb3Vu dCkpOwogICAgICAgICAgICAgfQogICAgICAgICAgICAgCi0gICAgICAgICAgICBmb3IgKHVuc2ln bmVkIGFyZ3VtZW50ID0gaW5saW5lQ2FsbEZyYW1lLT5hcmd1bWVudHNXaXRoRml4dXAuc2l6ZSgp OyBhcmd1bWVudC0tID4gMTspIHsKKyAgICAgICAgICAgIGZvciAodW5zaWduZWQgYXJndW1lbnQg PSBpbmxpbmVDYWxsRnJhbWUtPmFyZ3VtZW50c1dpdGhGaXh1cC5zaXplKCk7IGFyZ3VtZW50LS07 KSB7CiAgICAgICAgICAgICAgICAgQXJndW1lbnRQb3NpdGlvbiYgcG9zaXRpb24gPSBtX2dyYXBo Lm1fYXJndW1lbnRQb3NpdGlvbnNbCiAgICAgICAgICAgICAgICAgICAgIGRhdGEuYXJndW1lbnRQ b3NpdGlvblN0YXJ0ICsgYXJndW1lbnRdOwogICAgICAgICAgICAgICAgIFZhcmlhYmxlQWNjZXNz RGF0YSogdmFyaWFibGUgPSBwb3NpdGlvbi5zb21lVmFyaWFibGUoKTsKSW5kZXg6IFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9mdGwvRlRMTG93ZXJERkdUb0IzLmNwcAo9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3Vy Y2UvSmF2YVNjcmlwdENvcmUvZnRsL0ZUTExvd2VyREZHVG9CMy5jcHAJKHJldmlzaW9uIDIyNzQy NCkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMTG93ZXJERkdUb0IzLmNwcAkod29y a2luZyBjb3B5KQpAQCAtMzk3NSwxNyArMzk3NSwyMCBAQCBwcml2YXRlOgogICAgICAgICBJbmxp bmVDYWxsRnJhbWUqIGlubGluZUNhbGxGcmFtZSA9IG1fbm9kZS0+Y2hpbGQxKCktPm9yaWdpbi5z ZW1hbnRpYy5pbmxpbmVDYWxsRnJhbWU7CiAgICAgICAgIAogICAgICAgICBMVmFsdWUgaW5kZXgg PSBsb3dJbnQzMihtX25vZGUtPmNoaWxkMigpKTsKLSAgICAgICAgaWYgKG1fbm9kZS0+bnVtYmVy T2ZBcmd1bWVudHNUb1NraXAoKSkKLSAgICAgICAgICAgIGluZGV4ID0gbV9vdXQuYWRkKGluZGV4 LCBtX291dC5jb25zdEludDMyKG1fbm9kZS0+bnVtYmVyT2ZBcmd1bWVudHNUb1NraXAoKSkpOwog ICAgICAgICAKLSAgICAgICAgTFZhbHVlIGxpbWl0OworICAgICAgICBMVmFsdWUgb3JpZ2luYWxM aW1pdDsKICAgICAgICAgaWYgKGlubGluZUNhbGxGcmFtZSAmJiAhaW5saW5lQ2FsbEZyYW1lLT5p c1ZhcmFyZ3MoKSkKLSAgICAgICAgICAgIGxpbWl0ID0gbV9vdXQuY29uc3RJbnQzMihpbmxpbmVD YWxsRnJhbWUtPmFyZ3VtZW50Q291bnRJbmNsdWRpbmdUaGlzIC0gMSk7CisgICAgICAgICAgICBv cmlnaW5hbExpbWl0ID0gbV9vdXQuY29uc3RJbnQzMihpbmxpbmVDYWxsRnJhbWUtPmFyZ3VtZW50 Q291bnRJbmNsdWRpbmdUaGlzKTsKICAgICAgICAgZWxzZSB7CiAgICAgICAgICAgICBWaXJ0dWFs UmVnaXN0ZXIgYXJndW1lbnRDb3VudFJlZ2lzdGVyID0gQXNzZW1ibHlIZWxwZXJzOjphcmd1bWVu dENvdW50KGlubGluZUNhbGxGcmFtZSk7Ci0gICAgICAgICAgICBsaW1pdCA9IG1fb3V0LnN1Yiht X291dC5sb2FkMzIocGF5bG9hZEZvcihhcmd1bWVudENvdW50UmVnaXN0ZXIpKSwgbV9vdXQuaW50 