200986 2019-08-21 10:40:26 -0700 Crash under StringImpl::~StringImpl() in NetworkProcess::deleteWebsiteDataForRegistrableDomains() 2019-08-21 13:02:44 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez achristensen beidson bfulgham commit-queue ggaren webkit-bug-importer wilander youennf oldest_to_newest 1563549 0 cdumez 2019-08-21 10:40:26 -0700 Crash under StringImpl::~StringImpl() in NetworkProcess::deleteWebsiteDataForRegistrableDomains(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x656e6e6f43726576 -> 0x0000006f43726576 (possible pointer authentication failure)) ok [ 0] 0x00000001adf143f4 JavaScriptCore`WTF::StringImpl::~StringImpl() [inlined] WTF::Function<void (WTF::ExternalStringImpl*, void*, unsigned int)>::operator()(WTF::ExternalStringImpl*, void*, unsigned int) const + 4 at Function.h:79:35 0x00000001adf143e4: and x8, x8, #0x1 0x00000001adf143e8: lsl w8, w9, w8 0x00000001adf143ec: add w3, w8, #0x18 ; =0x18 0x00000001adf143f0: ldr x0, [x19, #0x18] -> 0x00000001adf143f4: ldr x8, [x0] 0x00000001adf143f8: ldraa x9, [x8, #0x10]! 0x00000001adf143fc: movk x8, #0x6e56, lsl #48 0x00000001adf14400: mov x1, x19 0x00000001adf14404: blraa x9, x8 [ 0] 0x00000001adf143f0 JavaScriptCore`WTF::StringImpl::~StringImpl() [inlined] WTF::ExternalStringImpl::freeExternalBuffer(void*, unsigned int) at ExternalStringImpl.h:50 [ 0] 0x00000001adf143f0 JavaScriptCore`WTF::StringImpl::~StringImpl() + 168 at StringImpl.cpp:138 134 return; 135 } 136 if (ownership == BufferExternal) { 137 auto* external = static_cast<ExternalStringImpl*>(this); -> 138 external->freeExternalBuffer(const_cast<LChar*>(m_data8), sizeInBytes()); 139 external->m_free.~ExternalStringImplFreeFunction(); 140 return; 141 } 142 [ 1] 0x00000001adf1449f JavaScriptCore`WTF::StringImpl::destroy(WTF::StringImpl*) [inlined] WTF::StringImpl::~StringImpl() + 3 at StringImpl.cpp:108:1 104 105 StringImpl::StaticStringImpl StringImpl::s_emptyAtomString("", StringImpl::StringAtom); 106 107 StringImpl::~StringImpl() -> 108 { 109 ASSERT(!isStatic()); 110 111 StringView::invalidate(*this); 112 [ 1] 0x00000001adf1449c JavaScriptCore`WTF::StringImpl::destroy(WTF::StringImpl*) + 12 at StringImpl.cpp:150 146 } 147 148 void StringImpl::destroy(StringImpl* stringImpl) 149 { -> 150 stringImpl->~StringImpl(); 151 fastFree(stringImpl); 152 } 153 154 Ref<StringImpl> StringImpl::createFromLiteral(const char* characters, unsigned length) [ 2] 0x00000001adf1449f JavaScriptCore`WTF::StringImpl::destroy(WTF::StringImpl*) [inlined] WTF::StringImpl::~StringImpl() + 3 at StringImpl.cpp:108:1 104 105 StringImpl::StaticStringImpl StringImpl::s_emptyAtomString("", StringImpl::StringAtom); 106 107 StringImpl::~StringImpl() -> 108 { 109 ASSERT(!isStatic()); 110 111 StringView::invalidate(*this); 112 [ 2] 0x00000001adf1449c JavaScriptCore`WTF::StringImpl::destroy(WTF::StringImpl*) + 12 at StringImpl.cpp:150 146 } 147 148 void StringImpl::destroy(StringImpl* stringImpl) 149 { -> 150 stringImpl->~StringImpl(); 