227173 2021-06-18 11:33:59 -0700 Crash in SharedBuffer::data 2021-06-29 02:39:10 -0700 1 1 1 Unclassified WebKit XML WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 ajuma rbuis achristensen bfulgham cdumez cgarcia ddkilzer ews-feeder fred.wang gpoo product-security rbuis rego rniwa rohitrao svillar webkit-bug-importer oldest_to_newest 1771044 0 431782 ajuma 2021-06-18 11:33:59 -0700 Created attachment 431782 Minimized test case Filing this as a security bug since it was found using a fuzzer; there's no disclosure deadline for this bug. This reproduces in an ASan build of WebKitTestRunner. Stack: ================================================================= ==61712==ERROR: AddressSanitizer: SEGV on unknown address 0x00000000001c (pc 0x000116559c32 bp 0x7ffeee5b32a0 sp 0x7ffeee5b32a0 T0) ==61712==The signal is caused by a READ memory access. ==61712==Hint: address points to the zero page. #0 0x116559c31 in WTF::Vector<WebCore::SharedBuffer::DataSegmentVectorEntry, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::size() const (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x1ee4c31) #1 0x1190dd218 in WTF::Vector<WebCore::SharedBuffer::DataSegmentVectorEntry, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>::isEmpty() const (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x4a68218) #2 0x1190dd1d5 in WebCore::SharedBuffer::data() const (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x4a681d5) #3 0x11a6c42dd in WebCore::openFunc(char const*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x604f2dd) #4 0x7fff66c34880 in __xmlParserInputBufferCreateFilename (/usr/lib/libxml2.2.dylib:x86_64+0x75880) #5 0x7fff66c0b6e6 in xmlNewInputFromFile (/usr/lib/libxml2.2.dylib:x86_64+0x4c6e6) #6 0x7fff66c352f4 in xmlDefaultExternalEntityLoader (/usr/lib/libxml2.2.dylib:x86_64+0x762f4) #7 0x7fff66c3503b in xmlLoadExternalEntity (/usr/lib/libxml2.2.dylib:x86_64+0x7603b) #8 0x7fff66c1b46f in xmlSAX2ResolveEntity (/usr/lib/libxml2.2.dylib:x86_64+0x5c46f) #9 0x7fff66bc8a29 in xmlSAX2ExternalSubset (/usr/lib/libxml2.2.dylib:x86_64+0x9a29) #10 0x7fff66bdc7e7 in xmlParseDocument (/usr/lib/libxml2.2.dylib:x86_64+0x1d7e7) #11 0x7fff66bdc44b in xmlDoRead (/usr/lib/libxml2.2.dylib:x86_64+0x1d44b) #12 0x11a6c23cd in WebCore::xmlDocPtrForString(WebCore::CachedResourceLoader&, WTF::String const&, WTF::String const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x604d3cd) #13 0x11a6b2eaf in WebCore::xmlDocPtrFromNode(WebCore::Node&, bool&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x603deaf) #14 0x11a6b16a9 in WebCore::XSLTProcessor::transformToString(WebCore::Node&, WTF::String&, WTF::String&, WTF::String&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x603c6a9) #15 0x11a6b12e0 in WebCore::XSLTProcessor::transformToDocument(WebCore::Node*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x603c2e0) #16 0x1163cf4b0 in WebCore::jsXSLTProcessorPrototypeFunction_transformToDocumentBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSXSLTProcessor*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x1d5a4b0) #17 0x1163cf20b in long long