200954 2019-08-20 17:24:39 -0700 REGRESSION (r248807): Objects stored in ElementRareData are leaked 2019-08-28 08:15:55 -0700 1 1 1 Unclassified WebKit New Bugs Other Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ryanhaddad rniwa ap cdumez dbates ddkilzer esprehn+autocc ews-watchlist kangil.han koivisto rniwa saam sabouhallawa simon.fraser webkit-bot-watchers-bugzilla webkit-bug-importer wenson_hsieh oldest_to_newest 1563317 0 ryanhaddad 2019-08-20 17:24:39 -0700 @ r248804, the Mojave Leaks bot showed 401 unique leaks https://build.webkit.org/builders/Apple%20Mojave%20%28Leaks%29/builds/4031 @ r248807, it showed 3519 unique leaks https://build.webkit.org/builders/Apple%20Mojave%20%28Leaks%29/builds/4032 1563318 1 webkit-bug-importer 2019-08-20 17:24:58 -0700 <rdar://problem/54536113> 1563319 2 webkit-bug-importer 2019-08-20 17:25:11 -0700 <rdar://problem/54536121> 1563321 3 ryanhaddad 2019-08-20 17:26:27 -0700 Looking at the revisions in the range, this looks like a change that could be responsible: Don't use union to store NodeRareData* and RenderObject* https://trac.webkit.org/changeset/248807/webkit 1563332 4 ryanhaddad 2019-08-20 17:40:13 -0700 I can't get the leaks viewer to show any data, it hangs at loading 26/66 files https://build.webkit.org/LeaksViewer/?url=%2Fresults%2FApple%20Mojave%20%28Leaks%29%2Fr248807%20%284032%29%2F I see a bunch of 503 errors in the console, but clicking the links for those resources works. 1564696 5 377181 rniwa 2019-08-23 16:53:21 -0700 Created attachment 377181 Fixes the bug 1564700 6 377181 ddkilzer 2019-08-23 16:59:24 -0700 Comment on attachment 377181 Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=377181&action=review r=me > Source/WebCore/dom/NodeRareData.h:277 > + virtual ~NodeRareData() > + { } Do we need to declare this inline? I recall saving space by not inlining destructors of some classes. (I guess this is rare, though? :) 1564704 7 377181 rniwa 2019-08-23 17:07:48 -0700 Comment on attachment 377181 Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=377181&action=review >> Source/WebCore/dom/NodeRareData.h:277 >> + { } > > Do we need to declare this inline? I recall saving space by not inlining destructors of some classes. (I guess this is rare, though? :) Otherwise ElementRareData::~ElementRareData would make an actual function call, which would be silly. We used to not inline virtual functions to make compilation faster but I don't think it matters for this file. 1564709 8 rniwa 2019-08-23 17:20:59 -0700 Committed r249076: <https://trac.webkit.org/changeset/249076> 1564739 9 377181 sabouhallawa 2019-08-23 18:27:08 -0700 Comment on attachment 377181 Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=377181&action=review > Source/WebCore/ChangeLog:9 > + NodeRareData didn't have a virtual destructor. As a result, member variables > + of ElementRareData did not get destructed properly. Usually the complier gives an error/warning if a class is a base class and it does not have a virtual destructor. I wonder what was the reason for having the complier silent in the case of NodeRareData. 