27275 2009-07-14 15:07:43 -0700 [Chromium] popup menus can crash when the selected index is -1 2009-07-21 12:19:27 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC All RESOLVED FIXED P2 Normal --- 1 paul levin eric levin oldest_to_newest 131694 0 paul 2009-07-14 15:07:43 -0700 We've received crash dumps from users with call stacks indicating that PopupListBox::isSelectableItem has been passed an index of -1. This method should prevent such an invalid index from crashing. 131700 1 32738 paul 2009-07-14 15:14:15 -0700 Created attachment 32738 Fix for crashing with invalid index. 131975 2 eric 2009-07-15 11:41:13 -0700 Can we create a manual test? 131976 3 paul 2009-07-15 11:45:34 -0700 I wasn't able to reproduce this manually so I'm not sure how to create a test for it, but we are getting a number of crash dumps from users for this specific problem. 132068 4 eric 2009-07-15 16:06:18 -0700 Can you make a guess from code inspection as to how this could be happening? it's possible this is the wrong fix if we don't understand why it occurs... 132078 5 paul 2009-07-15 16:19:30 -0700 Unfortunately, the crash dumps are mini-dumps from users so they don't contain enough of the stack to make complete sense. What I do see is an attempt to check for menu item selectability after a mouse move event. My guess is that the child window tracking the mouse has detected the user has moved out of the popup window since PopupListBox::pointToRowIndex is returning -1 to PopupListBox::selectIndex. selectIndex has an ASSERT to catch the case of invalid index values, but that's only in debug builds and won't protect the user in any case. 132095 6 eric 2009-07-15 17:02:25 -0700 Should we be returning early out of selectIndex() instead of here? I'm not against making this code more robust here, but I worry we're masking another bug instead of fixing the root cause. 132097 7 paul 2009-07-15 17:09:41 -0700 I don't believe we are masking a bug here, since it's perfectly valid for the popup to try and hit test outside of its region (thereby generating an index of -1) during mouse operations. In this case, the ASSERT is incorrect since there is at least one place in the code where we return a value that violates the assert. Perhaps a better fix is to go through all the PopupListBox vector indexing to make sure that we can never index outside its valid range [0, numItems()). 