WebCore::IDLOperation<WebCore::JSXSLTProcessor>::call<&(WebCore::jsXSLTProcessorPrototypeFunction_transformToDocumentBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSXSLTProcessor*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x1d5a20b) #18 0x4736b48011d7 (<unknown module>) #19 0x1331045af in llint_entry (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xc595af) #20 0x1330e93e8 in vmEntryToJavaScript (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xc3e3e8) #21 0x1349086a2 in JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x245d6a2) #22 0x135206fbd in JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2d5bfbd) #23 0x135207267 in JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0x2d5c267) #24 0x11758d629 in WebCore::JSExecState::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x2f18629) #25 0x11758ce29 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x2f17e29) #26 0x11758ca1d in WebCore::ScriptController::evaluateInWorldIgnoringException(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x2f17a1d) #27 0x117eb568b in WebCore::ScriptElement::executeClassicScript(WebCore::ScriptSourceCode const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x384068b) #28 0x117eb2d99 in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x383dd99) #29 0x11861c34e in WebCore::HTMLScriptRunner::runScript(WebCore::ScriptElement&, WTF::TextPosition const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3fa734e) #30 0x11861c024 in WebCore::HTMLScriptRunner::execute(WTF::Ref<WebCore::ScriptElement, WTF::RawPtrTraits<WebCore::ScriptElement> >&&, WTF::TextPosition const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3fa7024) #31 0x1185fda59 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3f88a59) #32 0x1185fe0c3 in WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3f890c3) #33 0x1185fd13b in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3f8813b) #34 0x1185ff048 in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl, WTF::RawPtrTraits<WTF::StringImpl>, WTF::DefaultRefDerefTraits<WTF::StringImpl> >&&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x3f8a048) #35 0x117c795e5 in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x36045e5) #36 0x118aed5eb in WebCore::DocumentWriter::end() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x44785eb) #37 0x118aec1b6 in WebCore::DocumentLoader::finishedLoading() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x44771b6) #38 0x118aeb9e4 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource&, WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x44769e4) #39 0x118cbcfaf in WebCore::CachedResource::checkNotify(WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x4647faf) #40 0x118cb8eb8 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*, WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x4643eb8) #41 0x118c2d482 in WebCore::SubresourceLoader::didFinishLoading(WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebCore.framework/Versions/A/WebCore:x86_64+0x45b8482) #42 0x106d6e7cf in WebKit::WebResourceLoader::didFinishResourceLoad(WebCore::NetworkLoadMetrics