221841 2021-02-12 13:02:55 -0800 [ARM64e] Harden Mach exception handling 2021-02-12 16:53:27 -0800 1 1 1 Unclassified WebKit JavaScriptCore Other Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 msaboff msaboff benjamin cdumez cmarcelo ews-watchlist ggaren keith_miller mark.lam saam tzagallo webkit-bug-importer oldest_to_newest 1728744 0 msaboff 2021-02-12 13:02:55 -0800 This change is to make it more difficult to abuse mach exception handling on ARM64e hardware. 1728753 1 webkit-bug-importer 2021-02-12 13:33:56 -0800 <rdar://problem/74289949> 1728754 2 420172 msaboff 2021-02-12 13:34:44 -0800 Created attachment 420172 Patch 1728792 3 420172 ggaren 2021-02-12 14:13:37 -0800 Comment on attachment 420172 Patch r=me 1728801 4 420172 mark.lam 2021-02-12 14:35:26 -0800 Comment on attachment 420172 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=420172&action=review r=me too > Source/JavaScriptCore/llint/WebAssembly.asm:542 > + move instance, a2 This is not needed. In both cases, you are still passing the wasmInstance in via a2. I think you can restore the comment here. > Source/WTF/wtf/threads/Signals.cpp:164 > + ptrauth_generic_signature_t hash = 0; Why start with 0? Why not some non-zero number? How about initialize it to `ptrauth_string_discriminator("Mach Exception Signal State")`? 1728837 5 420172 msaboff 2021-02-12 16:21:22 -0800 Comment on attachment 420172 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=420172&action=review >> Source/JavaScriptCore/llint/WebAssembly.asm:542 >> + move instance, a2 > > This is not needed. In both cases, you are still passing the wasmInstance in via a2. I think you can restore the comment here. I'll restore a similar comment and remove the instruction, >> Source/WTF/wtf/threads/Signals.cpp:164 >> + ptrauth_generic_signature_t hash = 0; > > Why start with 0? Why not some non-zero number? How about initialize it to `ptrauth_string_discriminator("Mach Exception Signal State")`? It is actually seeded below with the call to ptrauth_sign_generic_data(hash, mach_thread_self()). Using the