1564743 10 rniwa 2019-08-23 19:17:35 -0700 (In reply to Said Abou-Hallawa from comment #9) > Comment on attachment 377181 [details] > Fixes the bug > > View in context: > https://bugs.webkit.org/attachment.cgi?id=377181&action=review > > > Source/WebCore/ChangeLog:9 > > + NodeRareData didn't have a virtual destructor. As a result, member variables > > + of ElementRareData did not get destructed properly. > > Usually the complier gives an error/warning if a class is a base class and > it does not have a virtual destructor. I wonder what was the reason for > having the complier silent in the case of NodeRareData. There is no virtual function in ElementRareData. I wish clang did warn about it too. Also confirmed that this fixed most of the leak: https://build.webkit.org/builders/Apple%20Mojave%20%28Leaks%29/builds/4132 1564775 11 koivisto 2019-08-23 23:52:59 -0700 We shouldn't virtualize a performance sensitive type like this just to be able to destroy it (blot from unnecessary pointer, extra virtual function call, another vtable to corrupt). Please revert this patch and implement destruction manually like it was done before. 1564778 12 377181 rniwa 2019-08-23 23:57:04 -0700 Comment on attachment 377181 Fixes the bug I don't think it makes sense to mark this patch as r- since it has already been landed. 1564779 13 rniwa 2019-08-24 00:00:30 -0700 (In reply to Antti Koivisto from comment #11) > We shouldn't virtualize a performance sensitive type like this just to be > able to destroy it (blot from unnecessary pointer, extra virtual function > call, another vtable to corrupt). I'm not sure about that. vtable pointer in NodeRareData shouldn't matter because we'd create it for a far fewer DOM nodes after r248807. > Please revert this patch and implement destruction manually like it was done before. I've thought about this approach and in fact wrote such a patch locally but decided not to do that because: 1. We won't be able to use unique_ptr or rather defeats the point of it if we had to leakPtr and delete it manually. 2. Relying on Node::m_flags to decide which destructor to use can result in a type confusion if Node::m_flags was heap overrun. 1564782 14 rniwa 2019-08-24 00:10:07 -0700 I think a good alternative is what Saam suggested which is to override deleter, and we can use a single bit of m_connectedFrameCount to record whether it's NodeRareData or not. This will avoid (1) as well as (2). The flag in NodeRareData being heap overran is a moot point since such an overrun can also override vtable pointer. 