19716 2008-06-22 16:11:05 -0700 REGRESSION (SquirrelFish): Reproducible crash after entering a username at mint.com 2008-06-24 14:46:53 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED http://mint.com InRadar, NeedsReduction, Regression P1 Critical --- 1 floam webkit-unassigned i.am oliver zwarich oldest_to_newest 84083 0 floam 2008-06-22 16:11:05 -0700 At Mint.com, once I'm logged in, if I try to enter a user name for a bank account, as soon as I hit tab to advance to the password field or click on the password field after entering my user name, Safari crashes. Here are the details: Identifier: org.webkit.nightly.WebKit Version: r34728 (34728) Code Type: X86 (Native) Parent Process: launchd [149] Date/Time: 2008-06-22 16:06:52.500 -0700 OS Version: Mac OS X 10.5.3 (9D34) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000044 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x003cbded KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 6909 1 com.apple.JavaScriptCore 0x003d2841 KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::RegisterFileStack*, KJS::ScopeChainNode*, KJS::JSValue**) + 833 2 com.apple.JavaScriptCore 0x003101f9 KJS::JSFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::ArgList const&) + 233 3 com.apple.JavaScriptCore 0x00390228 KJS::functionProtoFuncCall(KJS::ExecState*, KJS::JSObject*, KJS::ArgList const&) + 200 4 com.apple.JavaScriptCore 0x003d171d KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 29741 5 com.apple.JavaScriptCore 0x003d2841 KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::RegisterFileStack*, KJS::ScopeChainNode*, KJS::JSValue**) + 833 6 com.apple.JavaScriptCore 0x003101f9 KJS::JSFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::ArgList const&) + 233 7 com.apple.JavaScriptCore 0x00390228 KJS::functionProtoFuncCall(KJS::ExecState*, KJS::JSObject*, KJS::ArgList const&) + 200 8 com.apple.JavaScriptCore 0x003d171d KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 29741 9 com.apple.JavaScriptCore 0x003d2841 KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::JSFunction*, KJS::JSObject*, KJS::ArgList const&, KJS::RegisterFileStack*, KJS::ScopeChainNode*, KJS::JSValue**) + 833 10 com.apple.JavaScriptCore 0x0031018a KJS::JSFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::ArgList const&) + 122 11 com.apple.WebCore 0x011746a9 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1865 12 com.apple.WebCore 0x00d50196 WebCore::EventTarget::handleLocalEvents(WebCore::EventTargetNode*, WebCore::Event*, bool) + 