207324 2020-02-06 03:35:56 -0800 KeyedDecoderGeneric fails to allocate Vector while decoding broken data 2020-03-15 23:24:22 -0700 1 1 1 Unclassified WebKit Platform WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 fujii fujii achristensen darin don.olmstead ross.kirsling takashi.komori webkit-bug-importer oldest_to_newest 1615583 0 fujii 2020-02-06 03:35:56 -0800 KeyedDecoderGeneric fails to allocate Vector while decoding broken data AppleWin WK1 and WinCairo WK1 are sharing same data directory even though they are using different KeyedEncoder/KeyedDecoder format. 1. Start AppleWin WK1 MiniBrowser, Open Web Inspector, Change Setting, for example, zoom scale, Close the AppleWin WK1 2. Start WinCairo WK1 MiniBrowser, Open Web Inspector 3. Crash Callstack: > WTF.dll!WTFCrash() Line 305 C++ > WebKit.dll!WTF::VectorBufferBase<unsigned char,WTF::FastMalloc>::allocateBuffer(unsigned __int64 newCapacity=12884901888) Line 290 C++ > WebKit.dll!WTF::VectorBuffer<unsigned char,0,WTF::FastMalloc>::VectorBuffer<unsigned char,0,WTF::FastMalloc>(unsigned __int64 capacity=12884901888, unsigned __int64 size=12884901888) Line 394 C++ > WebKit.dll!WTF::Vector<unsigned char,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>::Vector<unsigned char,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>(unsigned __int64 size=12884901888) Line 630 C++ > WebKit.dll!WebCore::readString(WTF::Persistence::Decoder & decoder={...}, WTF::String & result={...}) Line 62 C++ > WebKit.dll!WebCore::KeyedDecoderGeneric::KeyedDecoderGeneric(const unsigned char * data=0x0000021665b51690, unsigned __int64 size=53) Line 104 C++ > [External Code] > WebKit.dll!WTF::makeUnique<WebCore::KeyedDecoderGeneric,unsigned char const * &,unsigned __int64 &>(const unsigned char * & <args_0>=0x0000021665b51690, unsigned __int64 & <args_1>=53) Line 483 C++ > WebKit.dll!WebCore::KeyedDecoder::decoder(const unsigned char * data=0x0000021665b51690, unsigned __int64 size=53) Line 88 C++ > WebKit.dll!WebCore::deserializeIDBKeyPath(const unsigned char * data=0x0000021665b51690, unsigned __int64 size=53, WTF::Optional<WTF::Variant<WTF::String,WTF::Vector<WTF::String,0,WTF::CrashOnOverflow,16,WTF::FastMalloc>>> & result={...}) Line 72 C++ > WebKit.dll!WebCore::IDBServer::SQLiteIDBBackingStore::extractExistingDatabaseInfo() Line 767 C++ > WebKit.dll!WebCore::IDBServer::SQLiteIDBBackingStore::getOrEstablishDatabaseInfo(WebCore::IDBDatabaseInfo & info={...