thread id allows it to have a dynamic seed instead of a static one. 1728850 6 msaboff 2021-02-12 16:33:54 -0800 Committed r272823 (234059@main): <https://commits.webkit.org/234059@main> 1728863 7 mark.lam 2021-02-12 16:53:27 -0800 (In reply to Michael Saboff from comment #5) > >> Source/WTF/wtf/threads/Signals.cpp:164 > >> + ptrauth_generic_signature_t hash = 0; > > > > Why start with 0? Why not some non-zero number? How about initialize it to `ptrauth_string_discriminator("Mach Exception Signal State")`? > > It is actually seeded below with the call to ptrauth_sign_generic_data(hash, > mach_thread_self()). Using the thread id allows it to have a dynamic seed > instead of a static one. Note: you're "seed" is produced by signing a 0 value. Why not use a non-zero value? 420172 2021-02-12 13:34:44 -0800 2021-02-12 14:13:37 -0800 Patch 221841.patch text/plain 10449 msaboff SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjcyODAwKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDI1IEBA CisyMDIxLTAyLTEyICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAg ICAgIFtBUk02NGVdIEhhcmRlbiBNYWNoIGV4Y2VwdGlvbiBoYW5kbGluZworICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjIxODQxCisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgU3BsaXQgd2FzbV90aHJvd19mcm9t X2ZhdWx0X2hhbmRsZXJfdHJhbXBvbGluZSBpbnRvIHR3byB0cmFtcG9saW5lcyB0byBlbGltaW5h dGUgdGhlCisgICAgICAgIG5lZWQgdG8gcGFzcyBhIHJlZ2lzdGVyIGFyZ3VtZW50IHRvIHNpZ25p ZnkgaWYgd2UgYXJlIHVzaW5nIEZhc3RUTFMuICBXaXRoIHRoaXMgY2hhbmdlCisgICAgICAgIHdl IGRvbid0IG5lZWQgdG8gbW9kaWZ5IHJlZ2lzdGVycyBiZXNpZGVzIHRoZSBQQyB3aGVuIGhhbmRs aW5nIGV4Y2VwdGlvbnMuCisgICAgICAgIEFkZGVkIHNhbml0eSBjaGVja3MgdG8gbWFrZSBzdXJl IGhhbmRsZXJzIGFyZSBiZWluZyBjYWxsZWQgZm9yIHRoZSBleGNlcHRpb25zIHRoZXkKKyAgICAg ICAgd2VyZSByZWdpc3RlcmVkIGZvci4KKyAgICAgICAgCisgICAgICAgICogYnl0ZWNvZGUvQnl0 ZWNvZGVMaXN0LnJiOgorICAgICAgICAqIGxsaW50L1dlYkFzc2VtYmx5LmFzbToKKyAgICAgICAg KiBydW50aW1lL1ZNVHJhcHMuY3BwOgorICAgICAgICAqIHNpZ25hbDogQWRkZWQuCisgICAgICAg ICogdG9vbHMvU2lnaWxsQ3Jhc2hBbmFseXplci5jcHA6CisgICAgICAgIChKU0M6Omluc3RhbGxD