132430 8 32908 paul 2009-07-16 17:55:02 -0700 Created attachment 32908 Updated fix for an invalid vector index crash Update the patch to more thoroughly enforce correct vector index values through out PopupListBox. 133074 9 32908 eric 2009-07-19 23:02:25 -0700 Comment on attachment 32908 Updated fix for an invalid vector index crash This seems wrong: if (index < 0 || index >= numItems()) 890 return; 891 888892 if (index == -1 && m_popupClient) { You've made some of the code unreachable. 133210 10 33102 paul 2009-07-20 13:26:27 -0700 Created attachment 33102 Fix for crashing with invalid index. Updated the code per previous review comments. Changed the check from "index == -1" to "index < 0" to be consistent with other PopupListBox methods. 133216 11 33102 eric 2009-07-20 13:51:38 -0700 Comment on attachment 33102 Fix for crashing with invalid index. I spoke w/ Paul at his desk. The real bug here seems to be the API design for pointToRowIndex. pointToRowIndex returns the special value "-1" which all other places which use "int index" are forced to then handle. + if (index >= numItems()) + return; is not necessary. I can be an ASSERT, but doesn't seem otherwise needed. + if (index < 0) { could be index == -1, since -1 is the only special value. It's OK as is though. - ASSERT(index >= 0 && index < numItems()); + if (index < 0 || index >= numItems()) + return; This looks like it will crash in the future? Seems we need to handle at least the -1 case. bool PopupListBox::isSelectableItem(int index) { + ASSERT(index >= 0 && index < numItems()); Since we know the source of the only invalid indices (pointToRowIndex), seems we should fix the source of these invalid indices. bool hitTest(IntPoint, int& hitRow); seems like a better API than pointToRowIndex as it would force all callers to handle the out-of bounds case. r+ because this fixes the crash. Please consider filing a bug about the re-archtecture, or post-ing a fix using the hitTest approach instead. 133525 12 levin 2009-07-21 11:14:13 -0700 Assign to levin for landing. 133534 13 levin 2009-07-21 11:28:26 -0700 Please make sure to include the bug title and bug link in the changelog in the future prepare-ChangeLog --bug YourBugNumber makes this trivial. 