1564785 15 koivisto 2019-08-24 00:18:49 -0700 > I've thought about this approach and in fact wrote such a patch locally but > decided not to do that because: > 1. We won't be able to use unique_ptr or rather defeats the point of it if > we had to leakPtr and delete it manually. I don't think the aesthetic concern is worth an otherwise unnecessary vptr in this particular code (it may be in other places). > 2. Relying on Node::m_flags to decide which destructor to use can result in > a type confusion if Node::m_flags was heap overrun. Is vptr somehow more secure? This pattern has been used here for a long time. 1564786 16 rniwa 2019-08-24 00:22:27 -0700 (In reply to Antti Koivisto from comment #15) > > I've thought about this approach and in fact wrote such a patch locally but > > decided not to do that because: > > 1. We won't be able to use unique_ptr or rather defeats the point of it if > > we had to leakPtr and delete it manually. > > I don't think the aesthetic concern is worth an otherwise unnecessary vptr > in this particular code (it may be in other places). It's not an aesthetic concern. It's easy to introduce bugs when exotic memory management mechanisms are used. > > 2. Relying on Node::m_flags to decide which destructor to use can result in > > a type confusion if Node::m_flags was heap overrun. > > Is vptr somehow more secure? This pattern has been used here for a long time. Yes. With vtable pointer, only memory corruption of NodeRareData itself would result in type confusion whereas the old code would have let Node::m_nodeFlags to cause a type confusion in NodeRareData itself. Since the whole point of r248807 is not let that kind of type confusion happen (which had been a source of number of security bugs), going back to the old model isn't desirable. 1564787 17 rniwa 2019-08-24 00:30:54 -0700 Let's go with the deleter approach. 1564788 18 koivisto 2019-08-24 00:36:35 -0700 (In reply to Ryosuke Niwa from comment #14) > I think a good alternative is what Saam suggested which is to override > deleter, and we can use a single bit of m_connectedFrameCount to record > whether it's NodeRareData or not. > > This will avoid (1) as well as (2). The flag in NodeRareData being heap > overran is a moot point since such an overrun can also override vtable > pointer. That seems like a good plan. Clearly my review of r248807 was too hasty, it shouldn't have been r+'d in the first place considering this obvious issue. Sorry about that. 1564789 19 rniwa 2019-08-24 00:39:38 -0700 (In reply to Antti Koivisto from comment #18) > (In reply to Ryosuke Niwa from comment #14) > > I think a good alternative is what Saam suggested which is to override > > deleter, and we can use a single bit of m_connectedFrameCount to record > > whether it's