151 fastFree(stringImpl); 152 } 153 154 Ref<StringImpl> StringImpl::createFromLiteral(const char* characters, unsigned length) ok [ 3] 0x00000001a676a1d7 WebKit`WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::HashMap<WebCore::RegistrableDomain, WebKit::WebsiteDataToRemove, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<WebKit::WebsiteDataToRemove> >&&, bool, WTF::CompletionHandler<void (WTF::HashSet<WebCore::RegistrableDomain, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain> > const&)>&&) [inlined] WTF::StringImpl::deref() + 3 at StringImpl.h:1076:9 [ 3] 0x00000001a676a1d4 WebKit`WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::HashMap<WebCore::RegistrableDomain, WebKit::WebsiteDataToRemove, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<WebKit::WebsiteDataToRemove> >&&, bool, WTF::CompletionHandler<void (WTF::HashSet<WebCore::RegistrableDomain, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain> > const&)>&&) [inlined] void WTF::derefIfNotNull<WTF::StringImpl>(WTF::StringImpl*) at RefPtr.h:44 [ 3] 0x00000001a676a1d4 WebKit`WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::HashMap<WebCore::RegistrableDomain, WebKit::WebsiteDataToRemove, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<WebKit::WebsiteDataToRemove> >&&, bool, WTF::CompletionHandler<void (WTF::HashSet<WebCore::RegistrableDomain, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain> > const&)>&&) [inlined] WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::~RefPtr() at RefPtr.h:69 [ 3] 0x00000001a676a1d4 WebKit`WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::HashMap<WebCore::RegistrableDomain, WebKit::WebsiteDataToRemove, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<WebKit::WebsiteDataToRemove> >&&, bool, WTF::CompletionHandler<void (WTF::HashSet<WebCore::RegistrableDomain, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain> > const&)>&&) [inlined] WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::~RefPtr() at RefPtr.h:69 [ 3] 0x00000001a676a1d4 WebKit`WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::HashMap<WebCore::RegistrableDomain, WebKit::WebsiteDataToRemove, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<WebKit::WebsiteDataToRemove> >&&, bool, WTF::CompletionHandler<void (WTF::HashSet<WebCore::RegistrableDomain, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain> > const&)>&&) [inlined] WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::operator=(WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >&&) at RefPtr.h:165 [ 3] 0x00000001a676a1d4 WebKit`WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::HashMap<WebCore::RegistrableDomain, WebKit::WebsiteDataToRemove, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<WebKit::WebsiteDataToRemove> >&&, bool, WTF::CompletionHandler<void (WTF::HashSet<WebCore::RegistrableDomain, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain> > const&)>&&) [inlined] WTF::String::operator=(WTF::String&&) at