133550 14 levin 2009-07-21 12:19:27 -0700 Committed as http://trac.webkit.org/changeset/46184 32738 2009-07-14 15:14:15 -0700 2009-07-16 17:55:02 -0700 Fix for crashing with invalid index. popup_index text/plain 1473 paul SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NTg3NCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTcgQEAKKzIwMDktMDctMTQgIFBhdWwgR29kYXZhcmkgIDxwYXVsQGNocm9taXVt Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBD cmFzaCByZXBvcnRzIGZyb20gdXNlcnMgaW5kaWNhdGUgYSBjcmFzaCBjYW4gb2NjdXIgd2hlbiBQ b3B1cExpc3RCb3g6OmlzU2VsZWN0YWJsZUl0ZW0KKyAgICAgICAgaXMgcGFzc2VkIGFuIGluZGV4 IG9mIGxlc3MgdGhhbiAwICh3aGljaCBpcyBwb3NzaWJsZSB1bmRlciBjZXJ0YWluIGNpcmN1bXN0 YW5jZXMpLiBUaGlzCisgICAgICAgIGNoYW5nZSBwcmV2ZW50cyBzdWNoIGEgdmFsdWUgZnJvbSBj YXVzaW5nIGEgY3Jhc2guCisKKyAgICAgICAgTm8gYXV0b21hdGljIHRlc3QgaXMgcHJvdmlkZWQg c2luY2Ugd2UgY2Fubm90IHNlbmQgZXZlbnRzIHRvIHRoZSBjaGlsZCB3aW5kb3cgdXNlZCBieQor ICAgICAgICB0aGUgUG9wdXAgbWVudS4KKworICAgICAgICAqIHBsYXRmb3JtL2Nocm9taXVtL1Bv cHVwTWVudUNocm9taXVtLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlBvcHVwTGlzdEJveDo6aXNT ZWxlY3RhYmxlSXRlbSk6CisKIDIwMDktMDctMTQgIERpbWl0cmkgR2xhemtvdiAgPGRnbGF6a292 QGNocm9taXVtLm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBieSBBZGFtIEJhcnRoLgpJbmRleDog V2ViQ29yZS9wbGF0Zm9ybS9jaHJvbWl1bS9Qb3B1cE1lbnVDaHJvbWl1bS5jcHAKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PQotLS0gV2ViQ29yZS9wbGF0Zm9ybS9jaHJvbWl1bS9Qb3B1cE1lbnVDaHJvbWl1bS5jcHAJKHJl dmlzaW9uIDQ1ODczKQorKysgV2ViQ29yZS9wbGF0Zm9ybS9jaHJvbWl1bS9Qb3B1cE1lbnVDaHJv bWl1bS5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTk2NCw3ICs5NjQsNyBAQCB2b2lkIFBvcHVwTGlz dEJveDo6c2Nyb2xsVG9SZXZlYWxSb3coaW50CiAKIGJvb2wgUG9wdXBMaXN0Qm94Ojppc1NlbGVj dGFibGVJdGVtKGludCBpbmRleCkKIHsKLSAgICByZXR1cm4gbV9pdGVtc1tpbmRleF0tPnR5cGUg PT0gUG9wdXBJdGVtOjpUeXBlT3B0aW9uICYmIG1fcG9wdXBDbGllbnQtPml0ZW1Jc0VuYWJsZWQo aW5kZXgpOworICAgIHJldHVybiBpbmRleCA+PSAwICYmIG1faXRlbXNbaW5kZXhdLT50eXBlID09 IFBvcHVwSXRlbTo6VHlwZU9wdGlvbiAmJiBtX3BvcHVwQ2xpZW50LT5pdGVtSXNFbmFibGVkKGlu ZGV4KTsKIH0KIAogdm9pZCBQb3B1cExpc3RCb3g6OmNsZWFyU2VsZWN0aW9uKCkK 32908 2009-07-16 17:55:02 -0700 2009-07-20 13:26:27 -0700 Updated fix for an invalid vector index crash popup_index2 text/plain 3722 paul SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NTk5OSkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjQgQEAKKzIwMDktMDctMTYgIFBhdWwgR29kYXZhcmkgIDxwYXVsQGNocm9taXVt Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBD cmFzaCByZXBvcnRzIGZyb20gdXNlcnMgaW5kaWNhdGUgYSBjcmFzaCBjYW4gb2NjdXIgd2hlbiBQ b3B1cExpc3RCb3g6OmlzU2VsZWN0YWJsZUl0ZW0KKyAgICAgICAgaXMgcGFzc2VkIGFuIGluZGV4 IG9mIGxlc3MgdGhhbiAwICh3aGljaCBpcyBwb3NzaWJsZSB1bmRlciBjZXJ0YWluIGNpcmN1bXN0 YW5jZXMpLiBUaGlzCisgICAgICAgIGNoYW5nZSBwcmV2ZW50cyBzdWNoIGEgdmFsdWUgZnJvbSBj YXVzaW5nIGEgY3Jhc2ggYnkgZW5mb3JjaW5nIHZhbGlkIGluZGV4IHZhbHVlcyBwYXNzZWQKKyAg ICAgICAgYnkgYWxsIGNhbGxlcnMgb2YgaXNTZWxlY3RhYmxlSXRlbS4gaXNTZWxlY3RhYmxlSXRl bSBpcyBub3cgYSBwcml2YXRlIG1ldGhvZCBvZgorICAgICAgICBQb3B1cExpc3RCb3gsIGFzIHRo ZXJlIGFyZSBubyBleHRlcm5hbCBjYWxsZXJzLgorCisgICAgICAgIEFsc28gY2xlYW5lZCB1cCBh IHNtYWxsIGFtb3VudCBvZiBjb2RlIGZvciBzdHlsZSBhbmQgZ3JhbW1hciBlcnJvcnMuCisKKyAg ICAgICAgTm8gYXV0b21hdGljIHRlc3QgaXMgcHJvdmlkZWQgc2luY2Ugd2UgY2Fubm90IHNlbmQg ZXZlbnRzIHRvIHRoZSBjaGlsZCB3aW5kb3cgdXNlZCBieQorICAgICAgICB0aGUgcG9wdXAgbWVu dS4KKworICAgICAgICAqIHBsYXRmb3JtL2Nocm9taXVtL1BvcHVwTWVudUNocm9taXVtLmNwcDoK KyAgICAgICAgKFdlYkNvcmU6OlBvcHVwTGlzdEJveDo6YWNjZXB0SW5kZXgpOgorICAgICAgICAo V2ViQ29yZTo6UG9wdXBMaXN0Qm94OjpzZWxlY3RJbmRleCk6CisgICAgICAgIChXZWJDb3JlOjpQ b3B1cExpc3RCb3g6OmlzU2VsZWN0YWJsZUl0ZW0pOgorICAgICAgICAoV2ViQ29yZTo6UG9wdXBM aXN0Qm94OjpzZWxlY3RQcmV2aW91c1Jvdyk6CisKIDIwMDktMDctMTYgIEFkYW0gQmFydGggIDxh YmFydGhAd2Via2l0Lm9yZz4KIAogICAgICAgICBVbnJldmlld2VkLgpJbmRleDogV2ViQ29yZS9w bGF0Zm9ybS9jaHJvbWl1bS9Qb3B1cE1lbnVDaHJvbWl1bS5jcHAKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2Vi Q29yZS9wbGF0Zm9ybS9jaHJvbWl1bS9Qb3B1cE1lbnVDaHJvbWl1bS5jcHAJKHJldmlzaW9uIDQ1 OTk5KQorKysgV2ViQ29yZS9wbGF0Zm9ybS9jaHJvbWl1bS9Qb3B1cE1lbnVDaHJvbWl1bS5jcHAJ KHdvcmtpbmcgY29weSkKQEAgLTEzOSwxMCArMTM5LDYgQEAgcHVibGljOgogICAgIC8vIEdldHMg dGhlIGhlaWdodCBvZiBhIHJvdy4KICAgICBpbnQgZ2V0Um93SGVpZ2h0KGludCBpbmRleCk7CiAK LSAgICAvLyBSZXR1cm5zIHRydWUgaWYgdGhlIHNlbGVjdGlvbiBjYW4gYmUgY2hhbmdlZCB0byBp bmRleC4KLSAgICAvLyBEaXNhYmxlZCBpdGVtcywgb3IgbGFiZWxzIGNhbm5vdCBiZSBzZWxlY3Rl ZC4KLSAgICBib29sIGlzU2VsZWN0YWJsZUl0ZW0oaW50IGluZGV4KTsKLQogICAgIGNvbnN0IFZl Y3RvcjxQb3B1cEl0ZW0qPiYgaXRlbXMoKSBjb25zdCB7IHJldHVybiBtX2l0ZW1zOyB9CiAKIHBy aXZhdGU6CkBAIC0xNzIsOCArMTY4LDE0IEBAIHByaXZhdGU6CiAKICAgICAvLyBDbG9zZXMgdGhl IHBvcHVwCiAgICAgdm9pZCBhYmFuZG9uKCk7CisKKyAgICAvLyBSZXR1cm5zIHRydWUgaWYgdGhl IHNlbGVjdGlvbiBjYW4gYmUgY2hhbmdlZCB0byBpbmRleC4KKyAgICAvLyBEaXNhYmxlZCBpdGVt cywgb3IgbGFiZWxzIGNhbm5vdCBiZSBzZWxlY3RlZC4KKyAgICBib29sIGlzU2VsZWN0YWJsZUl0 ZW0oaW50IGluZGV4KTsKKwogICAgIC8vIFNlbGVjdCBhbiBpbmRleCBpbiB0aGUgbGlzdCwgc2Ny b2xsaW5nIGlmIG5lY2Vzc2FyeS4KICAgICB2b2lkIHNlbGVjdEluZGV4KGludCBpbmRleCk7CisK