182 13 com.apple.WebCore 0x00d50c6f WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 79 14 com.apple.WebCore 0x00d505ab WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode*, WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1035 15 com.apple.WebCore 0x00d5151f WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 255 16 com.apple.WebCore 0x00d48da0 WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) + 592 17 com.apple.WebCore 0x00d4eec8 WebCore::EventHandler::keyEvent(NSEvent*) + 296 18 com.apple.WebKit 0x001d8577 -[WebHTMLView keyDown:] + 455 19 com.apple.AppKit 0x95f164c5 -[NSWindow sendEvent:] + 8511 20 com.apple.Safari 0x000296d3 0x1000 + 165587 21 com.apple.AppKit 0x95ee2431 -[NSApplication sendEvent:] + 2941 22 com.apple.Safari 0x00029250 0x1000 + 164432 23 com.apple.AppKit 0x95e3fe27 -[NSApplication run] + 847 24 com.apple.AppKit 0x95e0d030 NSApplicationMain + 574 25 com.apple.Safari 0x000b4de6 0x1000 + 736742 Thread 1: 0 libSystem.B.dylib 0x96e1768e __semwait_signal + 10 1 libSystem.B.dylib 0x96e4236d pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x00e11fcf WebCore::IconDatabase::syncThreadMainLoop() + 239 3 com.apple.WebCore 0x00e120e5 WebCore::IconDatabase::iconDatabaseSyncThread() + 181 4 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 5 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x96e605e2 select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 2 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x96e1768e __semwait_signal + 10 1 libSystem.B.dylib 0x96e4236d pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x01218a8b WebCore::LocalStorageThread::localStorageThread() + 427 3 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 4 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x96e104a6 mach_msg_trap + 10 1 libSystem.B.dylib 0x96e17c9c mach_msg + 72 2 com.apple.CoreFoundation 0x973230be CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x97323cf8 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x906c4afe CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 6 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x96e1768e __semwait_signal + 10 1 libSystem.B.dylib 0x96e4236d pthread_cond_wait$UNIX2003 + 73 2 com.apple.QuartzCore 0x95280e51 fe_fragment_thread + 54 3 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 4 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 6: 0 libSystem.B.dylib 0x96e1768e __semwait_signal + 10 1 libSystem.B.dylib 0x96e4236d pthread_cond_wait$UNIX2003 + 73 2 com.apple.QuartzCore 