182419 2018-02-01 20:42:32 -0800 Fix broken bounds check in FTL's compileGetMyArgumentByVal(). 2018-02-01 23:31:02 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 182006 1 mark.lam mark.lam fpizlo jfbastien keith_miller msaboff rmorisset saam webkit-bug-importer oldest_to_newest 1395737 0 mark.lam 2018-02-01 20:42:32 -0800 In compileGetMyArgumentByVal(), it computes: limit = m_out.sub(limit, m_out.constInt32(m_node->numberOfArgumentsToSkip())); ... LValue isOutOfBounds = m_out.aboveOrEqual(originalIndex, limit); where the original "limit" is the number of arguments passed in by the caller. If the original limit is less than numberOfArgumentsToSkip, the resultant limit will be a large unsigned number. As a result, this will defeat the bounds check that follows it. <rdar://problem/37044945> 1395742 1 332937 mark.lam 2018-02-01 20:53:53 -0800 Created attachment 332937 proposed patch. 1395744 2 332937 saam 2018-02-01 21:01:19 -0800 Comment on attachment 332937 proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=332937&action=review r=me > Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:4023 > + CheckValue* check = m_out.speculateAdd(indexToCheck, m_out.constInt32(m_node->numberOfArgumentsToSkip())); It’d be great to get a test that triggers this overflow 1395748 3 332937 mark.lam 2018-02-01 21:50:16 -0800 Comment on attachment 332937 proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=332937&action=review Thanks for the review. >> Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:4023 >> + CheckValue* check = m_out.speculateAdd(indexToCheck, m_out.constInt32(m_node->numberOfArgumentsToSkip())); > > It’d be great to get a test that triggers this overflow I've added this case to the test. 1395749 4 332938 mark.lam 2018-02-01 21:50:48 -0800 Created attachment 332938 patch for landing. 1395770 5 mark.lam 2018-02-01 23:31:02 -0800 Landed in r227998: <http://trac.webkit.org/r227998>. 332937 2018-02-01 20:53:53 -0800 2018-02-01 21:50:48 -0800 proposed patch. bug-182419.patch text/plain 6139 mark.lam SW5kZXg6IEpTVGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIEpTVGVzdHMvQ2hhbmdlTG9n CShyZXZpc2lvbiAyMjc5OTUpCisrKyBKU1Rlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpA QCAtMSwzICsxLDEzIEBACisyMDE4LTAyLTAxICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNv bT4KKworICAgICAgICBGaXggYnJva2VuIGJvdW5kcyBjaGVjayBpbiBGVEwncyBjb21waWxlR2V0 TXlBcmd1bWVudEJ5VmFsKCkuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0xODI0MTkKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzM3MDQ0OTQ1PgorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogc3RyZXNzL3Jl Z3Jlc3MtMTgyNDE5LmpzOiBBZGRlZC4KKwogMjAxOC0wMi0wMSAgS2VpdGggTWlsbGVyICA8a2Vp dGhfbWlsbGVyQGFwcGxlLmNvbT4KIAogICAgICAgICBGaXggY3Jhc2hlcyBkdWUgdG8gbWlzaGFu ZGxpbmcgY3VzdG9tIHNlY3Rpb25zLgpJbmRleDogSlNUZXN0cy9zdHJlc3MvcmVncmVzcy0xODI0 MTkuanMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gSlNUZXN0cy9zdHJlc3MvcmVncmVzcy0xODI0MTkuanMJKG5v bmV4aXN0ZW50KQorKysgSlNUZXN0cy9zdHJlc3MvcmVncmVzcy0xODI0MTkuanMJKHdvcmtpbmcg Y29weSkKQEAgLTAsMCArMSwyMyBAQAorZnVuY3Rpb24gYXNzZXJ0RXF1YWwoYWN0dWFsLCBleHBl Y3RlZCkgeworICAgIGlmIChhY3R1YWwgIT0gZXhwZWN0ZWQpCisgICAgICAgIHRocm93ICJGQUlM RUQ6IGV4cGVjdCAiICsgZXhwZWN0ZWQgKyAiLCBhY3R1YWwgIiArIGFjdHVhbDsKK30KKworZnVu Y3Rpb24gYmF6KGEsIC4uLmFyZ3MpIHsKKyAgICByZXR1cm4gW2FyZ3MubGVuZ3RoLCBhcmdzWzBd LCBhcmdzWzFdXTsKK30KK2Z1bmN0aW9uIGpheiguLi5hcmdzKSB7CisgICAgcmV0dXJuIGJhei5h cHBseShudWxsLCBhcmdzKTsKK30KK25vSW5saW5lKGpheik7CisKK2Z1bmN0aW9uIGNoZWNrKCkg eworICAgIGxldCBbbGVuZ3RoLCBhLCBiXSA9IGpheigpOworICAgIGFzc2VydEVxdWFsKGxlbmd0 aCwgMCk7CisgICAgYXNzZXJ0RXF1YWwoYSwgdW5kZWZpbmVkKTsKKyAgICBhc3NlcnRFcXVhbChi LCB1bmRlZmluZWQpOworfQorCitmb3IgKGxldCBpID0gMDsgaSA8IDIwMDAwOyBpKyspIHsKKyAg ICBjaGVjaygpOworfQpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCShyZXZpc2lvbiAyMjc5 MzkpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMzIgQEAKKzIwMTgtMDItMDEgIE1hcmsgTGFtICA8bWFyay5sYW1AYXBwbGUuY29t PgorCisgICAgICAgIEZpeCBicm9rZW4gYm91bmRzIGNoZWNrIGluIEZUTCdzIGNvbXBpbGVHZXRN eUFyZ3VtZW50QnlWYWwoKS4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19i dWcuY2dpP2lkPTE4MjQxOQorICAgICAgICA8cmRhcjovL3Byb2JsZW0vMzcwNDQ5NDU+CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgSW4gY29tcGlsZUdl dE15QXJndW1lbnRCeVZhbCgpLCBpdCBjb21wdXRlczoKKyAgICAgICAgICAgIGxpbWl0ID0gbV9v dXQuc3ViKGxpbWl0LCBtX291dC5jb25zdEludDMyKG1fbm9kZS0+bnVtYmVyT2ZBcmd1bWVudHNU b1NraXAoKSkpOworICAgICAgICAgICAgLi4uCisgICAgICAgICAgICBMVmFsdWUgaXNPdXRPZkJv dW5kcyA9IG1fb3V0LmFib3ZlT3JFcXVhbChvcmlnaW5hbEluZGV4LCBsaW1pdCk7CisKKyAgICAg ICAgd2hlcmUgdGhlIG9yaWdpbmFsICJsaW1pdCIgaXMgdGhlIG51bWJlciBvZiBhcmd1bWVudHMg