ICAgICAvLyBBY2NlcHRzIHRoZSBzZWxlY3RlZCBpbmRleCBhcyB0aGUgdmFsdWUgdG8gYmUgZGlz cGxheWVkIGluIHRoZSA8c2VsZWN0PiB3aWRnZXQgb24KICAgICAvLyB0aGUgd2ViIHBhZ2UsIGFu ZCBjbG9zZXMgdGhlIHBvcHVwLgogICAgIHZvaWQgYWNjZXB0SW5kZXgoaW50IGluZGV4KTsKQEAg LTg4NCwxMSArODg2LDEzIEBAIGludCBQb3B1cExpc3RCb3g6OnBvaW50VG9Sb3dJbmRleChjb25z dCAKIAogdm9pZCBQb3B1cExpc3RCb3g6OmFjY2VwdEluZGV4KGludCBpbmRleCkKIHsKLSAgICBB U1NFUlQoaW5kZXggPj0gLTEgJiYgaW5kZXggPCBudW1JdGVtcygpKTsKKyAgICBpZiAoaW5kZXgg PCAwIHx8IGluZGV4ID49IG51bUl0ZW1zKCkpCisgICAgICAgIHJldHVybjsKKwogICAgIGlmIChp bmRleCA9PSAtMSAmJiBtX3BvcHVwQ2xpZW50KSB7Ci0gICAgICAvLyBFbnRlciBwcmVzc2VkIHdp dGggbm8gc2VsZWN0aW9uLCBqdXN0IGNsb3NlIHRoZSBwb3B1cC4KLSAgICAgIG1fcG9wdXBDbGll bnQtPmhpZGVQb3B1cCgpOwotICAgICAgcmV0dXJuOworICAgICAgICAvLyBFbnRlciBwcmVzc2Vk IHdpdGggbm8gc2VsZWN0aW9uLCBqdXN0IGNsb3NlIHRoZSBwb3B1cC4KKyAgICAgICAgbV9wb3B1 cENsaWVudC0+aGlkZVBvcHVwKCk7CisgICAgICAgIHJldHVybjsKICAgICB9CiAKICAgICBpZiAo aXNTZWxlY3RhYmxlSXRlbShpbmRleCkpIHsKQEAgLTkwNCw3ICs5MDgsOCBAQCB2b2lkIFBvcHVw TGlzdEJveDo6YWNjZXB0SW5kZXgoaW50IGluZGV4CiAKIHZvaWQgUG9wdXBMaXN0Qm94OjpzZWxl Y3RJbmRleChpbnQgaW5kZXgpCiB7Ci0gICAgQVNTRVJUKGluZGV4ID49IDAgJiYgaW5kZXggPCBu dW1JdGVtcygpKTsKKyAgICBpZiAoaW5kZXggPCAwIHx8IGluZGV4ID49IG51bUl0ZW1zKCkpCisg ICAgICAgIHJldHVybjsKIAogICAgIGlmIChpbmRleCAhPSBtX3NlbGVjdGVkSW5kZXggJiYgaXNT ZWxlY3RhYmxlSXRlbShpbmRleCkpIHsKICAgICAgICAgaW52YWxpZGF0ZVJvdyhtX3NlbGVjdGVk SW5kZXgpOwpAQCAtOTY0LDYgKzk2OSw3IEBAIHZvaWQgUG9wdXBMaXN0Qm94OjpzY3JvbGxUb1Jl dmVhbFJvdyhpbnQKIAogYm9vbCBQb3B1cExpc3RCb3g6OmlzU2VsZWN0YWJsZUl0ZW0oaW50IGlu ZGV4KQogeworICAgIEFTU0VSVChpbmRleCA+PSAwICYmIGluZGV4IDwgbnVtSXRlbXMoKSk7CiAg ICAgcmV0dXJuIG1faXRlbXNbaW5kZXhdLT50eXBlID09IFBvcHVwSXRlbTo6VHlwZU9wdGlvbiAm JiBtX3BvcHVwQ2xpZW50LT5pdGVtSXNFbmFibGVkKGluZGV4KTsKIH0KIApAQCAtOTk5LDcgKzEw MDUsNyBAQCB2b2lkIFBvcHVwTGlzdEJveDo6c2VsZWN0UHJldmlvdXNSb3coKQogICAgICAgICBy ZXR1cm47CiAgICAgfQogCi0gICAgLy8gTm8gcm93IGFyZSBzZWxlY3RlZCwganVtcCB0byB0aGUg bGFzdCBpdGVtLgorICAgIC8vIE5vIHJvdyBpcyBzZWxlY3RlZCwganVtcCB0byB0aGUgbGFzdCBp dGVtLgogICAgIHNlbGVjdEluZGV4KG51bUl0ZW1zKCkgLSAxKTsKICAgICBzY3JvbGxUb1JldmVh bFNlbGVjdGlvbigpOwogfQo= 33102 2009-07-20 13:26:27 -0700 2009-07-20 13:51:37 -0700 Fix for crashing with invalid index. popup_index3 text/plain 3803 paul SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NjEyNikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjQgQEAKKzIwMDktMDctMjAgIFBhdWwgR29kYXZhcmkgIDxwYXVsQGNocm9taXVt