WTFString.h:134 [ 3] 0x00000001a676a1d4 WebKit`WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains(PAL::SessionID, WTF::OptionSet<WebKit::WebsiteDataType>, WTF::HashMap<WebCore::RegistrableDomain, WebKit::WebsiteDataToRemove, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain>, WTF::HashTraits<WebKit::WebsiteDataToRemove> >&&, bool, WTF::CompletionHandler<void (WTF::HashSet<WebCore::RegistrableDomain, WebCore::RegistrableDomain::RegistrableDomainHash, WTF::HashTraits<WebCore::RegistrableDomain> > const&)>&&) + 2356 at NetworkProcess.cpp:1739 1735 } 1736 #endif 1737 1738 #if ENABLE(SERVICE_WORKER) -> 1739 path = m_swDatabasePaths.get(sessionID); 1740 if (!path.isEmpty() && websiteDataTypes.contains(WebsiteDataType::ServiceWorkerRegistrations)) { 1741 swServerForSession(sessionID).getOriginsWithRegistrations([this, sessionID, domainsToDeleteAllButCookiesFor, callbackAggregator = callbackAggregator.copyRef()](const HashSet<SecurityOriginData>& securityOrigins) mutable { 1742 for (auto& securityOrigin : securityOrigins) { 1743 if (!domainsToDeleteAllButCookiesFor.contains(RegistrableDomain::uncheckedCreateFromHost(securityOrigin.host))) [ 4] 0x00000001a67b8de7 WebKit`WTF::Detail::CallableWrapper<WebKit::ResourceLoadStatisticsStore::removeDataRecords(WTF::CompletionHandler<void ()>&&)::$_5, void>::call() [inlined] WebKit::ResourceLoadStatisticsStore::removeDataRecords(WTF::CompletionHandler<void ()>&&)::$_5::operator()() + 115 at ResourceLoadStatisticsStore.cpp:209:16 205 206 setDataRecordsBeingRemoved(true); 207 208 RunLoop::main().dispatch([store = makeRef(m_store), domainsToRemoveWebsiteDataFor = crossThreadCopy(domainsToRemoveWebsiteDataFor), completionHandler = WTFMove(completionHandler), weakThis = makeWeakPtr(*this), shouldNotifyPagesWhenDataRecordsWereScanned = m_parameters.shouldNotifyPagesWhenDataRecordsWereScanned, workQueue = m_workQueue.copyRef()] () mutable { -> 209 store->deleteWebsiteDataForRegistrableDomains(WebResourceLoadStatisticsStore::monitoredDataTypes(), WTFMove(domainsToRemoveWebsiteDataFor), shouldNotifyPagesWhenDataRecordsWereScanned, [completionHandler = WTFMove(completionHandler), weakThis = WTFMove(weakThis), workQueue = workQueue.copyRef()](const HashSet<RegistrableDomain>& domainsWithDeletedWebsiteData) mutable { 210 workQueue->dispatch([domainsWithDeletedWebsiteData = crossThreadCopy(domainsWithDeletedWebsiteData), completionHandler = WTFMove(completionHandler), weakThis = WTFMove(weakThis)] () mutable { 211 if (!weakThis) { 212 completionHandler(); 213 return; [ 4] 0x00000001a67b8d74 WebKit`WTF::Detail::CallableWrapper<WebKit::ResourceLoadStatisticsStore::removeDataRecords(WTF::CompletionHandler<void ()>&&)::$_5, void>::call() + 32 at Function.h:52 [ 5] 0x00000001adf0fdd3 JavaScriptCore`WTF::RunLoop::performWork() [inlined] WTF::Function<void ()>::operator()() const + 19 at Function.h:79:35 [ 5] 0x00000001adf0fdc0 JavaScriptCore`WTF::RunLoop::performWork() + 252 at RunLoop.cpp:106 