226799 2021-06-08 17:15:32 -0700 Nullptr crash in null ptr deref in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline 2021-06-22 02:06:23 -0700 1 1 1 Unclassified WebKit HTML Editing WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 rniwa fred.wang bfulgham cgarcia darin ews-feeder fred.wang gpoo product-security rbuis svillar webkit-bug-importer wenson_hsieh oldest_to_newest 1767979 0 430918 rniwa 2021-06-08 17:15:32 -0700 Created attachment 430918 Test e.g. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000161224430 WTF::OptionSet<WebCore::Node::NodeFlag>::isEmpty() const + 1 (OptionSet.h:164) [inlined] 1 com.apple.WebCore 0x0000000161224430 WTF::OptionSet<WebCore::Node::NodeFlag>::operator bool() + 1 (OptionSet.h:169) [inlined] 2 com.apple.WebCore 0x0000000161224430 WTF::OptionSet<WebCore::Node::NodeFlag>::containsAny(WTF::OptionSet<WebCore::Node::NodeFlag>) const + 1 (OptionSet.h:178) [inlined] 3 com.apple.WebCore 0x0000000161224430 WTF::OptionSet<WebCore::Node::NodeFlag>::contains(WebCore::Node::NodeFlag) const + 1 (OptionSet.h:173) [inlined] 4 com.apple.WebCore 0x0000000161224430 WebCore::Node::hasNodeFlag(WebCore::Node::NodeFlag) const + 1 (Node.h:585) [inlined] 5 com.apple.WebCore 0x0000000161224430 WebCore::Node::isTextNode() const + 1 (Node.h:191) [inlined] 6 com.apple.WebCore 0x0000000161224430 WebCore::firstPositionInNode(WebCore::Node*) + 1 (Position.h:322) [inlined] 7 com.apple.WebCore 0x0000000161224430 WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline(WebCore::ReplaceSelectionCommand::InsertedNodes&) + 992 (ReplaceSelectionCommand.cpp:667) 8 com.apple.WebCore 0x000000016122927c WebCore::ReplaceSelectionCommand::doApply() + 10860 (ReplaceSelectionCommand.cpp:1362) 9 com.apple.WebCore 0x00000001611a93b7 WebCore::CompositeEditCommand::apply() + 167 (CompositeEditCommand.cpp:397) 10 com.apple.WebCore 0x00000001611de4ec WebCore::Editor::replaceSelectionWithFragment(WebCore::DocumentFragment&, WebCore::Editor::SelectReplacement, WebCore::Editor::SmartReplace, WebCore::Editor::MatchStyle, WebCore::EditAction, WebCore::MailBlockquoteHandling) + 892 (Editor.cpp:698) 11 com.apple.WebCore 0x00000001611de088 WebCore::Editor::handleTextEvent(WebCore::TextEvent&) + 72 (Editor.cpp:347) 12 com.apple.WebCore 0x00000001616b70df WebCore::EventHandler::defaultTextInputEventHandler(WebCore::TextEvent&) + 31 (EventHandler.cpp:4182) 13 com.apple.WebCore 0x0000000161115013 WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&) + 39 (EventDispatcher.cpp:63) [inlined] 14 com.apple.WebCore 0x0000000161115013 WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 1763 (EventDispatcher.cpp:204) 15 com.apple.WebCore 0x00000001611e0ae5 WebCore::Editor::pasteAsFragment(WTF::Ref<WebCore::DocumentFragment, WTF::RawPtrTraits<WebCore::DocumentFragment> >&&, bool, bool, WebCore::MailBlockquoteHandling) + 