NodeRareData or not. > > > > This will avoid (1) as well as (2). The flag in NodeRareData being heap > > overran is a moot point since such an overrun can also override vtable > > pointer. > > That seems like a good plan. > > Clearly my review of r248807 was too hasty, it shouldn't have been r+'d in > the first place considering this obvious issue. Sorry about that. Wanna use a new bug to override deleter? I was thinking that I can just re-open this bug and post a new patch. 1564790 20 koivisto 2019-08-24 00:40:40 -0700 Re-opening is good. 1564793 21 rniwa 2019-08-24 01:04:04 -0700 Reopening. 1564795 22 rniwa 2019-08-24 01:30:33 -0700 Ugh... I have to fix makeUnique because it doesn't know how to take Deleter or default_delete. Probably have to do that on Monday. 1565640 23 377423 rniwa 2019-08-27 21:09:29 -0700 Created attachment 377423 Address Antti's comment 1565648 24 377423 koivisto 2019-08-27 22:56:27 -0700 Comment on attachment 377423 Address Antti's comment This is a good way to do this. 1565706 25 377423 rniwa 2019-08-28 08:15:53 -0700 Comment on attachment 377423 Address Antti's comment Clearing flags on attachment: 377423 Committed r249198: <https://trac.webkit.org/changeset/249198> 1565707 26 rniwa 2019-08-28 08:15:55 -0700 All reviewed patches have been landed. Closing bug. 377181 2019-08-23 16:53:21 -0700 2019-08-27 21:09:57 -0700 Fixes the bug bug-200954-20190823165320.patch text/plain 1853 rniwa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDI0OTA3NSkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE3IEBACisyMDE5LTA4LTIzICBSeW9zdWtl IE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIFJFR1JFU1NJT04gKHIyNDg4MDcp OiBPYmplY3RzIHN0b3JlZCBpbiBFbGVtZW50UmFyZURhdGEgYXJlIGxlYWtlZAorICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjAwOTU0CisKKyAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgTm9kZVJhcmVEYXRhIGRpZG4n dCBoYXZlIGEgdmlydHVhbCBkZXN0cnVjdG9yLiBBcyBhIHJlc3VsdCwgbWVtYmVyIHZhcmlhYmxl cworICAgICAgICBvZiBFbGVtZW50UmFyZURhdGEgZGlkIG5vdCBnZXQgZGVzdHJ1Y3RlZCBwcm9w ZXJseS4KKworICAgICAgICAqIGRvbS9Ob2RlUmFyZURhdGEuY3BwOgorICAgICAgICAqIGRvbS9O b2RlUmFyZURhdGEuaDoKKyAgICAgICAgKFdlYkNvcmU6Ok5vZGVSYXJlRGF0YTo6fk5vZGVSYXJl RGF0YSk6CisKIDIwMTktMDgtMjMgIFdlbnNvbiBIc2llaCAgPHdlbnNvbl9oc2llaEBhcHBsZS5j b20+CiAKICAgICAgICAgW2lPU10gW1dlYktpdDJdIFRhcHBpbmcgb24gdGhlIOKAnEnigJlt4oCd IHRleHQgc3VnZ2VzdGlvbiBhZnRlciB0eXBpbmcg4oCcaeKAmeKAnSBkb2VzIG5vdGhpbmcKSW5k ZXg6IFNvdXJjZS9XZWJDb3JlL2RvbS9Ob2RlUmFyZURhdGEuY3BwCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNv dXJjZS9XZWJDb3JlL2RvbS9Ob2RlUmFyZURhdGEuY3BwCShyZXZpc2lvbiAyNDkwNzEpCisrKyBT b3VyY2UvV2ViQ29yZS9kb20vTm9kZVJhcmVEYXRhLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMzYs OCArMzYsOCBAQAogbmFtZXNwYWNlIFdlYkNvcmUgewogCiBzdHJ1Y3QgU2FtZVNpemVBc05vZGVS