cmFzaEhhbmRsZXIpOgorICAgICAgICAqIHdhc20vV2FzbUZhdWx0U2lnbmFsSGFuZGxlci5jcHA6 CisgICAgICAgIChKU0M6Oldhc206OnRyYXBIYW5kbGVyKToKKwogMjAyMS0wMi0xMiAgTWFyayBM YW0gIDxtYXJrLmxhbUBhcHBsZS5jb20+CiAKICAgICAgICAgTW92ZSBSb290TWFya1JlYXNvbiBv dXQgb2YgU2xvdFZpc2l0b3IuCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvYnl0ZWNvZGUv Qnl0ZWNvZGVMaXN0LnJiCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ieXRl Y29kZS9CeXRlY29kZUxpc3QucmIJKHJldmlzaW9uIDI3MjgwMCkKKysrIFNvdXJjZS9KYXZhU2Ny aXB0Q29yZS9ieXRlY29kZS9CeXRlY29kZUxpc3QucmIJKHdvcmtpbmcgY29weSkKQEAgLTE0ODks NyArMTQ4OSw4IEBAIGF1dG9nZW5lcmF0ZV93YXNtX29wY29kZXMKICMgSGVscGVycwogCiBvcCA6 dGhyb3dfZnJvbV9zbG93X3BhdGhfdHJhbXBvbGluZQotb3AgOnRocm93X2Zyb21fZmF1bHRfaGFu ZGxlcl90cmFtcG9saW5lCitvcCA6dGhyb3dfZnJvbV9mYXVsdF9oYW5kbGVyX3RyYW1wb2xpbmVf ZmFzdFRMUworb3AgOnRocm93X2Zyb21fZmF1bHRfaGFuZGxlcl90cmFtcG9saW5lX3JlZ19pbnN0 YW5jZQogCiBvcCA6Y2FsbF9yZXR1cm5fbG9jYXRpb24KIG9wIDpjYWxsX25vX3Rsc19yZXR1cm5f bG9jYXRpb24KSW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9sbGludC9XZWJBc3NlbWJseS5h c20KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL2xsaW50L1dlYkFzc2VtYmx5 LmFzbQkocmV2aXNpb24gMjcyODAwKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL2xsaW50L1dl YkFzc2VtYmx5LmFzbQkod29ya2luZyBjb3B5KQpAQCAtNTMzLDE3ICs1MzMsMTMgQEAgb3Aod2Fz bV90aHJvd19mcm9tX3Nsb3dfcGF0aF90cmFtcG9saW5lLAogICAgIGVuZAogZW5kKQogCi1vcCh3 YXNtX3Rocm93X2Zyb21fZmF1bHRfaGFuZGxlcl90cmFtcG9saW5lLCBtYWNybyAoKQotICAgIG1v dmUgd2FzbUluc3RhbmNlLCBhMgotICAgIGJ0cXogYTEsIC5pbnN0YW5jZVJlYWR5ICMgYTEgaXMg bm9uLXplcm8gaWYgRmFzdFRMUyBpcyBlbmFibGVkLgotICAgIGxvYWRXYXNtSW5zdGFuY2VGcm9t VExTVG8oYTIpCi0uaW5zdGFuY2VSZWFkeToKLSAgICBsb2FkcCBXYXNtOjpJbnN0YW5jZTo6bV9w b2ludGVyVG9Ub3BFbnRyeUZyYW1lW2EyXSwgYTAKK21hY3JvIHdhc21fdGhyb3dfZnJvbV9mYXVs dF9oYW5kbGVyKGluc3RhbmNlKQorICAgIGxvYWRwIFdhc206Okluc3RhbmNlOjptX3BvaW50ZXJU b1RvcEVudHJ5RnJhbWVbaW5zdGFuY2VdLCBhMAogICAgIGxvYWRwIFthMF0sIGEwCiAgICAgY29w eUNhbGxlZVNhdmVzVG9FbnRyeUZyYW1lQ2FsbGVlU2F2ZXNCdWZmZXIoYTApCiAKICAgICBtb3Zl IGNvbnN0ZXhwciBXYXNtOjpFeGNlcHRpb25UeXBlOjpPdXRPZkJvdW5kc01lbW9yeUFjY2Vzcywg