cGFzc2VkIGluIGJ5IHRoZSBjYWxsZXIuCisgICAgICAgIElmIHRoZSBvcmlnaW5hbCBsaW1pdCBp cyBsZXNzIHRoYW4gbnVtYmVyT2ZBcmd1bWVudHNUb1NraXAsIHRoZSByZXN1bHRhbnQgbGltaXQK KyAgICAgICAgd2lsbCBiZSBhIGxhcmdlIHVuc2lnbmVkIG51bWJlci4gIEFzIGEgcmVzdWx0LCB0 aGlzIHdpbGwgZGVmZWF0IHRoZSBib3VuZHMgY2hlY2sKKyAgICAgICAgdGhhdCBmb2xsb3dzIGl0 LgorCisgICAgICAgIE5vdGU6IGxhdGVyIG9uIGluIGNvbXBpbGVHZXRNeUFyZ3VtZW50QnlWYWwo KSwgd2UgaGF2ZSB0byBhZGp1c3QgYWRqdXN0IHRoZSBpbmRleAorICAgICAgICB2YWx1ZSBieSBh ZGRpbmcgbnVtYmVyT2ZBcmd1bWVudHNUb1NraXAgdG8gaXQsIGluIG9yZGVyIHRvIGRldGVybWlu ZSB0aGUgYWN0dWFsCisgICAgICAgIGVudHJ5IGluIHRoZSBhcmd1bWVudHMgYXJyYXkgdG8gZ2V0 LgorCisgICAgICAgIFRoZSBmaXggaXMgdG8ganVzdCBhZGQgbnVtYmVyT2ZBcmd1bWVudHNUb1Nr aXAgdG8gaW5kZXggdXBmcm9udCAoaW5zdGVhZCBvZgorICAgICAgICBzdWJ0cmFjdGluZyBpdCBm cm9tIGxpbWl0KSwgYW5kIGRvaW5nIGFuIG92ZXJmbG93IHNwZWN1bGF0aW9uIGNoZWNrIG9uIHRo YXQKKyAgICAgICAgYWRkaXRpb24gYmVmb3JlIGRvaW5nIHRoZSBib3VuZHMgY2hlY2suCisKKyAg ICAgICAgKiBmdGwvRlRMTG93ZXJERkdUb0IzLmNwcDoKKyAgICAgICAgKEpTQzo6RlRMOjpERkc6 Okxvd2VyREZHVG9CMzo6Y29tcGlsZUdldE15QXJndW1lbnRCeVZhbCk6CisKIDIwMTgtMDEtMzEg IE1hcmsgTGFtICA8bWFyay5sYW1AYXBwbGUuY29tPgogCiAgICAgICAgIEJ1aWxkIGZpeCBmb3Ig Q0xvb3AgYWZ0ZXIgcjIyNzg3NC4KSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRM TG93ZXJERkdUb0IzLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZnRs L0ZUTExvd2VyREZHVG9CMy5jcHAJKHJldmlzaW9uIDIyNzkzOSkKKysrIFNvdXJjZS9KYXZhU2Ny aXB0Q29yZS9mdGwvRlRMTG93ZXJERkdUb0IzLmNwcAkod29ya2luZyBjb3B5KQpAQCAtNDAwOSwy MCArNDAwOSwyMyBAQCBwcml2YXRlOgogICAgICAgICAKICAgICAgICAgTFZhbHVlIG9yaWdpbmFs SW5kZXggPSBsb3dJbnQzMihtX25vZGUtPmNoaWxkMigpKTsKICAgICAgICAgCi0gICAgICAgIExW YWx1ZSBvcmlnaW5hbExpbWl0OworICAgICAgICBMVmFsdWUgbnVtYmVyT2ZBcmdzSW5jbHVkaW5n VGhpczsKICAgICAgICAgaWYgKGlubGluZUNhbGxGcmFtZSAmJiAhaW5saW5lQ2FsbEZyYW1lLT5p c1ZhcmFyZ3MoKSkKLSAgICAgICAgICAgIG9yaWdpbmFsTGltaXQgPSBtX291dC5jb25zdEludDMy KGlubGluZUNhbGxGcmFtZS0+YXJndW1lbnRDb3VudEluY2x1ZGluZ1RoaXMpOworICAgICAgICAg ICAgbnVtYmVyT2ZBcmdzSW5jbHVkaW5nVGhpcyA9IG1fb3V0LmNvbnN0SW50MzIoaW5saW5lQ2Fs bEZyYW1lLT5hcmd1bWVudENvdW50SW5jbHVkaW5nVGhpcyk7CiAgICAgICAgIGVsc2UgewogICAg ICAgICAgICAgVmlydHVhbFJlZ2lzdGVyIGFyZ3VtZW50Q291bnRSZWdpc3RlciA9IEFzc2VtYmx5 SGVscGVyczo6YXJndW1lbnRDb3VudChpbmxpbmVDYWxsRnJhbWUpOwotICAgICAgICAgICAgb3Jp Z2luYWxMaW1pdCA9IG1fb3V0LmxvYWQzMihwYXlsb2FkRm9yKGFyZ3VtZW50Q291bnRSZWdpc3Rl