YXJlRGF0YSB7Ci0gICAgdW5zaWduZWQgbV9iaXRmaWVsZHMgOiAyMDsKLSAgICB2b2lkKiBtX3Bv aW50ZXJbMl07CisgICAgdW5zaWduZWQgbV9mcmFtZUNvdW50OworICAgIHZvaWQqIG1fcG9pbnRl clszXTsKIH07CiAKIENPTVBJTEVfQVNTRVJUKHNpemVvZihOb2RlUmFyZURhdGEpID09IHNpemVv ZihTYW1lU2l6ZUFzTm9kZVJhcmVEYXRhKSwgTm9kZVJhcmVEYXRhU2hvdWxkU3RheVNtYWxsKTsK SW5kZXg6IFNvdXJjZS9XZWJDb3JlL2RvbS9Ob2RlUmFyZURhdGEuaAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBT b3VyY2UvV2ViQ29yZS9kb20vTm9kZVJhcmVEYXRhLmgJKHJldmlzaW9uIDI0OTA3MSkKKysrIFNv dXJjZS9XZWJDb3JlL2RvbS9Ob2RlUmFyZURhdGEuaAkod29ya2luZyBjb3B5KQpAQCAtMjczLDYg KzI3Myw5IEBAIHB1YmxpYzoKICAgICBOb2RlUmFyZURhdGEoKQogICAgIHsgfQogCisgICAgdmly dHVhbCB+Tm9kZVJhcmVEYXRhKCkKKyAgICB7IH0KKwogICAgIHZvaWQgY2xlYXJOb2RlTGlzdHMo KSB7IG1fbm9kZUxpc3RzID0gbnVsbHB0cjsgfQogICAgIE5vZGVMaXN0c05vZGVEYXRhKiBub2Rl TGlzdHMoKSBjb25zdCB7IHJldHVybiBtX25vZGVMaXN0cy5nZXQoKTsgfQogICAgIE5vZGVMaXN0 c05vZGVEYXRhJiBlbnN1cmVOb2RlTGlzdHMoKQo= 377423 2019-08-27 21:09:29 -0700 2019-08-28 08:15:53 -0700 Address Antti's comment bug-200954-20190827210928.patch text/plain 5782 rniwa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDI0OTE5MCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDMzIEBACisyMDE5LTA4LTI3ICBSeW9zdWtl IE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIFJFR1JFU1NJT04gKHIyNDg4MDcp OiBPYmplY3RzIHN0b3JlZCBpbiBFbGVtZW50UmFyZURhdGEgYXJlIGxlYWtlZAorICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjAwOTU0CisKKyAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVXNlIGEgY3VzdG9tIGRlbGV0 ZXIgaW4gc3RkOjp1bmlxdWVfcHRyIHRvIGNhbGwgdGhlIGNvcnJlY3QgZGVzdHJ1Y3RvciBpbnN0 ZWFkIG9mIG1ha2luZworICAgICAgICBOb2RlUmFyZURhdGEncyBkZXN0cnVjdG9yIHZpcnR1YWwu IEFkZGVkIE5vZGVSYXJlRGF0YTo6aXNFbGVtZW50UmFyZURhdGEgdG8gZGlmZmVyZW50aWF0ZQor ICAgICAgICBFbGVtZW50UmFyZURhdGEgYW5kIE5vZGVSYXJlRGF0YSBieSBib3Jyb3dpbmcgMSBi aXQgZnJvbSB0aGUgZnJhbWUgY291bnQuCisKKyAgICAgICAgTm8gbmV3IHRlc3RzIHNpbmNlIHRo ZXJlIHNob3VsZCBiZSBubyBiZWhhdmlvcmFsIGNoYW5nZS4KKworICAgICAgICAqIGRvbS9FbGVt ZW50UmFyZURhdGEuaDoKKyAgICAgICAgKFdlYkNvcmU6OkVsZW1lbnRSYXJlRGF0YTo6RWxlbWVu dFJhcmVEYXRhKToKKyAgICAgICAgKiBkb20vTm9kZS5jcHA6CisgICAgICAgIChXZWJDb3JlOjpO b2RlOjptYXRlcmlhbGl6ZVJhcmVEYXRhKTogQ2FsbCB0aGUgY29uc3RydWN0b3JzIG9mIHVuaXF1 ZV9wdHIgZGlyZWN0bHkgc2luY2UKKyAgICAgICAgbWFrZV91bmlxdWUgZG9lcyBub3QgdGFrZSBh IGN1c3RvbSBkZWxldGVyLiBXZSBjYW4ndCBhZGQgdGhlIHN1cHBvcnQgdG8gbWFrZVVuaXF1ZSBl aXRoZXIKKyAgICAgICAgd2l0aG91dCBtYWtpbmcgaXQgdGhyZWUgYXJndW1lbnRzIHNpbmNlIHdl IG5lZWQgdG8gY2FzdCBFbGVtZW50UmFyZURhdGEgdG8gTm9kZVJhcmVEYXRhCisgICAgICAgIGlu IGFkZGl0aW9uIHRvIHNwZWNpZnlpbmcgYSBjdXN0b20gZGVsZXRlciAobm9ybWFsIGNhc3Rpbmcg d291bGRuJ3Qgd29yayBkdWUgdG8KKyAgICAgICAgdGhlIHByZXNlbmNlIG9mIGEgY3VzdG9tIGRl bGV0ZXIpLgorICAgICAgICAoV2ViQ29yZTo6Tm9kZTo6Tm9kZVJhcmVEYXRhRGVsZXRlcjo6b3Bl cmF0b3IoKSBjb25zdCk6IEFkZGVkLgorICAgICAgICAqIGRvbS9Ob2RlLmg6CisgICAgICAgIChX