224504 2021-04-13 12:37:29 -0700 Crash in CompositeEditCommand::insertNodeAt 2021-04-20 21:58:51 -0700 1 1 1 Unclassified WebKit HTML Editing WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ajuma webkit-unassigned bfulgham ews-feeder ews-watchlist iang mifenton product-security rniwa rohitrao webkit-bug-importer wenson_hsieh ysuzuki oldest_to_newest 1749800 0 425900 ajuma 2021-04-13 12:37:29 -0700 Created attachment 425900 Minimal test case Filing this as a security bug since it was found using a fuzzer; there's no disclosure deadline for this bug. This reproduces in an ASan build of WebKitTestRunner, as well as in STP 123. Stack: ================================================================= ==1051==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001c (pc 0x0004f803797e bp 0x7ffee2879850 sp 0x7ffee28797a0 T0) ==1051==The signal is caused by a READ memory access. ==1051==Hint: address points to the zero page. ==1051==WARNING: invalid path to external symbolizer! ==1051==WARNING: Failed to use and restart external symbolizer! #0 0x4f803797d in WTF::OptionSet<WebCore::Node::NodeFlag>::containsAny(WTF::OptionSet<WebCore::Node::NodeFlag>) const (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x18d97d) #1 0x4f8037859 in WTF::OptionSet<WebCore::Node::NodeFlag>::contains(WebCore::Node::NodeFlag) const (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x18d859) #2 0x4fb73c81d in WebCore::canHaveChildrenForEditing(WebCore::Node const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x389281d) #3 0x4fb703cc6 in WebCore::CompositeEditCommand::insertNodeAt(WTF::Ref<WebCore::Node, WTF::RawPtrTraits<WebCore::Node> >&&, WebCore::Position const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3859cc6) #4 0x4fb7216c2 in WebCore::CompositeEditCommand::insertBlockPlaceholder(WebCore::Position const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x38776c2) #5 0x4fb793e38 in WebCore::FormatBlockCommand::formatRange(WebCore::Position const&, WebCore::Position const&, WebCore::Position const&, WTF::RefPtr<WebCore::Element, WTF::RawPtrTraits<WebCore::Element>, WTF::DefaultRefDerefTraits<WebCore::Element> >&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x38e9e38) #6 0x4fb7037ee in WebCore::ApplyBlockElementCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x38597ee) #7 0x4fb792fa3 in WebCore::FormatBlockCommand::formatSelection(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x38e8fa3) #8 0x4fb70295c in WebCore::ApplyBlockElementCommand::doApply() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x385895c) #9 0x4fb701524 in WebCore::CompositeEditCommand::apply() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3857524) #10 0x4fb7b014f in WebCore::executeFormatBlock(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x390614f) #11 0x4fb4218a3 in WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x35778a3) #12 0x4f88862aa in WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x9dc2aa) #13 0x4f8885d6b in long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x9dbd6b) #14 0x51e8df4011d7 (<unknown module>) #15 0x514991bd7 in llint_entry (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xb50bd7) #16 0x514976c08 in vmEntryToJavaScript (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xb35c08) #17 0x5161106ed in JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x22cf6ed) #18 0x5167aec4f in JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x296dc4f) #19 