cikpOworICAgICAgICAgICAgbnVtYmVyT2ZBcmdzSW5jbHVkaW5nVGhpcyA9IG1fb3V0LmxvYWQz MihwYXlsb2FkRm9yKGFyZ3VtZW50Q291bnRSZWdpc3RlcikpOwogICAgICAgICB9CiAgICAgICAg IAotICAgICAgICBMVmFsdWUgbGltaXQgPSBtX291dC5zdWIob3JpZ2luYWxMaW1pdCwgbV9vdXQu aW50MzJPbmUpOwotICAgICAgICAKLSAgICAgICAgaWYgKG1fbm9kZS0+bnVtYmVyT2ZBcmd1bWVu dHNUb1NraXAoKSkKLSAgICAgICAgICAgIGxpbWl0ID0gbV9vdXQuc3ViKGxpbWl0LCBtX291dC5j b25zdEludDMyKG1fbm9kZS0+bnVtYmVyT2ZBcmd1bWVudHNUb1NraXAoKSkpOwotICAgICAgICAK LSAgICAgICAgTFZhbHVlIGlzT3V0T2ZCb3VuZHMgPSBtX291dC5hYm92ZU9yRXF1YWwob3JpZ2lu YWxJbmRleCwgbGltaXQpOworICAgICAgICBMVmFsdWUgbnVtYmVyT2ZBcmdzID0gbV9vdXQuc3Vi KG51bWJlck9mQXJnc0luY2x1ZGluZ1RoaXMsIG1fb3V0LmludDMyT25lKTsKKyAgICAgICAgTFZh bHVlIGluZGV4VG9DaGVjayA9IG9yaWdpbmFsSW5kZXg7CisgICAgICAgIGlmIChtX25vZGUtPm51 bWJlck9mQXJndW1lbnRzVG9Ta2lwKCkpIHsKKyAgICAgICAgICAgIENoZWNrVmFsdWUqIGNoZWNr ID0gbV9vdXQuc3BlY3VsYXRlQWRkKGluZGV4VG9DaGVjaywgbV9vdXQuY29uc3RJbnQzMihtX25v ZGUtPm51bWJlck9mQXJndW1lbnRzVG9Ta2lwKCkpKTsKKyAgICAgICAgICAgIGJsZXNzU3BlY3Vs YXRpb24oY2hlY2ssIE92ZXJmbG93LCBub1ZhbHVlKCksIG51bGxwdHIsIG1fb3JpZ2luKTsKKyAg ICAgICAgICAgIGluZGV4VG9DaGVjayA9IGNoZWNrOworICAgICAgICB9CisKKyAgICAgICAgTFZh bHVlIGlzT3V0T2ZCb3VuZHMgPSBtX291dC5hYm92ZU9yRXF1YWwoaW5kZXhUb0NoZWNrLCBudW1i ZXJPZkFyZ3MpOwogICAgICAgICBMQmFzaWNCbG9jayBjb250aW51YXRpb24gPSBudWxscHRyOwog ICAgICAgICBMQmFzaWNCbG9jayBsYXN0TmV4dCA9IG51bGxwdHI7CiAgICAgICAgIFZhbHVlRnJv bUJsb2NrIHNsb3dSZXN1bHQ7CkBAIC00MDM1LDE0ICs0MDM4LDEwIEBAIHByaXZhdGU6CiAgICAg ICAgICAgICAKICAgICAgICAgICAgIGxhc3ROZXh0ID0gbV9vdXQuYXBwZW5kVG8obm9ybWFsQ2Fz ZSwgY29udGludWF0aW9uKTsKICAgICAgICAgfSBlbHNlCi0gICAgICAgICAgICBzcGVjdWxhdGUo T3V0T2ZCb3VuZHMsIG5vVmFsdWUoKSwgMCwgaXNPdXRPZkJvdW5kcyk7Ci0gICAgICAgIAotICAg ICAgICBMVmFsdWUgaW5kZXggPSBvcmlnaW5hbEluZGV4OwotICAgICAgICBpZiAobV9ub2RlLT5u dW1iZXJPZkFyZ3VtZW50c1RvU2tpcCgpKQotICAgICAgICAgICAgaW5kZXggPSBtX291dC5hZGQo aW5kZXgsIG1fb3V0LmNvbnN0SW50MzIobV9ub2RlLT5udW1iZXJPZkFyZ3VtZW50c1RvU2tpcCgp KSk7Ci0gICAgICAgIAotICAgICAgICBpbmRleCA9IG1fb3V0LmFkZChpbmRleCwgbV9vdXQuaW50 MzJPbmUpOworICAgICAgICAgICAgc3BlY3VsYXRlKE91dE9mQm91bmRzLCBub1ZhbHVlKCksIG51 bGxwdHIsIGlzT3V0T2ZCb3VuZHMpOwogICAgICAgICAKKyAgICAgICAgTFZhbHVlIGluZGV4ID0g bV9vdXQuYWRkKGluZGV4VG9DaGVjaywgbV9vdXQuaW50MzJPbmUpOworCiAgICAgICAgIFR5cGVk