217482 2020-10-08 10:11:04 -0700 [GTK] Crash in WebKit::DropTarget::drop 2020-11-10 01:03:30 -0800 1 1 1 Unclassified WebKit WebKitGTK WebKit Nightly Build PC Linux RESOLVED FIXED https://bugzilla.redhat.com/show_bug.cgi?id=1886523 https://bugs.webkit.org/show_bug.cgi?id=190787 P2 Normal --- 1 mcatanzaro webkit-unassigned berto bugs-noreply cgarcia ews-watchlist gustavo mcatanzaro oldest_to_newest 1695944 0 mcatanzaro 2020-10-08 10:11:04 -0700 I haven't seen this particular drag-n-drop bug before, so it's probably new in 2.30? Thread 1 (Thread 0x7f3eeff62c80 (LWP 3523)): #0 __GI_raise (sig=<optimized out>) at ../sysdeps/unix/sysv/linux/raise.c:49 set = {__val = {0, 93856813486576, 0, 72057594037927988, 0, 140721518124432, 4627167142146474036, 16801918529473529088, 93856870608272, 93856813042704, 0, 93857127715200, 52, 4294967300, 4, 139908447935547}} pid = <optimized out> tid = <optimized out> ret = <optimized out> #1 0x00007f3ef44a18a4 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x7ffc48199f5c, sa_sigaction = 0x7ffc48199f5c}, sa_mask = {__val = {139908453178748, 140721518124900, 93856824678096, 140721518124896, 0, 139906547279360, 139908453179008, 0, 16801918529473529088, 140721518125104, 93856817365984, 93856867505936, 139908422963647, 139908027480608, 1095216660830, 0}}, sa_flags = -699218688, sa_restorer = 0x10} sigs = {__val = {32, 139908449167371, 139908449106432, 139908453179171, 4644407484470001664, 350, 93856825400816, 93856817365984, 93856817365984, 139908449167371, 324, 93856824678096, 0, 0, 140721518124896, 139908449167371}} #2 0x00007f3ef6437f1b in WTF::Optional<WebCore::SelectionData>::value() & (this=0x7f3ee0477a40) from /lib64/libwebkit2gtk-4.0.so.37 No locals. #3 WebKit::DropTarget::drop (this=0x7f3ee0477a20, position=..., time=0) at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:274 page = 0x7f3e880d6600 flags = <optimized out> dragData = {m_clientPosition = {m_x = 0, m_y = 0}, m_globalPosition = {m_x = -1052813552, m_y = 21852}, m_platformDragData = 0x9000000144, m_draggingSourceOperationMask = {m_storage = 144 '\220'}, m_applicationFlags = {m_storage = 160 '\240'}, m_fileNames = {<WTF::VectorBuffer<WTF::String, 0, WTF::FastMalloc>> = {<WTF::VectorBufferBase<WTF::String, WTF::FastMalloc>> = {m_buffer = 0x555cc14b09d0, m_capacity = 0, m_size = 0}, <No data fields>}, <No data fields>}, m_dragDestinationActionMask = {m_storage = 16 '\020'}} #4 0x00007f3ef68f3f6d in operator() (__closure=0x0, userData=<optimized out>, time=<optimized out>, y=<optimized out>, x=<optimized out>, context=<optimized out>) at DerivedSources/ForwardingHeaders/WebCore/IntPoint.h:67 drop = <optimized out> #5 _FUN () at ../Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:77 No locals. #6 0x00007f3ef9f01cf6 