102 103 function = m_functionQueue.takeFirst(); 104 } 105 -> 106 function(); 107 } 108 109 for (size_t functionsHandled = 1; functionsHandled < functionsToHandle; ++functionsHandled) { 110 Function<void ()> function; [ 6] 0x00000001adf100a3 JavaScriptCore`WTF::RunLoop::performWork(void*) + 39 at RunLoopCF.cpp:38:37 34 35 void RunLoop::performWork(void* context) 36 { 37 AutodrainedPool pool; -> 38 static_cast<RunLoop*>(context)->performWork(); 39 } 40 41 RunLoop::RunLoop() 42 : m_runLoop(CFRunLoopGetCurrent()) ok [ 7] 0x000000019f058b3f CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 27 at CFRunLoop.c:1922:9 1918 1919 static void __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__(void (*)(void *), void *) __attribute__((noinline)); 1920 static void __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__(void (*perform)(void *), void *info) { 1921 if (perform) { -> 1922 perform(info); 1923 } 1924 __asm __volatile__(""); // thwart tail-call optimization 1925 } 1926 1563550 1 cdumez 2019-08-21 10:40:41 -0700 <rdar://problem/32850192> 1563556 2 376894 cdumez 2019-08-21 10:56:26 -0700 Created attachment 376894 Patch 1563568 3 376894 bfulgham 2019-08-21 11:10:17 -0700 Comment on attachment 376894 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=376894&action=review > Source/WebKit/ChangeLog:11 > + does not take care of this for you, despite its name (the createCrossThreadTask() function does though). Ugh! > Source/WebKit/NetworkProcess/NetworkProcess.cpp:1364 > RunLoop::main().dispatch([callbackAggregator = WTFMove(callbackAggregator), securityOrigins = indexedDatabaseOrigins(path)] { This makes sense to me; path is created on the main thread, and needs to be copied for use in the cross-thread task. > Source/WebKit/NetworkProcess/NetworkProcess.cpp:1734 > + RunLoop::main().dispatch([this, sessionID, domainsToDeleteAllButCookiesFor = WTFMove(domainsToDeleteAllButCookiesFor), callbackAggregator = callbackAggregator.copyRef(), securityOrigins = indexedDatabaseOrigins(path)] { So it looks like we had this thread-transfer backwards in the original code. I wonder how we can make it harder to avoid this problem. I understand why we need to crossThreadCopy path (created on the main thread) to the cross-thread task (line 1733), but why is it okay to WTFMove that cross-thread copied memory back to the main thread on line 1734? > Source/WebKit/NetworkProcess/NetworkProcess.cpp:1878 > + postStorageTask(CrossThreadTask([this, callbackAggregator = callbackAggregator.copyRef(), path = crossThreadCopy(path)]() mutable { Again, this one makes sense. 