const&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x23a87cf) #43 0x107488020 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(WebCore::NetworkLoadMetrics const&)) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x2ac2020) #44 0x107487677 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x2ac1677) #45 0x106d31a6a in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x236ba6a) #46 0x104a59989 in IPC::Connection::dispatchMessage(IPC::Decoder&) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x93989) #47 0x104a5a3bc in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x943bc) #48 0x104a5af84 in IPC::Connection::dispatchOneIncomingMessage() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x94f84) #49 0x132583e5c in WTF::RunLoop::performWork() (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xd8e5c) #50 0x132587575 in WTF::RunLoop::performWork(void*) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/JavaScriptCore.framework/Versions/A/JavaScriptCore:x86_64+0xdc575) #51 0x7fff2d644883 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x84883) #52 0x7fff2d644822 in __CFRunLoopDoSource0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x84822) #53 0x7fff2d64463c in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x8463c) #54 0x7fff2d643358 in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x83358) #55 0x7fff2d642952 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation:x86_64+0x82952) #56 0x7fff2fd001c7 in -[NSRunLoop(NSRunLoop) runMode:beforeDate:] (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x601c7) #57 0x7fff2fdb2c6e in -[NSRunLoop(NSRunLoop) run] (/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation:x86_64+0x112c6e) #58 0x7fff679ff4e9 in _xpc_objc_main.cold.4 (/usr/lib/system/libxpc.dylib:x86_64+0x164e9) #59 0x7fff679ff42f in _xpc_objc_main (/usr/lib/system/libxpc.dylib:x86_64+0x1642f) #60 0x7fff679fef62 in xpc_main (/usr/lib/system/libxpc.dylib:x86_64+0x15f62) #61 0x105a25743 in WebKit::XPCServiceMain(int, char const**) (/Users/chrome-bot/clusterfuzz/bot/builds/chrome-ios-webkit-to-fuzz_ios-webkit-to-fuzz_cb292771138f3c7c4bb12f2df778e2b1c42b4cd7/revisions/WebKitMacOS/WebKit.framework/Versions/A/WebKit:x86_64+0x105f743) #62 0x7fff677adcc8 in start (/usr/lib/system/libdyld.dylib:x86_64+0x1acc8) ==61712==Register values: rax = 0x0000000000000000 rbx = 0x0000000000000000 rcx = 0x0000100000000003 rdx = 0x0000000000000000 rdi = 0x000000000000001c rsi = 0x0000000000000018 rbp = 0x00007ffeee5b32a0 rsp = 0x00007ffeee5b32a0 r8 = 0x0000200000000000 r9 = 0x00000fffffffffff r10 = 0x0000000000000000 r11 = 0xffffffffffffffff r12 = 0x00006030000b4880 r13 = 0x00001fffddcb66a4 r14 = 0x0000000000000010 r15 = 0x00001fffddcb665c ===================================== Clusterfuzz-id: 5702605551239168 1771045 1 webkit-bug-importer 2021-06-18 11:34:17 -0700 <rdar://problem/79509903> 1772887 2 432333 rbuis 2021-06-26 12:34:53 -0700 Created attachment 432333 Patch 1772892 3 432333 rniwa 2021-06-26 13:44:50 -0700 Comment on attachment 432333 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=432333&action=review > Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:493 > + if (!data) > + return new OffsetBuffer({ }); Hm... it looks like we want to be returning &globalDescriptor instead in these early exits? 