YTMKLSAgICAjIGEyIGlzIFdhc206Okluc3RhbmNlCisgICAgbW92ZSBpbnN0YW5jZSwgYTIKICAg ICBtb3ZlIDAsIGExCiAgICAgbW92ZSBjZnIsIGEwCiAgICAgY0NhbGw0KF9zbG93X3BhdGhfd2Fz bV90aHJvd19leGNlcHRpb24pCkBAIC01NTUsNiArNTUxLDE2IEBAIG9wKHdhc21fdGhyb3dfZnJv bV9mYXVsdF9oYW5kbGVyX3RyYW1wb2wKICAgICBlbHNlCiAgICAgICAgIGptcCByMCwgRXhjZXB0 aW9uSGFuZGxlclB0clRhZwogICAgIGVuZAorZW5kCisKK29wKHdhc21fdGhyb3dfZnJvbV9mYXVs dF9oYW5kbGVyX3RyYW1wb2xpbmVfZmFzdFRMUywgbWFjcm8gKCkKKyAgICBsb2FkV2FzbUluc3Rh bmNlRnJvbVRMU1RvKGEyKQorICAgIHdhc21fdGhyb3dfZnJvbV9mYXVsdF9oYW5kbGVyKGEyKQor ZW5kKQorCitvcCh3YXNtX3Rocm93X2Zyb21fZmF1bHRfaGFuZGxlcl90cmFtcG9saW5lX3JlZ19p bnN0YW5jZSwgbWFjcm8gKCkKKyAgICBtb3ZlIHdhc21JbnN0YW5jZSwgYTIKKyAgICB3YXNtX3Ro cm93X2Zyb21fZmF1bHRfaGFuZGxlcihhMikKIGVuZCkKIAogIyBEaXNhYmxlIHdpZGUgdmVyc2lv biBvZiBuYXJyb3ctb25seSBvcGNvZGVzCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVu dGltZS9WTVRyYXBzLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVu dGltZS9WTVRyYXBzLmNwcAkocmV2aXNpb24gMjcyODAwKQorKysgU291cmNlL0phdmFTY3JpcHRD b3JlL3J1bnRpbWUvVk1UcmFwcy5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTIwMiw3ICsyMDIsOCBA QCBwdWJsaWM6CiAgICAgewogICAgICAgICBzdGF0aWMgc3RkOjpvbmNlX2ZsYWcgb25jZTsKICAg ICAgICAgc3RkOjpjYWxsX29uY2Uob25jZSwgW10gewotICAgICAgICAgICAgYWRkU2lnbmFsSGFu ZGxlcihTaWduYWw6OkFjY2Vzc0ZhdWx0LCBbXSAoU2lnbmFsLCBTaWdJbmZvJiwgUGxhdGZvcm1S ZWdpc3RlcnMmIHJlZ2lzdGVycykgLT4gU2lnbmFsQWN0aW9uIHsKKyAgICAgICAgICAgIGFkZFNp Z25hbEhhbmRsZXIoU2lnbmFsOjpBY2Nlc3NGYXVsdCwgW10gKFNpZ25hbCBzaWduYWwsIFNpZ0lu Zm8mLCBQbGF0Zm9ybVJlZ2lzdGVycyYgcmVnaXN0ZXJzKSAtPiBTaWduYWxBY3Rpb24geworICAg ICAgICAgICAgICAgIFJFTEVBU0VfQVNTRVJUKHNpZ25hbCA9PSBTaWduYWw6OkFjY2Vzc0ZhdWx0 KTsKICAgICAgICAgICAgICAgICBhdXRvIHNpZ25hbENvbnRleHQgPSBTaWduYWxDb250ZXh0Ojp0 cnlDcmVhdGUocmVnaXN0ZXJzKTsKICAgICAgICAgICAgICAgICBpZiAoIXNpZ25hbENvbnRleHQp CiAgICAgICAgICAgICAgICAgICAgIHJldHVybiBTaWduYWxBY3Rpb246Ok5vdEhhbmRsZWQ7Cklu ZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvdG9vbHMvU2lnaWxsQ3Jhc2hBbmFseXplci5jcHAK PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3Rvb2xzL1NpZ2lsbENyYXNoQW5h