245 (Editor.cpp:629) 16 com.apple.WebCore 0x00000001604ee133 WebCore::Editor::pasteWithPasteboard(WebCore::Pasteboard*, WTF::OptionSet<WebCore::Editor::PasteOption>) + 259 (EditorMac.mm:97) 17 com.apple.WebCore 0x00000001611e7e39 WebCore::Editor::paste(WebCore::Pasteboard&, WebCore::Editor::FromMenuOrKeyBinding) + 377 (Editor.cpp:1479) 18 com.apple.WebCore 0x00000001611e7c7f WebCore::Editor::paste(WebCore::Editor::FromMenuOrKeyBinding) + 95 (Editor.cpp:1465) 19 com.apple.WebCore 0x000000016120a063 WebCore::executePaste(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 51 (EditorCommand.cpp:904) 20 com.apple.WebCore 0x00000001610d7cac WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 76 (Document.cpp:5759) 21 com.apple.WebCore 0x0000000160357a16 WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*) + 218 (JSDocument.cpp:5859) [inlined] 22 com.apple.WebCore 0x0000000160357a16 long long WebCore::IDLOperation<WebCore::JSDocument>::call<&(WebCore::jsDocumentPrototypeFunction_execCommandBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSDocument*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 392 (JSDOMOperation.h:63) [inlined] 23 com.apple.WebCore 0x0000000160357a16 WebCore::jsDocumentPrototypeFunction_execCommand(JSC::JSGlobalObject*, JSC::CallFrame*) + 422 (JSDocument.cpp:5864) 24 ??? 0x00003634ef4011d8 0 + 59600980152792 25 com.apple.JavaScriptCore 0x0000000165ba65f7 llint_entry + 110528 (LowLevelInterpreter.asm:1097) 26 com.apple.JavaScriptCore 0x0000000165b8b436 vmEntryToJavaScript + 216 (LowLevelInterpreter64.asm:316) <rdar://78689218> 1767980 1 rniwa 2021-06-08 17:15:44 -0700 Reproduced with non-ASAN release build of WebKitTestRunner at r278627. 1770198 2 fred.wang 2021-06-16 08:39:45 -0700 (In reply to Ryosuke Niwa from comment #1) > Reproduced with non-ASAN release build of WebKitTestRunner at r278627. FWIW ASAN build gives: ==75==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000028 (pc 0x7f9b19cf6b86 bp 0x7ffe7ea01800 sp 0x7ffe7ea01750 T0) ==75==The signal is caused by a READ memory access. ==75==Hint: address points to the zero page. #0 0x7f9b19cf6b86 in WTF::OptionSet<WebCore::Node::NodeFlag>::containsAny(WTF::OptionSet<WebCore::Node::NodeFlag>) const (/app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0+0x8baeb86) #1 0x7f9b19cf456a in WTF::OptionSet<WebCore::Node::NodeFlag>::contains(WebCore::Node::NodeFlag) const (/app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0+0x8bac56a) #2 0x7f9b19cf2979 in WebCore::Node::hasNodeFlag(WebCore::Node::NodeFlag) const (/app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0+0x8baa979) #3 0x7f9b19df2eb2 in WebCore::Node::isTextNode() const (/app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0+0x8caaeb2) #4 