in _gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINTv (closure=0x555cc14723b0, return_value=0x7ffc4819a190, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x555cbe057870) at gtkmarshalers.c:884 cc = <optimized out> data1 = 0x555cc13f5710 data2 = <optimized out> callback = 0x7f3ef68f3f10 <_FUN(GtkWidget*, GdkDragContext*, gint, gint, guint, gpointer)> v_return = <optimized out> arg0 = 0x555cbe0360e0 arg1 = 8 arg2 = 582 arg3 = 0 args_copy = {{gp_offset = 48, fp_offset = 48, overflow_arg_area = 0x7ffc4819a360, reg_save_area = 0x7ffc4819a270}} __func__ = "_gtk_marshal_BOOLEAN__OBJECT_INT_INT_UINTv" #7 0x00007f3ef969a260 in _g_closure_invoke_va (param_types=0x555cbe057870, n_params=<optimized out>, args=0x7ffc4819a240, instance=0x555cc13f5710, return_value=0x7ffc4819a190, closure=0x555cc14723b0) at ../gobject/gclosure.c:873 marshal = <optimized out> marshal_data = <optimized out> in_marshal = 0 real_closure = 0x555cc1472390 real_closure = <optimized out> __func__ = <optimized out> _g_boolean_var_ = <optimized out> marshal = <optimized out> marshal_data = <optimized out> in_marshal = <optimized out> _g_boolean_var_ = <optimized out> cunion = <optimized out> new_int = <optimized out> old_int = <optimized out> success = <optimized out> tmp = <optimized out> gaicae_oldval = <optimized out> cunion = <optimized out> new_int = <optimized out> old_int = <optimized out> success = <optimized out> tmp = <optimized out> gaicae_oldval = <optimized out> #8 g_signal_emit_valist (instance=instance@entry=0x555cc13f5710, signal_id=signal_id@entry=113, detail=detail@entry=0, var_args=var_args@entry=0x7ffc4819a240) at ../gobject/gsignal.c:3403 return_accu = 0x7ffc4819a190 accu = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} accumulator = 0x555cbe086260 emission = {next = 0x0, instance = 0x555cc13f5710, ihint = {signal_id = 113, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 93856814379296} signal_id = 113 instance_type = 93856814379296 emission_return = {g_type = 20, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} rtype = 20 static_scope = 0 fastpath_handler = <optimized out> closure = <optimized out> run_type = <optimized out> hlist = <optimized out> l = <optimized out> fastpath = 1 instance_and_params = <optimized out> signal_return_type = <optimized out> param_values = <optimized out> node = <optimized out> i = <optimized out> n_params = <optimized out> __func__ = "g_signal_emit_valist" #9 0x00007f3ef969a599 in g_signal_emit_by_name (instance=0x555cc13f5710, detailed_signal=0x7f3ef9f46525 "drag-drop") at ../gobject/gsignal.c:3590 var_args = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7ffc4819a360, reg_save_area = 0x7ffc4819a270}} detail = 0 signal_id = 113 itype = 93856814379296 __func__ = "g_signal_emit_by_name" #10 0x00007f3ef9edf230 in gtk_drag_dest_drop (widget=widget@entry=0x555cc13f5710, context=context@entry=0x555cbe0360e0, x=324, y=144, time=time@entry=0) at gtkdnd.c:1674 retval = -101326739 site = 0x555cc0258090 info = <optimized out> __func__ = "gtk_drag_dest_drop" #11 0x00007f3ef9d67aab in gtk_drag_find_widget (callback=0x7f3ef9edf170 <gtk_drag_dest_drop>, time=0, y=<optimized out>, x=<optimized out>, info=0x555cbfa5a030, context=0x555cbe0360e0, widget=0x555cc13f5710) at gtkdnd.c:1270 parent = 0x0 hierarchy = 0x555ccf22cc40 found = 0 #12 _gtk_drag_dest_handle_event (event=0x555ccf2e1d10, toplevel=<optimized out>) at gtkdnd.c:1091 window = <optimized out> tx = 0 ty = 0 found = <optimized out> info = 0x555cbfa5a030 context = 0x555cbe0360e0 info = <optimized out> context = <optimized out> __func__ = <optimized out> _g_boolean_var_ = <optimized out> _g_boolean_var_ = <optimized out> window = <optimized out> tx = <optimized out> ty = <optimized out> found = <optimized out> __inst = <optimized out> __t = <optimized out> __r = <optimized out> #13 gtk_main_do_event (event=0x555ccf2e1d10) at gtkmain.c:1938 grab_widget = <optimized out> window_group = 0x7ffc4819a428 rewritten_event = <optimized out> device = <optimized out> tmp_list = <optimized out> event_widget = <optimized out> topmost_widget = <optimized out> event_widget = <optimized out> grab_widget = <optimized out> topmost_widget = <optimized out> window_group = <optimized out> rewritten_event = <optimized out> device = <optimized out> tmp_list = <optimized out> __func__ = <optimized out> __inst = <optimized out> __t = <optimized out> __r = <optimized out> window = <optimized out> __inst = <optimized out> __t = <optimized out> __r = <optimized out> __inst = <optimized out> __t = <optimized out> __r = <optimized out> mnemonics_visible = <optimized out> window = <optimized out> __inst = <optimized out> __t = <optimized out> __r = <optimized out> #14 gtk_main_do_event (event=<optimized out>) at gtkmain.c:1690 event_widget = <optimized out> grab_widget = <optimized out> topmost_widget = <optimized out> window_group = <optimized out> rewritten_event = <optimized out> device = <optimized out> tmp_list = <optimized out> __func__ = "gtk_main_do_event" __inst = <optimized out> __t = <optimized out> __r = <optimized out> window = <optimized out> __inst = <optimized out> __t = <optimized out> __r = <optimized out> __inst = <optimized out> __t = <optimized out> __r = <optimized out> mnemonics_visible = <optimized out> window = <optimized out> __inst = <optimized out> __t = <optimized out> __r = <optimized out> #15 0x00007f3ef9a56043 in _gdk_event_emit (event=0x555ccf2e1d10) at gdkevents.c:73 No locals. #16 _gdk_event_emit (event=0x555ccf2e1d10) at gdkevents.c:67 