0x95280e51 fe_fragment_thread + 54 3 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 4 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 7: 0 libSystem.B.dylib 0x96e1768e __semwait_signal + 10 1 libSystem.B.dylib 0x96e4236d pthread_cond_wait$UNIX2003 + 73 2 com.apple.QuartzCore 0x95280e51 fe_fragment_thread + 54 3 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 4 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 8: 0 com.apple.CoreFoundation 0x972c4e33 __CFFromUTF8 + 675 1 com.apple.CoreFoundation 0x97355adf __CFStringDecodeByteStream3 + 1967 2 com.apple.CoreFoundation 0x9733d109 __CFStringCreateImmutableFunnel3 + 409 3 com.apple.CoreFoundation 0x9733e36e CFStringCreateWithBytes + 94 4 com.apple.CoreFoundation 0x9731b79b _CFPropertyListCreateFromXMLData + 379 5 com.apple.CoreFoundation 0x9731c4b7 CFPropertyListCreateFromStream + 551 6 com.apple.CFNetwork 0x906d27df CFHTTPCookieStorageRead + 120 7 com.apple.CFNetwork 0x906e97f6 CFHTTPCookieStorageSync + 115 8 com.apple.CFNetwork 0x906e9734 CFHTTPCookieStorageSyncStorageObserver + 22 9 com.apple.CFNetwork 0x906e728b CFHTTPCookieStorageObserverCallback + 32 10 com.apple.CoreFoundation 0x9732360e CFRunLoopRunSpecific + 3166 11 com.apple.CoreFoundation 0x97323cf8 CFRunLoopRunInMode + 88 12 com.apple.Foundation 0x92eb0460 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 13 com.apple.Foundation 0x92e4cf1d -[NSThread main] + 45 14 com.apple.Foundation 0x92e4cac4 __NSThread__main__ + 308 15 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 16 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 9: 0 libSystem.B.dylib 0x96e10506 semaphore_timedwait_signal_trap + 10 1 libSystem.B.dylib 0x96e4284f _pthread_cond_wait + 1244 2 libSystem.B.dylib 0x96e440d3 pthread_cond_timedwait_relative_np + 47 3 com.apple.Foundation 0x92e92e8c -[NSCondition waitUntilDate:] + 236 4 com.apple.Foundation 0x92e92ca0 -[NSConditionLock lockWhenCondition:beforeDate:] + 144 5 com.apple.Foundation 0x92e92c05 -[NSConditionLock lockWhenCondition:] + 69 6 com.apple.AppKit 0x95ead470 -[NSUIHeartBeat _heartBeatThread:] + 753 7 com.apple.Foundation 0x92e4cf1d -[NSThread main] + 45 8 com.apple.Foundation 0x92e4cac4 __NSThread__main__ + 308 9 libSystem.B.dylib 0x96e416f5 _pthread_start + 321 10 libSystem.B.dylib 0x96e415b2 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000048 ebx: 0x003ca301 ecx: 0x00000001 edx: 0x00000000 edi: 0x18926914 esi: 0xffffffff ebp: 0xbfffd628 esp: 0xbfffcba0 ss: 0x0000001f efl: 0x00010206 eip: 0x003cbded cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x00000044 84084 1 zwarich 2008-06-22 16:33:05 -0700 I can reproduce this by creating a new account and trying to add an E*trade account to it. Hopefully I can reduce it. 84091 2 zwarich 2008-06-22 17:55:49 -0700 The crashes occurs in the body of get_scoped_var. It seems that there is a problem with the multiscope lookup optimization. I will disable it and try again. 84093 3 zwarich 2008-06-22 17:59:28 -0700 Interestingly enough, it still crashes even when I disable multiscope lookup optimization. 84103 4 mrowe 2008-06-22 18:28:49 -0700 <rdar://problem/6026833> 84107 5 21877 zwarich 2008-06-22 19:21:27 -0700 Created attachment 21877 Code dump Here is the code with multiscope lookup optimization turned off. It dies in resolve_with_base. I wanted to get the call frame as well, but gdb didn't agree. I'll get it by just printing it every time it enters that opcode body. 84111 6 zwarich 2008-06-22 23:27:00 -0700 The problem is that the registerBase of the JSVariableObject (the value pointed to by JSVariableObject::registerBase()) is 0. The register base is a valid pointer to m_base of some RegisterFile. However, setBase() is never called on that RegisterFile to make it null, and it's not the default value (I made it something other than null to test). Since m_base is private, this means that the cause is likely random corruption from something else going wrong. 84123 7 zwarich 2008-06-23 02:27:34 -0700 The RegisterFile instance containing the offending m_base field has already been freed when the field is being used by JSVariableObject::valueAt(). I'll try to figure out why it is being incorrectly freed. 84125 8 21879 zwarich 2008-06-23 02:59:30 -0700 Created attachment 21879 Destructor backtrace Here's a destructor backtrace of the RegisterFile. The problem isn't really that a RegisterFile is being freed, it is that the JSActivation instance still refers to it. The copyRegisters() method should have been called on the JSActivation instance, but it seems that it wasn't. 84205 9 21892 zwarich 2008-06-23 17:09:58 -0700 Created attachment 21892 Proposed patch 84206 10 21892 oliver 2008-06-23 17:11:24 -0700 Comment on attachment 21892 Proposed patch good detectoring 84207 11 zwarich 2008-06-23 17:20:35 -0700 Landed in r34751. 