1563592 4 376894 cdumez 2019-08-21 11:45:13 -0700 Comment on attachment 376894 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=376894&action=review >> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1734 >> + RunLoop::main().dispatch([this, sessionID, domainsToDeleteAllButCookiesFor = WTFMove(domainsToDeleteAllButCookiesFor), callbackAggregator = callbackAggregator.copyRef(), securityOrigins = indexedDatabaseOrigins(path)] { > > So it looks like we had this thread-transfer backwards in the original code. I wonder how we can make it harder to avoid this problem. > > I understand why we need to crossThreadCopy path (created on the main thread) to the cross-thread task (line 1733), but why is it okay to WTFMove that cross-thread copied memory back to the main thread on line 1734? Technically, we could crossThreadCopy() both, however, I know WTFMove() is safe here because I have just isolatedCopied the data structure already and I did not pass it to anybody else. It is safe to WTFMove() a String to another thread if: 1. RefCount is 1 (i.e. String is not shared with anybody else) and 2. String is not atomized See String::isSafeToSendToAnotherThread(). 1563600 5 376894 bfulgham 2019-08-21 12:02:54 -0700 Comment on attachment 376894 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=376894&action=review r=me >>> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1734 >>> + RunLoop::main().dispatch([this, sessionID, domainsToDeleteAllButCookiesFor = WTFMove(domainsToDeleteAllButCookiesFor), callbackAggregator = callbackAggregator.copyRef(), securityOrigins = indexedDatabaseOrigins(path)] { >> >> So it looks like we had this thread-transfer backwards in the original code. I wonder how we can make it harder to avoid this problem. >> >> I understand why we need to crossThreadCopy path (created on the main thread) to the cross-thread task (line 1733), but why is it okay to WTFMove that cross-thread copied memory back to the main thread on line 1734? > > Technically, we could crossThreadCopy() both, however, I know WTFMove() is safe here because I have just isolatedCopied the data structure already and I did not pass it to anybody else. > It is safe to WTFMove() a String to another thread if: > 1. RefCount is 1 (i.e. String is not shared with anybody else) > and > 2. String is not atomized > > See String::isSafeToSendToAnotherThread(). Sounds good. 1563643 6 376894 commit-queue 2019-08-21 13:02:42 -0700 Comment on attachment 376894 Patch Clearing flags on attachment: 376894 Committed r248959: <https://trac.webkit.org/changeset/248959> 1563644 7 commit-queue 2019-08-21 13:02:44 -0700 All reviewed patches have been landed. Closing bug. 376894 2019-08-21 10:56:26 -0700 2019-08-21 13:02:42 -0700 Patch bug-200986-20190821105625.patch text/plain 4852 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMjQ4OTQyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDg4MmUzNWEzODRlZTk2ZjZk YjUyNjNhOWQ5NWUxZjExNDcwMTc1NGMuLmEyN2I3NWYwOGUxOTY0ODQ0NzhhYTI2YTIyZWI0NTU3 YjYwNTk4Y2MgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjAgQEAKKzIwMTktMDgtMjEgIENocmlzIER1 bWV6ICA8Y2R1bWV6QGFwcGxlLmNvbT4KKworICAgICAgICBDcmFzaCB1bmRlciBTdHJpbmdJbXBs Ojp+U3RyaW5nSW1wbCgpIGluIE5ldHdvcmtQcm9jZXNzOjpkZWxldGVXZWJzaXRlRGF0YUZvclJl