30898 2009-10-28 22:51:51 -0700 Browser crash by deeply nested elements 2012-04-02 08:54:14 -0700 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) All All RESOLVED DUPLICATE 18282 http://fs.org.ua/oops.svg P1 Critical --- 1 tkent webkit-unassigned ggaren hyatt kamaji laszlo.gombos mitz oldest_to_newest 158834 0 tkent 2009-10-28 22:51:51 -0700 Environment: Windows Vista Safari 4.0.3 (531.9.1) 1. try to open http://fs.org.ua/oops.svg 2. The browser crashes This is also reproduced with Chrome4/Windows, and NOT reproduced with Safari4/Mac and Chrome/Mac. http://crbug.com/18830 has some more information. It seems a stack overflow. 161534 1 tkent 2009-11-09 02:39:42 -0800 I think we have 4 choices: A) limit element depth in HTML/XML parsers B) limit renderer depth C) limit recursion depth in the renderer code D) not use recursions in the renderer code B, C and D seem hard to implement. 161859 2 tkent 2009-11-09 17:36:16 -0800 > A) limit element depth in HTML/XML parsers > B) limit renderer depth > C) limit recursion depth in the renderer code > D) not use recursions in the renderer code > > B, C and D seem hard to implement. A doesn't work well because JavaScript code can make deep trees. 161927 3 42845 tkent 2009-11-09 19:42:56 -0800 Created attachment 42845 HTML example 161931 4 tkent 2009-11-09 19:49:09 -0800 As for http://fs.org.ua/oops.svg This crashes Safari and Chromium on only Windows The data is 33,000 nested <a> elements. It's a stack overflow at verticalPosition() and verticalPositionFromCache() I confirmed this was solved by increasing the stack size. chrome_62f30000!WebCore::RenderObject::isInline(void)+0x3 chrome_62f30000!WebCore::RenderBoxModelObject::verticalPosition(bool firstLine = false)+0x24 chrome_62f30000!WebCore::RenderInline::verticalPositionFromCache(bool firstLine = false)+0x5b chrome_62f30000!WebCore::RenderBoxModelObject::verticalPosition(bool firstLine = false)+0x13b chrome_62f30000!WebCore::RenderInline::verticalPositionFromCache(bool firstLine = false)+0x5b chrome_62f30000!WebCore::RenderBoxModelObject::verticalPosition(bool firstLine = false)+0x13b chrome_62f30000!WebCore::RenderInline::verticalPositionFromCache(bool firstLine = false)+0x5b chrome_62f30000!WebCore::RenderBoxModelObject::verticalPosition(bool firstLine = false)+0x13b chrome_62f30000!WebCore::RenderInline::verticalPositionFromCache(bool firstLine = false)+0x5b chrome_62f30000!WebCore::RenderBoxModelObject::verticalPosition(bool firstLine = false)+0x13b chrome_62f30000!WebCore::RenderInline::verticalPositionFromCache(bool firstLine = false)+0x5b As for the attached HTML This crashes Safari on not only Windows but also Mac OS. The data is 33,000 nested DIV elements. It seems a stack overflow at layout() / layoutBlock() / layoutBlockChildren(). 0 com.apple.WebCore 0x90beea5c WebCore::RenderBlock::layoutBlock(bool) + 12 1 com.apple.WebCore 0x90beea18 WebCore::RenderBlock::layout() + 40 2 com.apple.WebCore 0x90bf0744 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 932 3 com.apple.WebCore 0x90bef28d WebCore::RenderBlock::layoutBlock(bool) + 2109 4 com.apple.WebCore 0x90beea18 WebCore::RenderBlock::layout() + 40 5 com.apple.WebCore 0x90bf0744 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 932 6 com.apple.WebCore 0x90bef28d WebCore::RenderBlock::layoutBlock(bool) + 2109 7 com.apple.WebCore 0x90beea18 WebCore::RenderBlock::layout() + 40 8 com.apple.WebCore 0x90bf0744 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 932 9 