0x7f9b1ad554af in WebCore::firstPositionInNode(WebCore::Node*) (/app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0+0x9c0d4af) #5 0x7f9b1f565394 in WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline(WebCore::ReplaceSelectionCommand::InsertedNodes&) (/app/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.1.so.0+0xe41d394) will take a look at this bug. 1770210 3 darin 2021-06-16 08:59:54 -0700 Looks like the local variable named context, the element’s parent, is nullptr. 1770533 4 fred.wang 2021-06-16 23:18:25 -0700 (In reply to Darin Adler from comment #3) > Looks like the local variable named context, the element’s parent, is > nullptr. Right, so it looks like when Paste is called, callDefaultEventHandlersInBubblingOrder will also execute the Indent command queued in the microtask which is the one removing the h1 element from the tree. Checking whether the node is orphan seems enought to prevent the crash in the testcase. Thread 1 received signal SIGSEGV, Segmentation fault. (rr) reverse-f (rr) (rr) (rr) (rr) (rr) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:667 667 RefPtr<Node> blockquoteNode = isMailPasteAsQuotationNode(context.get()) ? context.get() : enclosingNodeOfType(firstPositionInNode(context.get()), isMailBlockquote, CanCrossEditingBoundary); (rr) p context.get() $1 = (WebCore::ContainerNode *) 0x0 (rr) bt #0 0x00007fdeea729390 in WebCore::ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline(WebCore::ReplaceSelectionCommand::InsertedNodes&) (this=0x615000261680, insertedNodes=...) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:667 #1 0x00007fdeea732a0d in WebCore::ReplaceSelectionCommand::doApply() (this=0x615000261680) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:1362 #2 0x00007fdeee955195 in WebCore::CompositeEditCommand::apply() (this=0x615000261680) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:397 #3 0x00007fdeea660251 in WebCore::Editor::replaceSelectionWithFragment(WebCore::DocumentFragment&, WebCore::Editor::SelectReplacement, WebCore::Editor::SmartReplace, WebCore::Editor::MatchStyle, WebCore::EditAction, WebCore::MailBlockquoteHandling) (this=0x614000077a40, fragment=..., selectReplacement=WebCore::Editor::SelectReplacement::No, smartReplace=WebCore::Editor::SmartReplace::No, matchStyle=WebCore::Editor::MatchStyle::No, editingAction=WebCore::EditAction::Paste, mailBlockquoteHandling=WebCore::MailBlockquoteHandling::RespectBlockquote) at ../../Source/WebCore/editing/Editor.cpp:698 #4 0x00007fdeea65c0a6 in WebCore::Editor::handleTextEvent(WebCore::TextEvent&) (this=0x614000077a40, event=...) at ../../Source/WebCore/editing/Editor.cpp:347 #5 0x00007fdeeb8ef946 in WebCore::EventHandler::defaultTextInputEventHandler(We bCore::TextEvent&) (this=0x616000384c80, event=...) at ../../Source/WebCore/page/EventHandler.cpp:4182 #6 0x00007fdeea4062ae in WebCore::Node::defaultEventHandler(WebCore::Event&) (this=0x61200007e7c0, event=warning: RTTI symbol not found for class 'WebCore::TextEvent' ...) at ../../Source/WebCore/dom/Node.cpp:2451 #7 0x00007fdeeaa33e7b in WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event&) (this=0x61200007e7c0, event=warning: RTTI symbol not found for class 'WebCore::TextEvent' ...) at ../../Source/WebCore/html/HTMLInputElement.cpp:1258 #8 0x00007fdeea2ed704 in WebCore::callDefaultEventHandlersInBubblingOrder(WebCore::Event&, WebCore::EventPath const&) (event=warning: RTTI symbol not found for class 'WebCore::TextEvent' ..., path=...) at ../../Source/WebCore/dom/EventDispatcher.cpp:63 #9 0x00007fdeea2ee863 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) (node=..., event=warning: RTTI symbol not found for class 'WebCore::TextEvent' ...) at ../../Source/WebCore/dom/EventDispatcher.cpp:204 #10 0x00007fdeea4056f3 in WebCore::Node::dispatchEvent(WebCore::Event&) (this=0x61200007e7c0, event=warning: RTTI symbol not found for class 'WebCore::TextEvent' ...) at ../../Source/WebCore/dom/Node.cpp:2381 #11 0x00007fdeea65eda9 in WebCore::Editor::pasteAsFragment(WTF::Ref<WebCore::DocumentFragment, WTF::RawPtrTraits<WebCore::DocumentFragment> >&&, bool, bool, WebCore::MailBlockquoteHandling) (this=0x614000077a40, pastingFragment=..., smartReplace=false, matchStyle=false, respectsMailBlockquote=WebCore::MailBlockquoteHandling::RespectBlockquote) at ../../Source/WebCore/editing/Editor.cpp:629 ... (rr) p showTree(element) warning: RTTI symbol not found for class 'WebCore::HTMLHeadingElement' *H1 0x60c0002b39c0 (renderer (nil)) STYLE=caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: -webkit-standard; font-style: normal; font-variant-caps: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none; $2 = void (rr) watch -l element->m_parentNode (rr) rc (rr) delete (rr) reverse-f (rr) bt #0 0x00007fdeea0b3a05 in WebCore::ContainerNode::removeBetween(WebCore::Node*, WebCore::Node*, WebCore::Node&) (this=0x60c0002a6a00, previousChild=0x60c0002b8f40, nextChild=0x60c0002a8380, oldChild=warning: RTTI symbol not found for class 'WebCore::HTMLHeadingElement' ...) at ../../Source/WebCore/dom/ContainerNode.cpp:655 #1 0x00007fdeea0c19a2 in WebCore::ContainerNode::removeNodeWithScriptAssertion(WebCore::Node&, WebCore::ContainerNode::ChildChange::Source) (this=0x60c0002a6a00, childToRemove=warning: RTTI symbol not found for class 'WebCore::HTMLHeadingElement' ..., source=WebCore::ContainerNode::ChildChange::Source::API) at ../../Source/WebCore/dom/ContainerNode.cpp:181 #2 0x00007fdeea0b3355 in WebCore::ContainerNode::removeChild(WebCore::Node&) (this=0x60c0002a6a00, oldChild=warning: RTTI symbol not