ZWJDb3JlOjpOb2RlOjpOb2RlUmFyZURhdGFEZWxldGVyKTogQWRkZWQuCisgICAgICAgICogZG9t L05vZGVSYXJlRGF0YS5jcHA6CisgICAgICAgICogZG9tL05vZGVSYXJlRGF0YS5oOgorICAgICAg ICAoV2ViQ29yZTo6Tm9kZVJhcmVEYXRhOjpOb2RlUmFyZURhdGEpOiBNYWtlcyBuZXdseSBhZGRl ZCBUeXBlLgorICAgICAgICAoV2ViQ29yZTo6Tm9kZVJhcmVEYXRhOjppc0VsZW1lbnRSYXJlRGF0 YSk6IEFkZGVkLgorICAgICAgICAoV2ViQ29yZTo6Tm9kZVJhcmVEYXRhOjp+Tm9kZVJhcmVEYXRh KTogRGVsZXRlZC4KKwogMjAxOS0wOC0yNyAgSm9obiBXaWxhbmRlciAgPHdpbGFuZGVyQGFwcGxl LmNvbT4gIGFuZCAgRnVqaWkgSGlyb25vcmkgIDxIaXJvbm9yaS5GdWppaUBzb255LmNvbT4KIAog ICAgICAgICBNYWtlIEZyYW1lTG9hZGVyOjpvcGVuKCkgc2V0IG91dGdvaW5nIHJlZmVycmVyIHBy b3Blcmx5CkluZGV4OiBTb3VyY2UvV2ViQ29yZS9kb20vRWxlbWVudFJhcmVEYXRhLmgKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gU291cmNlL1dlYkNvcmUvZG9tL0VsZW1lbnRSYXJlRGF0YS5oCShyZXZpc2lvbiAy NDkxODgpCisrKyBTb3VyY2UvV2ViQ29yZS9kb20vRWxlbWVudFJhcmVEYXRhLmgJKHdvcmtpbmcg Y29weSkKQEAgLTE5MCw3ICsxOTAsOCBAQCBwcml2YXRlOgogfTsKIAogaW5saW5lIEVsZW1lbnRS YXJlRGF0YTo6RWxlbWVudFJhcmVEYXRhKCkKLSAgICA6IG1fdGFiSW5kZXgoMCkKKyAgICA6IE5v ZGVSYXJlRGF0YShUeXBlOjpFbGVtZW50KQorICAgICwgbV90YWJJbmRleCgwKQogICAgICwgbV9j aGlsZEluZGV4KDApCiAgICAgLCBtX3RhYkluZGV4V2FzU2V0RXhwbGljaXRseShmYWxzZSkKICNp ZiBFTkFCTEUoRlVMTFNDUkVFTl9BUEkpCkluZGV4OiBTb3VyY2UvV2ViQ29yZS9kb20vTm9kZS5j cHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvZG9tL05vZGUuY3BwCShyZXZpc2lvbiAy NDkxODgpCisrKyBTb3VyY2UvV2ViQ29yZS9kb20vTm9kZS5jcHAJKHdvcmtpbmcgY29weSkKQEAg LTM5NSw5ICszOTUsMTcgQEAgdm9pZCBOb2RlOjp3aWxsQmVEZWxldGVkRnJvbShEb2N1bWVudCYg ZAogdm9pZCBOb2RlOjptYXRlcmlhbGl6ZVJhcmVEYXRhKCkKIHsKICAgICBpZiAoaXM8RWxlbWVu dD4oKnRoaXMpKQotICAgICAgICBtX3JhcmVEYXRhID0gbWFrZVVuaXF1ZTxFbGVtZW50UmFyZURh dGE+KCk7CisgICAgICAgIG1fcmFyZURhdGEgPSBzdGQ6OnVuaXF1ZV9wdHI8Tm9kZVJhcmVEYXRh LCBOb2RlUmFyZURhdGFEZWxldGVyPihuZXcgRWxlbWVudFJhcmVEYXRhKTsKICAgICBlbHNlCi0g ICAgICAgIG1fcmFyZURhdGEgPSBtYWtlVW5pcXVlPE5vZGVSYXJlRGF0YT4oKTsKKyAgICAgICAg bV9yYXJlRGF0YSA9IHN0ZDo6dW5pcXVlX3B0cjxOb2RlUmFyZURhdGEsIE5vZGVSYXJlRGF0YURl bGV0ZXI+KG5ldyBOb2RlUmFyZURhdGEpOworfQorCitpbmxpbmUgdm9pZCBOb2RlOjpOb2RlUmFy ZURhdGFEZWxldGVyOjpvcGVyYXRvcigpKE5vZGVSYXJlRGF0YSogcmFyZURhdGEpIGNvbnN0Cit7 CisgICAgaWYgKHJhcmVEYXRhLT5pc0VsZW1lbnRSYXJlRGF0YSgpKQorICAgICAgICBkZWxldGUg c3RhdGljX2Nhc3Q8RWxlbWVudFJhcmVEYXRhKj4ocmFyZURhdGEpOworICAgIGVsc2UKKyAgICAg ICAgZGVsZXRlIHN0YXRpY19jYXN0PE5vZGVSYXJlRGF0YSo+KHJhcmVEYXRhKTsKIH0KIAogdm9p ZCBOb2RlOjpjbGVhclJhcmVEYXRhKCkKSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2RvbS9Ob2RlLmgK PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PQotLS0gU291cmNlL1dlYkNvcmUvZG9tL05vZGUuaAkocmV2aXNpb24gMjQ5MTg4 KQorKysgU291cmNlL1dlYkNvcmUvZG9tL05vZGUuaAkod29ya2luZyBjb3B5KQpAQCAtNjY0LDYg KzY2NCwxMCBAQCBwcml2YXRlOgogICAgIHN0YXRpYyB2b2lkIG1vdmVUcmVlVG9OZXdTY29wZShO b2RlJiwgVHJlZVNjb3BlJiBvbGRTY29wZSwgVHJlZVNjb3BlJiBuZXdTY29wZSk7CiAgICAgdm9p ZCBtb3ZlTm9kZVRvTmV3RG9jdW1lbnQoRG9jdW1lbnQmIG9sZERvY3VtZW50LCBEb2N1bWVudCYg