com.apple.WebCore 0x90bef28d WebCore::RenderBlock::layoutBlock(bool) + 2109 10 com.apple.WebCore 0x90beea18 WebCore::RenderBlock::layout() + 40 11 com.apple.WebCore 0x90bf0744 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 932 12 com.apple.WebCore 0x90bef28d WebCore::RenderBlock::layoutBlock(bool) + 2109 13 com.apple.WebCore 0x90beea18 WebCore::RenderBlock::layout() + 40 161953 5 42847 tkent 2009-11-09 22:22:55 -0800 Created attachment 42847 A demo patch The patch introduces the limitation of renderer tree depth. It resolves both of the .svg case and the HTML case. I'm not sure whether adding a new field to RenderObject is reasonable or not. 162408 6 42940 tkent 2009-11-11 01:59:43 -0800 Created attachment 42940 Proposed patch We can avoid the stack overflow by this patch. However, * It adds 1 int field to RenderObject. It'll increase memory consumption. * The test is always timed out. 162563 7 42940 hyatt 2009-11-11 10:48:21 -0800 Comment on attachment 42940 Proposed patch Your ChangeLog comment says 4096, but then your #define is 8192. Your ifdef is in Node, but if you're really talking about renderobject depth limiting and not DOM limiting, then it should be over in RenderObject files. You cannot add a field to RenderObject. That's not an acceptable memory hit to take. 162742 8 tkent 2009-11-11 17:45:08 -0800 (In reply to comment #7) > You cannot add a field to RenderObject. That's not an acceptable memory hit to > take. Do you have other ideas to limit renderer tree depth? Adding depth field to DOM nodes must not be acceptable too. Measuring a depth in tree building process hits performance. Limiting the depth in HTML/XML parsers is not a complete way because of JavaScript. 164465 9 tkent 2009-11-17 23:02:13 -0800 I changed verticalPositionFromCache() -> verticalPosition() -> verticalPositionFromCache() -> ... recursion to a loop. It solved the stack overflow at that point, but I saw another stack overflow at another code path. We need to rewrite all of recursive calls. This way is not practical. 166143 10 kamaji 2009-11-24 10:18:29 -0800 This is a duplicate of bug 18282 166154 11 kamaji 2009-11-24 10:30:12 -0800 I have a proposed patch that I've had done for a while now, was just trying to think if there would be any better way to do it. It caps the tree in the parser when parser adds a node, and also in Javascript when a node is appended. There is no memory consumption increase, but there is a hit in performance, since depth of node to be added/appended to is calculated, for each add/append. Since there is a performance hit, I added a build flag to turn it on, and specify the maximum depth. Under standard desktop browsers with large max stack size, this can be omitted, since the maximum depth is generally in the hundreds of thousands. For low-memory devices, this is a bigger deal, and thus they may configure webkit with --enable-domtree-maxdepth=<value>. Patch coming shortly. 166320 12 tkent 2009-11-24 18:14:22 -0800 *** This bug has been marked as a duplicate of bug 18282 *** 42845 2009-11-09 19:42:56 -0800 2009-11-09 19:42:56 -0800 HTML example nested.html text/html 235 tkent PCFET0NUWVBFIGh0bWw+Cjxib2R5Pgo8ZGl2IGlkPSJkIj48L2Rpdj4KPHNjcmlwdD4KdmFyIHBh cmVudCA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdkJyk7CmZvciAodmFyIGkgPSAwOyBpIDwg MzMwMDA7IGkrKykgewogIHZhciBkaXYgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdkaXYnKTsK ICBwYXJlbnQuYXBwZW5kQ2hpbGQoZGl2KTsKICBwYXJlbnQgPSBkaXY7Cn0KCjwvc2NyaXB0Pgo8 