found for class 'WebCore::HTMLHeadingElement' ...) at ../../Source/WebCore/dom/ContainerNode.cpp:614 #3 0x00007fdeea3f85a0 in WebCore::Node::remove() (this=0x60c0002b39c0) at ../../Source/WebCore/dom/Node.cpp:642 ... #17 0x00007fdeea695d53 in WebCore::executeIndent(WebCore::Frame&, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:445 ... (rr) reverse-f (rr) reverse-f (rr) reverse-f (rr) p showTree(parent) *BODY 0x60c0002a6a00 (renderer 0x61200007dbc0) H1 0x60c0002a8080 (renderer 0x61200007fe40) DIV 0x60c0002a82c0 (renderer 0x61200006c4c0) BLOCKQUOTE 0x60c0002b8f40 (renderer 0x612000097e40) STYLE=margin: 0 0 0 40px; border: none; padding: 0px; H1 0x60c0002b9780 (renderer 0x612000098d40) STYLE=caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: -webkit-standard; font-style: normal; font-variant-caps: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none; INPUT 0x612000098140 (renderer 0x612000098ec0) #document-fragment 0x6120000982c0 (renderer (nil)) (needs style recalc) (child needs style recalc) DIV 0x60c0002b9900 (renderer 0x612000099040) H1 0x60c0002b39c0 (renderer 0x612000094fc0) STYLE=caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: -webkit-standard; font-style: normal; font-variant-caps: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none; H2 0x60c0002a8380 (renderer 0x61200006c7c0) H3 0x60c0002a8440 (renderer 0x612000096c40) IFRAME 0x61400007d840 (renderer 0x612000096dc0) $3 = void 1770552 5 431636 fred.wang 2021-06-17 02:01:28 -0700 Created attachment 431636 Patch More debugging: 0x00007f6f7b667a08 in WebCore::ReplaceSelectionCommand::doApply ( this=0x615000261180) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:1364 1364 removeRedundantStylesAndKeepStyleSpanInline(insertedNodes); (rr) p showTree(insertedNodes.firstNodeInserted()) warning: RTTI symbol not found for class 'WebCore::HTMLHeadingElement' *H1 0x60c0002b3780 (renderer (nil)) STYLE=caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: -webkit-standard; font-style: normal; font-variant-caps: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none; $1 = void (rr) rn (rr) (rr) (rr) (rr) 1355 makeInsertedContentRoundTrippableWithHTMLTreeBuilder(insertedNodes); (rr) rn 1352 if (insertedNodes.isEmpty()) (rr) p showTree(insertedNodes.firstNodeInserted()) warning: RTTI symbol not found for class 'WebCore::HTMLHeadingElement' BODY 0x60c0002a6880 (renderer 0x61200007dbc0) H1 0x60c0002a7f00 (renderer 0x61200007fe40) * H1 0x60c0002b3780 (renderer 0x6120000a3b40) STYLE=caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: -webkit-standard; font-style: normal; font-variant-caps: normal; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-tap-highlight-color: rgba(0, 0, 0, 0.4); -webkit-text-stroke-width: 0px; text-decoration: none; INPUT 0x6120000a2640 (renderer 0x6120000a3cc0) #document-fragment 0x6120000a27c0 (renderer (nil)) (needs style recalc) (child needs style recalc) DIV 0x60c0002b3900 (renderer 0x6120000a3e40) DIV 0x60c0002a8140 (renderer 0x61200006c4c0) H2 0x60c0002a8200 (renderer 0x61200006c7c0) H3 0x60c0002a82c0 (renderer 0x61200006c940) IFRAME 0x61400007d840 (renderer 0x6120000a1740) $3 = void 1771627 6 ews-feeder 2021-06-22 02:06:20 -0700 Committed r279110 (239027@main): <https://commits.webkit.org/239027@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431636. 430918 2021-06-08 17:15:32 -0700 2021-06-08 17:15:32 -0700 Test repro_664.html text/html 637 rniwa PHNjcmlwdD4KICBvbmxvYWQgPSAoKSA9PiB7CiAgICBsZXQgaDEgPSBkb2N1bWVudC5jcmVhdGVF bGVtZW50KCdoMScpOwogICAgZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChoMSk7CiAgICBoMS5h cHBlbmRDaGlsZChkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdpbnB1dCcpKTsKICAgIGgxLmFwcGVu ZENoaWxkKGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2RpdicpKTsKICAgIGxldCBoMiA9IGRvY3Vt ZW50LmNyZWF0ZUVsZW1lbnQoJ2gyJyk7CiAgICBkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKGgy KTsKICAgIGxldCBoMyA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2gzJyk7CiAgICBoMi5hcHBl bmRDaGlsZChoMyk7CiAgICBkb2N1bWVudC5leGVjQ29tbWFuZCgnU2VsZWN0QWxsJyk7CiAgICBo My5hcHBlbmRDaGlsZChkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdpZnJhbWUnKSk7CiAgICBxdWV1 ZU1pY3JvdGFzaygoKSA9PiB7CiAgICAgIGRvY3VtZW50LmV4ZWNDb21tYW5kKCdJbmRlbnQnKTsK ICAgIH0pOwogICAgZG9jdW1lbnQuZGVzaWduTW9kZSA9ICdvbic7CiAgICBkb2N1bWVudC5leGVj Q29tbWFuZCgnQ29weScpOwogICAgZG9jdW1lbnQuZXhlY0NvbW1hbmQoJ1Bhc3RlJyk7CiAgfTsK PC9zY3JpcHQ+Cg== 431636 2021-06-17 02:01:28 -0700 2021-06-22 02:06:21 -0700 Patch 0001-Nullptr-crash-in-null-ptr-deref-in-ReplaceSelectionC.patch text/plain 4694 fred.wang RnJvbSBmMzg0ZjdkYjdmNjU2ZjhiMjg2ZDNhM2JkOTdiN2I1MzJiZTg5MzAzIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiA9P1VURi04P3E/RnI9QzM9QTlkPUMzPUE5cmljPTIwV2FuZz89 IDxmd2FuZ0BpZ2FsaWEuY29tPgpEYXRlOiBUaHUsIDE3IEp1biAyMDIxIDEwOjQ2OjU5ICswMjAw ClN1YmplY3Q6IFtQQVRDSF0gTnVsbHB0ciBjcmFzaCBpbiBudWxsIHB0ciBkZXJlZiBpbgogUmVw bGFjZVNlbGVjdGlvbkNvbW1hbmQ6OnJlbW92ZVJlZHVuZGFudFN0eWxlc0FuZEtlZXBTdHlsZVNw YW5JbmxpbmUKCi0tLQogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nICAgICAgICAgICAgICAgICAgICAg ICAgIHwgMTIgKysrKysrKysrKwogLi4udGUtYW5kLWluZGVudC1taWNyb3Rhc2stY3Jhc2gtZXhw ZWN0ZWQudHh0IHwgIDMgKysrCiAuLi4vcGFzdGUtYW5kLWluZGVudC1taWNyb3Rhc2stY3Jhc2gu aHRtbCAgICAgfCAyMyArKysrKysrKysrKysrKysrKysrCiBTb3VyY2UvV2ViQ29yZS9DaGFuZ2VM b2cgICAgICAgICAgICAgICAgICAgICAgfCAxNyArKysrKysrKysrKysrKwogLi4uL2VkaXRpbmcv UmVwbGFjZVNlbGVjdGlvbkNvbW1hbmQuY3BwICAgICAgIHwgIDIgKysKIDUgZmlsZXMgY2hhbmdl ZCwgNTcgaW5zZXJ0aW9ucygrKQogY3JlYXRlIG1vZGUgMTAwNjQ0IExheW91dFRlc3RzL2Zhc3Qv ZWRpdGluZy9wYXN0ZS1hbmQtaW5kZW50LW1pY3JvdGFzay1jcmFzaC1leHBlY3RlZC50eHQKIGNy