Lm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBD cmFzaCByZXBvcnRzIGZyb20gdXNlcnMgaW5kaWNhdGUgYSBjcmFzaCBjYW4gb2NjdXIgd2hlbiBQ b3B1cExpc3RCb3g6OmlzU2VsZWN0YWJsZUl0ZW0KKyAgICAgICAgaXMgcGFzc2VkIGFuIGluZGV4 IG9mIGxlc3MgdGhhbiAwICh3aGljaCBpcyBwb3NzaWJsZSB1bmRlciBjZXJ0YWluIGNpcmN1bXN0 YW5jZXMpLiBUaGlzCisgICAgICAgIGNoYW5nZSBwcmV2ZW50cyBzdWNoIGEgdmFsdWUgZnJvbSBj YXVzaW5nIGEgY3Jhc2ggYnkgZW5mb3JjaW5nIHZhbGlkIGluZGV4IHZhbHVlcyBwYXNzZWQKKyAg ICAgICAgYnkgYWxsIGNhbGxlcnMgb2YgaXNTZWxlY3RhYmxlSXRlbS4gaXNTZWxlY3RhYmxlSXRl bSBpcyBub3cgYSBwcml2YXRlIG1ldGhvZCBvZgorICAgICAgICBQb3B1cExpc3RCb3gsIGFzIHRo ZXJlIGFyZSBubyBleHRlcm5hbCBjYWxsZXJzLgorCisgICAgICAgIEFsc28gY2xlYW5lZCB1cCBh IHNtYWxsIGFtb3VudCBvZiBjb2RlIGZvciBzdHlsZSBhbmQgZ3JhbW1hciBlcnJvcnMuCisKKyAg ICAgICAgTm8gYXV0b21hdGljIHRlc3QgaXMgcHJvdmlkZWQgc2luY2Ugd2UgY2Fubm90IHNlbmQg ZXZlbnRzIHRvIHRoZSBjaGlsZCB3aW5kb3cgdXNlZCBieQorICAgICAgICB0aGUgcG9wdXAgbWVu dS4KKworICAgICAgICAqIHBsYXRmb3JtL2Nocm9taXVtL1BvcHVwTWVudUNocm9taXVtLmNwcDoK KyAgICAgICAgKFdlYkNvcmU6OlBvcHVwTGlzdEJveDo6YWNjZXB0SW5kZXgpOgorICAgICAgICAo V2ViQ29yZTo6UG9wdXBMaXN0Qm94OjpzZWxlY3RJbmRleCk6CisgICAgICAgIChXZWJDb3JlOjpQ b3B1cExpc3RCb3g6OmlzU2VsZWN0YWJsZUl0ZW0pOgorICAgICAgICAoV2ViQ29yZTo6UG9wdXBM aXN0Qm94OjpzZWxlY3RQcmV2aW91c1Jvdyk6CisKIDIwMDktMDctMjAgIER1bWl0cnUgRGFuaWxp dWMgIDxkdW1pQGNocm9taXVtLm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBieSBEaW1pdHJpIEds YXprb3YuCkluZGV4OiBXZWJDb3JlL3BsYXRmb3JtL2Nocm9taXVtL1BvcHVwTWVudUNocm9taXVt LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBXZWJDb3JlL3BsYXRmb3JtL2Nocm9taXVtL1BvcHVwTWVudUNo cm9taXVtLmNwcAkocmV2aXNpb24gNDYxMjYpCisrKyBXZWJDb3JlL3BsYXRmb3JtL2Nocm9taXVt L1BvcHVwTWVudUNocm9taXVtLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMTM5LDEwICsxMzksNiBA QCBwdWJsaWM6CiAgICAgLy8gR2V0cyB0aGUgaGVpZ2h0IG9mIGEgcm93LgogICAgIGludCBnZXRS b3dIZWlnaHQoaW50IGluZGV4KTsKIAotICAgIC8vIFJldHVybnMgdHJ1ZSBpZiB0aGUgc2VsZWN0 aW9uIGNhbiBiZSBjaGFuZ2VkIHRvIGluZGV4LgotICAgIC8vIERpc2FibGVkIGl0ZW1zLCBvciBs YWJlbHMgY2Fubm90IGJlIHNlbGVjdGVkLgotICAgIGJvb2wgaXNTZWxlY3RhYmxlSXRlbShpbnQg aW5kZXgpOwotCiAgICAgY29uc3QgVmVjdG9yPFBvcHVwSXRlbSo+JiBpdGVtcygpIGNvbnN0IHsg cmV0dXJuIG1faXRlbXM7IH0KIAogcHJpdmF0ZToKQEAgLTE3Miw4ICsxNjgsMTQgQEAgcHJpdmF0 ZToKIAogICAgIC8vIENsb3NlcyB0aGUgcG9wdXAKICAgICB2b2lkIGFiYW5kb24oKTsKKworICAg IC8vIFJldHVybnMgdHJ1ZSBpZiB0aGUgc2VsZWN0aW9uIGNhbiBiZSBjaGFuZ2VkIHRvIGluZGV4 LgorICAgIC8vIERpc2FibGVkIGl0ZW1zLCBvciBsYWJlbHMgY2Fubm90IGJlIHNlbGVjdGVkLgor