}) Line 994 C++ > WebKit.dll!WebCore::IDBServer::UniqueIDBDatabase::performCurrentOpenOperation() Line 176 C++ > WebKit.dll!WebCore::IDBServer::UniqueIDBDatabase::handleCurrentOperation() Line 357 C++ > WebKit.dll!WebCore::IDBServer::UniqueIDBDatabase::handleDatabaseOperations() Line 340 C++ > WebKit.dll!WebCore::IDBServer::UniqueIDBDatabase::openDatabaseConnection(WebCore::IDBServer::IDBConnectionToClient & connection={...}, const WebCore::IDBRequestData & requestData={...}) Line 153 C++ > WebKit.dll!WebCore::IDBServer::IDBServer::openDatabase(const WebCore::IDBRequestData & requestData={...}) Line 152 C++ > WebKit.dll!`InProcessIDBServer::openDatabase'::`2'::<lambda_1>::operator()() Line 145 C++ > WebKit.dll!WTF::Detail::CallableWrapper<`InProcessIDBServer::openDatabase'::`2'::<lambda_1>,void>::call() Line 52 C++ > WebKit.dll!WTF::Function<void __cdecl(void)>::operator()() Line 85 C++ > WebKit.dll!WebCore::StorageThread::threadEntryPoint() Line 79 C++ > WebKit.dll!`WebCore::StorageThread::start'::`17'::<lambda_2>::operator()() Line 66 C++ > WebKit.dll!WTF::Detail::CallableWrapper<`WebCore::StorageThread::start'::`17'::<lambda_2>,void>::call() Line 52 C++ > WTF.dll!WTF::Function<void __cdecl(void)>::operator()() Line 85 C++ > WTF.dll!WTF::Thread::entryPoint(WTF::Thread::NewThreadContext * newThreadContext=0x000002164eea6c70) Line 149 C++ > WTF.dll!WTF::wtfThreadEntryPoint(void * data=0x000002164eea6c70) Line 153 C++ > [External Code] In above case, trying to allocate Vector with size=12884901888. 1630209 1 393626 fujii 2020-03-15 14:12:35 -0700 Created attachment 393626 Patch 1630220 2 393626 darin 2020-03-15 17:10:54 -0700 Comment on attachment 393626 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393626&action=review > Tools/ChangeLog:10 > + (TestWebKitAPI::KeyedCoding.DecodeRandomData): Added a new test decoding random data. I think a better test is decoding pseudo-random data with a fixed seed. We don’t want a test that randomly fails. 1630221 3 393626 fujii 2020-03-15 17:12:53 -0700 Comment on attachment 393626 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=393626&action=review >> Tools/ChangeLog:10 >> + (TestWebKitAPI::KeyedCoding.DecodeRandomData): Added a new test decoding random data. > > I think a better test is decoding pseudo-random data with a fixed seed. We don’t want a test that randomly fails. Agreed. Will do so. 1630228 4 fujii 2020-03-15 18:14:41 -0700 I found two more crash bugs in KeyedDecoderGeneric by changing the random seed. 1630229 5 393626 darin 2020-03-15 18:16:11 -0700 Comment on attachment 393626 Patch I see the same mistake in: 1) decodeCFData in CertificateInfo.h 2) AuthenticatorResponseData::decode where it also uses ArrayBuffer::create but should be using ArrayBuffer::tryCreate 3) SerializedScriptValue::decode 4) decodeSharedBuffer and decodeTypesAndData in WebCoreArgumentCoders.cpp We need someone to fix all of those. May not be as easy to write tests for those. 