ZWF0ZSBtb2RlIDEwMDY0NCBMYXlvdXRUZXN0cy9mYXN0L2VkaXRpbmcvcGFzdGUtYW5kLWluZGVu dC1taWNyb3Rhc2stY3Jhc2guaHRtbAoKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxv ZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCAyNTY3MmNhMTUzLi4zMGJhYTQ1ZjMyIDEw MDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdl TG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMjEtMDYtMTcgIEZyw6lkw6lyaWMgV2FuZyAgPGZ3YW5n QGlnYWxpYS5jb20+CisKKyAgICAgICAgTnVsbHB0ciBjcmFzaCBpbiBudWxsIHB0ciBkZXJlZiBp biBSZXBsYWNlU2VsZWN0aW9uQ29tbWFuZDo6cmVtb3ZlUmVkdW5kYW50U3R5bGVzQW5kS2VlcFN0 eWxlU3BhbklubGluZQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9MjI2Nzk5CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgQWRkIHJlZ3Jlc3Npb24gdGVzdC4KKworICAgICAgICAqIGZhc3QvZWRpdGluZy9wYXN0 ZS1hbmQtaW5kZW50LW1pY3JvdGFzay1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAg ICAqIGZhc3QvZWRpdGluZy9wYXN0ZS1hbmQtaW5kZW50LW1pY3JvdGFzay1jcmFzaC5odG1sOiBB ZGRlZC4KKwogMjAyMS0wNi0xMyAgRnVqaWkgSGlyb25vcmkgIDxIaXJvbm9yaS5GdWppaUBzb255 LmNvbT4KIAogICAgICAgICBbV2luQ2Fpcm9dIFVucmV2aWV3ZWQgdGVzdCBnYXJkZW5pbmcKZGlm ZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvZWRpdGluZy9wYXN0ZS1hbmQtaW5kZW50LW1pY3Jv dGFzay1jcmFzaC1leHBlY3RlZC50eHQgYi9MYXlvdXRUZXN0cy9mYXN0L2VkaXRpbmcvcGFzdGUt YW5kLWluZGVudC1taWNyb3Rhc2stY3Jhc2gtZXhwZWN0ZWQudHh0Cm5ldyBmaWxlIG1vZGUgMTAw NjQ0CmluZGV4IDAwMDAwMDAwMDAuLjRiNzE0Nzc0MzMKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlv dXRUZXN0cy9mYXN0L2VkaXRpbmcvcGFzdGUtYW5kLWluZGVudC1taWNyb3Rhc2stY3Jhc2gtZXhw ZWN0ZWQudHh0CkBAIC0wLDAgKzEsMyBAQAorQ09OU09MRSBNRVNTQUdFOiBUaGlzIHRlc3QgcGFz c2VzIGlmIGl0IGRvZXMgbm90IGNyYXNoLgorCisKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zh c3QvZWRpdGluZy9wYXN0ZS1hbmQtaW5kZW50LW1pY3JvdGFzay1jcmFzaC5odG1sIGIvTGF5b3V0 VGVzdHMvZmFzdC9lZGl0aW5nL3Bhc3RlLWFuZC1pbmRlbnQtbWljcm90YXNrLWNyYXNoLmh0bWwK bmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMC4uYWI3MjUzYTY5NQotLS0gL2Rl di9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zhc3QvZWRpdGluZy9wYXN0ZS1hbmQtaW5kZW50LW1p Y3JvdGFzay1jcmFzaC5odG1sCkBAIC0wLDAgKzEsMjMgQEAKKzxzY3JpcHQ+CisgIGlmICh3aW5k b3cudGVzdFJ1bm5lcikKKyAgICB0ZXN0UnVubmVyLmR1bXBBc1RleHQoKTsKKyAgY29uc29sZS5s b2coIlRoaXMgdGVzdCBwYXNzZXMgaWYgaXQgZG9lcyBub3QgY3Jhc2guIikKKyAgb25sb2FkID0g KCkgPT4geworICAgIGxldCBoMSA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2gxJyk7CisgICAg ZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChoMSk7CisgICAgaDEuYXBwZW5kQ2hpbGQoZG9jdW1l bnQuY3JlYXRlRWxlbWVudCgnaW5wdXQnKSk7CisgICAgaDEuYXBwZW5kQ2hpbGQoZG9jdW1lbnQu Y3JlYXRlRWxlbWVudCgnZGl2JykpOworICAgIGxldCBoMiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1l bnQoJ2gyJyk7CisgICAgZG9jdW1lbnQuYm9keS5hcHBlbmRDaGlsZChoMik7CisgICAgbGV0IGgz ID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnaDMnKTsKKyAgICBoMi5hcHBlbmRDaGlsZChoMyk7 