bmV3RG9jdW1lbnQpOwogCisgICAgc3RydWN0IE5vZGVSYXJlRGF0YURlbGV0ZXIgeworICAgICAg ICB2b2lkIG9wZXJhdG9yKCkoTm9kZVJhcmVEYXRhKikgY29uc3Q7CisgICAgfTsKKwogICAgIHVp bnQzMl90IG1fcmVmQ291bnRBbmRQYXJlbnRCaXQgeyBzX3JlZkNvdW50SW5jcmVtZW50IH07CiAg ICAgbXV0YWJsZSB1aW50MzJfdCBtX25vZGVGbGFnczsKIApAQCAtNjcyLDcgKzY3Niw3IEBAIHBy aXZhdGU6CiAgICAgTm9kZSogbV9wcmV2aW91cyB7IG51bGxwdHIgfTsKICAgICBOb2RlKiBtX25l eHQgeyBudWxscHRyIH07CiAgICAgQ29tcGFjdFBvaW50ZXJUdXBsZTxSZW5kZXJPYmplY3QqLCB1 aW50OF90PiBtX3JlbmRlcmVyV2l0aFN0eWxlRmxhZ3M7Ci0gICAgc3RkOjp1bmlxdWVfcHRyPE5v ZGVSYXJlRGF0YT4gbV9yYXJlRGF0YTsKKyAgICBzdGQ6OnVuaXF1ZV9wdHI8Tm9kZVJhcmVEYXRh LCBOb2RlUmFyZURhdGFEZWxldGVyPiBtX3JhcmVEYXRhOwogfTsKIAogI2lmbmRlZiBOREVCVUcK SW5kZXg6IFNvdXJjZS9XZWJDb3JlL2RvbS9Ob2RlUmFyZURhdGEuY3BwCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IFNvdXJjZS9XZWJDb3JlL2RvbS9Ob2RlUmFyZURhdGEuY3BwCShyZXZpc2lvbiAyNDkxODgpCisr KyBTb3VyY2UvV2ViQ29yZS9kb20vTm9kZVJhcmVEYXRhLmNwcAkod29ya2luZyBjb3B5KQpAQCAt MzYsOCArMzYsOCBAQAogbmFtZXNwYWNlIFdlYkNvcmUgewogCiBzdHJ1Y3QgU2FtZVNpemVBc05v ZGVSYXJlRGF0YSB7Ci0gICAgdW5zaWduZWQgbV9mcmFtZUNvdW50OwotICAgIHZvaWQqIG1fcG9p bnRlclszXTsKKyAgICB1bnNpZ25lZCBtX2ZyYW1lQ291bnRBbmRJc0VsZW1lbnRSYXJlRGF0YUZs YWc7CisgICAgdm9pZCogbV9wb2ludGVyWzJdOwogfTsKIAogQ09NUElMRV9BU1NFUlQoc2l6ZW9m KE5vZGVSYXJlRGF0YSkgPT0gc2l6ZW9mKFNhbWVTaXplQXNOb2RlUmFyZURhdGEpLCBOb2RlUmFy ZURhdGFTaG91bGRTdGF5U21hbGwpOwpJbmRleDogU291cmNlL1dlYkNvcmUvZG9tL05vZGVSYXJl RGF0YS5oCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2RvbS9Ob2RlUmFyZURhdGEuaAko cmV2aXNpb24gMjQ5MTg4KQorKysgU291cmNlL1dlYkNvcmUvZG9tL05vZGVSYXJlRGF0YS5oCSh3 b3JraW5nIGNvcHkpCkBAIC0yNzAsMTEgKzI3MCwxNSBAQCBwdWJsaWM6CiAgICAgfTsKICNlbmRp ZgogCi0gICAgTm9kZVJhcmVEYXRhKCkKLSAgICB7IH0KKyAgICBlbnVtIGNsYXNzIFR5cGUgeyBF bGVtZW50LCBOb2RlIH07CiAKLSAgICB2aXJ0dWFsIH5Ob2RlUmFyZURhdGEoKQotICAgIHsgfQor ICAgIE5vZGVSYXJlRGF0YShUeXBlIHR5cGUgPSBUeXBlOjpOb2RlKQorICAgICAgICA6IG1fY29u bmVjdGVkRnJhbWVDb3VudCgwKQorICAgICAgICAsIG1faXNFbGVtZW50UmFyZURhdGEodHlwZSA9 PSBUeXBlOjpFbGVtZW50KQorICAgIHsKKyAgICB9CisKKyAgICBib29sIGlzRWxlbWVudFJhcmVE YXRhKCkgeyByZXR1cm4gbV9pc0VsZW1lbnRSYXJlRGF0YTsgfQogCiAgICAgdm9pZCBjbGVhck5v ZGVMaXN0cygpIHsgbV9ub2RlTGlzdHMgPSBudWxscHRyOyB9CiAgICAgTm9kZUxpc3RzTm9kZURh dGEqIG5vZGVMaXN0cygpIGNvbnN0IHsgcmV0dXJuIG1fbm9kZUxpc3RzLmdldCgpOyB9CkBAIC0z MjAsNyArMzI0LDggQEAgcHVibGljOgogI2VuZGlmCiAKIHByaXZhdGU6Ci0gICAgdW5zaWduZWQg bV9jb25uZWN0ZWRGcmFtZUNvdW50IHsgMCB9OyAvLyBNdXN0IGZpdCBQYWdlOjptYXhOdW1iZXJP ZkZyYW1lcy4KKyAgICB1bnNpZ25lZCBtX2Nvbm5lY3RlZEZyYW1lQ291bnQgOiAzMTsgLy8gTXVz dCBmaXQgUGFnZTo6bWF4TnVtYmVyT2ZGcmFtZXMuCisgICAgdW5zaWduZWQgbV9pc0VsZW1lbnRS YXJlRGF0YSA6IDE7CiAKICAgICBzdGQ6OnVuaXF1ZV9wdHI8Tm9kZUxpc3RzTm9kZURhdGE+IG1f bm9kZUxpc3RzOwogICAgIHN0ZDo6dW5pcXVlX3B0cjxOb2RlTXV0YXRpb25PYnNlcnZlckRhdGE+ IG1fbXV0YXRpb25PYnNlcnZlckRhdGE7Cg==