UG9pbnRlciBiYXNlOwogICAgICAgICBpZiAoaW5saW5lQ2FsbEZyYW1lKSB7CiAgICAgICAgICAg ICBpZiAoaW5saW5lQ2FsbEZyYW1lLT5hcmd1bWVudENvdW50SW5jbHVkaW5nVGhpcyA+IDEpCkBA IC00MDU1LDcgKzQwNTQsNyBAQCBwcml2YXRlOgogICAgICAgICAgICAgTFZhbHVlIHBvaW50ZXIg PSBtX291dC5iYXNlSW5kZXgoCiAgICAgICAgICAgICAgICAgYmFzZS52YWx1ZSgpLCBtX291dC56 ZXJvRXh0KGluZGV4LCBwb2ludGVyVHlwZSgpKSwgU2NhbGVFaWdodCk7CiAgICAgICAgICAgICBy ZXN1bHQgPSBtX291dC5sb2FkNjQoVHlwZWRQb2ludGVyKG1faGVhcHMudmFyaWFibGVzLmF0QW55 SW5kZXgoKSwgcG9pbnRlcikpOwotICAgICAgICAgICAgcmVzdWx0ID0gcHJlY2lzZUluZGV4TWFz azMyKHJlc3VsdCwgb3JpZ2luYWxJbmRleCwgbGltaXQpOworICAgICAgICAgICAgcmVzdWx0ID0g cHJlY2lzZUluZGV4TWFzazMyKHJlc3VsdCwgaW5kZXhUb0NoZWNrLCBudW1iZXJPZkFyZ3MpOwog ICAgICAgICB9IGVsc2UKICAgICAgICAgICAgIHJlc3VsdCA9IG1fb3V0LmNvbnN0SW50NjQoSlNW YWx1ZTo6ZW5jb2RlKGpzVW5kZWZpbmVkKCkpKTsKICAgICAgICAgCg== 332938 2018-02-01 21:50:48 -0800 2018-02-01 21:50:48 -0800 patch for landing. bug-182419.patch text/plain 6286 mark.lam SW5kZXg6IEpTVGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIEpTVGVzdHMvQ2hhbmdlTG9n CShyZXZpc2lvbiAyMjc5OTUpCisrKyBKU1Rlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpA QCAtMSwzICsxLDEzIEBACisyMDE4LTAyLTAxICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNv bT4KKworICAgICAgICBGaXggYnJva2VuIGJvdW5kcyBjaGVjayBpbiBGVEwncyBjb21waWxlR2V0 TXlBcmd1bWVudEJ5VmFsKCkuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0xODI0MTkKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzM3MDQ0OTQ1PgorCisg ICAgICAgIFJldmlld2VkIGJ5IFNhYW0gQmFyYXRpLgorCisgICAgICAgICogc3RyZXNzL3JlZ3Jl c3MtMTgyNDE5LmpzOiBBZGRlZC4KKwogMjAxOC0wMi0wMSAgS2VpdGggTWlsbGVyICA8a2VpdGhf bWlsbGVyQGFwcGxlLmNvbT4KIAogICAgICAgICBGaXggY3Jhc2hlcyBkdWUgdG8gbWlzaGFuZGxp bmcgY3VzdG9tIHNlY3Rpb25zLgpJbmRleDogSlNUZXN0cy9zdHJlc3MvcmVncmVzcy0xODI0MTku anMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gSlNUZXN0cy9zdHJlc3MvcmVncmVzcy0xODI0MTkuanMJKG5vbmV4 aXN0ZW50KQorKysgSlNUZXN0cy9zdHJlc3MvcmVncmVzcy0xODI0MTkuanMJKHdvcmtpbmcgY29w eSkKQEAgLTAsMCArMSwyOCBAQAorZnVuY3Rpb24gYXNzZXJ0RXF1YWwoYWN0dWFsLCBleHBlY3Rl ZCkgeworICAgIGlmIChhY3R1YWwgIT0gZXhwZWN0ZWQpCisgICAgICAgIHRocm93ICJGQUlMRUQ6 IGV4cGVjdCAiICsgZXhwZWN0ZWQgKyAiLCBhY3R1YWwgIiArIGFjdHVhbDsKK30KKworZnVuY3Rp b24gdGVzdChpbmRleDEsIGluZGV4MikgeworICAgIGZ1bmN0aW9uIGJheihhLCBiLCBjLCAuLi5h cmdzKSB7CisgICAgICAgIHJldHVybiBbYXJncy5sZW5ndGgsIGFyZ3NbaW5kZXgxXSwgYXJnc1tp