CisgICAgZG9jdW1lbnQuZXhlY0NvbW1hbmQoJ1NlbGVjdEFsbCcpOworICAgIGgzLmFwcGVuZENo aWxkKGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2lmcmFtZScpKTsKKyAgICBxdWV1ZU1pY3JvdGFz aygoKSA9PiB7CisgICAgICBkb2N1bWVudC5leGVjQ29tbWFuZCgnSW5kZW50Jyk7CisgICAgfSk7 CisgICAgZG9jdW1lbnQuZGVzaWduTW9kZSA9ICdvbic7CisgICAgZG9jdW1lbnQuZXhlY0NvbW1h bmQoJ0NvcHknKTsKKyAgICBkb2N1bWVudC5leGVjQ29tbWFuZCgnUGFzdGUnKTsKKyAgfTsKKzwv c2NyaXB0PgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nIGIvU291cmNlL1dl YkNvcmUvQ2hhbmdlTG9nCmluZGV4IDM1OGNhMjMwZjIuLmM3NGUyMmEwZGUgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cK QEAgLTEsMyArMSwyMCBAQAorMjAyMS0wNi0xNyAgRnLDqWTDqXJpYyBXYW5nICA8ZndhbmdAaWdh bGlhLmNvbT4KKworICAgICAgICBOdWxscHRyIGNyYXNoIGluIG51bGwgcHRyIGRlcmVmIGluIFJl cGxhY2VTZWxlY3Rpb25Db21tYW5kOjpyZW1vdmVSZWR1bmRhbnRTdHlsZXNBbmRLZWVwU3R5bGVT cGFuSW5saW5lCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0yMjY3OTkKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBWYXJpb3VzIHBsYWNlcyBpbiBSZXBsYWNlU2VsZWN0aW9uQ29tbWFuZDo6ZG9BcHBseSgpIG1h eSBleGVjdXRlIG11dGF0aW9uIGV2ZW50cyBhbmQgbGVhZAorICAgICAgICB0byBub2RlcyBiZWlu ZyByZW1vdmVkLiBUaGlzIHBhdGNoIGFkZHMgb25lIG1vcmUgZWFybHkgcmV0dXJuIGFmdGVyIHRo ZSBjYWxsIHRvCisgICAgICAgIG1ha2VJbnNlcnRlZENvbnRlbnRSb3VuZFRyaXBwYWJsZVdpdGhI VE1MVHJlZUJ1aWxkZXIoKSB0byBlbnN1cmUgdGhhdCB0aGUgZnVuY3Rpb24KKyAgICAgICAgcmVt b3ZlUmVkdW5kYW50U3R5bGVzQW5kS2VlcFN0eWxlU3BhbklubGluZSgpIGlzIHByb3Blcmx5IGV4 ZWN1dGVkLgorCisgICAgICAgIFRlc3Q6IGZhc3QvZWRpdGluZy9wYXN0ZS1hbmQtaW5kZW50LW1p Y3JvdGFzay1jcmFzaC5odG1sCisKKyAgICAgICAgKiBlZGl0aW5nL1JlcGxhY2VTZWxlY3Rpb25D b21tYW5kLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlJlcGxhY2VTZWxlY3Rpb25Db21tYW5kOjpk b0FwcGx5KToKKwogMjAyMS0wNi0xMyAgQ2hyaXMgRHVtZXogIDxjZHVtZXpAYXBwbGUuY29tPgog CiAgICAgICAgIFJlbGF4ICJwYXJlbnQgbXVzdCBiZSBhbiBIVE1MRWxlbWVudCIgcmVzdHJpY3Rp b24gaW4gb3V0ZXJIVE1MIHNldHRlcgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvZWRpdGlu Zy9SZXBsYWNlU2VsZWN0aW9uQ29tbWFuZC5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL1Jl cGxhY2VTZWxlY3Rpb25Db21tYW5kLmNwcAppbmRleCA1MDhiYmZmOThjLi5hZTY4Mzk4ZjE4IDEw MDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL1JlcGxhY2VTZWxlY3Rpb25Db21tYW5k LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9lZGl0aW5nL1JlcGxhY2VTZWxlY3Rpb25Db21tYW5k LmNwcApAQCAtMTM1NSw2ICsxMzU1LDggQEAgdm9pZCBSZXBsYWNlU2VsZWN0aW9uQ29tbWFuZDo6 ZG9BcHBseSgpCiAgICAgbWFrZUluc2VydGVkQ29udGVudFJvdW5kVHJpcHBhYmxlV2l0aEhUTUxU cmVlQnVpbGRlcihpbnNlcnRlZE5vZGVzKTsKICAgICBpZiAoaW5zZXJ0ZWROb2Rlcy5pc0VtcHR5 KCkpCiAgICAgICAgIHJldHVybjsKKyAgICBpZiAoIWluc2VydGVkTm9kZXMuZmlyc3ROb2RlSW5z ZXJ0ZWQoKS0+aXNDb25uZWN0ZWQoKSkKKyAgICAgICAgcmV0dXJuOwogCiAgICAgaWYgKG5lZWRz Q29sb3JUcmFuc2Zvcm1lZCkKICAgICAgICAgaW52ZXJzZVRyYW5zZm9ybUNvbG9yKGluc2VydGVk Tm9kZXMpOwotLSAKMi4yNS4xCgo=