No locals. #17 0x00007f3ef9abc172 in gdk_event_source_dispatch (base=base@entry=0x555cbe040b50, callback=<optimized out>, data=<optimized out>) at gdkeventsource.c:124 source = 0x555cbe040b50 display = <optimized out> event = 0x555ccf2e1d10 #18 0x00007f3ef958cff7 in g_main_dispatch (context=0x555cbe01e120) at ../glib/gmain.c:3325 dispatch = <optimized out> prev_source = 0x0 begin_time_nsec = 0 was_in_call = <optimized out> user_data = 0x0 callback = 0x0 cb_funcs = 0x0 cb_data = 0x0 need_destroy = <optimized out> source = 0x555cbe040b50 current = 0x555cbe01e1e0 i = 0 current = <optimized out> i = <optimized out> __func__ = <optimized out> source = <optimized out> _g_boolean_var_ = <optimized out> was_in_call = <optimized out> user_data = <optimized out> callback = <optimized out> cb_funcs = <optimized out> cb_data = <optimized out> need_destroy = <optimized out> dispatch = <optimized out> prev_source = <optimized out> begin_time_nsec = <optimized out> _g_boolean_var_ = <optimized out> #19 g_main_context_dispatch (context=0x555cbe01e120) at ../glib/gmain.c:4016 No locals. #20 0x00007f3ef95ddbb8 in g_main_context_iterate.constprop.0 (context=context@entry=0x555cbe01e120, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4092 max_priority = 2147483647 timeout = 310 some_ready = 1 nfds = <optimized out> allocated_nfds = <optimized out> fds = 0x555cd0713fa0 #21 0x00007f3ef958a41f in g_main_context_iteration (context=0x555cbe01e120, may_block=1) at ../glib/gmain.c:4157 retval = <optimized out> #22 0x00007f3ef97983e5 in g_application_run (application=0x555cbe014770, argc=1209640436, argv=<optimized out>) at ../gio/gapplication.c:2559 arguments = 0x555cbe188710 status = 0 context = 0x555cbe01e120 acquired_context = <optimized out> __func__ = "g_application_run" #23 0x0000555cbc0bcc2b in main (argc=<optimized out>, argv=<optimized out>) at ../src/ephy-main.c:431 option_context = <optimized out> option_group = <optimized out> error = 0x0 user_time = 140364 arbitrary_url = <optimized out> ctx = <optimized out> mode = <optimized out> status = <optimized out> flags = <optimized out> desktop_info = <optimized out> 1695946 1 mcatanzaro 2020-10-08 10:22:08 -0700 OK here's a guess: maybe (1) user starts drag, (2) user leaves window, m_leaveTimer starts running, (3) user starts a new drag, m_leaveTimer still running, (4) m_leaveTimer fires, unsets m_selectionData etc., (5) user releases button, triggering drop, (6) crash. It seems a little unlikely, because m_leaveTimer is stopped in DropTarget::accept, so the user would have to finish the drop before the source application sends its drag data offer. But that's actually possible, right? I see we have, in DropTarget::accept: if (m_leaveTimer.isActive()) { m_leaveTimer.stop(); leaveTimerFired(); } But that's not soon enough, right? It belongs in DropTarget::enter? 