1630232 6 fujii 2020-03-15 18:20:54 -0700 OK, I will try to fix them. 1630233 7 393629 fujii 2020-03-15 18:27:42 -0700 Created attachment 393629 Patch 1630245 8 393629 fujii 2020-03-15 19:59:46 -0700 Comment on attachment 393629 Patch Clearing flags on attachment: 393629 Committed r258486: <https://trac.webkit.org/changeset/258486> 1630246 9 fujii 2020-03-15 19:59:50 -0700 All reviewed patches have been landed. Closing bug. 1630247 10 webkit-bug-importer 2020-03-15 20:00:15 -0700 <rdar://problem/60479609> 1630250 11 fujii 2020-03-15 23:24:22 -0700 (In reply to Darin Adler from comment #5) > > I see the same mistake in: > > 1) decodeCFData in CertificateInfo.h > 2) AuthenticatorResponseData::decode where it also uses ArrayBuffer::create > but should be using ArrayBuffer::tryCreate > 3) SerializedScriptValue::decode > 4) decodeSharedBuffer and decodeTypesAndData in WebCoreArgumentCoders.cpp > > We need someone to fix all of those. May not be as easy to write tests for > those. Filed: Bug 209131 – Don't allocate a buffer with the decoded size without ensuring bufferIsLargeEnoughToContain(size) 393626 2020-03-15 14:12:35 -0700 2020-03-15 18:27:25 -0700 Patch bug-207324-20200316061234.patch text/plain 4102 fujii U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4MzUxCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggZGY4YjQ3ZmRlMjM3YTUy YzM0MmI0M2JkZGI2ZTU2MmM4ZTZkZmZkOC4uOWIzMWVmYTg2OGZjMzZjODBlMjBmOTU5OTk1MDI1 NDc2YTI4OTc4MCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIxIEBACisyMDIwLTAzLTE1ICBGdWpp aSBIaXJvbm9yaSAgPEhpcm9ub3JpLkZ1amlpQHNvbnkuY29tPgorCisgICAgICAgIEtleWVkRGVj b2RlckdlbmVyaWMgZmFpbHMgdG8gYWxsb2NhdGUgVmVjdG9yIHdoaWxlIGRlY29kaW5nIGJyb2tl biBkYXRhCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0y MDczMjQKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBL ZXllZERlY29kZXJHZW5lcmljIHdhcyB0cnlpbmcgdG8gYWxsb2NhdGUgYSBidWZmZXIgd2l0aG91 dAorICAgICAgICBlbnN1cmluZyB0aGUgc2l6ZSB3b3VsZG4ndCBleGNlZWQgdGhlIGRlY29kaW5n IGRhdGEgc2l6ZSBieSB1c2luZworICAgICAgICBidWZmZXJJc0xhcmdlRW5vdWdoVG9Db250YWlu LgorCisgICAgICAgIFRlc3RzOiBUZXN0V2ViS2l0QVBJOiBLZXllZENvZGluZy5EZWNvZGVSYW5k b21EYXRhCisKKyAgICAgICAgKiBwbGF0Zm9ybS9nZW5lcmljL0tleWVkRGVjb2RlckdlbmVyaWMu