bmRleDJdXTsKKyAgICB9CisgICAgZnVuY3Rpb24gamF6KC4uLmFyZ3MpIHsKKyAgICAgICAgcmV0 dXJuIGJhei5hcHBseShudWxsLCBhcmdzKTsKKyAgICB9CisgICAgbm9JbmxpbmUoamF6KTsKKwor ICAgIGZ1bmN0aW9uIGNoZWNrKCkgeworICAgICAgICBsZXQgW2xlbmd0aCwgYSwgYl0gPSBqYXoo KTsKKyAgICAgICAgYXNzZXJ0RXF1YWwobGVuZ3RoLCAwKTsKKyAgICAgICAgYXNzZXJ0RXF1YWwo YSwgdW5kZWZpbmVkKTsKKyAgICAgICAgYXNzZXJ0RXF1YWwoYiwgdW5kZWZpbmVkKTsKKyAgICB9 CisKKyAgICBmb3IgKGxldCBpID0gMDsgaSA8IDIwMDAwOyBpKyspIHsKKyAgICAgICAgY2hlY2so KTsKKyAgICB9Cit9CisKK3Rlc3QoMCwgMSk7Cit0ZXN0KDB4N2ZmZmZmZmYsIDApOwpJbmRleDog U291cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2 YVNjcmlwdENvcmUvQ2hhbmdlTG9nCShyZXZpc2lvbiAyMjc5MzkpCisrKyBTb3VyY2UvSmF2YVNj cmlwdENvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMzIgQEAKKzIwMTgt MDItMDEgIE1hcmsgTGFtICA8bWFyay5sYW1AYXBwbGUuY29tPgorCisgICAgICAgIEZpeCBicm9r ZW4gYm91bmRzIGNoZWNrIGluIEZUTCdzIGNvbXBpbGVHZXRNeUFyZ3VtZW50QnlWYWwoKS4KKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE4MjQxOQorICAg ICAgICA8cmRhcjovL3Byb2JsZW0vMzcwNDQ5NDU+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgU2Fh bSBCYXJhdGkuCisKKyAgICAgICAgSW4gY29tcGlsZUdldE15QXJndW1lbnRCeVZhbCgpLCBpdCBj b21wdXRlczoKKyAgICAgICAgICAgIGxpbWl0ID0gbV9vdXQuc3ViKGxpbWl0LCBtX291dC5jb25z dEludDMyKG1fbm9kZS0+bnVtYmVyT2ZBcmd1bWVudHNUb1NraXAoKSkpOworICAgICAgICAgICAg Li4uCisgICAgICAgICAgICBMVmFsdWUgaXNPdXRPZkJvdW5kcyA9IG1fb3V0LmFib3ZlT3JFcXVh bChvcmlnaW5hbEluZGV4LCBsaW1pdCk7CisKKyAgICAgICAgd2hlcmUgdGhlIG9yaWdpbmFsICJs aW1pdCIgaXMgdGhlIG51bWJlciBvZiBhcmd1bWVudHMgcGFzc2VkIGluIGJ5IHRoZSBjYWxsZXIu CisgICAgICAgIElmIHRoZSBvcmlnaW5hbCBsaW1pdCBpcyBsZXNzIHRoYW4gbnVtYmVyT2ZBcmd1 bWVudHNUb1NraXAsIHRoZSByZXN1bHRhbnQgbGltaXQKKyAgICAgICAgd2lsbCBiZSBhIGxhcmdl IHVuc2lnbmVkIG51bWJlci4gIEFzIGEgcmVzdWx0LCB0aGlzIHdpbGwgZGVmZWF0IHRoZSBib3Vu ZHMgY2hlY2sKKyAgICAgICAgdGhhdCBmb2xsb3dzIGl0LgorCisgICAgICAgIE5vdGU6IGxhdGVy IG9uIGluIGNvbXBpbGVHZXRNeUFyZ3VtZW50QnlWYWwoKSwgd2UgaGF2ZSB0byBhZGp1c3QgYWRq dXN0IHRoZSBpbmRleAorICAgICAgICB2YWx1ZSBieSBhZGRpbmcgbnVtYmVyT2ZBcmd1bWVudHNU b1NraXAgdG8gaXQsIGluIG9yZGVyIHRvIGRldGVybWluZSB0aGUgYWN0dWFsCisgICAgICAgIGVu dHJ5IGluIHRoZSBhcmd1bWVudHMgYXJyYXkgdG8gZ2V0LgorCisgICAgICAgIFRoZSBmaXggaXMg dG8ganVzdCBhZGQgbnVtYmVyT2ZBcmd1bWVudHNUb1NraXAgdG8gaW5kZXggdXBmcm9udCAoaW5z dGVhZCBvZgorICAgICAgICBzdWJ0cmFjdGluZyBpdCBmcm9tIGxpbWl0KSwgYW5kIGRvaW5nIGFu