0x5167af00b in JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x296e00b) #20 0x4fac69a88 in WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x2dbfa88) #21 0x4fac92ba7 in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x2de8ba7) #22 0x4fb544fbf in WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x369afbf) #23 0x4fb544862 in WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x369a862) #24 0x4fc449101 in WebCore::DOMWindow::dispatchEvent(WebCore::Event&, WebCore::EventTarget*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x459f101) #25 0x4fc45a81d in WebCore::DOMWindow::dispatchLoadEvent() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x45b081d) #26 0x4fb4089b0 in WebCore::Document::dispatchWindowLoadEvent() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x355e9b0) #27 0x4fb408462 in WebCore::Document::implicitClose() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x355e462) #28 0x4fc26b8d2 in WebCore::FrameLoader::checkCompleted() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x43c18d2) #29 0x4fc267ec0 in WebCore::FrameLoader::finishedParsing() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x43bdec0) #30 0x4fb4275f2 in WebCore::Document::finishedParsing() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x357d5f2) #31 0x4fbd2d1ba in WebCore::HTMLDocumentParser::prepareToStopParsing() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3e831ba) #32 0x4fc238e60 in WebCore::DocumentWriter::end() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x438ee60) #33 0x4fc1e9fec in WebCore::DocumentLoader::finishedLoading() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x433ffec) #34 0x4fc1e9969 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x433f969) #35 0x4fc3acc9f in WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x4502c9f) #36 0x4fc3a8b5b in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*, WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x44feb5b) #37 0x4fc32334b in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x447934b) #38 0x4ea1aadb6 in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x21aadb6) #39 0x4ea882a56 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x2882a56) #40 0x4ea882063 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x2882063) #41 0x4ea16e04a in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x216e04a) #42 0x4e808c1f9 in IPC::Connection::dispatchMessage(IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x8c1f9) #43 0x4e808cc56 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x8cc56) #44 0x4e808d81b in IPC::Connection::dispatchOneIncomingMessage() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x8d81b) #45 0x513f10c3c in WTF::RunLoop::performWork() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xcfc3c) #46 0x513f142e5 in WTF::RunLoop::performWork(void*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xd32e5) #47 0x7fff30c4e883 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x84883) #48 0x7fff30c4e822 in __CFRunLoopDoSource0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x84822) #49 0x7fff30c4e63c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x8463c) #50 0x7fff30c4d358 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x83358) #51 0x7fff30c4c952 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x82952) #52 0x7fff3330a1c7 in -[NSRunLoop(NSRunLoop) runMode:beforeDate:] (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x601c7) #53 