Y3BwOgorICAgICAgICAoV2ViQ29yZTo6cmVhZFN0cmluZyk6CisgICAgICAgIChXZWJDb3JlOjpL ZXllZERlY29kZXJHZW5lcmljOjpLZXllZERlY29kZXJHZW5lcmljKToKKyAgICAgICAgQ2hlY2sg YnVmZmVySXNMYXJnZUVub3VnaFRvQ29udGFpbihzaXplKSBiZWZvcmUgYWxsb2NhdGluZyBhIFZl Y3RvciB3aXRoIHNpemUuCisKIDIwMjAtMDMtMTIgIEFuZHJlcyBHb256YWxleiAgPGFuZHJlc2df MjJAYXBwbGUuY29tPgogCiAgICAgICAgIEF0dHJpYnV0ZXMgU2VsZWN0aW9uVGV4dE1hcmtlclJh bmdlIGFuZCBTdGFydC9FbmRUZXh0TWFya2VyIG5lZWQgdG8gcnVuIG9uIHRoZSBtYWluIHRocmVh ZC4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dlbmVyaWMvS2V5ZWREZWNv ZGVyR2VuZXJpYy5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9nZW5lcmljL0tleWVkRGVj b2RlckdlbmVyaWMuY3BwCmluZGV4IGMzZTE2ZWRlZWQyZmVkNzBlODI1MGI0MDIyNDQxMmVlYWEy NGQ3N2MuLmUzMDQ0NTgxMDhhMzNlYWJkMTY5MTQyYjBiNjYxZTcwNDRkZTM2NWMgMTAwNjQ0Ci0t LSBhL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dlbmVyaWMvS2V5ZWREZWNvZGVyR2VuZXJpYy5j cHAKKysrIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ2VuZXJpYy9LZXllZERlY29kZXJHZW5l cmljLmNwcApAQCAtNTgsNiArNTgsOCBAQCBzdGF0aWMgYm9vbCByZWFkU3RyaW5nKFdURjo6UGVy c2lzdGVuY2U6OkRlY29kZXImIGRlY29kZXIsIFN0cmluZyYgcmVzdWx0KQogICAgICAgICByZXR1 cm4gdHJ1ZTsKICAgICB9CiAKKyAgICBpZiAoIWRlY29kZXIuYnVmZmVySXNMYXJnZUVub3VnaFRv Q29udGFpbjx1aW50OF90PihzaXplKSkKKyAgICAgICAgcmV0dXJuIGZhbHNlOwogICAgIFZlY3Rv cjx1aW50OF90PiBidWZmZXIoc2l6ZSk7CiAgICAgaWYgKCFkZWNvZGVyLmRlY29kZUZpeGVkTGVu Z3RoRGF0YShidWZmZXIuZGF0YSgpLCBzaXplKSkKICAgICAgICAgcmV0dXJuIGZhbHNlOwpAQCAt MTA2LDYgKzEwOCw5IEBAIEtleWVkRGVjb2RlckdlbmVyaWM6OktleWVkRGVjb2RlckdlbmVyaWMo Y29uc3QgdWludDhfdCogZGF0YSwgc2l6ZV90IHNpemUpCiAgICAgICAgICAgICAgICAgYnJlYWs7 CiAgICAgICAgICAgICBzaXplX3Qgc2l6ZTsKICAgICAgICAgICAgIG9rID0gZGVjb2Rlci5kZWNv ZGUoc2l6ZSk7CisgICAgICAgICAgICBpZiAoIW9rKQorICAgICAgICAgICAgICAgIGJyZWFrOwor ICAgICAgICAgICAgb2sgPSBkZWNvZGVyLmJ1ZmZlcklzTGFyZ2VFbm91Z2hUb0NvbnRhaW48dWlu dDhfdD4oc2l6ZSk7CiAgICAgICAgICAgICBpZiAoIW9rKQogICAgICAgICAgICAgICAgIGJyZWFr OwogICAgICAgICAgICAgVmVjdG9yPHVpbnQ4X3Q+IGJ1ZmZlcihzaXplKTsKZGlmZiAtLWdpdCBh L1Rvb2xzL0NoYW5nZUxvZyBiL1Rvb2xzL0NoYW5nZUxvZwppbmRleCBkMjdjODQ0OTFiYjBiOWI3 Y2Q1YjE4N2I3NTYxYjEyN2FjZTY4NTMzLi4wZTU1Yzg2OGIxNDQwOGE1Yjc0NjViNjI4OWFjMzAx YmZkMjdkZWIzIDEwMDY0NAotLS0gYS9Ub29scy9DaGFuZ2VMb2cKKysrIGIvVG9vbHMvQ2hhbmdl TG9nCkBAIC0xLDMgKzEsMTQgQEAKKzIwMjAtMDMtMTUgIEZ1amlpIEhpcm9ub3JpICA8SGlyb25v cmkuRnVqaWlAc29ueS5jb20+CisKKyAgICAgICAgS2V5ZWREZWNvZGVyR2VuZXJpYyBmYWlscyB0 byBhbGxvY2F0ZSBWZWN0b3Igd2hpbGUgZGVjb2RpbmcgYnJva2VuIGRhdGEKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNzMyNAorCisgICAgICAgIFJl dmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogVGVzdFdlYktpdEFQSS9UZXN0 