IG92ZXJmbG93IHNwZWN1bGF0aW9uIGNoZWNrIG9uIHRoYXQKKyAgICAgICAgYWRkaXRpb24gYmVm b3JlIGRvaW5nIHRoZSBib3VuZHMgY2hlY2suCisKKyAgICAgICAgKiBmdGwvRlRMTG93ZXJERkdU b0IzLmNwcDoKKyAgICAgICAgKEpTQzo6RlRMOjpERkc6Okxvd2VyREZHVG9CMzo6Y29tcGlsZUdl dE15QXJndW1lbnRCeVZhbCk6CisKIDIwMTgtMDEtMzEgIE1hcmsgTGFtICA8bWFyay5sYW1AYXBw bGUuY29tPgogCiAgICAgICAgIEJ1aWxkIGZpeCBmb3IgQ0xvb3AgYWZ0ZXIgcjIyNzg3NC4KSW5k ZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMTG93ZXJERkdUb0IzLmNwcAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvZnRsL0ZUTExvd2VyREZHVG9CMy5jcHAJKHJl dmlzaW9uIDIyNzkzOSkKKysrIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9mdGwvRlRMTG93ZXJERkdU b0IzLmNwcAkod29ya2luZyBjb3B5KQpAQCAtNDAwOSwyMCArNDAwOSwyMyBAQCBwcml2YXRlOgog ICAgICAgICAKICAgICAgICAgTFZhbHVlIG9yaWdpbmFsSW5kZXggPSBsb3dJbnQzMihtX25vZGUt PmNoaWxkMigpKTsKICAgICAgICAgCi0gICAgICAgIExWYWx1ZSBvcmlnaW5hbExpbWl0OworICAg ICAgICBMVmFsdWUgbnVtYmVyT2ZBcmdzSW5jbHVkaW5nVGhpczsKICAgICAgICAgaWYgKGlubGlu ZUNhbGxGcmFtZSAmJiAhaW5saW5lQ2FsbEZyYW1lLT5pc1ZhcmFyZ3MoKSkKLSAgICAgICAgICAg IG9yaWdpbmFsTGltaXQgPSBtX291dC5jb25zdEludDMyKGlubGluZUNhbGxGcmFtZS0+YXJndW1l bnRDb3VudEluY2x1ZGluZ1RoaXMpOworICAgICAgICAgICAgbnVtYmVyT2ZBcmdzSW5jbHVkaW5n VGhpcyA9IG1fb3V0LmNvbnN0SW50MzIoaW5saW5lQ2FsbEZyYW1lLT5hcmd1bWVudENvdW50SW5j bHVkaW5nVGhpcyk7CiAgICAgICAgIGVsc2UgewogICAgICAgICAgICAgVmlydHVhbFJlZ2lzdGVy IGFyZ3VtZW50Q291bnRSZWdpc3RlciA9IEFzc2VtYmx5SGVscGVyczo6YXJndW1lbnRDb3VudChp bmxpbmVDYWxsRnJhbWUpOwotICAgICAgICAgICAgb3JpZ2luYWxMaW1pdCA9IG1fb3V0LmxvYWQz MihwYXlsb2FkRm9yKGFyZ3VtZW50Q291bnRSZWdpc3RlcikpOworICAgICAgICAgICAgbnVtYmVy T2ZBcmdzSW5jbHVkaW5nVGhpcyA9IG1fb3V0LmxvYWQzMihwYXlsb2FkRm9yKGFyZ3VtZW50Q291 bnRSZWdpc3RlcikpOwogICAgICAgICB9CiAgICAgICAgIAotICAgICAgICBMVmFsdWUgbGltaXQg PSBtX291dC5zdWIob3JpZ2luYWxMaW1pdCwgbV9vdXQuaW50MzJPbmUpOwotICAgICAgICAKLSAg ICAgICAgaWYgKG1fbm9kZS0+bnVtYmVyT2ZBcmd1bWVudHNUb1NraXAoKSkKLSAgICAgICAgICAg IGxpbWl0ID0gbV9vdXQuc3ViKGxpbWl0LCBtX291dC5jb25zdEludDMyKG1fbm9kZS0+bnVtYmVy T2ZBcmd1bWVudHNUb1NraXAoKSkpOwotICAgICAgICAKLSAgICAgICAgTFZhbHVlIGlzT3V0T2ZC b3VuZHMgPSBtX291dC5hYm92ZU9yRXF1YWwob3JpZ2luYWxJbmRleCwgbGltaXQpOworICAgICAg ICBMVmFsdWUgbnVtYmVyT2ZBcmdzID0gbV9vdXQuc3ViKG51bWJlck9mQXJnc0luY2x1ZGluZ1Ro aXMsIG1fb3V0LmludDMyT25lKTsKKyAgICAgICAgTFZhbHVlIGluZGV4VG9DaGVjayA9IG9yaWdp