MzJPbmUpOworICAgICAgICAgICAgb3JpZ2luYWxMaW1pdCA9IG1fb3V0LmxvYWQzMihwYXlsb2Fk Rm9yKGFyZ3VtZW50Q291bnRSZWdpc3RlcikpOwogICAgICAgICB9CiAgICAgICAgIAorICAgICAg ICBMVmFsdWUgbGltaXQgPSBtX291dC5zdWIob3JpZ2luYWxMaW1pdCwgbV9vdXQuaW50MzJPbmUp OworICAgICAgICAKKyAgICAgICAgaWYgKG1fbm9kZS0+bnVtYmVyT2ZBcmd1bWVudHNUb1NraXAo KSkKKyAgICAgICAgICAgIGxpbWl0ID0gbV9vdXQuc3ViKGxpbWl0LCBtX291dC5jb25zdEludDMy KG1fbm9kZS0+bnVtYmVyT2ZBcmd1bWVudHNUb1NraXAoKSkpOworICAgICAgICAKICAgICAgICAg TFZhbHVlIGlzT3V0T2ZCb3VuZHMgPSBtX291dC5hYm92ZU9yRXF1YWwoaW5kZXgsIGxpbWl0KTsK ICAgICAgICAgTEJhc2ljQmxvY2sgY29udGludWF0aW9uID0gbnVsbHB0cjsKICAgICAgICAgTEJh c2ljQmxvY2sgbGFzdE5leHQgPSBudWxscHRyOwpAQCAtNDAwMSwxMiArNDAwNCwyNCBAQCBwcml2 YXRlOgogICAgICAgICB9IGVsc2UKICAgICAgICAgICAgIHNwZWN1bGF0ZShPdXRPZkJvdW5kcywg bm9WYWx1ZSgpLCAwLCBpc091dE9mQm91bmRzKTsKICAgICAgICAgCisgICAgICAgIGlmIChtX25v ZGUtPm51bWJlck9mQXJndW1lbnRzVG9Ta2lwKCkpCisgICAgICAgICAgICBpbmRleCA9IG1fb3V0 LmFkZChpbmRleCwgbV9vdXQuY29uc3RJbnQzMihtX25vZGUtPm51bWJlck9mQXJndW1lbnRzVG9T a2lwKCkpKTsKKyAgICAgICAgaW5kZXggPSBtX291dC5hZGQoaW5kZXgsIG1fb3V0LmNvbnN0SW50 MzIoMSkpOworICAgICAgICAKKyAgICAgICAgaW5kZXggPSBtX291dC5iaXRBbmQoCisgICAgICAg ICAgICBpbmRleCwKKyAgICAgICAgICAgIG1fb3V0LmFTaHIoCisgICAgICAgICAgICAgICAgbV9v dXQuc3ViKAorICAgICAgICAgICAgICAgICAgICBpbmRleCwKKyAgICAgICAgICAgICAgICAgICAg bV9vdXQub3BhcXVlKG9yaWdpbmFsTGltaXQpKSwKKyAgICAgICAgICAgICAgICBtX291dC5jb25z dEludDMyKDMxKSkpOworICAgICAgICAKICAgICAgICAgVHlwZWRQb2ludGVyIGJhc2U7CiAgICAg ICAgIGlmIChpbmxpbmVDYWxsRnJhbWUpIHsKICAgICAgICAgICAgIGlmIChpbmxpbmVDYWxsRnJh bWUtPmFyZ3VtZW50Q291bnRJbmNsdWRpbmdUaGlzID4gMSkKLSAgICAgICAgICAgICAgICBiYXNl ID0gYWRkcmVzc0ZvcihpbmxpbmVDYWxsRnJhbWUtPmFyZ3VtZW50c1dpdGhGaXh1cFsxXS52aXJ0 dWFsUmVnaXN0ZXIoKSk7CisgICAgICAgICAgICAgICAgYmFzZSA9IGFkZHJlc3NGb3IoaW5saW5l Q2FsbEZyYW1lLT5hcmd1bWVudHNXaXRoRml4dXBbMF0udmlydHVhbFJlZ2lzdGVyKCkpOwogICAg ICAgICB9IGVsc2UKLSAgICAgICAgICAgIGJhc2UgPSBhZGRyZXNzRm9yKHZpcnR1YWxSZWdpc3Rl ckZvckFyZ3VtZW50KDEpKTsKKyAgICAgICAgICAgIGJhc2UgPSBhZGRyZXNzRm9yKHZpcnR1YWxS ZWdpc3RlckZvckFyZ3VtZW50KDApKTsKICAgICAgICAgCiAgICAgICAgIExWYWx1ZSByZXN1bHQ7 CiAgICAgICAgIGlmIChiYXNlKSB7Cg==