1772895 4 432333 rbuis 2021-06-26 14:05:41 -0700 Comment on attachment 432333 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=432333&action=review >> Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:493 >> + return new OffsetBuffer({ }); > > Hm... it looks like we want to be returning &globalDescriptor instead in these early exits? I am no XSLT expert, but I think what causes the null data is the fact the xslt sheet is empty, and I assumed that is not an error. Then again there may be cases where null data hints at an error? I am fine either way, will add a test case tomorrow since this does not seem to be a security problem. 1772919 5 432347 rbuis 2021-06-27 00:40:26 -0700 Created attachment 432347 Patch 1772956 6 432347 rniwa 2021-06-27 13:39:22 -0700 Comment on attachment 432347 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=432347&action=review > Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:494 > + if (!data) > + return &globalDescriptor; > + Is the difference between returning empty OffsetBuffer vs returning globalDescriptor observable to scripts? If so, what do other browsers do? 1773008 7 432347 rbuis 2021-06-28 02:52:27 -0700 Comment on attachment 432347 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=432347&action=review >> Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp:494 >> + > > Is the difference between returning empty OffsetBuffer vs returning globalDescriptor observable to scripts? > If so, what do other browsers do? I do not think so, either way the returned document is: <html xmlns="http://www.w3.org/1999/xhtml"><body><parsererror style="display: block; white-space: pre; border: 2px solid #c77; padding: 0 1em 0 1em; margin: 1em; background-color: #fdd; color: black"><h3>This page contains the following errors:</h3><div style="font-family:monospace;font-size:12px">error on line 1 at column 1: Document is empty </div><h3>Below is a rendering of the page up to the first error.</h3></parsererror></body></html> There is a difference in behaviour in closeFunc. closeFunc cleans up the context/data if it is not equal to globalDescriptor, in our case it is more efficient to not allocate the OffsetBuffer in the first place though, so I think returning globalDescriptor is the best option. 1773185 8 432347 rniwa 2021-06-28 14:01:30 -0700 Comment on attachment 432347 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=432347&action=review > Source/WebCore/ChangeLog:3 > + Null check data in openFunc Please make this patch the bug title. > LayoutTests/ChangeLog:3 > + Null check data in openFunc Ditto. > LayoutTests/fast/xsl/xslt-transformToDocument-crash.html:6 > + var processor = new XSLTProcessor(); Use const here and the rest of variable declarations? 1773348 9 432459 rbuis 2021-06-29 01:37:26 -0700 Created attachment 432459 Patch 1773360 10 ews-feeder 2021-06-29 02:39:07 -0700 Committed r279370 (239236@main): <https://commits.webkit.org/239236@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 432459. 