cy9XZWJDb3JlL0tleWVkQ29kaW5nLmNwcDoKKyAgICAgICAgKFRlc3RXZWJLaXRBUEk6OmdlbmVy YXRlUmFuZG9tRGF0YSk6IEFkZGVkLgorICAgICAgICAoVGVzdFdlYktpdEFQSTo6S2V5ZWRDb2Rp bmcuRGVjb2RlUmFuZG9tRGF0YSk6IEFkZGVkIGEgbmV3IHRlc3QgZGVjb2RpbmcgcmFuZG9tIGRh dGEuCisKIDIwMjAtMDMtMTIgIFdlbnNvbiBIc2llaCAgPHdlbnNvbl9oc2llaEBhcHBsZS5jb20+ CiAKICAgICAgICAgcnVuLXdlYmtpdC10ZXN0cyAtLXVzZS1ncHUtcHJvY2VzcyBzaG91bGQgZW5h YmxlIEdQVSBQcm9jZXNzIGZvciBjYW52YXMKZGlmZiAtLWdpdCBhL1Rvb2xzL1Rlc3RXZWJLaXRB UEkvVGVzdHMvV2ViQ29yZS9LZXllZENvZGluZy5jcHAgYi9Ub29scy9UZXN0V2ViS2l0QVBJL1Rl c3RzL1dlYkNvcmUvS2V5ZWRDb2RpbmcuY3BwCmluZGV4IDhjOTk4NjJmOWY4ODY2MGIyNzJjY2I1 NWYzODRjMjdiNGJkYTcxM2MuLmNiNmU3MmNhNzFmOWFhY2RiOWJlMDIwZWU5MzZkZWQxNTYwNWNl MjEgMTAwNjQ0Ci0tLSBhL1Rvb2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV2ViQ29yZS9LZXllZENv ZGluZy5jcHAKKysrIGIvVG9vbHMvVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJDb3JlL0tleWVkQ29k aW5nLmNwcApAQCAtMjgsNiArMjgsNyBAQAogI2luY2x1ZGUgPFdlYkNvcmUvS2V5ZWRDb2Rpbmcu aD4KICNpbmNsdWRlIDxXZWJDb3JlL1NoYXJlZEJ1ZmZlci5oPgogI2luY2x1ZGUgPGNzdGRpbnQ+ CisjaW5jbHVkZSA8d3RmL1JhbmRvbU51bWJlci5oPgogI2luY2x1ZGUgPHd0Zi90ZXh0L1dURlN0 cmluZy5oPgogCiBuYW1lc3BhY2UgVGVzdFdlYktpdEFQSSB7CkBAIC0yOTAsNCArMjkxLDIyIEBA IFRFU1QoS2V5ZWRDb2RpbmcsIFNldEFuZEdldFdpdGhFbXB0eUtleSkKICAgICBFWFBFQ1RfVFJV RShzdWNjZXNzKTsKICAgICBFWFBFQ1RfRVEoZmFsc2UsIGJvb2xWYWx1ZSk7CiB9CisKK3N0YXRp YyBWZWN0b3I8dWludDhfdD4gZ2VuZXJhdGVSYW5kb21EYXRhKCkKK3sKKyAgICBWZWN0b3I8dWlu dDhfdD4gZGF0YTsKKyAgICBmb3IgKGF1dG8gaSA9IDA7IGkgPCAyNTY7ICsraSkKKyAgICAgICAg ZGF0YS5hcHBlbmQoc3RhdGljX2Nhc3Q8dW5zaWduZWQ+KHJhbmRvbU51bWJlcigpICogc3RkOjpu dW1lcmljX2xpbWl0czx1aW50OF90Pjo6bWF4KCkpKTsKKyAgICByZXR1cm4gZGF0YTsKK30KKwor VEVTVChLZXllZENvZGluZywgRGVjb2RlUmFuZG9tRGF0YSkKK3sKKyAgICBmb3IgKGF1dG8gaSA9 IDA7IGkgPCAxMDsgKytpKSB7CisgICAgICAgIGF1dG8gZGF0YSA9IGdlbmVyYXRlUmFuZG9tRGF0 YSgpOworICAgICAgICAvLyBEb24ndCBjcmFzaC4KKyAgICAgICAgV2ViQ29yZTo6S2V5ZWREZWNv ZGVyOjpkZWNvZGVyKGRhdGEuZGF0YSgpLCBkYXRhLnNpemUoKSk7CisgICAgfQorfQorCiB9Cg== 393629 2020-03-15 18:27:42 -0700 2020-03-15 18:27:42 -0700 Patch bug-207324-20200316102741.patch text/plain 5934 fujii U3VidmVyc2lvbiBSZXZpc2lvbjogMjU4MzUxCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggZGY4YjQ3ZmRlMjM3YTUy YzM0MmI0M2JkZGI2ZTU2MmM4ZTZkZmZkOC4uZjhlZmMzZDM5MzNhMTVjYjBhYTE4NjRiYTIxNzg5 MWI5ZTEzYWQyNyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDMyIEBACisyMDIwLTAzLTE1ICBGdWpp aSBIaXJvbm9yaSAgPEhpcm9ub3JpLkZ1amlpQHNvbnkuY29tPgorCisgICAgICAgIEtleWVkRGVj b2RlckdlbmVyaWMgZmFpbHMgdG8gYWxsb2NhdGUgVmVjdG9yIHdoaWxlIGRlY29kaW5nIGJyb2tl biBkYXRhCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0y MDczMjQKKworICAgICAgICBSZXZpZXdlZCBieSBEYXJpbiBBZGxlci4KKworICAgICAgICBUaGVy ZSB3ZXJlIHRocmVlIGNyYXNoIGJ1Z3MgaW4gaXQuCisKKyAgICAgICAgS2V5ZWREZWNvZGVyR2Vu ZXJpYyB3YXMgdHJ5aW5nIHRvIGFsbG9jYXRlIGEgYnVmZmVyIHdpdGhvdXQKKyAgICAgICAgZW5z dXJpbmcgdGhlIHNpemUgd291bGRuJ3QgZXhjZWVkIHRoZSBkZWNvZGluZyBkYXRhIHNpemUgYnkg dXNpbmcKKyAgICAgICAgYnVmZmVySXNMYXJnZUVub3VnaFRvQ29udGFpbi4KKworICAgICAgICBJ dCB3YXMgdHJ5aW5nIHRvIHB1c2ggYW4gaXRtZSBpbnRvIHRoZSB0b3AgZGljdGlvbmFyeSBvZiBl bXRweQorICAgICAgICBtX2RpY3Rpb25hcnlTdGFjayB3aGVuIEVuZE9iamVjdCB0YWcgd291bGQg YXBwZWFyIHdpdGhvdXQgdGhlCisgICAgICAgIHByZWNlZGluZyBCZWdpbk9iamVjdCB0YWcuCisK KyAgICAgICAgSXQgd2FzIHRyeWluZyB0byBwdXNoIGFuIGl0ZW0gaW50byB0aGUgdG9wIGFycmF5 IG9mIGVtcHR5CisgICAgICAgIG1fYXJyYXlTdGFjayB3aGVuIEVuZEFycmF5IHRhZyB3b3VsZCBh cHBlYXIgd2l0aG91dCB0aGUgcHJlY2VkaW5nCisgICAgICAgIEJlZ2luQXJyYXkgdGFnLgorCisg ICAgICAgIFRlc3RzOiBUZXN0V2ViS2l0QVBJOiBLZXllZENvZGluZy5EZWNvZGVSYW5kb21EYXRh CisKKyAgICAgICAgKiBwbGF0Zm9ybS9nZW5lcmljL0tleWVkRGVjb2RlckdlbmVyaWMuY3BwOgor ICAgICAgICAoV2ViQ29yZTo6cmVhZFN0cmluZyk6CisgICAgICAgIChXZWJDb3JlOjpLZXllZERl Y29kZXJHZW5lcmljOjpLZXllZERlY29kZXJHZW5lcmljKToKKyAgICAgICAgQ2hlY2sgYnVmZmVy SXNMYXJnZUVub3VnaFRvQ29udGFpbihzaXplKSBiZWZvcmUgYWxsb2NhdGluZyBhIFZlY3RvciB3 aXRoIHNpemUuCisgICAgICAgIENoZWNrIGlmIG1fZGljdGlvbmFyeVN0YWNrIGFuZCBtX2FycmF5 U3RhY2sgYXJlIGVtcHR5LgorCiAyMDIwLTAzLTEyICBBbmRyZXMgR29uemFsZXogIDxhbmRyZXNn XzIyQGFwcGxlLmNvbT4KIAogICAgICAgICBBdHRyaWJ1dGVzIFNlbGVjdGlvblRleHRNYXJrZXJS YW5nZSBhbmQgU3RhcnQvRW5kVGV4dE1hcmtlciBuZWVkIHRvIHJ1biBvbiB0aGUgbWFpbiB0aHJl YWQuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9nZW5lcmljL0tleWVkRGVj b2RlckdlbmVyaWMuY3BwIGIvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ2VuZXJpYy9LZXllZERl Y29kZXJHZW5lcmljLmNwcAppbmRleCBjM2UxNmVkZWVkMmZlZDcwZTgyNTBiNDAyMjQ0MTJlZWFh MjRkNzdjLi5hNWE4OWU0NDM5MjcxZDhhOTlkNDcxOWQwNDNiMTcwOGRiMTQ0NTUwIDEwMDY0NAot LS0gYS9Tb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9nZW5lcmljL0tleWVkRGVjb2RlckdlbmVyaWMu Y3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL2dlbmVyaWMvS2V5ZWREZWNvZGVyR2Vu ZXJpYy5jcHAKQEAgLTU4LDYgKzU4LDggQEAgc3RhdGljIGJvb2wgcmVhZFN0cmluZyhXVEY6OlBl cnNpc3RlbmNlOjpEZWNvZGVyJiBkZWNvZGVyLCBTdHJpbmcmIHJlc3VsdCkKICAgICAgICAgcmV0 dXJuIHRydWU7CiAgICAgfQogCisgICAgaWYgKCFkZWNvZGVyLmJ1ZmZlcklzTGFyZ2VFbm91Z2hU b0NvbnRhaW48dWludDhfdD4oc2l6ZSkpCisgICAgICAgIHJldHVybiBmYWxzZTsKICAgICBWZWN0 b3I8dWludDhfdD4gYnVmZmVyKHNpemUpOwogICAgIGlmICghZGVjb2Rlci5kZWNvZGVGaXhlZExl