0x7fff333bcc6e in -[NSRunLoop(NSRunLoop) run] (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x112c6e) #54 0x7fff6ae294e9 in _xpc_objc_main.cold.4 (/usr/lib/system/libxpc.dylib:x86_64+0x164e9) #55 0x7fff6ae2942f in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x1642f) #56 0x7fff6ae28f62 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0x15f62) #57 0x4e8dc5ef3 in WebKit::XPCServiceMain(int, char const**) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0xdc5ef3) #58 0x7fff6abd7cc8 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1acc8) ==1051==Register values: rax = 0x0000100000000000 rbx = 0x00007ffee28797e0 rcx = 0x0000100000000000 rdx = 0x00001fffdc50f300 rdi = 0x000000000000001c rsi = 0x0000000000000002 rbp = 0x00007ffee2879850 rsp = 0x00007ffee28797a0 r8 = 0x0000100000000000 r9 = 0x0000000000000000 r10 = 0xffffffffffffffff r11 = 0x00000fffffffffff r12 = 0x00001fffdc50f2f4 r13 = 0x00007ffee28797c0 r14 = 0x00007ffee28797a0 r15 = 0x0000000000000000 ===================================== Clusterfuzz-id: 5092961722105856 1749802 1 webkit-bug-importer 2021-04-13 12:37:38 -0700 <rdar://problem/76605119> 1751974 2 426477 iang 2021-04-19 14:25:04 -0700 Created attachment 426477 Patch 1751977 3 iang 2021-04-19 14:37:46 -0700 At the end of FormatBlockCommand::formatRange it takes a position for lastParagraphInBlockNode. If this is a text node with just a newline, it gets removed at the end of CompositeEditCommand::cleanupAfterDeletion. This results in a null pointer dereference inside CompositeEditCommand::insertBlockPlaceholder when trying to resolve the renderer for that node. I added a check on that node lastParagraphInBlockNode.anchorNode()->isConnected() before calling into insertBlockPlaceholder, unsure if that's the right thing to do here or if that's the right way to do it. Looking through some of the nearby code I saw a similar looking assert changed to a return in this bug. https://bugs.webkit.org/show_bug.cgi?id=221651 Unsure if that would be applicable to this specific case given this node doesn't have a renderer for a different reason, but I don't know the cases when a node is expected to have a renderer. 1752103 4 426477 rniwa 2021-04-19 20:01:46 -0700 Comment on attachment 426477 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426477&action=review > LayoutTests/editing/execCommand/format-block-remove-text-node-crash.html:1 > +<script> Can we add <!DOCTYPE html>? Or would that break the test? > LayoutTests/editing/execCommand/format-block-remove-text-node-crash.html:9 > + document.write("Pass if test does not crash.\n"); > + document.write("PASS"); We can just do 'Pass if test does not crash.\nPASS.' Also we should probably use single quotation marks for the consistency. > LayoutTests/editing/execCommand/format-block-remove-text-node-crash.html:18 > +<style> > + div { > + height: 100px; > + } > +</style> Can we re-format this with the correct indentation? 1752105 5 rniwa 2021-04-19 20:03:28 -0700 I don't think there is any security implication here. 1752514 6 426617 iang 2021-04-20 16:59:02 -0700 Created attachment 426617 Patch 1752538 7 426617 rniwa 2021-04-20 17:48:02 -0700 Comment on attachment 426617 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=426617&action=review > LayoutTests/editing/execCommand/format-block-remove-text-node-crash-expected.txt:1 > +Pass if test does not crash. PASS Missing period at the end! 1752567 8 iang 2021-04-20 18:32:53 -0700 That's what I get for copying text over and not verifying that it works. 