bmFsSW5kZXg7CisgICAgICAgIGlmIChtX25vZGUtPm51bWJlck9mQXJndW1lbnRzVG9Ta2lwKCkp IHsKKyAgICAgICAgICAgIENoZWNrVmFsdWUqIGNoZWNrID0gbV9vdXQuc3BlY3VsYXRlQWRkKGlu ZGV4VG9DaGVjaywgbV9vdXQuY29uc3RJbnQzMihtX25vZGUtPm51bWJlck9mQXJndW1lbnRzVG9T a2lwKCkpKTsKKyAgICAgICAgICAgIGJsZXNzU3BlY3VsYXRpb24oY2hlY2ssIE92ZXJmbG93LCBu b1ZhbHVlKCksIG51bGxwdHIsIG1fb3JpZ2luKTsKKyAgICAgICAgICAgIGluZGV4VG9DaGVjayA9 IGNoZWNrOworICAgICAgICB9CisKKyAgICAgICAgTFZhbHVlIGlzT3V0T2ZCb3VuZHMgPSBtX291 dC5hYm92ZU9yRXF1YWwoaW5kZXhUb0NoZWNrLCBudW1iZXJPZkFyZ3MpOwogICAgICAgICBMQmFz aWNCbG9jayBjb250aW51YXRpb24gPSBudWxscHRyOwogICAgICAgICBMQmFzaWNCbG9jayBsYXN0 TmV4dCA9IG51bGxwdHI7CiAgICAgICAgIFZhbHVlRnJvbUJsb2NrIHNsb3dSZXN1bHQ7CkBAIC00 MDM1LDE0ICs0MDM4LDEwIEBAIHByaXZhdGU6CiAgICAgICAgICAgICAKICAgICAgICAgICAgIGxh c3ROZXh0ID0gbV9vdXQuYXBwZW5kVG8obm9ybWFsQ2FzZSwgY29udGludWF0aW9uKTsKICAgICAg ICAgfSBlbHNlCi0gICAgICAgICAgICBzcGVjdWxhdGUoT3V0T2ZCb3VuZHMsIG5vVmFsdWUoKSwg MCwgaXNPdXRPZkJvdW5kcyk7Ci0gICAgICAgIAotICAgICAgICBMVmFsdWUgaW5kZXggPSBvcmln aW5hbEluZGV4OwotICAgICAgICBpZiAobV9ub2RlLT5udW1iZXJPZkFyZ3VtZW50c1RvU2tpcCgp KQotICAgICAgICAgICAgaW5kZXggPSBtX291dC5hZGQoaW5kZXgsIG1fb3V0LmNvbnN0SW50MzIo bV9ub2RlLT5udW1iZXJPZkFyZ3VtZW50c1RvU2tpcCgpKSk7Ci0gICAgICAgIAotICAgICAgICBp bmRleCA9IG1fb3V0LmFkZChpbmRleCwgbV9vdXQuaW50MzJPbmUpOworICAgICAgICAgICAgc3Bl Y3VsYXRlKE91dE9mQm91bmRzLCBub1ZhbHVlKCksIG51bGxwdHIsIGlzT3V0T2ZCb3VuZHMpOwog ICAgICAgICAKKyAgICAgICAgTFZhbHVlIGluZGV4ID0gbV9vdXQuYWRkKGluZGV4VG9DaGVjaywg bV9vdXQuaW50MzJPbmUpOworCiAgICAgICAgIFR5cGVkUG9pbnRlciBiYXNlOwogICAgICAgICBp ZiAoaW5saW5lQ2FsbEZyYW1lKSB7CiAgICAgICAgICAgICBpZiAoaW5saW5lQ2FsbEZyYW1lLT5h cmd1bWVudENvdW50SW5jbHVkaW5nVGhpcyA+IDEpCkBAIC00MDU1LDcgKzQwNTQsNyBAQCBwcml2 YXRlOgogICAgICAgICAgICAgTFZhbHVlIHBvaW50ZXIgPSBtX291dC5iYXNlSW5kZXgoCiAgICAg ICAgICAgICAgICAgYmFzZS52YWx1ZSgpLCBtX291dC56ZXJvRXh0KGluZGV4LCBwb2ludGVyVHlw ZSgpKSwgU2NhbGVFaWdodCk7CiAgICAgICAgICAgICByZXN1bHQgPSBtX291dC5sb2FkNjQoVHlw ZWRQb2ludGVyKG1faGVhcHMudmFyaWFibGVzLmF0QW55SW5kZXgoKSwgcG9pbnRlcikpOwotICAg ICAgICAgICAgcmVzdWx0ID0gcHJlY2lzZUluZGV4TWFzazMyKHJlc3VsdCwgb3JpZ2luYWxJbmRl eCwgbGltaXQpOworICAgICAgICAgICAgcmVzdWx0ID0gcHJlY2lzZUluZGV4TWFzazMyKHJlc3Vs dCwgaW5kZXhUb0NoZWNrLCBudW1iZXJPZkFyZ3MpOwogICAgICAgICB9IGVsc2UKICAgICAgICAg ICAgIHJlc3VsdCA9IG1fb3V0LmNvbnN0SW50NjQoSlNWYWx1ZTo6ZW5jb2RlKGpzVW5kZWZpbmVk KCkpKTsKICAgICAgICAgCg==