Z2lzdHJhYmxlRG9tYWlucygpCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0yMDA5ODYKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzMyODUwMTkyPgorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIENvZGUgd2FzIGNh bGxpbmcgcG9zdFN0b3JhZ2VUYXNrKCkgd2l0aCBhIGxhbWJkYSB0aGF0IGNhcHR1cmVzIFN0cmlu Z3MgdGhhdCBhcmUgbm90IGlzb2xhdGVkIGNvcGllZC4KKyAgICAgICAgVGhlIGxhbWJkYSB3b3Vs ZCBnZXQgZXhlY3V0ZWQgb24gYW5vdGhlciB0aHJlYWQgc28gdGhpcyBpcyBub3Qgc2FmZS4gVGhl IENyb3NzVGhyZWFkVGFzayBjb25zdHJ1Y3RvcgorICAgICAgICBkb2VzIG5vdCB0YWtlIGNhcmUg b2YgdGhpcyBmb3IgeW91LCBkZXNwaXRlIGl0cyBuYW1lICh0aGUgY3JlYXRlQ3Jvc3NUaHJlYWRU YXNrKCkgZnVuY3Rpb24gZG9lcyB0aG91Z2gpLgorCisgICAgICAgICogTmV0d29ya1Byb2Nlc3Mv TmV0d29ya1Byb2Nlc3MuY3BwOgorICAgICAgICAoV2ViS2l0OjpOZXR3b3JrUHJvY2Vzczo6ZmV0 Y2hXZWJzaXRlRGF0YSk6CisgICAgICAgIChXZWJLaXQ6Ok5ldHdvcmtQcm9jZXNzOjpkZWxldGVX ZWJzaXRlRGF0YUZvclJlZ2lzdHJhYmxlRG9tYWlucyk6CisgICAgICAgIChXZWJLaXQ6Ok5ldHdv cmtQcm9jZXNzOjpyZWdpc3RyYWJsZURvbWFpbnNXaXRoV2Vic2l0ZURhdGEpOgorCiAyMDE5LTA4 LTIxICBSb2IgQnVpcyAgPHJidWlzQGlnYWxpYS5jb20+CiAKICAgICAgICAgVmVyaWZ5IFByZWZl dGNoIGFuZCBjcmVkZW50aWFsIGJlaGF2aW9yCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L05l dHdvcmtQcm9jZXNzL05ldHdvcmtQcm9jZXNzLmNwcCBiL1NvdXJjZS9XZWJLaXQvTmV0d29ya1By b2Nlc3MvTmV0d29ya1Byb2Nlc3MuY3BwCmluZGV4IDVmNmI5OTU4OGZmZmYyNmVmNWU4ZWY1NGEw ZmQ2MTYzOGFlN2IzMDYuLmZjZWQ2MThjMmUwYjJmMjY1NDIwNGVkOGVkYjE3NmQwMzU1OGQ1Yzgg MTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvTmV0d29ya1Byb2Nlc3MvTmV0d29ya1Byb2Nlc3Mu Y3BwCisrKyBiL1NvdXJjZS9XZWJLaXQvTmV0d29ya1Byb2Nlc3MvTmV0d29ya1Byb2Nlc3MuY3Bw CkBAIC0xMzYwLDcgKzEzNjAsNyBAQCB2b2lkIE5ldHdvcmtQcm9jZXNzOjpmZXRjaFdlYnNpdGVE YXRhKFBBTDo6U2Vzc2lvbklEIHNlc3Npb25JRCwgT3B0aW9uU2V0PFdlYnNpdAogICAgIGF1dG8g cGF0aCA9IG1faWRiRGF0YWJhc2VQYXRocy5nZXQoc2Vzc2lvbklEKTsKICAgICBpZiAoIXBhdGgu aXNFbXB0eSgpICYmIHdlYnNpdGVEYXRhVHlwZXMuY29udGFpbnMoV2Vic2l0ZURhdGFUeXBlOjpJ bmRleGVkREJEYXRhYmFzZXMpKSB7CiAgICAgICAgIC8vIEZJWE1FOiBQaWNrIHRoZSByaWdodCBk YXRhYmFzZSBzdG9yZSBiYXNlZCBvbiB0aGUgc2Vzc2lvbiBJRC4KLSAgICAgICAgcG9zdFN0b3Jh Z2VUYXNrKENyb3NzVGhyZWFkVGFzayhbdGhpcywgY2FsbGJhY2tBZ2dyZWdhdG9yID0gY2FsbGJh Y2tBZ2dyZWdhdG9yLmNvcHlSZWYoKSwgcGF0aCA9IFdURk1vdmUocGF0aCldKCkgbXV0YWJsZSB7 CisgICAgICAgIHBvc3RTdG9yYWdlVGFzayhDcm9zc1RocmVhZFRhc2soW3RoaXMsIGNhbGxiYWNr QWdncmVnYXRvciA9IGNhbGxiYWNrQWdncmVnYXRvci5jb3B5UmVmKCksIHBhdGggPSBjcm9zc1Ro cmVhZENvcHkocGF0aCldKCkgbXV0YWJsZSB7CiAgICAgICAgICAgICBSdW5Mb29wOjptYWluKCku ZGlzcGF0Y2goW2NhbGxiYWNrQWdncmVnYXRvciA9IFdURk1vdmUoY2FsbGJhY2tBZ2dyZWdhdG9y KSwgc2VjdXJpdHlPcmlnaW5zID0gaW5kZXhlZERhdGFiYXNlT3JpZ2lucyhwYXRoKV0gewogICAg ICAgICAgICAgICAgIGZvciAoY29uc3QgYXV0byYgc2VjdXJpdHlPcmlnaW4gOiBzZWN1cml0eU9y aWdpbnMpCiAgICAgICAgICAgICAgICAgICAgIGNhbGxiYWNrQWdncmVnYXRvci0+bV93ZWJzaXRl RGF0YS5lbnRyaWVzLmFwcGVuZCh7IHNlY3VyaXR5T3JpZ2luLCBXZWJzaXRlRGF0YVR5cGU6Oklu ZGV4ZWREQkRhdGFiYXNlcywgMCB9KTsKQEAgLTE3MzAsOCArMTczMCw4IEBAIHZvaWQgTmV0d29y a1Byb2Nlc3M6OmRlbGV0ZVdlYnNpdGVEYXRhRm9yUmVnaXN0cmFibGVEb21haW5zKFBBTDo6U2Vz c2lvbklEIHNlc3NpCiAgICAgYXV0byBwYXRoID0gbV9pZGJEYXRhYmFzZVBhdGhzLmdldChzZXNz