1752568 9 rniwa 2021-04-20 18:34:22 -0700 (In reply to Ian Gilbert from comment #8) > That's what I get for copying text over and not verifying that it works. Haha, it happens to me all the time too! 1752572 10 426627 iang 2021-04-20 18:38:27 -0700 Created attachment 426627 Patch 1752630 11 ews-feeder 2021-04-20 21:58:48 -0700 Committed r276344 (236822@main): <https://commits.webkit.org/236822@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 426627. 425900 2021-04-13 12:37:29 -0700 2021-04-13 12:37:29 -0700 Minimal test case compositeEditCommandInsertNodeAt.html text/html 282 ajuma PQogIDxzY3JpcHQ+Cm9ubG9hZCA9IGZ1bmN0aW9uKCkgewogICAgZG9jdW1lbnQuZGVzaWduTW9k ZSA9ICdvbic7CiAgICBkb2N1bWVudC5leGVjQ29tbWFuZCgnU2VsZWN0QWxsJyk7CiAgICBkb2N1 bWVudC5leGVjQ29tbWFuZCgnRm9ybWF0QmxvY2snLCBmYWxzZSwgJzxwcmU+Jyk7Cn07Cjwvc2Ny aXB0PgomZ3Q7CjwhLS0gLS0+CiAgPHN0eWxlPgogICBkaXYgewogICAgICAgIGhlaWdodDogMTAw cHg7Cjwvc3R5bGU+CiA8ZGl2PgogIDwvZGl2PgogIDxkaXYgImRvbS1mdXp6LTkxMDAwMyI+ 426477 2021-04-19 14:25:04 -0700 2021-04-20 16:58:59 -0700 Patch bug-224504-20210419142503.patch text/plain 3838 iang U3VidmVyc2lvbiBSZXZpc2lvbjogMjc2MTYzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNDkxZmY2MzA1NDc0YzZl N2Y5MzAyYzM3MTliOGU0NzA0ZmE0NTlkMS4uYzgxODUxOTcyNDQ2ZjVhNDlhMmU1MmNlMjhjZjlj MDM2YjM5NjIwNSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE5IEBACisyMDIxLTA0LTE5ICBJYW4g R2lsYmVydCAgPGlhbmdAYXBwbGUuY29tPgorCisgICAgICAgIENyYXNoIGluIENvbXBvc2l0ZUVk aXRDb21tYW5kOjppbnNlcnROb2RlQXQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTIyNDUwNAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09Q UyEpLgorCisgICAgICAgIENvbXBvc2l0ZUVkaXRDb21tYW5kOjpjbGVhbnVwQWZ0ZXJEZWxldGlv biB3aWxsIHJlbW92ZSB0ZXh0IG5vZGVzIHRoYXQgb25seQorICAgICAgICBoYXZlIGEgbmV3bGlu ZS4gQWRkZWQgY2hlY2sgaW5zaWRlIEZvcm1hdEJsb2NrQ29tbWFuZDo6Zm9ybWF0UmFuZ2UgdG8g YXZvaWQKKyAgICAgICAgYSBudWxsIHBvaW50ZXIgZGVyZWZlcmVuY2Ugb24gYSByZW1vdmVkIG5v ZGUuIAorCisgICAgICAgIFRlc3Q6IGVkaXRpbmcvZXhlY0NvbW1hbmQvZm9ybWF0LWJsb2NrLXJl bW92ZS10ZXh0LW5vZGUtY3Jhc2guaHRtbAorCisgICAgICAgICogZWRpdGluZy9Gb3JtYXRCbG9j a0NvbW1hbmQuY3BwOgorICAgICAgICAoV2ViQ29yZTo6Rm9ybWF0QmxvY2tDb21tYW5kOjpmb3Jt YXRSYW5nZSk6CisKIDIwMjEtMDQtMTYgIENvbW1pdCBRdWV1ZSAgPGNvbW1pdC1xdWV1ZUB3ZWJr aXQub3JnPgogCiAgICAgICAgIFVucmV2aWV3ZWQsIHJldmVydGluZyByMjczNzMzLgpkaWZmIC0t Z2l0IGEvU291cmNlL1dlYkNvcmUvZWRpdGluZy9Gb3JtYXRCbG9ja0NvbW1hbmQuY3BwIGIvU291 cmNlL1dlYkNvcmUvZWRpdGluZy9Gb3JtYXRCbG9ja0NvbW1hbmQuY3BwCmluZGV4IGI4MmUyZTZj OTVlNTYzNmI1YTMyOGU4ODFiZjFlN2E1N2Y0MzA5NjQuLjNjNTRhMzBjN2QxYTZlYmRlOGIxYzJm MDczZjg3MjdlYzViZTA0OTAgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2VkaXRpbmcvRm9y bWF0QmxvY2tDb21tYW5kLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL0Zvcm1hdEJs b2NrQ29tbWFuZC5jcHAKQEAgLTk1LDcgKzk1LDggQEAgdm9pZCBGb3JtYXRCbG9ja0NvbW1hbmQ6 OmZvcm1hdFJhbmdlKGNvbnN0IFBvc2l0aW9uJiBzdGFydCwgY29uc3QgUG9zaXRpb24mIGVuZCwK IAogICAgIG1vdmVQYXJhZ3JhcGhXaXRoQ2xvbmVzKHN0YXJ0LCBlbmQsIGJsb2NrTm9kZS5nZXQo KSwgb3V0ZXJCbG9jay5nZXQoKSk7CiAKLSAgICBpZiAod2FzRW5kT2ZQYXJhZ3JhcGggJiYgIWlz RW5kT2ZQYXJhZ3JhcGgobGFzdFBhcmFncmFwaEluQmxvY2tOb2RlKSAmJiAhaXNTdGFydE9mUGFy YWdyYXBoKGxhc3RQYXJhZ3JhcGhJbkJsb2NrTm9kZSkpCisgICAgaWYgKHdhc0VuZE9mUGFyYWdy YXBoICYmIGxhc3RQYXJhZ3JhcGhJbkJsb2NrTm9kZS5hbmNob3JOb2RlKCktPmlzQ29ubmVjdGVk KCkKKyAgICAgICAgJiYgIWlzRW5kT2ZQYXJhZ3JhcGgobGFzdFBhcmFncmFwaEluQmxvY2tOb2Rl