bmd0aERhdGEoYnVmZmVyLmRhdGEoKSwgc2l6ZSkpCiAgICAgICAgIHJldHVybiBmYWxzZTsKQEAg LTEwNiw2ICsxMDgsOSBAQCBLZXllZERlY29kZXJHZW5lcmljOjpLZXllZERlY29kZXJHZW5lcmlj KGNvbnN0IHVpbnQ4X3QqIGRhdGEsIHNpemVfdCBzaXplKQogICAgICAgICAgICAgICAgIGJyZWFr OwogICAgICAgICAgICAgc2l6ZV90IHNpemU7CiAgICAgICAgICAgICBvayA9IGRlY29kZXIuZGVj b2RlKHNpemUpOworICAgICAgICAgICAgaWYgKCFvaykKKyAgICAgICAgICAgICAgICBicmVhazsK KyAgICAgICAgICAgIG9rID0gZGVjb2Rlci5idWZmZXJJc0xhcmdlRW5vdWdoVG9Db250YWluPHVp bnQ4X3Q+KHNpemUpOwogICAgICAgICAgICAgaWYgKCFvaykKICAgICAgICAgICAgICAgICBicmVh azsKICAgICAgICAgICAgIFZlY3Rvcjx1aW50OF90PiBidWZmZXIoc2l6ZSk7CkBAIC0xNTksNiAr MTY0LDggQEAgS2V5ZWREZWNvZGVyR2VuZXJpYzo6S2V5ZWREZWNvZGVyR2VuZXJpYyhjb25zdCB1 aW50OF90KiBkYXRhLCBzaXplX3Qgc2l6ZSkKICAgICAgICAgfQogICAgICAgICBjYXNlIEtleWVk RW5jb2RlckdlbmVyaWM6OlR5cGU6OkVuZE9iamVjdDoKICAgICAgICAgICAgIG1fZGljdGlvbmFy eVN0YWNrLnJlbW92ZUxhc3QoKTsKKyAgICAgICAgICAgIGlmIChtX2RpY3Rpb25hcnlTdGFjay5p c0VtcHR5KCkpCisgICAgICAgICAgICAgICAgb2sgPSBmYWxzZTsKICAgICAgICAgICAgIGJyZWFr OwogICAgICAgICBjYXNlIEtleWVkRW5jb2RlckdlbmVyaWM6OlR5cGU6OkJlZ2luQXJyYXk6IHsK ICAgICAgICAgICAgIG9rID0gcmVhZFN0cmluZyhkZWNvZGVyLCBrZXkpOwpAQCAtMTcwLDYgKzE3 Nyw5IEBAIEtleWVkRGVjb2RlckdlbmVyaWM6OktleWVkRGVjb2RlckdlbmVyaWMoY29uc3QgdWlu dDhfdCogZGF0YSwgc2l6ZV90IHNpemUpCiAgICAgICAgICAgICBicmVhazsKICAgICAgICAgfQog ICAgICAgICBjYXNlIEtleWVkRW5jb2RlckdlbmVyaWM6OlR5cGU6OkJlZ2luQXJyYXlFbGVtZW50 OiB7CisgICAgICAgICAgICBvayA9ICFtX2FycmF5U3RhY2suaXNFbXB0eSgpOworICAgICAgICAg ICAgaWYgKCFvaykKKyAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgIGF1dG8gbmV3 RGljdGlvbmFyeSA9IG1ha2VVbmlxdWU8RGljdGlvbmFyeT4oKTsKICAgICAgICAgICAgIG1fZGlj dGlvbmFyeVN0YWNrLmFwcGVuZChuZXdEaWN0aW9uYXJ5LmdldCgpKTsKICAgICAgICAgICAgIG1f YXJyYXlTdGFjay5sYXN0KCktPmFwcGVuZChXVEZNb3ZlKG5ld0RpY3Rpb25hcnkpKTsKQEAgLTE3 Nyw4ICsxODcsMTMgQEAgS2V5ZWREZWNvZGVyR2VuZXJpYzo6S2V5ZWREZWNvZGVyR2VuZXJpYyhj b25zdCB1aW50OF90KiBkYXRhLCBzaXplX3Qgc2l6ZSkKICAgICAgICAgfQogICAgICAgICBjYXNl IEtleWVkRW5jb2RlckdlbmVyaWM6OlR5cGU6OkVuZEFycmF5RWxlbWVudDoKICAgICAgICAgICAg IG1fZGljdGlvbmFyeVN0YWNrLnJlbW92ZUxhc3QoKTsKKyAgICAgICAgICAgIGlmIChtX2RpY3Rp b25hcnlTdGFjay5pc0VtcHR5KCkpCisgICAgICAgICAgICAgICAgb2sgPSBmYWxzZTsKICAgICAg ICAgICAgIGJyZWFrOwogICAgICAgICBjYXNlIEtleWVkRW5jb2RlckdlbmVyaWM6OlR5cGU6OkVu ZEFycmF5OgorICAgICAgICAgICAgb2sgPSAhbV9hcnJheVN0YWNrLmlzRW1wdHkoKTsKKyAgICAg ICAgICAgIGlmICghb2spCisgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICBtX2Fy cmF5U3RhY2sucmVtb3ZlTGFzdCgpOwogICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgIH0KZGlm ZiAtLWdpdCBhL1Rvb2xzL0NoYW5nZUxvZyBiL1Rvb2xzL0NoYW5nZUxvZwppbmRleCBkMjdjODQ0 