431782 2021-06-18 11:33:59 -0700 2021-06-18 11:33:59 -0700 Minimized test case sharedBufferData.html text/html 671 ajuma PHNjcmlwdCB0eXBlPSJhcHBsaWNhdGlvbi9qYXZhc2NyaXB0Ij4KICB2YXIgcHJvY2Vzc29yID0g bmV3IFhTTFRQcm9jZXNzb3IoKTsKICB2YXIgc3R5bGUgPQogICAgJzx4c2w6c3R5bGVzaGVldCB4 bWxuczp4c2w9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvWFNML1RyYW5zZm9ybSIgdmVyc2lvbj0i MS4wIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+JyArCiAgICAnPC94c2w6 c3R5bGVzaGVldD4nOwogIHZhciBzdHlsZURvYyA9IG5ldyBET01QYXJzZXIoKS5wYXJzZUZyb21T dHJpbmcgKHN0eWxlLCAidGV4dC94bWwiKTsKICB2YXIgZGF0YSA9CiAgICAnPCFET0NUWVBFIHdt bCBQVUJMSUMgIi0vL1dBUEZPUlVNLy9EVEQgV01MIDEuMS8vRU4iICJodHRwOi8vd3d3LndhcGZv cnVtLm9yZy9EVEQvd21sXzEuMS54bWwiPicgKyAKICAgICc8d21sPjxjYXJkPjxwPnBhcmFncmFw aDwvcD48L2NhcmQ+PC93bWw+JzsKICB2YXIgb3JpZ2luYWxEb2MgPSBuZXcgRE9NUGFyc2VyKCku cGFyc2VGcm9tU3RyaW5nKGRhdGEsICJ0ZXh0L3htbCIpOwogIHByb2Nlc3Nvci5pbXBvcnRTdHls ZXNoZWV0KHN0eWxlRG9jKTsKICAgIHZhciB0cmFuc2Zvcm1lZERvY3VtZW50ID0gcHJvY2Vzc29y LnRyYW5zZm9ybVRvRG9jdW1lbnQob3JpZ2luYWxEb2MpOwo8L3NjcmlwdD4= 432333 2021-06-26 12:34:53 -0700 2021-06-27 00:40:22 -0700 Patch bug-227173-20210626203452.patch text/plain 1219 rbuis U3VidmVyc2lvbiBSZXZpc2lvbjogMjc5MzA3CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYTVhOGViYTA5NGRlM2E4 OTg1OWMzZTdhMTI0MzU4MTFkZjdmYTY3Yy4uMmRjMjAxYjFjNGQ0ZTM0MjgzMGEyOGMyYzk1ZDUz MGQ1NzQ1NGEyZSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBACisyMDIxLTA2LTI2ICBSb2Ig QnVpcyAgPHJidWlzQGlnYWxpYS5jb20+CisKKyAgICAgICAgTnVsbCBjaGVjayBkYXRhIGluIG9w ZW5GdW5jCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0y MjcxNzMKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBO dWxsIGNoZWNrIGRhdGEgaW4gb3BlbkZ1bmMuCisKKyAgICAgICAgKiB4bWwvcGFyc2VyL1hNTERv Y3VtZW50UGFyc2VyTGlieG1sMi5jcHA6CisgICAgICAgIChXZWJDb3JlOjpvcGVuRnVuYyk6CisK IDIwMjEtMDYtMjUgIEFsYW4gQnVqdGFzICA8emFsYW5AYXBwbGUuY29tPgogCiAgICAgICAgIFtM RkNdW1RGQ10gUmVtb3ZlIHJlZHVuZGFudCBzdHJ1Y3QgUmVzb2x2ZWRJdGVtCmRpZmYgLS1naXQg YS9Tb3VyY2UvV2ViQ29yZS94bWwvcGFyc2VyL1hNTERvY3VtZW50UGFyc2VyTGlieG1sMi5jcHAg Yi9Tb3VyY2UvV2ViQ29yZS94bWwvcGFyc2VyL1hNTERvY3VtZW50UGFyc2VyTGlieG1sMi5jcHAK aW5kZXggYTU0ZGMyODk5ODIwODgzNjZhZTc3YzA2YjQxZTU0NWI5Y2IwZTY4My4uYmZhOGRjNTky MTIzNjM2MjIyNzg4NGYyMGFhOWY1NGQyYTY4NmQzNyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNv cmUveG1sL3BhcnNlci9YTUxEb2N1bWVudFBhcnNlckxpYnhtbDIuY3BwCisrKyBiL1NvdXJjZS9X ZWJDb3JlL3htbC9wYXJzZXIvWE1MRG9jdW1lbnRQYXJzZXJMaWJ4bWwyLmNwcApAQCAtNDg5LDYg KzQ4OSw5IEBAIHN0YXRpYyB2b2lkKiBvcGVuRnVuYyhjb25zdCBjaGFyKiB1cmkpCiAgICAgICAg IH0KICAgICB9CiAKKyAgICBpZiAoIWRhdGEpCisgICAgICAgIHJldHVybiBuZXcgT2Zmc2V0QnVm ZmVyKHsgfSk7CisKICAgICByZXR1cm4gbmV3IE9mZnNldEJ1ZmZlcih7IGRhdGEtPmRhdGEoKSwg ZGF0YS0+c2l6ZSgpIH0pOwogfQogCg== 432347 2021-06-27 00:40:26 -0700 2021-06-29 01:37:18 -0700 Patch bug-227173-20210627084025.patch text/plain 3480 rbuis U3VidmVyc2lvbiBSZXZpc2lvbjogMjc5MzA3CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYTVhOGViYTA5NGRlM2E4 OTg1OWMzZTdhMTI0MzU4MTFkZjdmYTY3Yy4uOWNhYTFlMTM1MzY5ODJiYTAyZWFjYzYzY2Q4NzQ5 MjE1MjAwZWFkNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDIxLTA2LTI3ICBSb2Ig