KSAmJiAhaXNTdGFydE9mUGFyYWdyYXBoKGxhc3RQYXJhZ3JhcGhJbkJsb2NrTm9kZSkpCiAgICAg ICAgIGluc2VydEJsb2NrUGxhY2Vob2xkZXIobGFzdFBhcmFncmFwaEluQmxvY2tOb2RlKTsKIH0K ICAgICAKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0No YW5nZUxvZwppbmRleCBjOTc3ZWU5YmM3OTU5NjI1ZjZhNGMzODQ0YWQxODFhNmVlNTY4YWM1Li4z M2Q1OTBlM2Y1M2MwZjYyMmFjYTBkZDUzMWE3MDE2OTJhYWI3YjY4IDEwMDY0NAotLS0gYS9MYXlv dXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEs MTUgQEAKKzIwMjEtMDQtMTkgIElhbiBHaWxiZXJ0ICA8aWFuZ0BhcHBsZS5jb20+CisKKyAgICAg ICAgQ3Jhc2ggaW4gQ29tcG9zaXRlRWRpdENvbW1hbmQ6Omluc2VydE5vZGVBdAorICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjI0NTA0CisKKyAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQWRkaW5nIGEgcmVncmVzc2lv biB0ZXN0IGNhc2UuCisKKyAgICAgICAgKiBlZGl0aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9j ay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNoLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICog ZWRpdGluZy9leGVjQ29tbWFuZC9mb3JtYXQtYmxvY2stcmVtb3ZlLXRleHQtbm9kZS1jcmFzaC5o dG1sOiBBZGRlZC4KKwogMjAyMS0wNC0xNiAgUm9iZXJ0IEplbm5lciAgPGplbm5lckBhcHBsZS5j b20+CiAKICAgICAgICAgWyB3azIgXSBtZWRpYS9wcmVzZW50YXRpb25tb2RlY2hhbmdlZC1maXJl ZC1vbmNlLmh0bWwgaXMgYSBmbGFrZXkgdGltZW91dApkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMv ZWRpdGluZy9leGVjQ29tbWFuZC9mb3JtYXQtYmxvY2stcmVtb3ZlLXRleHQtbm9kZS1jcmFzaC1l eHBlY3RlZC50eHQgYi9MYXlvdXRUZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9j ay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNoLWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0 NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi41NjM4NjE4 Mjg4ODVhNjc0NDExMDQ2MDdjYzdkMTEyM2JlYWFiNzIzCi0tLSAvZGV2L251bGwKKysrIGIvTGF5 b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9mb3JtYXQtYmxvY2stcmVtb3ZlLXRleHQtbm9k ZS1jcmFzaC1leHBlY3RlZC50eHQKQEAgLTAsMCArMSBAQAorUGFzcyBpZiB0ZXN0IGRvZXMgbm90 IGNyYXNoLiBQQVNTCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9lZGl0aW5nL2V4ZWNDb21tYW5k L2Zvcm1hdC1ibG9jay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNoLmh0bWwgYi9MYXlvdXRUZXN0cy9l ZGl0aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9jay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNoLmh0 bWwKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMC4uYTZjZmZiMzA3YTg2MDljN2EyNWNjMDIxNzJhNDZmZjZkODE0MTlhYQot LS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2VkaXRpbmcvZXhlY0NvbW1hbmQvZm9ybWF0 LWJsb2NrLXJlbW92ZS10ZXh0LW5vZGUtY3Jhc2guaHRtbApAQCAtMCwwICsxLDIwIEBACis8c2Ny aXB0Pgorb25sb2FkID0gZnVuY3Rpb24oKSB7CisgICAgaWYgKHdpbmRvdy50ZXN0UnVubmVyKQor ICAgICAgICB0ZXN0UnVubmVyLmR1bXBBc1RleHQoKTsKKyAgICBkb2N1bWVudC5kZXNpZ25Nb2Rl ID0gJ29uJzsKKyAgICBkb2N1bWVudC5leGVjQ29tbWFuZCgnU2VsZWN0QWxsJyk7CisgICAgZG9j dW1lbnQuZXhlY0NvbW1hbmQoJ0Zvcm1hdEJsb2NrJywgZmFsc2UsICc8cHJlPicpOworICAgIGRv Y3VtZW50LndyaXRlKCJQYXNzIGlmIHRlc3QgZG9lcyBub3QgY3Jhc2guXG4iKTsKKyAgICBkb2N1 bWVudC53cml0ZSgiUEFTUyIpOworfTsKKzwvc2NyaXB0PgorVGV4dAorCis8c3R5bGU+CisgICBk aXYgeworICAgICAgICBoZWlnaHQ6IDEwMHB4OworICAgICAgICB9Cis8L3N0eWxlPgorPGRpdj48 L2Rpdj4KKzxkaXY+PC9kaXY+Cg== 426617 2021-04-20 16:59:02 -0700 2021-04-20 18:38:24 -0700 Patch bug-224504-20210420165901.patch text/plain 3814 iang U3VidmVyc2lvbiBSZXZpc2lvbjogMjc2MzI4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMDczZGQxZmYzYmFmZmEy MWViMjI4YzA5NDg2YjAwOGY4N2U5MTMzMi4uMjg4NzQyYmE1YzFkMGZmYzhmYTA4Yzk5YmE4Y2Fk NzQxYzVjYmNlNiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE5IEBACisyMDIxLTA0LTIwICBJYW4g