bHl6ZXIuY3BwCShyZXZpc2lvbiAyNzI4MDApCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvdG9v bHMvU2lnaWxsQ3Jhc2hBbmFseXplci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTE1Nyw3ICsxNTcs OSBAQCBwdWJsaWM6CiBzdGF0aWMgdm9pZCBpbnN0YWxsQ3Jhc2hIYW5kbGVyKCkKIHsKICNpZiBD UFUoWDg2XzY0KSB8fCBDUFUoQVJNNjQpCi0gICAgYWRkU2lnbmFsSGFuZGxlcihTaWduYWw6Okls bGVnYWxJbnN0cnVjdGlvbiwgW10gKFNpZ25hbCwgU2lnSW5mbyYsIFBsYXRmb3JtUmVnaXN0ZXJz JiByZWdpc3RlcnMpIHsKKyAgICBhZGRTaWduYWxIYW5kbGVyKFNpZ25hbDo6SWxsZWdhbEluc3Ry dWN0aW9uLCBbXSAoU2lnbmFsIHNpZ25hbCwgU2lnSW5mbyYsIFBsYXRmb3JtUmVnaXN0ZXJzJiBy ZWdpc3RlcnMpIHsKKyAgICAgICAgUkVMRUFTRV9BU1NFUlQoc2lnbmFsID09IFNpZ25hbDo6SWxs ZWdhbEluc3RydWN0aW9uKTsKKwogICAgICAgICBhdXRvIHNpZ25hbENvbnRleHQgPSBTaWduYWxD b250ZXh0Ojp0cnlDcmVhdGUocmVnaXN0ZXJzKTsKICAgICAgICAgaWYgKCFzaWduYWxDb250ZXh0 KQogICAgICAgICAgICAgcmV0dXJuIFNpZ25hbEFjdGlvbjo6Tm90SGFuZGxlZDsKSW5kZXg6IFNv dXJjZS9KYXZhU2NyaXB0Q29yZS93YXNtL1dhc21GYXVsdFNpZ25hbEhhbmRsZXIuY3BwCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS93YXNtL1dhc21GYXVsdFNpZ25hbEhhbmRs ZXIuY3BwCShyZXZpc2lvbiAyNzI4MDApCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvd2FzbS9X YXNtRmF1bHRTaWduYWxIYW5kbGVyLmNwcAkod29ya2luZyBjb3B5KQpAQCAtNTQsOCArNTQsMTAg QEAgc3RhdGljIGJvb2wgZmFzdEhhbmRsZXJJbnN0YWxsZWQgeyBmYWxzZQogCiAjaWYgRU5BQkxF KFdFQkFTU0VNQkxZX1NJR05BTElOR19NRU1PUlkpCiAKLXN0YXRpYyBTaWduYWxBY3Rpb24gdHJh cEhhbmRsZXIoU2lnbmFsLCBTaWdJbmZvJiBzaWdJbmZvLCBQbGF0Zm9ybVJlZ2lzdGVycyYgY29u dGV4dCkKK3N0YXRpYyBTaWduYWxBY3Rpb24gdHJhcEhhbmRsZXIoU2lnbmFsIHNpZ25hbCwgU2ln SW5mbyYgc2lnSW5mbywgUGxhdGZvcm1SZWdpc3RlcnMmIGNvbnRleHQpCiB7CisgICAgUkVMRUFT RV9BU1NFUlQoc2lnbmFsID09IFNpZ25hbDo6QWNjZXNzRmF1bHQpOworCiAgICAgYXV0byBpbnN0 cnVjdGlvblBvaW50ZXIgPSBNYWNoaW5lQ29udGV4dDo6aW5zdHJ1Y3Rpb25Qb2ludGVyKGNvbnRl eHQpOwogICAgIGlmICghaW5zdHJ1Y3Rpb25Qb2ludGVyKQogICAgICAgICByZXR1cm4gU2lnbmFs QWN0aW9uOjpOb3RIYW5kbGVkOwpAQCAtOTQsOCArOTYsOCBAQCBzdGF0aWMgU2lnbmFsQWN0aW9u IHRyYXBIYW5kbGVyKFNpZ25hbCwgCiAgICAgICAgICAgICB9OwogCiAgICAgICAgICAgICBpZiAo ZGlkRmF1bHRJbldhc20oZmF1bHRpbmdJbnN0cnVjdGlvbikpIHsKLSAgICAgICAgICAgICAgICBN