ICAgIGJvb2wgaXNTZWxlY3RhYmxlSXRlbShpbnQgaW5kZXgpOworCiAgICAgLy8gU2VsZWN0IGFu IGluZGV4IGluIHRoZSBsaXN0LCBzY3JvbGxpbmcgaWYgbmVjZXNzYXJ5LgogICAgIHZvaWQgc2Vs ZWN0SW5kZXgoaW50IGluZGV4KTsKKwogICAgIC8vIEFjY2VwdHMgdGhlIHNlbGVjdGVkIGluZGV4 IGFzIHRoZSB2YWx1ZSB0byBiZSBkaXNwbGF5ZWQgaW4gdGhlIDxzZWxlY3Q+IHdpZGdldCBvbgog ICAgIC8vIHRoZSB3ZWIgcGFnZSwgYW5kIGNsb3NlcyB0aGUgcG9wdXAuCiAgICAgdm9pZCBhY2Nl cHRJbmRleChpbnQgaW5kZXgpOwpAQCAtODg0LDExICs4ODYsMTUgQEAgaW50IFBvcHVwTGlzdEJv eDo6cG9pbnRUb1Jvd0luZGV4KGNvbnN0IAogCiB2b2lkIFBvcHVwTGlzdEJveDo6YWNjZXB0SW5k ZXgoaW50IGluZGV4KQogewotICAgIEFTU0VSVChpbmRleCA+PSAtMSAmJiBpbmRleCA8IG51bUl0 ZW1zKCkpOwotICAgIGlmIChpbmRleCA9PSAtMSAmJiBtX3BvcHVwQ2xpZW50KSB7Ci0gICAgICAv LyBFbnRlciBwcmVzc2VkIHdpdGggbm8gc2VsZWN0aW9uLCBqdXN0IGNsb3NlIHRoZSBwb3B1cC4K LSAgICAgIG1fcG9wdXBDbGllbnQtPmhpZGVQb3B1cCgpOwotICAgICAgcmV0dXJuOworICAgIGlm IChpbmRleCA+PSBudW1JdGVtcygpKQorICAgICAgICByZXR1cm47CisKKyAgICBpZiAoaW5kZXgg PCAwKSB7CisgICAgICAgIGlmIChtX3BvcHVwQ2xpZW50KSB7CisgICAgICAgICAgICAvLyBFbnRl ciBwcmVzc2VkIHdpdGggbm8gc2VsZWN0aW9uLCBqdXN0IGNsb3NlIHRoZSBwb3B1cC4KKyAgICAg ICAgICAgIG1fcG9wdXBDbGllbnQtPmhpZGVQb3B1cCgpOworICAgICAgICB9CisgICAgICAgIHJl dHVybjsKICAgICB9CiAKICAgICBpZiAoaXNTZWxlY3RhYmxlSXRlbShpbmRleCkpIHsKQEAgLTkw NCw3ICs5MTAsOCBAQCB2b2lkIFBvcHVwTGlzdEJveDo6YWNjZXB0SW5kZXgoaW50IGluZGV4CiAK IHZvaWQgUG9wdXBMaXN0Qm94OjpzZWxlY3RJbmRleChpbnQgaW5kZXgpCiB7Ci0gICAgQVNTRVJU KGluZGV4ID49IDAgJiYgaW5kZXggPCBudW1JdGVtcygpKTsKKyAgICBpZiAoaW5kZXggPCAwIHx8 IGluZGV4ID49IG51bUl0ZW1zKCkpCisgICAgICAgIHJldHVybjsKIAogICAgIGlmIChpbmRleCAh PSBtX3NlbGVjdGVkSW5kZXggJiYgaXNTZWxlY3RhYmxlSXRlbShpbmRleCkpIHsKICAgICAgICAg aW52YWxpZGF0ZVJvdyhtX3NlbGVjdGVkSW5kZXgpOwpAQCAtOTY0LDYgKzk3MSw3IEBAIHZvaWQg UG9wdXBMaXN0Qm94OjpzY3JvbGxUb1JldmVhbFJvdyhpbnQKIAogYm9vbCBQb3B1cExpc3RCb3g6 OmlzU2VsZWN0YWJsZUl0ZW0oaW50IGluZGV4KQogeworICAgIEFTU0VSVChpbmRleCA+PSAwICYm IGluZGV4IDwgbnVtSXRlbXMoKSk7CiAgICAgcmV0dXJuIG1faXRlbXNbaW5kZXhdLT50eXBlID09 IFBvcHVwSXRlbTo6VHlwZU9wdGlvbiAmJiBtX3BvcHVwQ2xpZW50LT5pdGVtSXNFbmFibGVkKGlu ZGV4KTsKIH0KIApAQCAtOTk5LDcgKzEwMDcsNyBAQCB2b2lkIFBvcHVwTGlzdEJveDo6c2VsZWN0 UHJldmlvdXNSb3coKQogICAgICAgICByZXR1cm47CiAgICAgfQogCi0gICAgLy8gTm8gcm93IGFy ZSBzZWxlY3RlZCwganVtcCB0byB0aGUgbGFzdCBpdGVtLgorICAgIC8vIE5vIHJvdyBpcyBzZWxl Y3RlZCwganVtcCB0byB0aGUgbGFzdCBpdGVtLgogICAgIHNlbGVjdEluZGV4KG51bUl0ZW1zKCkg LSAxKTsKICAgICBzY3JvbGxUb1JldmVhbFNlbGVjdGlvbigpOwogfQo=