QnVpcyAgPHJidWlzQGlnYWxpYS5jb20+CisKKyAgICAgICAgTnVsbCBjaGVjayBkYXRhIGluIG9w ZW5GdW5jCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0y MjcxNzMKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBO dWxsIGNoZWNrIGRhdGEgaW4gb3BlbkZ1bmMuCisKKyAgICAgICAgVGVzdDogZmFzdC94c2wveHNs dC10cmFuc2Zvcm1Ub0RvY3VtZW50LWNyYXNoLmh0bWwKKworICAgICAgICAqIHhtbC9wYXJzZXIv WE1MRG9jdW1lbnRQYXJzZXJMaWJ4bWwyLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6Om9wZW5GdW5j KToKKwogMjAyMS0wNi0yNSAgQWxhbiBCdWp0YXMgIDx6YWxhbkBhcHBsZS5jb20+CiAKICAgICAg ICAgW0xGQ11bVEZDXSBSZW1vdmUgcmVkdW5kYW50IHN0cnVjdCBSZXNvbHZlZEl0ZW0KZGlmZiAt LWdpdCBhL1NvdXJjZS9XZWJDb3JlL3htbC9wYXJzZXIvWE1MRG9jdW1lbnRQYXJzZXJMaWJ4bWwy LmNwcCBiL1NvdXJjZS9XZWJDb3JlL3htbC9wYXJzZXIvWE1MRG9jdW1lbnRQYXJzZXJMaWJ4bWwy LmNwcAppbmRleCBhNTRkYzI4OTk4MjA4ODM2NmFlNzdjMDZiNDFlNTQ1YjljYjBlNjgzLi44ZDBj MmIyOTgxZjJjYWZjYmEyZmJiZWI2NDc0MWRiNGUxOGQxMzAzIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS94bWwvcGFyc2VyL1hNTERvY3VtZW50UGFyc2VyTGlieG1sMi5jcHAKKysrIGIvU291 cmNlL1dlYkNvcmUveG1sL3BhcnNlci9YTUxEb2N1bWVudFBhcnNlckxpYnhtbDIuY3BwCkBAIC00 ODksNiArNDg5LDkgQEAgc3RhdGljIHZvaWQqIG9wZW5GdW5jKGNvbnN0IGNoYXIqIHVyaSkKICAg ICAgICAgfQogICAgIH0KIAorICAgIGlmICghZGF0YSkKKyAgICAgICAgcmV0dXJuICZnbG9iYWxE ZXNjcmlwdG9yOworCiAgICAgcmV0dXJuIG5ldyBPZmZzZXRCdWZmZXIoeyBkYXRhLT5kYXRhKCks IGRhdGEtPnNpemUoKSB9KTsKIH0KIApkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9n IGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCmluZGV4IGRjMjdlMjZmMTA5YzRmZmM5YmFlZDQ3NDFj ZGIxYzI5NWJiM2IwYjUuLjVlYjJhOTI2MjBlMzc2MzQ2OWU0ZDcwNzk1NTJkMzcwNjkzMzlhOTAg MTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL0NoYW5nZUxvZworKysgYi9MYXlvdXRUZXN0cy9DaGFu Z2VMb2cKQEAgLTEsMyArMSwxMyBAQAorMjAyMS0wNi0yNyAgUm9iIEJ1aXMgIDxyYnVpc0BpZ2Fs aWEuY29tPgorCisgICAgICAgIE51bGwgY2hlY2sgZGF0YSBpbiBvcGVuRnVuYworICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjI3MTczCisKKyAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBmYXN0L3hzbC94c2x0LXRy YW5zZm9ybVRvRG9jdW1lbnQtY3Jhc2gtZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBm YXN0L3hzbC94c2x0LXRyYW5zZm9ybVRvRG9jdW1lbnQtY3Jhc2guaHRtbDogQWRkZWQuCisKIDIw MjEtMDYtMjUgIEFyY2FkeSBHb2xkbWludHMtT3Jsb3YgIDxhZ29sZG1pbnRzQGlnYWxpYS5jb20+ CiAKICAgICAgICAgW0dMSUJdIFVwZGF0ZSB0ZXN0IGV4cGVjdGF0aW9ucyBhZnRlciByMjc5MjE3 CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L3hzbC94c2x0LXRyYW5zZm9ybVRvRG9jdW1l bnQtY3Jhc2gtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvZmFzdC94c2wveHNsdC10cmFuc2Zv cm1Ub0RvY3VtZW50LWNyYXNoLWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRl eCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi4wZDg4NjM0YjNiZWQx OGFmYjlkZjI3NzRjNGZmZDc5OTU2Y2M2NGI0Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVz dHMvZmFzdC94c2wveHNsdC10cmFuc2Zvcm1Ub0RvY3VtZW50LWNyYXNoLWV4cGVjdGVkLnR4dApA QCAtMCwwICsxIEBACitUZXN0IHBhc3NlcyBpZiBpdCBkb2VzIG5vdCBjcmFzaApkaWZmIC0tZ2l0 IGEvTGF5b3V0VGVzdHMvZmFzdC94c2wveHNsdC10cmFuc2Zvcm1Ub0RvY3VtZW50LWNyYXNoLmh0 bWwgYi9MYXlvdXRUZXN0cy9mYXN0L3hzbC94c2x0LXRyYW5zZm9ybVRvRG9jdW1lbnQtY3Jhc2gu aHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwLi4wYTA5MDE4NjA0MmVkY2ZmYjBkOTQ1Y2Q4NDAxNGM5MDk2NzFhNzcy Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFzdC94c2wveHNsdC10cmFuc2Zvcm1U b0RvY3VtZW50LWNyYXNoLmh0bWwKQEAgLTAsMCArMSwyMCBAQAorPHNjcmlwdD4KKyAgaWYgKHdp bmRvdy50ZXN0UnVubmVyKSB7CisgICAgdGVzdFJ1bm5lci5kdW1wQXNUZXh0KCk7CisgICAgdGVz dFJ1bm5lci53YWl0VW50aWxEb25lKCk7CisgIH0KKyAgdmFyIHByb2Nlc3NvciA9IG5ldyBYU0xU UHJvY2Vzc29yKCk7CisgIHZhciBzdHlsZSA9CisgICAgJzx4c2w6c3R5bGVzaGVldCB4bWxuczp4 c2w9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvWFNML1RyYW5zZm9ybSIgdmVyc2lvbj0iMS4wIiB4 bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+JyArCisgICAgJzwveHNsOnN0eWxl c2hlZXQ+JzsKKyAgdmFyIHN0eWxlRG9jID0gbmV3IERPTVBhcnNlcigpLnBhcnNlRnJvbVN0cmlu ZyAoc3R5bGUsICJ0ZXh0L3htbCIpOworICB2YXIgZGF0YSA9CisgICAgJzwhRE9DVFlQRSB3bWwg UFVCTElDICItLy9XQVBGT1JVTS8vRFREIFdNTCAxLjEvL0VOIiAiaHR0cDovL3d3dy53YXBmb3J1 bS5vcmcvRFREL3dtbF8xLjEueG1sIj4nICsgCisgICAgJzx3bWw+PGNhcmQ+PHA+cGFyYWdyYXBo PC9wPjwvY2FyZD48L3dtbD4nOworICB2YXIgb3JpZ2luYWxEb2MgPSBuZXcgRE9NUGFyc2VyKCku cGFyc2VGcm9tU3RyaW5nKGRhdGEsICJ0ZXh0L3htbCIpOworICBwcm9jZXNzb3IuaW1wb3J0U3R5 bGVzaGVldChzdHlsZURvYyk7CisgIHByb2Nlc3Nvci50cmFuc2Zvcm1Ub0RvY3VtZW50KG9yaWdp bmFsRG9jKTsKKyAgaWYgKHdpbmRvdy50ZXN0UnVubmVyKQorICAgIHRlc3RSdW5uZXIubm90aWZ5 RG9uZSgpOworPC9zY3JpcHQ+Cis8cD5UZXN0IHBhc3NlcyBpZiBpdCBkb2VzIG5vdCBjcmFzaDwv cD4K 432459 2021-06-29 01:37:26 -0700 2021-06-29 02:39:08 -0700 Patch bug-227173-20210629093725.patch text/plain 3571 rbuis U3VidmVyc2lvbiBSZXZpc2lvbjogMjc5MzY2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNmQ0NzQzZDM5OTNlMTVj M2NkOTEyOWVjNDk4MTJkZmM1N2NlZDEwZC4uZjg1MmNlYmQ1N2I4ZjBjODNiMGY1NGM4YTc1YTgy ODc2MGMzMGRhYSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDIxLTA2LTI5ICBSb2Ig QnVpcyAgPHJidWlzQGlnYWxpYS5jb20+CisKKyAgICAgICAgQ3Jhc2ggaW4gU2hhcmVkQnVmZmVy OjpkYXRhCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0y MjcxNzMKKworICAgICAgICBSZXZpZXdlZCBieSBSeW9zdWtlIE5pd2EuCisKKyAgICAgICAgTnVs bCBjaGVjayBkYXRhIGluIG9wZW5GdW5jLgorCisgICAgICAgIFRlc3Q6IGZhc3QveHNsL3hzbHQt dHJhbnNmb3JtVG9Eb2N1bWVudC1jcmFzaC5odG1sCisKKyAgICAgICAgKiB4bWwvcGFyc2VyL1hN TERvY3VtZW50UGFyc2VyTGlieG1sMi5jcHA6CisgICAgICAgIChXZWJDb3JlOjpvcGVuRnVuYyk6 CisKIDIwMjEtMDYtMjkgIFlvdWVubiBGYWJsZXQgIDx5b3Vlbm5AYXBwbGUuY29tPgogCiAgICAg ICAgIFJlbW92ZSBSZW1vdGVBdWRpb01lZGlhU3RyZWFtVHJhY2tSZW5kZXJlciBhbmQgUmVtb3Rl QXVkaW9NZWRpYVN0cmVhbVRyYWNrUmVuZGVyZXJNYW5hZ2VyCmRpZmYgLS1naXQgYS9Tb3VyY2Uv V2ViQ29yZS94bWwvcGFyc2VyL1hNTERvY3VtZW50UGFyc2VyTGlieG1sMi5jcHAgYi9Tb3VyY2Uv V2ViQ29yZS94bWwvcGFyc2VyL1hNTERvY3VtZW50UGFyc2VyTGlieG1sMi5jcHAKaW5kZXggYTU0 ZGMyODk5ODIwODgzNjZhZTc3YzA2YjQxZTU0NWI5Y2IwZTY4My4uOGQwYzJiMjk4MWYyY2FmY2Jh MmZiYmViNjQ3NDFkYjRlMThkMTMwMyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUveG1sL3Bh cnNlci9YTUxEb2N1bWVudFBhcnNlckxpYnhtbDIuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3ht bC9wYXJzZXIvWE1MRG9jdW1lbnRQYXJzZXJMaWJ4bWwyLmNwcApAQCAtNDg5LDYgKzQ4OSw5IEBA IHN0YXRpYyB2b2lkKiBvcGVuRnVuYyhjb25zdCBjaGFyKiB1cmkpCiAgICAgICAgIH0KICAgICB9 CiAKKyAgICBpZiAoIWRhdGEpCisgICAgICAgIHJldHVybiAmZ2xvYmFsRGVzY3JpcHRvcjsKKwog ICAgIHJldHVybiBuZXcgT2Zmc2V0QnVmZmVyKHsgZGF0YS0+ZGF0YSgpLCBkYXRhLT5zaXplKCkg