84317 12 zwarich 2008-06-24 14:46:53 -0700 *** Bug 19467 has been marked as a duplicate of this bug. *** 21877 2008-06-22 19:21:27 -0700 2008-06-22 19:21:27 -0700 Code dump code.txt text/plain 1084 zwarich MjUgaW5zdHJ1Y3Rpb25zOyAzNjggYnl0ZXMgYXQgMHgxNWEyOGU1MDsgMiBsb2NhbHMgKDIgcGFy YW1ldGVycyk7IDMwIHRlbXBvcmFyaWVzCgpbICAgMF0gcmVzb2x2ZQkJIHRyMCwgRXZlbnQoQGlk MCkKWyAgIDNdIGdldF9ieV9pZAkgdHIxLCB0cjAsIHN0b3BFdmVudChAaWQxKQpbICAgN10gbW92 CQkgdHIxMywgbHIxClsgIDEwXSBjYWxsCQkgdHIwLCB0cjEsIHRyMCwgMTIsIDIKWyAgMTZdIHJl c29sdmVfd2l0aF9iYXNlIHRyMiwgdHIxLCBqKEBpZDIpClsgIDIwXSBsb2FkCQkgdHIzLCAxKEBr MCkJCQpbICAyM10gYWRkCQkgdHIxLCB0cjEsIHRyMwpbICAyN10gcHV0X2J5X2lkCSB0cjIsIGoo QGlkMiksIHRyMQpbICAzMV0gcmVzb2x2ZQkJIHRyMiwgaihAaWQyKQpbICAzNF0gcmVzb2x2ZQkJ IHRyMywgcChAaWQzKQpbICAzN10gZ2V0X2J5X2lkCSB0cjMsIHRyMywgbGVuZ3RoKEBpZDQpClsg IDQxXSBsZXNzZXEJCSB0cjIsIHRyMywgdHIyClsgIDQ1XSBqZmFsc2UJCSB0cjIsIDExKC0+NTgp ClsgIDQ4XSByZXNvbHZlX2Jhc2UJIHRyMiwgaihAaWQyKQpbICA1MV0gbG9hZAkJIHRyMywgMChA azEpCQkKWyAgNTRdIHB1dF9ieV9pZAkgdHIyLCBqKEBpZDIpLCB0cjMKWyAgNThdIHJlc29sdmUJ CSB0cjIsIERvbShAaWQ1KQpbICA2MV0gZ2V0X2J5X2lkCSB0cjMsIHRyMiwgYWN0aXZhdGUoQGlk NikKWyAgNjVdIHJlc29sdmUJCSB0cjE2LCBwKEBpZDMpClsgIDY4XSBnZXRfYnlfaWQJIHRyMTcs IHRyMTYsIGdldChAaWQ3KQpbICA3Ml0gcmVzb2x2ZQkJIHRyMjksIGooQGlkMikKWyAgNzVdIGNh bGwJCSB0cjE1LCB0cjE3LCB0cjE2LCAyOCwgMgpbICA4MV0gY2FsbAkJIHRyMiwgdHIzLCB0cjIs IDE0LCAyClsgIDg3XSBsb2FkCQkgdHIwLCB1bmRlZmluZWQoQGsyKQkJClsgIDkwXSByZXQJCSB0 cjAKCklkZW50aWZpZXJzOgogIGlkMCA9IEV2ZW50CiAgaWQxID0gc3RvcEV2ZW50CiAgaWQyID0g agogIGlkMyA9IHAKICBpZDQgPSBsZW5ndGgKICBpZDUgPSBEb20KICBpZDYgPSBhY3RpdmF0ZQog IGlkNyA9IGdldAoKQ29uc3RhbnRzOgogIGswID0gMQogIGsxID0gMAogIGsyID0gdW5kZWZpbmVk Cg== 21879 2008-06-23 02:59:30 -0700 2008-06-23 02:59:30 -0700 Destructor backtrace backtrace.txt text/plain 1904 zwarich QnJlYWtwb2ludCA3LCBLSlM6OlJlZ2lzdGVyRmlsZTo6flJlZ2lzdGVyRmlsZSAodGhpcz0weDE1 NjE0OTYwKSBhdCBSZWdpc3RlckZpbGUuaDoxMDYKMTA2ICAgICAgICAgICAgICAgICAgICBzZXRC dWZmZXIoMCk7CiMwICBLSlM6OlJlZ2lzdGVyRmlsZTo6flJlZ2lzdGVyRmlsZSAodGhpcz0weDE1 NjE0OTYwKSBhdCBSZWdpc3RlckZpbGUuaDoxMDYKIzEgIDB4MDA1MjFkN2IgaW4gS0pTOjpSZWdp c3RlckZpbGU6On5SZWdpc3RlckZpbGUgKHRoaXM9MHgxNTYxNDk2MCkgYXQgUmVnaXN0ZXJGaWxl Lmg6MTA3CiMyICAweDAwNTIxODkxIGluIEtKUzo6UmVnaXN0ZXJGaWxlU3RhY2s6OnBvcEZ1bmN0 aW9uUmVnaXN0ZXJGaWxlICh0aGlzPTB4MTU3NzAzZTgpIGF0IC9Vc2Vycy9DYW1lcm9uL1dlYktp dC9KYXZhU2NyaXB0Q29yZS9WTS9SZWdpc3RlckZpbGVTdGFjay5jcHA6OTYKIzMgIDB4MDA0NmM5 NjkgaW4gS0pTOjpKU0Z1bmN0aW9uOjpjYWxsQXNGdW5jdGlvbiAodGhpcz0weDE2NmYzOWEwLCBl eGVjPTB4MTQ1NGY3ZjAsIHRoaXNPYmo9MHgxNDZlMDAwMCwgYXJncz1AMHhiZmZmZTdiNCkgYXQg SlNGdW5jdGlvbi5jcHA6OTEKIzQgIDB4MDJlNGJiYmIgaW4gV2ViQ29yZTo6U2NoZWR1bGVkQWN0 aW9uOjpleGVjdXRlICh0aGlzPTB4MTQ3MTU0ZDAsIHdpbmRvd1NoZWxsPTB4MTQ2ZTAwMDApIGF0 IC9Vc2Vycy9DYW1lcm9uL1dlYktpdC9XZWJDb3JlL2JpbmRpbmdzL2pzL1NjaGVkdWxlZEFjdGlv