1695950 2 mcatanzaro 2020-10-08 10:31:25 -0700 (In reply to Michael Catanzaro from comment #1) > OK here's a guess: maybe (1) user starts drag, (2) user leaves window, > m_leaveTimer starts running, (3) user starts a new drag, m_leaveTimer still > running, (4) m_leaveTimer fires, unsets m_selectionData etc., (5) user > releases button, triggering drop, (6) crash. > > It seems a little unlikely, because m_leaveTimer is stopped in > DropTarget::accept, so the user would have to finish the drop before the > source application sends its drag data offer. But that's actually possible, > right? It's actually called the first time drag-motion is received, so that is a little more plausible. But it still relies on that timer not firing immediately. My expectation is that the timer created with 0_s timeout would run on next iteration of the main loop, so it seems very unlikely... but I haven't looked into how Timer is implemented. Notably, however, DropTarget::leaveTimerFired is actually prepared for m_selectionData to be nullopt! But DropTarget::drop is not. So if nothing else, that is inconsistent. 1705167 3 cgarcia 2020-11-06 01:22:17 -0800 (In reply to Michael Catanzaro from comment #1) > OK here's a guess: maybe (1) user starts drag, (2) user leaves window, > m_leaveTimer starts running, (3) user starts a new drag, m_leaveTimer still > running, (4) m_leaveTimer fires, unsets m_selectionData etc., (5) user > releases button, triggering drop, (6) crash. > > It seems a little unlikely, because m_leaveTimer is stopped in > DropTarget::accept, so the user would have to finish the drop before the > source application sends its drag data offer. But that's actually possible, > right? > > I see we have, in DropTarget::accept: > > if (m_leaveTimer.isActive()) { > m_leaveTimer.stop(); > leaveTimerFired(); > } > > But that's not soon enough, right? It belongs in DropTarget::enter? accept happens before enter. accept starts reading the contents and after all data has been received then enter is called. 1705169 4 cgarcia 2020-11-06 01:29:28 -0800 Was this under xorg or wayland? 1705171 5 cgarcia 2020-11-06 01:40:12 -0800 (In reply to Michael Catanzaro from comment #1) > OK here's a guess: maybe (1) user starts drag, (2) user leaves window, > m_leaveTimer starts running, (3) user starts a new drag, m_leaveTimer still > running, (4) m_leaveTimer fires, unsets m_selectionData etc., (5) user > releases button, triggering drop, (6) crash. > > It seems a little unlikely, because m_leaveTimer is stopped in > DropTarget::accept, so the user would have to finish the drop before the > source application sends its drag data offer. But that's actually