OTFiYjBiOWI3Y2Q1YjE4N2I3NTYxYjEyN2FjZTY4NTMzLi45NGY3M2E5ZWEyN2UyYTY3MDRkYTBi OWY2MTkyY2M0MWJkNTI0NjU3IDEwMDY0NAotLS0gYS9Ub29scy9DaGFuZ2VMb2cKKysrIGIvVG9v bHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTQgQEAKKzIwMjAtMDMtMTUgIEZ1amlpIEhpcm9ub3Jp ICA8SGlyb25vcmkuRnVqaWlAc29ueS5jb20+CisKKyAgICAgICAgS2V5ZWREZWNvZGVyR2VuZXJp YyBmYWlscyB0byBhbGxvY2F0ZSBWZWN0b3Igd2hpbGUgZGVjb2RpbmcgYnJva2VuIGRhdGEKKyAg ICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNzMyNAorCisg ICAgICAgIFJldmlld2VkIGJ5IERhcmluIEFkbGVyLgorCisgICAgICAgICogVGVzdFdlYktpdEFQ SS9UZXN0cy9XZWJDb3JlL0tleWVkQ29kaW5nLmNwcDoKKyAgICAgICAgKFRlc3RXZWJLaXRBUEk6 OmdlbmVyYXRlUmFuZG9tRGF0YSk6IEFkZGVkLgorICAgICAgICAoVGVzdFdlYktpdEFQSTo6S2V5 ZWRDb2RpbmcuRGVjb2RlUmFuZG9tRGF0YSk6IEFkZGVkIGEgbmV3IHRlc3QgZGVjb2RpbmcgcmFu ZG9tIGRhdGEuCisKIDIwMjAtMDMtMTIgIFdlbnNvbiBIc2llaCAgPHdlbnNvbl9oc2llaEBhcHBs ZS5jb20+CiAKICAgICAgICAgcnVuLXdlYmtpdC10ZXN0cyAtLXVzZS1ncHUtcHJvY2VzcyBzaG91 bGQgZW5hYmxlIEdQVSBQcm9jZXNzIGZvciBjYW52YXMKZGlmZiAtLWdpdCBhL1Rvb2xzL1Rlc3RX ZWJLaXRBUEkvVGVzdHMvV2ViQ29yZS9LZXllZENvZGluZy5jcHAgYi9Ub29scy9UZXN0V2ViS2l0 QVBJL1Rlc3RzL1dlYkNvcmUvS2V5ZWRDb2RpbmcuY3BwCmluZGV4IDhjOTk4NjJmOWY4ODY2MGIy NzJjY2I1NWYzODRjMjdiNGJkYTcxM2MuLjg2NjkxZDY5ZjE1NjBmMWViZTZhMTdkOWIwZmZhOWU3 MmVkYTkzOTYgMTAwNjQ0Ci0tLSBhL1Rvb2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV2ViQ29yZS9L ZXllZENvZGluZy5jcHAKKysrIGIvVG9vbHMvVGVzdFdlYktpdEFQSS9UZXN0cy9XZWJDb3JlL0tl eWVkQ29kaW5nLmNwcApAQCAtMjgsNiArMjgsNyBAQAogI2luY2x1ZGUgPFdlYkNvcmUvS2V5ZWRD b2RpbmcuaD4KICNpbmNsdWRlIDxXZWJDb3JlL1NoYXJlZEJ1ZmZlci5oPgogI2luY2x1ZGUgPGNz dGRpbnQ+CisjaW5jbHVkZSA8Y3N0ZGxpYj4KICNpbmNsdWRlIDx3dGYvdGV4dC9XVEZTdHJpbmcu aD4KIAogbmFtZXNwYWNlIFRlc3RXZWJLaXRBUEkgewpAQCAtMjkwLDQgKzI5MSwyMyBAQCBURVNU KEtleWVkQ29kaW5nLCBTZXRBbmRHZXRXaXRoRW1wdHlLZXkpCiAgICAgRVhQRUNUX1RSVUUoc3Vj Y2Vzcyk7CiAgICAgRVhQRUNUX0VRKGZhbHNlLCBib29sVmFsdWUpOwogfQorCitzdGF0aWMgVmVj dG9yPHVpbnQ4X3Q+IGdlbmVyYXRlUmFuZG9tRGF0YSgpCit7CisgICAgVmVjdG9yPHVpbnQ4X3Q+ IGRhdGE7CisgICAgZm9yIChhdXRvIGkgPSAwOyBpIDwgMjU2OyArK2kpCisgICAgICAgIGRhdGEu YXBwZW5kKHN0ZDo6cmFuZCgpIC8gKFJBTkRfTUFYICsgMS4wKSAqIHN0ZDo6bnVtZXJpY19saW1p dHM8dWludDhfdD46Om1heCgpKTsKKyAgICByZXR1cm4gZGF0YTsKK30KKworVEVTVChLZXllZENv ZGluZywgRGVjb2RlUmFuZG9tRGF0YSkKK3sKKyAgICBzdGQ6OnNyYW5kKDApOworICAgIGZvciAo YXV0byBpID0gMDsgaSA8IDEwOyArK2kpIHsKKyAgICAgICAgYXV0byBkYXRhID0gZ2VuZXJhdGVS YW5kb21EYXRhKCk7CisgICAgICAgIC8vIERvbid0IGNyYXNoLgorICAgICAgICBXZWJDb3JlOjpL ZXllZERlY29kZXI6OmRlY29kZXIoZGF0YS5kYXRhKCksIGRhdGEuc2l6ZSgpKTsKKyAgICB9Cit9 CisKIH0K