bi5jcHA6NzQKIzUgIDB4MDJmNDg3NDMgaW4gV2ViQ29yZTo6SlNET01XaW5kb3dCYXNlOjp0aW1l ckZpcmVkICh0aGlzPTB4MTVkNDNlZTAsIHRpbWVyPTB4MTQ3YmZiMzApIGF0IC9Vc2Vycy9DYW1l cm9uL1dlYktpdC9XZWJDb3JlL2JpbmRpbmdzL2pzL0pTRE9NV2luZG93QmFzZS5jcHA6MTI3OAoj NiAgMHgwMmY0ODdiOCBpbiBXZWJDb3JlOjpET01XaW5kb3dUaW1lcjo6ZmlyZWQgKHRoaXM9MHgx NDdiZmIzMCkgYXQgL1VzZXJzL0NhbWVyb24vV2ViS2l0L1dlYkNvcmUvYmluZGluZ3MvanMvSlNE T01XaW5kb3dCYXNlLmNwcDoxMzEyCiM3ICAweDAyZTg1M2VjIGluIFdlYkNvcmU6OlRpbWVyQmFz ZTo6ZmlyZVRpbWVycyAoZmlyZVRpbWU9MTIxNDIxNDA3MS4xNTkwODE5LCBmaXJpbmdUaW1lcnM9 QDB4YmZmZmU5NGMpIGF0IC9Vc2Vycy9DYW1lcm9uL1dlYktpdC9XZWJDb3JlL3BsYXRmb3JtL1Rp bWVyLmNwcDozNDcKIzggIDB4MDJlODU0OTQgaW4gV2ViQ29yZTo6VGltZXJCYXNlOjpzaGFyZWRU aW1lckZpcmVkICgpIGF0IC9Vc2Vycy9DYW1lcm9uL1dlYktpdC9XZWJDb3JlL3BsYXRmb3JtL1Rp bWVyLmNwcDozNjgKIzkgIDB4MDJlNWZhYTYgaW4gdGltZXJGaXJlZCAoKSBhdCAvVXNlcnMvQ2Ft ZXJvbi9XZWJLaXQvV2ViQ29yZS9wbGF0Zm9ybS9tYWMvU2hhcmVkVGltZXJNYWMubW06ODQKIzEw IDB4OTY5ODJiM2UgaW4gQ0ZSdW5Mb29wUnVuU3BlY2lmaWMgKCkKIzExIDB4OTY5ODJjZjggaW4g Q0ZSdW5Mb29wUnVuSW5Nb2RlICgpCiMxMiAweDk1MmFmZGE0IGluIFJ1bkN1cnJlbnRFdmVudExv b3BJbk1vZGUgKCkKIzEzIDB4OTUyYWZiYmQgaW4gUmVjZWl2ZU5leHRFdmVudENvbW1vbiAoKQoj MTQgMHg5NTJhZmEzMSBpbiBCbG9ja1VudGlsTmV4dEV2ZW50TWF0Y2hpbmdMaXN0SW5Nb2RlICgp CiMxNSAweDkzODgyNTA1IGluIF9EUFNOZXh0RXZlbnQgKCkKIzE2IDB4OTM4ODFkYjggaW4gLVtO U0FwcGxpY2F0aW9uIG5leHRFdmVudE1hdGNoaW5nTWFzazp1bnRpbERhdGU6aW5Nb2RlOmRlcXVl dWU6XSAoKQojMTcgMHgwMDAwODZiZSBpbiA/PyAoKQojMTggMHg5Mzg3YWRmMyBpbiAtW05TQXBw bGljYXRpb24gcnVuXSAoKQojMTkgMHg5Mzg0ODAzMCBpbiBOU0FwcGxpY2F0aW9uTWFpbiAoKQoj MjAgMHgwMDBiYTRkNiBpbiA/PyAoKQo= 21892 2008-06-23 17:09:58 -0700 2008-06-23 17:11:24 -0700 Proposed patch reentrant-unwind.diff text/plain 4506 zwarich SW5kZXg6IEphdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBKYXZhU2NyaXB0 Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDM0NzUwKQorKysgSmF2YVNjcmlwdENvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTcgQEAKKzIwMDgtMDYtMjMgIENhbWVyb24g WndhcmljaCAgPGN3endhcmljaEB1d2F0ZXJsb28uY2E+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkg Tk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQnVnIDE5NzE2OiBSRUdSRVNTSU9OIChTcXVpcnJl bEZpc2gpOiBSZXByb2R1Y2libGUgY3Jhc2ggYWZ0ZXIgZW50ZXJpbmcgYSB1c2VybmFtZSBhdCBt aW50LmNvbQorICAgICAgICA8aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE5NzE2PgorCisgICAgICAgIFdoZW4gdW53aW5kaW5nIGNhbGxmcmFtZXMgZm9yIGV4Y2VwdGlv bnMsIGNoZWNrIHdoZXRoZXIgdGhlIGNhbGxmcmFtZQorICAgICAgICB3YXMgY3JlYXRlZCBieSBh IHJlZW50cmFudCBuYXRpdmUgY2FsbCB0byBKYXZhU2NyaXB0IGFmdGVyIHRlYXJpbmcgb2ZmCisg