YWNoaW5lQ29udGV4dDo6YXJndW1lbnRQb2ludGVyPDE+KGNvbnRleHQpID0gcmVpbnRlcnByZXRf Y2FzdDx2b2lkKj4oc3RhdGljX2Nhc3Q8dWludHB0cl90PihXYXNtOjpDb250ZXh0Ojp1c2VGYXN0 VExTKCkpKTsKLSAgICAgICAgICAgICAgICBNYWNoaW5lQ29udGV4dDo6c2V0SW5zdHJ1Y3Rpb25Q b2ludGVyKGNvbnRleHQsIExMSW50OjpnZXRDb2RlUHRyPENGdW5jdGlvblB0clRhZz4od2FzbV90 aHJvd19mcm9tX2ZhdWx0X2hhbmRsZXJfdHJhbXBvbGluZSkpOworICAgICAgICAgICAgICAgIE1h Y2hpbmVDb250ZXh0OjpzZXRJbnN0cnVjdGlvblBvaW50ZXIoY29udGV4dCwKKyAgICAgICAgICAg ICAgICAgICAgTExJbnQ6OmdldENvZGVQdHI8Q0Z1bmN0aW9uUHRyVGFnPihXYXNtOjpDb250ZXh0 Ojp1c2VGYXN0VExTKCkgPyB3YXNtX3Rocm93X2Zyb21fZmF1bHRfaGFuZGxlcl90cmFtcG9saW5l X2Zhc3RUTFMgOiB3YXNtX3Rocm93X2Zyb21fZmF1bHRfaGFuZGxlcl90cmFtcG9saW5lX3JlZ19p bnN0YW5jZSkpOwogICAgICAgICAgICAgICAgIHJldHVybiBTaWduYWxBY3Rpb246OkhhbmRsZWQ7 CiAgICAgICAgICAgICB9CiAgICAgICAgIH0KSW5kZXg6IFNvdXJjZS9XVEYvQ2hhbmdlTG9nCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIFNvdXJjZS9XVEYvQ2hhbmdlTG9nCShyZXZpc2lvbiAyNzI4MDApCisrKyBT b3VyY2UvV1RGL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDIx LTAyLTEyICBNaWNoYWVsIFNhYm9mZiAgPG1zYWJvZmZAYXBwbGUuY29tPgorCisgICAgICAgIFtB Uk02NGVdIEhhcmRlbiBNYWNoIGV4Y2VwdGlvbiBoYW5kbGluZworICAgICAgICBodHRwczovL2J1 Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjIxODQxCisKKyAgICAgICAgUmV2aWV3ZWQg YnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgRm9yIERhcndpbiBBUk02NGUgcGxhdGZvcm1z LCB3ZSBjaGVjayB0byBtYWtlIHN1cmUgdGhhdCBhbGwgdGhyZWFkIHN0YXRlIGJlc2lkZXMgdGhl IFBDIGhhc24ndAorICAgICAgICBiZWVuIG1vZGlmaWVkIGJ5IGFuIGV4Y2VwdGlvbiBoYW5kbGVy LgorCisgICAgICAgICogd3RmL3RocmVhZHMvU2lnbmFscy5jcHA6CisgICAgICAgIChXVEY6Omhh c2hUaHJlYWRTdGF0ZSk6CisKIDIwMjEtMDItMTEgIEplciBOb2JsZSAgPGplci5ub2JsZUBhcHBs ZS5jb20+CiAKICAgICAgICAgW01hY10gQWRkIEV4cGVyaW1lbnRhbCBPcHVzIENvZGVjIHN1cHBv cnQKSW5kZXg6IFNvdXJjZS9XVEYvd3RmL3RocmVhZHMvU2lnbmFscy5jcHAKPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQot LS0gU291cmNlL1dURi93dGYvdGhyZWFkcy9TaWduYWxzLmNwcAkocmV2aXNpb24gMjcyODAwKQor KysgU291cmNlL1dURi93dGYvdGhyZWFkcy9TaWduYWxzLmNwcAkod29ya2luZyBjb3B5KQpAQCAt MTU1LDYgKzE1NSwyNyBAQCBzdGF0aWMgZXhjZXB0aW9uX21hc2tfdCB0b01hY2hNYXNrKFNpZ25h