possible, > right? > > I see we have, in DropTarget::accept: > > if (m_leaveTimer.isActive()) { > m_leaveTimer.stop(); > leaveTimerFired(); > } > > But that's not soon enough, right? It belongs in DropTarget::enter? I've noticed a problem with this code, though. It resets the drop context and position set in drag-motion callback 1705177 6 413415 cgarcia 2020-11-06 02:10:36 -0800 Created attachment 413415 Patch 1705178 7 ews-watchlist 2020-11-06 02:11:38 -0800 Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See https://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API 1705245 8 mcatanzaro 2020-11-06 08:04:24 -0800 (In reply to Carlos Garcia Campos from comment #4) > Was this under xorg or wayland? Probably Wayland 1705271 9 413415 mcatanzaro 2020-11-06 09:10:02 -0800 Comment on attachment 413415 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=413415&action=review > Source/WebKit/ChangeLog:9 > + accept() to receive the drop context and position to ne set after leaving any previous operation. ne -> be > Source/WebKit/UIProcess/API/gtk/DropTargetGtk3.cpp:262 > + // If we don't have data at this point, let leave continue. If I understand this correctly, then how about: "If we don't have data at this point, allow the leave timer to fire, ending the drop operation." 1705275 10 mcatanzaro 2020-11-06 09:12:32 -0800 (In reply to Michael Catanzaro from comment #8) > (In reply to Carlos Garcia Campos from comment #4) > > Was this under xorg or wayland? > > Probably Wayland Maybe not, looks like this was a downstream bug report rather than one I experienced myself. 1706020 11 cgarcia 2020-11-10 01:03:30 -0800 Committed r269620: <https://trac.webkit.org/changeset/269620> 413415 2020-11-06 02:10:36 -0800 2020-11-06 09:10:02 -0800 Patch wk2-dnd-crash.diff text/plain 4799 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nIGIvU291cmNlL1dlYktpdC9DaGFu Z2VMb2cKaW5kZXggNTI4YzQ5NjQ2NjY0Li44NDMyNzQyMWI1ZmYgMTAwNjQ0Ci0tLSBhL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMg KzEsMjIgQEAKKzIwMjAtMTEtMDYgIENhcmxvcyBHYXJjaWEgQ2FtcG9zICA8Y2dhcmNpYUBpZ2Fs aWEuY29tPgorCisgICAgICAgIFtHVEtdIENyYXNoIGluIFdlYktpdDo6RHJvcFRhcmdldDo6ZHJv cAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjE3NDgy CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgSWYgd2Ug ZG9uJ3QgaGF2ZSBzZWxlY3Rpb24gZGF0YSB3aGVuIGRyb3AgaXMgY2FsbGVkLCBqdXN0IHJldHVy biBlYXJseSB0byBsZXQgbGVhdmUgY29udGludWUuIEFsc28gY2hhbmdlCisgICAgICAgIGFjY2Vw dCgpIHRvIHJlY2VpdmUgdGhlIGRyb3AgY29udGV4dCBhbmQgcG9zaXRpb24gdG8gbmUgc2V0IGFm dGVyIGxlYXZpbmcgYW55IHByZXZpb3VzIG9wZXJhdGlvbi4KKworICAgICAgICAqIFVJUHJvY2Vz cy9BUEkvZ3RrL0Ryb3BUYXJnZXQuaDoKKyAgICAgICAgKiBVSVByb2Nlc3MvQVBJL2d0ay9Ecm9w VGFyZ2V0R3RrMy5jcHA6CisgICAgICAgIChXZWJLaXQ6OkRyb3BUYXJnZXQ6OkRyb3BUYXJnZXQp