ICAgICAgIHRoZSBsb2NhbCB2YXJpYWJsZXMgaW5zdGVhZCBvZiBiZWZvcmUuCisKKyAgICAgICAg KiBWTS9NYWNoaW5lLmNwcDoKKyAgICAgICAgKEtKUzo6TWFjaGluZTo6dW53aW5kQ2FsbEZyYW1l KToKKwogMjAwOC0wNi0yMyAgTWFyayBSb3dlICA8bXJvd2VAYXBwbGUuY29tPgogCiAgICAgICAg IFJldmlld2VkIGJ5IE9saXZlciBIdW50LgpJbmRleDogSmF2YVNjcmlwdENvcmUvVk0vTWFjaGlu ZS5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gSmF2YVNjcmlwdENvcmUvVk0vTWFjaGluZS5jcHAJKHJldmlz aW9uIDM0NzQ5KQorKysgSmF2YVNjcmlwdENvcmUvVk0vTWFjaGluZS5jcHAJKHdvcmtpbmcgY29w eSkKQEAgLTU3NSwxNiArNTc1LDE2IEBAIE5FVkVSX0lOTElORSBib29sIE1hY2hpbmU6OnVud2lu ZENhbGxGcmEKIAogICAgIGlmIChpc0dsb2JhbENhbGxGcmFtZShyZWdpc3RlckJhc2UsIHIpKQog ICAgICAgICByZXR1cm4gZmFsc2U7Ci0KLSAgICBjb2RlQmxvY2sgPSBjYWxsRnJhbWVbQ2FsbGVy Q29kZUJsb2NrXS51LmNvZGVCbG9jazsKLSAgICBpZiAoIWNvZGVCbG9jaykKLSAgICAgICAgcmV0 dXJuIGZhbHNlOwotCisgICAgCiAgICAgLy8gSWYgdGhpcyBjYWxsIGZyYW1lIGNyZWF0ZWQgYW4g YWN0aXZhdGlvbiwgdGVhciBpdCBvZmYuCiAgICAgaWYgKEpTQWN0aXZhdGlvbiogYWN0aXZhdGlv biA9IHN0YXRpY19jYXN0PEpTQWN0aXZhdGlvbio+KGNhbGxGcmFtZVtPcHRpb25hbENhbGxlZUFj dGl2YXRpb25dLnUuanNWYWx1ZSkpIHsKICAgICAgICAgQVNTRVJUKGFjdGl2YXRpb24tPmlzQWN0 aXZhdGlvbk9iamVjdCgpKTsKICAgICAgICAgYWN0aXZhdGlvbi0+Y29weVJlZ2lzdGVycygpOwog ICAgIH0KKyAgICAKKyAgICBjb2RlQmxvY2sgPSBjYWxsRnJhbWVbQ2FsbGVyQ29kZUJsb2NrXS51 LmNvZGVCbG9jazsKKyAgICBpZiAoIWNvZGVCbG9jaykKKyAgICAgICAgcmV0dXJuIGZhbHNlOwog CiAgICAgayA9IGNvZGVCbG9jay0+anNWYWx1ZXMuZGF0YSgpOwogICAgIHNjb3BlQ2hhaW4gPSBj YWxsRnJhbWVbQ2FsbGVyU2NvcGVDaGFpbl0udS5zY29wZUNoYWluOwpJbmRleDogTGF5b3V0VGVz dHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNp b24gMzQ3NTApCisrKyBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEs MyArMSwxNiBAQAorMjAwOC0wNi0yMyAgQ2FtZXJvbiBad2FyaWNoICA8Y3d6d2FyaWNoQHV3YXRl cmxvby5jYT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBUZXN0cyBmb3I6CisKKyAgICAgICAgQnVnIDE5NzE2OiBSRUdSRVNTSU9OIChTcXVpcnJlbEZp c2gpOiBSZXByb2R1Y2libGUgY3Jhc2ggYWZ0ZXIgZW50ZXJpbmcgYSB1c2VybmFtZSBhdCBtaW50 LmNvbQorICAgICAgICA8aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5 NzE2PgorCisgICAgICAgICogZmFzdC9qcy9yZWVudHJhbnQtY2FsbC11bndpbmQtZXhwZWN0ZWQu dHh0OiBBZGRlZC4KKyAgICAgICAgKiBmYXN0L2pzL3JlZW50cmFudC1jYWxsLXVud2luZC5odG1s OiBBZGRlZC4KKyAgICAgICAgKiBmYXN0L2pzL3Jlc291cmNlcy9yZWVudHJhbnQtY2FsbC11bndp bmQuanM6IEFkZGVkLgorCiAyMDA4LTA2LTIzICBEYXZpZCBLaWx6ZXIgIDxkZGtpbHplckBhcHBs ZS5jb20+CiAKICAgICAgICAgVXBkYXRlZCB0ZXN0IGZvciBCdWcgMTU4MjM6IGdldFByb3BlcnR5 VmFsdWUgZm9yIGJvcmRlciByZXR1cm5zIG51bGwsIHNob3VsZCBjb21wdXRlIHRoZSBzaG9ydGhh bmQgdmFsdWUKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvanMvcmVlbnRyYW50LWNhbGwtdW53aW5k LWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L2pzL3JlZW50cmFu dC1jYWxsLXVud2luZC1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9m YXN0L2pzL3JlZW50cmFudC1jYWxsLXVud2luZC1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBA IC0wLDAgKzEsMTAgQEAKK1RoaXMgdGVzdCBjaGVja3MgdGhhdCB1bndpbmRpbmcgb2YgZXhjZXB0 aW9ucyBwcm9wZXJseSBjb3BpZXMgcmVnaXN0ZXJzIG9mIGFjdGl2YXRpb24gZnJhbWVzIGNyZWF0 ZWQgYnkgcmVlbnRyYW50IGNhbGxzIHRvIEphdmFTY3JpcHQuCisKK09uIHN1Y2Nlc3MsIHlvdSB3 aWxsIHNlZSBhIHNlcmllcyBvZiAiUEFTUyIgbWVzc2FnZXMsIGZvbGxvd2VkIGJ5ICJURVNUIENP TVBMRVRFIi4KKworCitQQVNTIGYoKSBpcyAwCitQQVNTIHN1Y2Nlc3NmdWxseVBhcnNlZCBpcyB0 cnVlCisKK1RFU1QgQ09NUExFVEUKKwpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9qcy9yZWVudHJh bnQtY2FsbC11bndpbmQuaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L2pzL3Jl ZW50cmFudC1jYWxsLXVud2luZC5odG1sCShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFz dC9qcy9yZWVudHJhbnQtY2FsbC11bndpbmQuaHRtbAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwx MyBAQAorPCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9JRVRGLy9EVEQgSFRNTC8vRU4iPgorPGh0 bWw+Cis8aGVhZD4KKzxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0icmVzb3VyY2VzL2pzLXRl c3Qtc3R5bGUuY3NzIj4KKzxzY3JpcHQgc3JjPSJyZXNvdXJjZXMvanMtdGVzdC1wcmUuanMiPjwv c2NyaXB0PgorPC9oZWFkPgorPGJvZHk+Cis8cCBpZD0iZGVzY3JpcHRpb24iPjwvcD4KKzxkaXYg aWQ9ImNvbnNvbGUiPjwvZGl2PgorPHNjcmlwdCBzcmM9InJlc291cmNlcy9yZWVudHJhbnQtY2Fs bC11bndpbmQuanMiPjwvc2NyaXB0PgorPHNjcmlwdCBzcmM9InJlc291cmNlcy9qcy10ZXN0LXBv c3QuanMiPjwvc2NyaXB0PgorPC9ib2R5PgorPC9odG1sPgpJbmRleDogTGF5b3V0VGVzdHMvZmFz dC9qcy9yZXNvdXJjZXMvcmVlbnRyYW50LWNhbGwtdW53aW5kLmpzCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExh eW91dFRlc3RzL2Zhc3QvanMvcmVzb3VyY2VzL3JlZW50cmFudC1jYWxsLXVud2luZC5qcwkocmV2 aXNpb24gMCkKKysrIExheW91dFRlc3RzL2Zhc3QvanMvcmVzb3VyY2VzL3JlZW50cmFudC1jYWxs LXVud2luZC5qcwkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwxOSBAQAorZGVzY3JpcHRpb24oCisi VGhpcyB0ZXN0IGNoZWNrcyB0aGF0IHVud2luZGluZyBvZiBleGNlcHRpb25zIHByb3Blcmx5IGNv cGllcyByZWdpc3RlcnMgb2YgYWN0aXZhdGlvbiBmcmFtZXMgY3JlYXRlZCBieSByZWVudHJhbnQg Y2FsbHMgdG8gSmF2YVNjcmlwdC4iCispOworCit2YXIgZjsKKwordHJ5IHsKKyAgICAoZnVuY3Rp b24oKSB7CisgICAgICAgIHZhciBqID0gMDsKKyAgICAgICAgZiA9IGZ1bmN0aW9uKCkgeyByZXR1 cm4gajsgfTsKKyAgICAgICAgdGhyb3cgbmV3IE9iamVjdCgpOworICAgIH0pLmFwcGx5KCk7Cit9 IGNhdGNoIChlKSB7CisgICAgKGZ1bmN0aW9uKCkgeworICAgICAgICBzaG91bGRCZSgiZigpIiwg IjAiKTsKKyAgICB9KS5hcHBseSgpOworfQorCit2YXIgc3VjY2Vzc2Z1bGx5UGFyc2VkID0gdHJ1 ZTsK