fSk7CiB9CiAKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3Rz L0NoYW5nZUxvZwppbmRleCA0NDNmMWI2NmQ2YWU5YjQyZThmNjg4NmRmZjcyOGY4OGQ1MmUwY2Zi Li5kMWM1MWI0YjU0NjYxZDEwYzQxOWU3YTJjZmQ2Yzc4ODk5MzU2Y2QzIDEwMDY0NAotLS0gYS9M YXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMg KzEsMTMgQEAKKzIwMjEtMDYtMjkgIFJvYiBCdWlzICA8cmJ1aXNAaWdhbGlhLmNvbT4KKworICAg ICAgICBDcmFzaCBpbiBTaGFyZWRCdWZmZXI6OmRhdGEKKyAgICAgICAgaHR0cHM6Ly9idWdzLndl YmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIyNzE3MworCisgICAgICAgIFJldmlld2VkIGJ5IFJ5 b3N1a2UgTml3YS4KKworICAgICAgICAqIGZhc3QveHNsL3hzbHQtdHJhbnNmb3JtVG9Eb2N1bWVu dC1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGZhc3QveHNsL3hzbHQtdHJh bnNmb3JtVG9Eb2N1bWVudC1jcmFzaC5odG1sOiBBZGRlZC4KKwogMjAyMS0wNi0yOSAgTWFydGlu IFJvYmluc29uICA8bXJvYmluc29uQGlnYWxpYS5jb20+CiAKICAgICAgICAgQ1NTIHNjcm9sbCBz bmFwIHNob3VsZCBhbGxvdyBzY3JvbGxpbmcgdG8gdGhlIG1pZGRsZSBvZiBzbmFwIGFyZWFzIHRo YXQgb3ZlcmZsb3cgdGhlIHNuYXBwb3J0CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L3hz bC94c2x0LXRyYW5zZm9ybVRvRG9jdW1lbnQtY3Jhc2gtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVz dHMvZmFzdC94c2wveHNsdC10cmFuc2Zvcm1Ub0RvY3VtZW50LWNyYXNoLWV4cGVjdGVkLnR4dApu ZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwLi4wZDg4NjM0YjNiZWQxOGFmYjlkZjI3NzRjNGZmZDc5OTU2Y2M2NGI0Ci0tLSAv ZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFzdC94c2wveHNsdC10cmFuc2Zvcm1Ub0RvY3Vt ZW50LWNyYXNoLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxIEBACitUZXN0IHBhc3NlcyBpZiBpdCBk b2VzIG5vdCBjcmFzaApkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvZmFzdC94c2wveHNsdC10cmFu c2Zvcm1Ub0RvY3VtZW50LWNyYXNoLmh0bWwgYi9MYXlvdXRUZXN0cy9mYXN0L3hzbC94c2x0LXRy YW5zZm9ybVRvRG9jdW1lbnQtY3Jhc2guaHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi5hZDU3YmRlNWY1NDU2Y2Zi NmZiMDRjMzNiOTE5MTFlMTkxN2Y2ZDU0Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMv ZmFzdC94c2wveHNsdC10cmFuc2Zvcm1Ub0RvY3VtZW50LWNyYXNoLmh0bWwKQEAgLTAsMCArMSwy MCBAQAorPHNjcmlwdD4KKyAgaWYgKHdpbmRvdy50ZXN0UnVubmVyKSB7CisgICAgdGVzdFJ1bm5l ci5kdW1wQXNUZXh0KCk7CisgICAgdGVzdFJ1bm5lci53YWl0VW50aWxEb25lKCk7CisgIH0KKyAg Y29uc3QgcHJvY2Vzc29yID0gbmV3IFhTTFRQcm9jZXNzb3IoKTsKKyAgY29uc3Qgc3R5bGUgPQor ICAgICc8eHNsOnN0eWxlc2hlZXQgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hT TC9UcmFuc2Zvcm0iIHZlcnNpb249IjEuMCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkv eGh0bWwiPicgKworICAgICc8L3hzbDpzdHlsZXNoZWV0Pic7CisgIGNvbnN0IHN0eWxlRG9jID0g bmV3IERPTVBhcnNlcigpLnBhcnNlRnJvbVN0cmluZyAoc3R5bGUsICJ0ZXh0L3htbCIpOworICBj b25zdCBkYXRhID0KKyAgICAnPCFET0NUWVBFIHdtbCBQVUJMSUMgIi0vL1dBUEZPUlVNLy9EVEQg V01MIDEuMS8vRU4iICJodHRwOi8vd3d3LndhcGZvcnVtLm9yZy9EVEQvd21sXzEuMS54bWwiPicg KyAKKyAgICAnPHdtbD48Y2FyZD48cD5wYXJhZ3JhcGg8L3A+PC9jYXJkPjwvd21sPic7CisgIGNv bnN0IG9yaWdpbmFsRG9jID0gbmV3IERPTVBhcnNlcigpLnBhcnNlRnJvbVN0cmluZyhkYXRhLCAi dGV4dC94bWwiKTsKKyAgcHJvY2Vzc29yLmltcG9ydFN0eWxlc2hlZXQoc3R5bGVEb2MpOworICBw cm9jZXNzb3IudHJhbnNmb3JtVG9Eb2N1bWVudChvcmlnaW5hbERvYyk7CisgIGlmICh3aW5kb3cu dGVzdFJ1bm5lcikKKyAgICB0ZXN0UnVubmVyLm5vdGlmeURvbmUoKTsKKzwvc2NyaXB0PgorPHA+ VGVzdCBwYXNzZXMgaWYgaXQgZG9lcyBub3QgY3Jhc2g8L3A+Cg==