OgorICAgICAgICAoV2ViS2l0OjpEcm9wVGFyZ2V0OjphY2NlcHQpOgorICAgICAgICAoV2ViS2l0 OjpEcm9wVGFyZ2V0Ojpkcm9wKToKKyAgICAgICAgKiBVSVByb2Nlc3MvQVBJL2d0ay9Ecm9wVGFy Z2V0R3RrNC5jcHA6CisgICAgICAgIChXZWJLaXQ6OkRyb3BUYXJnZXQ6OkRyb3BUYXJnZXQpOgor ICAgICAgICAoV2ViS2l0OjpEcm9wVGFyZ2V0OjphY2NlcHQpOgorCiAyMDIwLTExLTA2ICBDYXJs b3MgR2FyY2lhIENhbXBvcyAgPGNnYXJjaWFAaWdhbGlhLmNvbT4KIAogICAgICAgICBbR1RLXVtX UEVdIFdFQktJVF9QTFVHSU5fRVJST1JfV0lMTF9IQU5ETEVfTE9BRCByZXR1cm5lZCB3aGVuIHBs dWdpbnMgYXJlIGRpc2FibGVkCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L1VJUHJvY2Vzcy9B UEkvZ3RrL0Ryb3BUYXJnZXQuaCBiL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL0FQSS9ndGsvRHJv cFRhcmdldC5oCmluZGV4IGEwMDQ1MDBiMGRlZi4uZjljNWRkNzYwOGEwIDEwMDY0NAotLS0gYS9T b3VyY2UvV2ViS2l0L1VJUHJvY2Vzcy9BUEkvZ3RrL0Ryb3BUYXJnZXQuaAorKysgYi9Tb3VyY2Uv V2ViS2l0L1VJUHJvY2Vzcy9BUEkvZ3RrL0Ryb3BUYXJnZXQuaApAQCAtMzksOSArMzksMTEgQEAg dHlwZWRlZiBzdHJ1Y3QgX0d0a1dpZGdldCBHdGtXaWRnZXQ7CiAKICNpZiBVU0UoR1RLNCkKIHR5 cGVkZWYgc3RydWN0IF9HZGtEcm9wIEdka0Ryb3A7Cit1c2luZyBQbGF0Zm9ybURyb3BDb250ZXh0 ID0gR2RrRHJvcDsKICNlbHNlCiB0eXBlZGVmIHN0cnVjdCBfR2RrRHJhZ0NvbnRleHQgR2RrRHJh Z0NvbnRleHQ7CiB0eXBlZGVmIHN0cnVjdCBfR3RrU2VsZWN0aW9uRGF0YSBHdGtTZWxlY3Rpb25E YXRhOwordXNpbmcgUGxhdGZvcm1Ecm9wQ29udGV4dCA9IEdka0RyYWdDb250ZXh0OwogI2VuZGlm CiAKIG5hbWVzcGFjZSBXZWJLaXQgewpAQCAtNTcsNyArNTksNyBAQCBwdWJsaWM6CiAgICAgdm9p ZCBkaWRQZXJmb3JtQWN0aW9uKCk7CiAKIHByaXZhdGU6Ci0gICAgdm9pZCBhY2NlcHQodW5zaWdu ZWQgPSAwKTsKKyAgICB2b2lkIGFjY2VwdChQbGF0Zm9ybURyb3BDb250ZXh0KiwgT3B0aW9uYWw8 V2ViQ29yZTo6SW50UG9pbnQ+ID0gV1RGOjpudWxsb3B0LCB1bnNpZ25lZCA9IDApOwogICAgIHZv aWQgZW50ZXIoV2ViQ29yZTo6SW50UG9pbnQmJiwgdW5zaWduZWQgPSAwKTsKICAgICB2b2lkIHVw ZGF0ZShXZWJDb3JlOjpJbnRQb2ludCYmLCB1bnNpZ25lZCA9IDApOwogICAgIHZvaWQgbGVhdmUo KTsKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL0FQSS9ndGsvRHJvcFRhcmdl dEd0azMuY3BwIGIvU291cmNlL1dlYktpdC9VSVByb2Nlc3MvQVBJL2d0ay9Ecm9wVGFyZ2V0R3Rr My5jcHAKaW5kZXggZWEyMmJjZDgzZjJmLi43Yzc0OWViYTFlNWMgMTAwNjQ0Ci0tLSBhL1NvdXJj ZS9XZWJLaXQvVUlQcm9jZXNzL0FQSS9ndGsvRHJvcFRhcmdldEd0azMuY3BwCisrKyBiL1NvdXJj ZS9XZWJLaXQvVUlQcm9jZXNzL0FQSS9ndGsvRHJvcFRhcmdldEd0azMuY3BwCkBAIC01OSw5ICs1 OSw3IEBAIERyb3BUYXJnZXQ6OkRyb3BUYXJnZXQoR3RrV2lkZ2V0KiB3ZWJWaWV3KQogICAgIGdf c2lnbmFsX2Nvbm5lY3RfYWZ0ZXIobV93ZWJWaWV3LCAiZHJhZy1tb3Rpb24iLCBHX0NBTExCQUNL KCtbXShHdGtXaWRnZXQqLCBHZGtEcmFnQ29udGV4dCogY29udGV4dCwgZ2ludCB4LCBnaW50IHks IGd1aW50IHRpbWUsIGdwb2ludGVyIHVzZXJEYXRhKSAtPiBnYm9vbGVhbiB7CiAgICAgICAgIGF1 dG8mIGRyb3AgPSAqc3RhdGljX2Nhc3Q8RHJvcFRhcmdldCo+KHVzZXJEYXRhKTsKICAgICAgICAg aWYgKGRyb3AubV9kcm9wICE9IGNvbnRleHQpIHsKLSAgICAgICAgICAgIGRyb3AubV9kcm9wID0g Y29udGV4dDsKLSAgICAgICAgICAgIGRyb3AubV9wb3NpdGlvbiA9IEludFBvaW50KHgsIHkpOwot ICAgICAgICAgICAgZHJvcC5hY2NlcHQodGltZSk7CisgICAgICAgICAgICBkcm9wLmFjY2VwdChj b250ZXh0LCBJbnRQb2ludCh4LCB5KSwgdGltZSk7CiAgICAgICAgIH0gZWxzZSBpZiAoZHJvcC5t