CiAgICAgUkVMRUFTRV9BU1NFUlRfTk9UX1JFQUNIRUQoKTsKIH0KIAorI2lmIENQVShBUk02NEUp ICYmIE9TKERBUldJTikKK2lubGluZSBwdHJhdXRoX2dlbmVyaWNfc2lnbmF0dXJlX3QgaGFzaFRo cmVhZFN0YXRlKGNvbnN0IHRocmVhZF9zdGF0ZV90IHNvdXJjZSkKK3sKKyAgICBjb25zdGV4cHIg c2l6ZV90IHRocmVhZFN0YXRlUENQb2ludGVySW5kZXggPSBvZmZzZXRvZihhcm1fdGhyZWFkX3N0 YXRlNjRfdCwgX19vcGFxdWVfcGMpIC8gc2l6ZW9mKHVpbnRwdHJfdCk7CisgICAgY29uc3RleHBy IHNpemVfdCB0aHJlYWRTdGF0ZVNpemVJblBvaW50ZXJzID0gc2l6ZW9mKGFybV90aHJlYWRfc3Rh dGU2NF90KSAvIHNpemVvZih1aW50cHRyX3QpOworCisgICAgcHRyYXV0aF9nZW5lcmljX3NpZ25h dHVyZV90IGhhc2ggPSAwOworCisgICAgaGFzaCA9IHB0cmF1dGhfc2lnbl9nZW5lcmljX2RhdGEo aGFzaCwgbWFjaF90aHJlYWRfc2VsZigpKTsKKworICAgIGNvbnN0IHVpbnRwdHJfdCogc3JjUHRy ID0gcmVpbnRlcnByZXRfY2FzdDxjb25zdCB1aW50cHRyX3QqPihzb3VyY2UpOworCisgICAgZm9y IChzaXplX3QgaSA9IDA7IGkgPCB0aHJlYWRTdGF0ZVNpemVJblBvaW50ZXJzOyArK2kpIHsKKyAg ICAgICAgaWYgKGkgIT0gdGhyZWFkU3RhdGVQQ1BvaW50ZXJJbmRleCkKKyAgICAgICAgICAgIGhh c2ggPSBwdHJhdXRoX3NpZ25fZ2VuZXJpY19kYXRhKHNyY1B0cltpXSwgaGFzaCk7CisgICAgfQor ICAgIAorICAgIHJldHVybiBoYXNoOworfQorI2VuZGlmCisKIGV4dGVybiAiQyIgewogCiAvLyBX ZSBuZWVkIHRvIGltcGxlbWVudCBzdHVicyBmb3IgY2F0Y2hfbWFjaF9leGNlcHRpb25fcmFpc2Ug YW5kIGNhdGNoX21hY2hfZXhjZXB0aW9uX3JhaXNlX3N0YXRlX2lkZW50aXR5LgpAQCAtMTk0LDgg KzIxNSwxMSBAQCBrZXJuX3JldHVybl90IGNhdGNoX21hY2hfZXhjZXB0aW9uX3JhaXNlCiAgICAg U2lnbmFsIHNpZ25hbCA9IGZyb21NYWNoRXhjZXB0aW9uKGV4Y2VwdGlvblR5cGUpOwogICAgIFJF TEVBU0VfQVNTRVJUKHNpZ25hbCAhPSBTaWduYWw6OlVua25vd24pOwogCisjaWYgQ1BVKEFSTTY0 RSkgJiYgT1MoREFSV0lOKQorICAgIHB0cmF1dGhfZ2VuZXJpY19zaWduYXR1cmVfdCBpblN0YXRl SGFzaCA9IGhhc2hUaHJlYWRTdGF0ZShpblN0YXRlKTsKKyNlbmRpZgorCiAgICAgbWVtY3B5KG91 dFN0YXRlLCBpblN0YXRlLCBpblN0YXRlQ291bnQgKiBzaXplb2YoaW5TdGF0ZVswXSkpOwotICAg ICpvdXRTdGF0ZUNvdW50ID0gaW5TdGF0ZUNvdW50OwogCiAjaWYgQ1BVKFg4Nl82NCkKICAgICBS RUxFQVNFX0FTU0VSVCgqc3RhdGVGbGF2b3IgPT0geDg2X1RIUkVBRF9TVEFURSk7CkBAIC0yMzEs OCArMjU1LDE0IEBAIGtlcm5fcmV0dXJuX3QgY2F0Y2hfbWFjaF9leGNlcHRpb25fcmFpc2UKICAg ICAgICAgZGlkSGFuZGxlIHw9IGhhbmRsZXJSZXN1bHQgPT0gU2lnbmFsQWN0aW9uOjpIYW5kbGVk OwogICAgIH0pOwogCi0gICAgaWYgKGRpZEhhbmRsZSkKKyAgICBpZiAoZGlkSGFuZGxlKSB7Cisj