R2lsYmVydCAgPGlhbmdAYXBwbGUuY29tPgorCisgICAgICAgIENyYXNoIGluIENvbXBvc2l0ZUVk aXRDb21tYW5kOjppbnNlcnROb2RlQXQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTIyNDUwNAorCisgICAgICAgIFJldmlld2VkIGJ5IFJ5b3N1a2UgTml3 YS4KKworICAgICAgICBDb21wb3NpdGVFZGl0Q29tbWFuZDo6Y2xlYW51cEFmdGVyRGVsZXRpb24g d2lsbCByZW1vdmUgdGV4dCBub2RlcyB0aGF0IG9ubHkKKyAgICAgICAgaGF2ZSBhIG5ld2xpbmUu IEFkZGVkIGNoZWNrIGluc2lkZSBGb3JtYXRCbG9ja0NvbW1hbmQ6OmZvcm1hdFJhbmdlIHRvIGF2 b2lkCisgICAgICAgIGEgbnVsbCBwb2ludGVyIGRlcmVmZXJlbmNlIG9uIGEgcmVtb3ZlZCBub2Rl LiAKKworICAgICAgICBUZXN0OiBlZGl0aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9jay1yZW1v dmUtdGV4dC1ub2RlLWNyYXNoLmh0bWwKKworICAgICAgICAqIGVkaXRpbmcvRm9ybWF0QmxvY2tD b21tYW5kLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkZvcm1hdEJsb2NrQ29tbWFuZDo6Zm9ybWF0 UmFuZ2UpOgorCiAyMDIxLTA0LTIwICBTYW0gV2VpbmlnICA8d2VpbmlnQGFwcGxlLmNvbT4KIAog ICAgICAgICBTZXBhcmF0ZWQgbW9kZWxzIGRvbid0IGdldCBvcGFjaXR5IHNldCBvbiB0aGVtIGF0 IGFsbApkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvZWRpdGluZy9Gb3JtYXRCbG9ja0NvbW1h bmQuY3BwIGIvU291cmNlL1dlYkNvcmUvZWRpdGluZy9Gb3JtYXRCbG9ja0NvbW1hbmQuY3BwCmlu ZGV4IGI4MmUyZTZjOTVlNTYzNmI1YTMyOGU4ODFiZjFlN2E1N2Y0MzA5NjQuLjNjNTRhMzBjN2Qx YTZlYmRlOGIxYzJmMDczZjg3MjdlYzViZTA0OTAgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3Jl L2VkaXRpbmcvRm9ybWF0QmxvY2tDb21tYW5kLmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9lZGl0 aW5nL0Zvcm1hdEJsb2NrQ29tbWFuZC5jcHAKQEAgLTk1LDcgKzk1LDggQEAgdm9pZCBGb3JtYXRC bG9ja0NvbW1hbmQ6OmZvcm1hdFJhbmdlKGNvbnN0IFBvc2l0aW9uJiBzdGFydCwgY29uc3QgUG9z aXRpb24mIGVuZCwKIAogICAgIG1vdmVQYXJhZ3JhcGhXaXRoQ2xvbmVzKHN0YXJ0LCBlbmQsIGJs b2NrTm9kZS5nZXQoKSwgb3V0ZXJCbG9jay5nZXQoKSk7CiAKLSAgICBpZiAod2FzRW5kT2ZQYXJh Z3JhcGggJiYgIWlzRW5kT2ZQYXJhZ3JhcGgobGFzdFBhcmFncmFwaEluQmxvY2tOb2RlKSAmJiAh aXNTdGFydE9mUGFyYWdyYXBoKGxhc3RQYXJhZ3JhcGhJbkJsb2NrTm9kZSkpCisgICAgaWYgKHdh c0VuZE9mUGFyYWdyYXBoICYmIGxhc3RQYXJhZ3JhcGhJbkJsb2NrTm9kZS5hbmNob3JOb2RlKCkt PmlzQ29ubmVjdGVkKCkKKyAgICAgICAgJiYgIWlzRW5kT2ZQYXJhZ3JhcGgobGFzdFBhcmFncmFw aEluQmxvY2tOb2RlKSAmJiAhaXNTdGFydE9mUGFyYWdyYXBoKGxhc3RQYXJhZ3JhcGhJbkJsb2Nr Tm9kZSkpCiAgICAgICAgIGluc2VydEJsb2NrUGxhY2Vob2xkZXIobGFzdFBhcmFncmFwaEluQmxv Y2tOb2RlKTsKIH0KICAgICAKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xh eW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCBiZDNhN2I3ZWJjZTQ1YzcxMjg4OWNjZmEwMzBhYmRj M2E3Y2RmYWI2Li4zZDdkZWZkNjRiYjVmMTBlMjM3OTI5OGQyOTNhMWI1N2JjZmZkMzU0IDEwMDY0 NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9n CkBAIC0xLDMgKzEsMTUgQEAKKzIwMjEtMDQtMjAgIElhbiBHaWxiZXJ0ICA8aWFuZ0BhcHBsZS5j b20+CisKKyAgICAgICAgQ3Jhc2ggaW4gQ29tcG9zaXRlRWRpdENvbW1hbmQ6Omluc2VydE5vZGVB dAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjI0NTA0 CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgUnlvc3VrZSBOaXdhLgorCisgICAgICAgIEFkZGluZyBh IHJlZ3Jlc3Npb24gdGVzdCBjYXNlLgorCisgICAgICAgICogZWRpdGluZy9leGVjQ29tbWFuZC9m b3JtYXQtYmxvY2stcmVtb3ZlLXRleHQtbm9kZS1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgor ICAgICAgICAqIGVkaXRpbmcvZXhlY0NvbW1hbmQvZm9ybWF0LWJsb2NrLXJlbW92ZS10ZXh0LW5v ZGUtY3Jhc2guaHRtbDogQWRkZWQuCisKIDIwMjEtMDQtMjAgIFNhbSBXZWluaWcgIDx3ZWluaWdA YXBwbGUuY29tPgogCiAgICAgICAgIFNlcGFyYXRlZCBtb2RlbHMgZG9uJ3QgZ2V0IG9wYWNpdHkg c2V0IG9uIHRoZW0gYXQgYWxsCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9lZGl0aW5nL2V4ZWND b21tYW5kL2Zvcm1hdC1ibG9jay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNoLWV4cGVjdGVkLnR4dCBi L0xheW91dFRlc3RzL2VkaXRpbmcvZXhlY0NvbW1hbmQvZm9ybWF0LWJsb2NrLXJlbW92ZS10ZXh0 