X2Ryb3AgPT0gY29udGV4dCkKICAgICAgICAgICAgIGRyb3AudXBkYXRlKHsgeCwgeSB9LCB0aW1l KTsKICAgICAgICAgcmV0dXJuIFRSVUU7CkBAIC05NywxMyArOTUsMTUgQEAgRHJvcFRhcmdldDo6 fkRyb3BUYXJnZXQoKQogICAgIGdfc2lnbmFsX2hhbmRsZXJzX2Rpc2Nvbm5lY3RfYnlfZGF0YSht X3dlYlZpZXcsIHRoaXMpOwogfQogCi12b2lkIERyb3BUYXJnZXQ6OmFjY2VwdCh1bnNpZ25lZCB0 aW1lKQordm9pZCBEcm9wVGFyZ2V0OjphY2NlcHQoR2RrRHJhZ0NvbnRleHQqIGRyb3AsIE9wdGlv bmFsPFdlYkNvcmU6OkludFBvaW50PiBwb3NpdGlvbiwgdW5zaWduZWQgdGltZSkKIHsKICAgICBp ZiAobV9sZWF2ZVRpbWVyLmlzQWN0aXZlKCkpIHsKICAgICAgICAgbV9sZWF2ZVRpbWVyLnN0b3Ao KTsKICAgICAgICAgbGVhdmVUaW1lckZpcmVkKCk7CiAgICAgfQogCisgICAgbV9kcm9wID0gZHJv cDsKKyAgICBtX3Bvc2l0aW9uID0gcG9zaXRpb247CiAgICAgbV9kYXRhUmVxdWVzdENvdW50ID0g MDsKICAgICBtX3NlbGVjdGlvbkRhdGEgPSBXVEY6Om51bGxvcHQ7CiAKQEAgLTI1OSw2ICsyNTks MTAgQEAgdm9pZCBEcm9wVGFyZ2V0OjpsZWF2ZSgpCiAKIHZvaWQgRHJvcFRhcmdldDo6ZHJvcChJ bnRQb2ludCYmIHBvc2l0aW9uLCB1bnNpZ25lZCB0aW1lKQogeworICAgIC8vIElmIHdlIGRvbid0 IGhhdmUgZGF0YSBhdCB0aGlzIHBvaW50LCBsZXQgbGVhdmUgY29udGludWUuCisgICAgaWYgKCFt X3NlbGVjdGlvbkRhdGEpCisgICAgICAgIHJldHVybjsKKwogICAgIGlmIChtX2xlYXZlVGltZXIu aXNBY3RpdmUoKSkKICAgICAgICAgbV9sZWF2ZVRpbWVyLnN0b3AoKTsKIApkaWZmIC0tZ2l0IGEv U291cmNlL1dlYktpdC9VSVByb2Nlc3MvQVBJL2d0ay9Ecm9wVGFyZ2V0R3RrNC5jcHAgYi9Tb3Vy Y2UvV2ViS2l0L1VJUHJvY2Vzcy9BUEkvZ3RrL0Ryb3BUYXJnZXRHdGs0LmNwcAppbmRleCBiYzdh YmRhYzJmMTkuLjFjZGEzYWEyMzg4ZSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdC9VSVByb2Nl c3MvQVBJL2d0ay9Ecm9wVGFyZ2V0R3RrNC5jcHAKKysrIGIvU291cmNlL1dlYktpdC9VSVByb2Nl c3MvQVBJL2d0ay9Ecm9wVGFyZ2V0R3RrNC5jcHAKQEAgLTU0LDggKzU0LDcgQEAgRHJvcFRhcmdl dDo6RHJvcFRhcmdldChHdGtXaWRnZXQqIHdlYlZpZXcpCiAgICAgICAgIHN0YXRpY19jYXN0PEdk a0RyYWdBY3Rpb24+KEdES19BQ1RJT05fQ09QWSB8IEdES19BQ1RJT05fTU9WRSB8IEdES19BQ1RJ T05fTElOSykpOwogICAgIGdfc2lnbmFsX2Nvbm5lY3QodGFyZ2V0LCAiYWNjZXB0IiwgR19DQUxM QkFDSygrW10oR3RrRHJvcFRhcmdldEFzeW5jKiwgR2RrRHJvcCogZ2RrRHJvcCwgZ3BvaW50ZXIg dXNlckRhdGEpIC0+IGdib29sZWFuIHsKICAgICAgICAgYXV0byYgZHJvcCA9ICpzdGF0aWNfY2Fz dDxEcm9wVGFyZ2V0Kj4odXNlckRhdGEpOwotICAgICAgICBkcm9wLm1fZHJvcCA9IGdka0Ryb3A7 Ci0gICAgICAgIGRyb3AuYWNjZXB0KCk7CisgICAgICAgIGRyb3AuYWNjZXB0KGdka0Ryb3ApOwog ICAgICAgICByZXR1cm4gVFJVRTsKICAgICB9KSwgdGhpcyk7CiAKQEAgLTEwMiw5ICsxMDEsMTAg QEAgRHJvcFRhcmdldDo6fkRyb3BUYXJnZXQoKQogICAgIGdfY2FuY2VsbGFibGVfY2FuY2VsKG1f Y2FuY2VsbGFibGUuZ2V0KCkpOwogfQogCi12b2lkIERyb3BUYXJnZXQ6OmFjY2VwdCh1bnNpZ25l ZCkKK3ZvaWQgRHJvcFRhcmdldDo6YWNjZXB0KEdka0Ryb3AqIGRyb3AsIE9wdGlvbmFsPFdlYkNv cmU6OkludFBvaW50PiBwb3NpdGlvbiwgdW5zaWduZWQpCiB7Ci0gICAgbV9wb3NpdGlvbiA9IFdU Rjo6bnVsbG9wdDsKKyAgICBtX2Ryb3AgPSBkcm9wOworICAgIG1fcG9zaXRpb24gPSBwb3NpdGlv bjsKICAgICBtX3NlbGVjdGlvbkRhdGEgPSBTZWxlY3Rpb25EYXRhKCk7CiAgICAgbV9kYXRhUmVx dWVzdENvdW50ID0gMDsKICAgICBtX2NhbmNlbGxhYmxlID0gYWRvcHRHUmVmKGdfY2FuY2VsbGFi bGVfbmV3KCkpOwo=