aW9uSUQpOwogICAgIGlmICghcGF0aC5pc0VtcHR5KCkgJiYgd2Vic2l0ZURhdGFUeXBlcy5jb250 YWlucyhXZWJzaXRlRGF0YVR5cGU6OkluZGV4ZWREQkRhdGFiYXNlcykpIHsKICAgICAgICAgLy8g RklYTUU6IFBpY2sgdGhlIHJpZ2h0IGRhdGFiYXNlIHN0b3JlIGJhc2VkIG9uIHRoZSBzZXNzaW9u IElELgotICAgICAgICBwb3N0U3RvcmFnZVRhc2soQ3Jvc3NUaHJlYWRUYXNrKFt0aGlzLCBzZXNz aW9uSUQsIGNhbGxiYWNrQWdncmVnYXRvciA9IGNhbGxiYWNrQWdncmVnYXRvci5jb3B5UmVmKCks IHBhdGggPSBXVEZNb3ZlKHBhdGgpLCBkb21haW5zVG9EZWxldGVBbGxCdXRDb29raWVzRm9yXSgp IG11dGFibGUgewotICAgICAgICAgICAgUnVuTG9vcDo6bWFpbigpLmRpc3BhdGNoKFt0aGlzLCBz ZXNzaW9uSUQsIGRvbWFpbnNUb0RlbGV0ZUFsbEJ1dENvb2tpZXNGb3IgPSBjcm9zc1RocmVhZENv cHkoZG9tYWluc1RvRGVsZXRlQWxsQnV0Q29va2llc0ZvciksIGNhbGxiYWNrQWdncmVnYXRvciA9 IGNhbGxiYWNrQWdncmVnYXRvci5jb3B5UmVmKCksIHNlY3VyaXR5T3JpZ2lucyA9IGluZGV4ZWRE YXRhYmFzZU9yaWdpbnMocGF0aCldIHsKKyAgICAgICAgcG9zdFN0b3JhZ2VUYXNrKENyb3NzVGhy ZWFkVGFzayhbdGhpcywgc2Vzc2lvbklELCBjYWxsYmFja0FnZ3JlZ2F0b3IgPSBjYWxsYmFja0Fn Z3JlZ2F0b3IuY29weVJlZigpLCBwYXRoID0gY3Jvc3NUaHJlYWRDb3B5KHBhdGgpLCBkb21haW5z VG9EZWxldGVBbGxCdXRDb29raWVzRm9yID0gY3Jvc3NUaHJlYWRDb3B5KGRvbWFpbnNUb0RlbGV0 ZUFsbEJ1dENvb2tpZXNGb3IpXSgpIG11dGFibGUgeworICAgICAgICAgICAgUnVuTG9vcDo6bWFp bigpLmRpc3BhdGNoKFt0aGlzLCBzZXNzaW9uSUQsIGRvbWFpbnNUb0RlbGV0ZUFsbEJ1dENvb2tp ZXNGb3IgPSBXVEZNb3ZlKGRvbWFpbnNUb0RlbGV0ZUFsbEJ1dENvb2tpZXNGb3IpLCBjYWxsYmFj a0FnZ3JlZ2F0b3IgPSBjYWxsYmFja0FnZ3JlZ2F0b3IuY29weVJlZigpLCBzZWN1cml0eU9yaWdp bnMgPSBpbmRleGVkRGF0YWJhc2VPcmlnaW5zKHBhdGgpXSB7CiAgICAgICAgICAgICAgICAgVmVj dG9yPFNlY3VyaXR5T3JpZ2luRGF0YT4gZW50cmllc1RvRGVsZXRlOwogICAgICAgICAgICAgICAg IGZvciAoY29uc3QgYXV0byYgc2VjdXJpdHlPcmlnaW4gOiBzZWN1cml0eU9yaWdpbnMpIHsKICAg ICAgICAgICAgICAgICAgICAgYXV0byBkb21haW4gPSBSZWdpc3RyYWJsZURvbWFpbjo6dW5jaGVj a2VkQ3JlYXRlRnJvbUhvc3Qoc2VjdXJpdHlPcmlnaW4uaG9zdCk7CkBAIC0xODc1LDcgKzE4NzUs NyBAQCB2b2lkIE5ldHdvcmtQcm9jZXNzOjpyZWdpc3RyYWJsZURvbWFpbnNXaXRoV2Vic2l0ZURh dGEoUEFMOjpTZXNzaW9uSUQgc2Vzc2lvbklELAogICAgIGF1dG8gcGF0aCA9IG1faWRiRGF0YWJh c2VQYXRocy5nZXQoc2Vzc2lvbklEKTsKICAgICBpZiAoIXBhdGguaXNFbXB0eSgpICYmIHdlYnNp dGVEYXRhVHlwZXMuY29udGFpbnMoV2Vic2l0ZURhdGFUeXBlOjpJbmRleGVkREJEYXRhYmFzZXMp KSB7CiAgICAgICAgIC8vIEZJWE1FOiBQaWNrIHRoZSByaWdodCBkYXRhYmFzZSBzdG9yZSBiYXNl ZCBvbiB0aGUgc2Vzc2lvbiBJRC4KLSAgICAgICAgcG9zdFN0b3JhZ2VUYXNrKENyb3NzVGhyZWFk VGFzayhbdGhpcywgY2FsbGJhY2tBZ2dyZWdhdG9yID0gY2FsbGJhY2tBZ2dyZWdhdG9yLmNvcHlS ZWYoKSwgcGF0aCA9IFdURk1vdmUocGF0aCldKCkgbXV0YWJsZSB7CisgICAgICAgIHBvc3RTdG9y YWdlVGFzayhDcm9zc1RocmVhZFRhc2soW3RoaXMsIGNhbGxiYWNrQWdncmVnYXRvciA9IGNhbGxi YWNrQWdncmVnYXRvci5jb3B5UmVmKCksIHBhdGggPSBjcm9zc1RocmVhZENvcHkocGF0aCldKCkg bXV0YWJsZSB7CiAgICAgICAgICAgICBSdW5Mb29wOjptYWluKCkuZGlzcGF0Y2goW2NhbGxiYWNr QWdncmVnYXRvciA9IGNhbGxiYWNrQWdncmVnYXRvci5jb3B5UmVmKCksIHNlY3VyaXR5T3JpZ2lu cyA9IGluZGV4ZWREYXRhYmFzZU9yaWdpbnMocGF0aCldIHsKICAgICAgICAgICAgICAgICBmb3Ig KGNvbnN0IGF1dG8mIHNlY3VyaXR5T3JpZ2luIDogc2VjdXJpdHlPcmlnaW5zKQogICAgICAgICAg ICAgICAgICAgICBjYWxsYmFja0FnZ3JlZ2F0b3ItPm1fd2Vic2l0ZURhdGEuZW50cmllcy5hcHBl bmQoeyBzZWN1cml0eU9yaWdpbiwgV2Vic2l0ZURhdGFUeXBlOjpJbmRleGVkREJEYXRhYmFzZXMs IDAgfSk7Cg==