LW5vZGUtY3Jhc2gtZXhwZWN0ZWQudHh0Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLjU2Mzg2MTgyODg4NWE2NzQ0MTEw NDYwN2NjN2QxMTIzYmVhYWI3MjMKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9lZGl0 aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9jay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNoLWV4cGVj dGVkLnR4dApAQCAtMCwwICsxIEBACitQYXNzIGlmIHRlc3QgZG9lcyBub3QgY3Jhc2guIFBBU1MK ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2VkaXRpbmcvZXhlY0NvbW1hbmQvZm9ybWF0LWJsb2Nr LXJlbW92ZS10ZXh0LW5vZGUtY3Jhc2guaHRtbCBiL0xheW91dFRlc3RzL2VkaXRpbmcvZXhlY0Nv bW1hbmQvZm9ybWF0LWJsb2NrLXJlbW92ZS10ZXh0LW5vZGUtY3Jhc2guaHRtbApuZXcgZmlsZSBt b2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw Li5mYWE0NmQ0NDc1M2FmNDI1N2ZhYzZlOTM3YjQ2YmQxZjQ5N2FlZjk4Ci0tLSAvZGV2L251bGwK KysrIGIvTGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9mb3JtYXQtYmxvY2stcmVtb3Zl LXRleHQtbm9kZS1jcmFzaC5odG1sCkBAIC0wLDAgKzEsMjAgQEAKKzwhRE9DVFlQRSBodG1sPgor PHNjcmlwdD4KK29ubG9hZCA9IGZ1bmN0aW9uKCkgeworICAgIGlmICh3aW5kb3cudGVzdFJ1bm5l cikKKyAgICAgICAgdGVzdFJ1bm5lci5kdW1wQXNUZXh0KCk7CisgICAgZG9jdW1lbnQuZGVzaWdu TW9kZSA9ICdvbic7CisgICAgZG9jdW1lbnQuZXhlY0NvbW1hbmQoJ1NlbGVjdEFsbCcpOworICAg IGRvY3VtZW50LmV4ZWNDb21tYW5kKCdGb3JtYXRCbG9jaycsIGZhbHNlLCAnPHByZT4nKTsKKyAg ICBkb2N1bWVudC53cml0ZSgnUGFzcyBpZiB0ZXN0IGRvZXMgbm90IGNyYXNoLlxuUEFTUy4nKTsK K307Cis8L3NjcmlwdD4KK1RleHQKKworPHN0eWxlPgorICAgZGl2IHsKKyAgICAgICAgaGVpZ2h0 OiAxMDBweDsKKyAgICB9Cis8L3N0eWxlPgorPGRpdj48L2Rpdj4KKzxkaXY+PC9kaXY+Cg== 426627 2021-04-20 18:38:27 -0700 2021-04-20 21:58:50 -0700 Patch bug-224504-20210420183826.patch text/plain 3855 iang U3VidmVyc2lvbiBSZXZpc2lvbjogMjc2MzQxCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYmY5NmU5MjU5N2I5OGQz NDQ1ZDk0OGNmMjBiNDM3ZTJjMmQzYjI3My4uMTY1ZjVlNTgyOWFlYjJiYjVjZmRiY2FiN2NjNmQ0 Yzc1YzUzMjJlZiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE5IEBACisyMDIxLTA0LTIwICBJYW4g R2lsYmVydCAgPGlhbmdAYXBwbGUuY29tPgorCisgICAgICAgIENyYXNoIGluIENvbXBvc2l0ZUVk aXRDb21tYW5kOjppbnNlcnROb2RlQXQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTIyNDUwNAorCisgICAgICAgIFJldmlld2VkIGJ5IFJ5b3N1a2UgTml3 YS4KKworICAgICAgICBDb21wb3NpdGVFZGl0Q29tbWFuZDo6Y2xlYW51cEFmdGVyRGVsZXRpb24g d2lsbCByZW1vdmUgdGV4dCBub2RlcyB0aGF0IG9ubHkKKyAgICAgICAgaGF2ZSBhIG5ld2xpbmUu IEFkZGVkIGNoZWNrIGluc2lkZSBGb3JtYXRCbG9ja0NvbW1hbmQ6OmZvcm1hdFJhbmdlIHRvIGF2 b2lkCisgICAgICAgIGEgbnVsbCBwb2ludGVyIGRlcmVmZXJlbmNlIG9uIGEgcmVtb3ZlZCBub2Rl LiAKKworICAgICAgICBUZXN0OiBlZGl0aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9jay1yZW1v dmUtdGV4dC1ub2RlLWNyYXNoLmh0bWwKKworICAgICAgICAqIGVkaXRpbmcvRm9ybWF0QmxvY2tD b21tYW5kLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkZvcm1hdEJsb2NrQ29tbWFuZDo6Zm9ybWF0 UmFuZ2UpOgorCiAyMDIxLTA0LTIwICBCcmVudCBGdWxnaGFtICA8YmZ1bGdoYW1AYXBwbGUuY29t PgogCiAgICAgICAgIFtDb2NvYV0gUHJldmVudCBHUFUgYW5kIFdlYkNvbnRlbnQgcHJvY2Vzc2Vz IGZyb20gYXR0ZW1wdGluZyB0byBjb25uZWN0IHRvIHRoZSBBcHBTU08gc2VydmljZSAKZGlmZiAt LWdpdCBhL1NvdXJjZS9XZWJDb3JlL2VkaXRpbmcvRm9ybWF0QmxvY2tDb21tYW5kLmNwcCBiL1Nv dXJjZS9XZWJDb3JlL2VkaXRpbmcvRm9ybWF0QmxvY2tDb21tYW5kLmNwcAppbmRleCBiODJlMmU2 Yzk1ZTU2MzZiNWEzMjhlODgxYmYxZTdhNTdmNDMwOTY0Li4zYzU0YTMwYzdkMWE2ZWJkZThiMWMy ZjA3M2Y4NzI3ZWM1YmUwNDkwIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL0Zv cm1hdEJsb2NrQ29tbWFuZC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvZWRpdGluZy9Gb3JtYXRC bG9ja0NvbW1hbmQuY3BwCkBAIC05NSw3ICs5NSw4IEBAIHZvaWQgRm9ybWF0QmxvY2tDb21tYW5k