aWYgQ1BVKEFSTTY0RSkgJiYgT1MoREFSV0lOKQorICAgICAgICBSRUxFQVNFX0FTU0VSVChpblN0 YXRlSGFzaCA9PSBoYXNoVGhyZWFkU3RhdGUob3V0U3RhdGUpKTsKKyNlbmRpZgorICAgICAgICAq b3V0U3RhdGVDb3VudCA9IGluU3RhdGVDb3VudDsKICAgICAgICAgcmV0dXJuIEtFUk5fU1VDQ0VT UzsKKyAgICB9CisKICAgICByZXR1cm4gS0VSTl9GQUlMVVJFOwogfQogCkluZGV4OiBUb29scy9D aGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gVG9vbHMvQ2hhbmdlTG9nCShyZXZpc2lvbiAyNzI4MDEp CisrKyBUb29scy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxNSBAQAorMjAy MS0wMi0xMiAgTWljaGFlbCBTYWJvZmYgIDxtc2Fib2ZmQGFwcGxlLmNvbT4KKworICAgICAgICBb QVJNNjRlXSBIYXJkZW4gTWFjaCBleGNlcHRpb24gaGFuZGxpbmcKKyAgICAgICAgaHR0cHM6Ly9i dWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIyMTg0MQorCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFVwZGF0ZWQgdGVzdCB0byBjaGVjayB0aGF0 IHRoZSBleGNlcHRpb24gdHlwZSBtYXRjaGVzIHRoZSBvbmUgd2UgcmVnaXN0ZXJlZCBmb3IuCisK KyAgICAgICAgKiBUZXN0V2ViS2l0QVBJL1Rlc3RzL1dURi9TaWduYWxzLmNwcDoKKyAgICAgICAg KFRFU1QpOgorCiAyMDIxLTAyLTEyICBKb25hdGhhbiBCZWRhcmQgIDxqYmVkYXJkQGFwcGxlLmNv bT4KIAogICAgICAgICBbd2Via2l0LXBhdGNoXSBQb3N0IGJvdGggcmV2aXNpb24gYW5kIGlkZW50 aWZpZXIgdG8gYnVnemlsbGEKSW5kZXg6IFRvb2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV1RGL1Np Z25hbHMuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT0KLS0tIFRvb2xzL1Rlc3RXZWJLaXRBUEkvVGVzdHMvV1RGL1Np Z25hbHMuY3BwCShyZXZpc2lvbiAyNzI4MDApCisrKyBUb29scy9UZXN0V2ViS2l0QVBJL1Rlc3Rz L1dURi9TaWduYWxzLmNwcAkod29ya2luZyBjb3B5KQpAQCAtNDAsNyArNDAsOSBAQCBwdWJsaWM6 CiBURVNUKFNpZ25hbHMsIFNpZ25hbHNXb3JrT25FeGl0KQogewogICAgIHN0YXRpYyBib29sIGhh bmRsZXJSYW4gPSBmYWxzZTsKLSAgICBhZGRTaWduYWxIYW5kbGVyKFNpZ25hbDo6VXNyLCBbXSAo U2lnbmFsLCBTaWdJbmZvJiwgUGxhdGZvcm1SZWdpc3RlcnMmKSAtPiBTaWduYWxBY3Rpb24gewor ICAgIGFkZFNpZ25hbEhhbmRsZXIoU2lnbmFsOjpVc3IsIFtdIChTaWduYWwgc2lnbmFsLCBTaWdJ bmZvJiwgUGxhdGZvcm1SZWdpc3RlcnMmKSAtPiBTaWduYWxBY3Rpb24geworICAgICAgICBSRUxF QVNFX0FTU0VSVChzaWduYWwgPT0gU2lnbmFsOjpVc3IpOworCiAgICAgICAgIGRhdGFMb2dMbigi aGVyZSIpOwogICAgICAgICBoYW5kbGVyUmFuID0gdHJ1ZTsKICAgICAgICAgcmV0dXJuIFNpZ25h bEFjdGlvbjo6SGFuZGxlZDsK