Ojpmb3JtYXRSYW5nZShjb25zdCBQb3NpdGlvbiYgc3RhcnQsIGNvbnN0IFBvc2l0aW9uJiBlbmQs CiAKICAgICBtb3ZlUGFyYWdyYXBoV2l0aENsb25lcyhzdGFydCwgZW5kLCBibG9ja05vZGUuZ2V0 KCksIG91dGVyQmxvY2suZ2V0KCkpOwogCi0gICAgaWYgKHdhc0VuZE9mUGFyYWdyYXBoICYmICFp c0VuZE9mUGFyYWdyYXBoKGxhc3RQYXJhZ3JhcGhJbkJsb2NrTm9kZSkgJiYgIWlzU3RhcnRPZlBh cmFncmFwaChsYXN0UGFyYWdyYXBoSW5CbG9ja05vZGUpKQorICAgIGlmICh3YXNFbmRPZlBhcmFn cmFwaCAmJiBsYXN0UGFyYWdyYXBoSW5CbG9ja05vZGUuYW5jaG9yTm9kZSgpLT5pc0Nvbm5lY3Rl ZCgpCisgICAgICAgICYmICFpc0VuZE9mUGFyYWdyYXBoKGxhc3RQYXJhZ3JhcGhJbkJsb2NrTm9k ZSkgJiYgIWlzU3RhcnRPZlBhcmFncmFwaChsYXN0UGFyYWdyYXBoSW5CbG9ja05vZGUpKQogICAg ICAgICBpbnNlcnRCbG9ja1BsYWNlaG9sZGVyKGxhc3RQYXJhZ3JhcGhJbkJsb2NrTm9kZSk7CiB9 CiAgICAgCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cgYi9MYXlvdXRUZXN0cy9D aGFuZ2VMb2cKaW5kZXggMTc1OTQxY2E5Mzg5NmYzZjM3MDJkNmUyOGQ1ZGQ5NzU5MDc3ZGJlOS4u NjhiNzkyNTMyMDY4YzgxM2RmNWM2N2Q0ZjVkNjIyOGU3NTdjNmQ5OCAxMDA2NDQKLS0tIGEvTGF5 b3V0VGVzdHMvQ2hhbmdlTG9nCisrKyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwpAQCAtMSwzICsx LDE1IEBACisyMDIxLTA0LTIwICBJYW4gR2lsYmVydCAgPGlhbmdAYXBwbGUuY29tPgorCisgICAg ICAgIENyYXNoIGluIENvbXBvc2l0ZUVkaXRDb21tYW5kOjppbnNlcnROb2RlQXQKKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIyNDUwNAorCisgICAgICAg IFJldmlld2VkIGJ5IFJ5b3N1a2UgTml3YS4KKworICAgICAgICBBZGRpbmcgYSByZWdyZXNzaW9u IHRlc3QgY2FzZS4KKworICAgICAgICAqIGVkaXRpbmcvZXhlY0NvbW1hbmQvZm9ybWF0LWJsb2Nr LXJlbW92ZS10ZXh0LW5vZGUtY3Jhc2gtZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBl ZGl0aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9jay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNoLmh0 bWw6IEFkZGVkLgorCiAyMDIxLTA0LTIwICBJYW4gR2lsYmVydCAgPGlhbmdAYXBwbGUuY29tPgog CiAgICAgICAgIENyYXNoIGR1ZSB0byBWZWN0b3JCdWZmZXIgcHJlLWFsbG9jYXRpb24gZmFpbHVy ZQpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9mb3JtYXQtYmxv Y2stcmVtb3ZlLXRleHQtbm9kZS1jcmFzaC1leHBlY3RlZC50eHQgYi9MYXlvdXRUZXN0cy9lZGl0 aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9jay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNoLWV4cGVj dGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwLi4yMjNmZjlmNDVjNGZhMDVhZTBkNWFlNGNkYWFlZjVlYjZjZDU2 YjkzCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9m b3JtYXQtYmxvY2stcmVtb3ZlLXRleHQtbm9kZS1jcmFzaC1leHBlY3RlZC50eHQKQEAgLTAsMCAr MSBAQAorUGFzcyBpZiB0ZXN0IGRvZXMgbm90IGNyYXNoLiBQQVNTLgpkaWZmIC0tZ2l0IGEvTGF5 b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9mb3JtYXQtYmxvY2stcmVtb3ZlLXRleHQtbm9k ZS1jcmFzaC5odG1sIGIvTGF5b3V0VGVzdHMvZWRpdGluZy9leGVjQ29tbWFuZC9mb3JtYXQtYmxv Y2stcmVtb3ZlLXRleHQtbm9kZS1jcmFzaC5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4 IDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLmZhYTQ2ZDQ0NzUzYWY0 MjU3ZmFjNmU5MzdiNDZiZDFmNDk3YWVmOTgKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0 cy9lZGl0aW5nL2V4ZWNDb21tYW5kL2Zvcm1hdC1ibG9jay1yZW1vdmUtdGV4dC1ub2RlLWNyYXNo Lmh0bWwKQEAgLTAsMCArMSwyMCBAQAorPCFET0NUWVBFIGh0bWw+Cis8c2NyaXB0Pgorb25sb2Fk ID0gZnVuY3Rpb24oKSB7CisgICAgaWYgKHdpbmRvdy50ZXN0UnVubmVyKQorICAgICAgICB0ZXN0 UnVubmVyLmR1bXBBc1RleHQoKTsKKyAgICBkb2N1bWVudC5kZXNpZ25Nb2RlID0gJ29uJzsKKyAg ICBkb2N1bWVudC5leGVjQ29tbWFuZCgnU2VsZWN0QWxsJyk7CisgICAgZG9jdW1lbnQuZXhlY0Nv bW1hbmQoJ0Zvcm1hdEJsb2NrJywgZmFsc2UsICc8cHJlPicpOworICAgIGRvY3VtZW50LndyaXRl KCdQYXNzIGlmIHRlc3QgZG9lcyBub3QgY3Jhc2guXG5QQVNTLicpOworfTsKKzwvc2NyaXB0Pgor VGV4dAorCis8c3R5bGU+CisgICBkaXYgeworICAgICAgICBoZWlnaHQ6IDEwMHB4OworICAgIH0K Kzwvc3R5bGU+Cis8ZGl2PjwvZGl2PgorPGRpdj48L2Rpdj4K