L2JvZHk+Cg== 42847 2009-11-09 22:22:55 -0800 2009-11-11 01:59:43 -0800 A demo patch 0001-Limit-renderer-tree-depth.patch text/plain 2533 tkent RnJvbSA5ZWUzYTNkNDQyNjgzZGJkMWQxZjk1NmMwOTIwN2JjM2ZlZjIyMDM5IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBLZW50IFRhbXVyYSA8dGtlbnRAY2hyb21pdW0ub3JnPgpEYXRl OiBUdWUsIDEwIE5vdiAyMDA5IDE1OjE5OjQ2ICswOTAwClN1YmplY3Q6IFtQQVRDSF0gTGltaXQg cmVuZGVyZXIgdHJlZSBkZXB0aAoKLS0tCiBXZWJDb3JlL2RvbS9Ob2RlLmNwcCAgICAgICAgICAg ICAgIHwgICAgNSArKysrKwogV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyT2JqZWN0LmNwcCB8ICAg MTEgKysrKysrKysrKysKIFdlYkNvcmUvcmVuZGVyaW5nL1JlbmRlck9iamVjdC5oICAgfCAgICAz ICsrKwogMyBmaWxlcyBjaGFuZ2VkLCAxOSBpbnNlcnRpb25zKCspLCAwIGRlbGV0aW9ucygtKQoK ZGlmZiAtLWdpdCBhL1dlYkNvcmUvZG9tL05vZGUuY3BwIGIvV2ViQ29yZS9kb20vTm9kZS5jcHAK aW5kZXggNjEyYmYxOC4uNDQ2NDI0ZSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9kb20vTm9kZS5jcHAK KysrIGIvV2ViQ29yZS9kb20vTm9kZS5jcHAKQEAgLTEzNjcsNiArMTM2NywxMCBAQCBOb2RlICpO b2RlOjpuZXh0TGVhZk5vZGUoKSBjb25zdAogICAgIHJldHVybiAwOwogfQogCisjaWZuZGVmIE1B WF9SRU5ERVJFUl9ERVBUSAorI2RlZmluZSBNQVhfUkVOREVSRVJfREVQVEggODE5MgorI2VuZGlm CisKIHZvaWQgTm9kZTo6Y3JlYXRlUmVuZGVyZXJJZk5lZWRlZCgpCiB7CiAgICAgaWYgKCFkb2N1 bWVudCgpLT5zaG91bGRDcmVhdGVSZW5kZXJlcnMoKSkKQEAgLTEzODIsNiArMTM4Niw3IEBAIHZv aWQgTm9kZTo6Y3JlYXRlUmVuZGVyZXJJZk5lZWRlZCgpCiAjaWYgRU5BQkxFKFNWRykgfHwgRU5B QkxFKFhIVE1MTVApCiAgICAgICAgICYmIHBhcmVudC0+Y2hpbGRTaG91bGRDcmVhdGVSZW5kZXJl cih0aGlzKQogI2VuZGlmCisgICAgICAgICYmIHBhcmVudFJlbmRlcmVyLT5kZXB0aCgpIDwgTUFY X1JFTkRFUkVSX0RFUFRICiAgICAgICAgICkgewogICAgICAgICBSZWZQdHI8UmVuZGVyU3R5bGU+ IHN0eWxlID0gc3R5bGVGb3JSZW5kZXJlcigpOwogICAgICAgICBpZiAocmVuZGVyZXJJc05lZWRl ZChzdHlsZS5nZXQoKSkpIHsKZGlmZiAtLWdpdCBhL1dlYkNvcmUvcmVuZGVyaW5nL1JlbmRlck9i amVjdC5jcHAgYi9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJPYmplY3QuY3BwCmluZGV4IGExMGZm ZDkuLjhkN2E2NjcgMTAwNjQ0Ci0tLSBhL1dlYkNvcmUvcmVuZGVyaW5nL1JlbmRlck9iamVjdC5j cHAKKysrIGIvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyT2JqZWN0LmNwcApAQCAtMTcyLDYgKzE3 Miw3IEBAIFJlbmRlck9iamVjdDo6UmVuZGVyT2JqZWN0KE5vZGUqIG5vZGUpCiAgICAgLCBtX3Bh cmVudCgwKQogICAgICwgbV9wcmV2aW91cygwKQogICAgICwgbV9uZXh0KDApCisgICAgLCBtX2Rl cHRoKDApCiAjaWZuZGVmIE5ERUJVRwogICAgICwgbV9oYXNBWE9iamVjdChmYWxzZSkKICAgICAs IG1fc2V0TmVlZHNMYXlvdXRGb3JiaWRkZW4oZmFsc2UpCkBAIC0yNDE4LDYgKzI0MTksMTYgQEAg VmlzaWJsZVBvc2l0aW9uIFJlbmRlck9iamVjdDo6Y3JlYXRlVmlzaWJsZVBvc2l0aW9uKGNvbnN0 IFBvc2l0aW9uJiBwb3NpdGlvbikKICAgICByZXR1cm4gY3JlYXRlVmlzaWJsZVBvc2l0aW9uKDAs IERPV05TVFJFQU0pOwogfQogCitpbnQgUmVuZGVyT2JqZWN0OjpkZXB0aCgpCit7CisgICAgaWYg KG1fZGVwdGgpCisgICAgICAgIHJldHVybiBtX2RlcHRoOworICAgIGlmIChtX3BhcmVudCkKKyAg ICAgICAgbV9kZXB0aCA9IG1fcGFyZW50LT5kZXB0aCgpICsgMTsKKyAgICByZXR1cm4gbV9kZXB0 aDsKK30KKworCiAjaWYgRU5BQkxFKFNWRykKIAogRmxvYXRSZWN0IFJlbmRlck9iamVjdDo6b2Jq ZWN0Qm91bmRpbmdCb3goKSBjb25zdApkaWZmIC0tZ2l0IGEvV2ViQ29yZS9yZW5kZXJpbmcvUmVu ZGVyT2JqZWN0LmggYi9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJPYmplY3QuaAppbmRleCBlMzU4 Yzk4Li43OTk4YWE3IDEwMDY0NAotLS0gYS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJPYmplY3Qu aAorKysgYi9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJPYmplY3QuaApAQCAtNzQzLDYgKzc0Myw4 IEBAIHB1YmxpYzoKICAgICAgICAgcmV0dXJuIG91dGxpbmVCb3VuZHNGb3JSZXBhaW50KDApOwog ICAgIH0KIAorICAgIGludCBkZXB0aCgpOworCiBwcm90ZWN0ZWQ6CiAgICAgLy8gT3ZlcnJpZGVz IHNob3VsZCBjYWxsIHRoZSBzdXBlcmNsYXNzIGF0IHRoZSBlbmQKICAgICB2aXJ0dWFsIHZvaWQg c3R5bGVXaWxsQ2hhbmdlKFN0eWxlRGlmZmVyZW5jZSwgY29uc3QgUmVuZGVyU3R5bGUqIG5ld1N0 eWxlKTsKQEAgLTgwMSw2ICs4MDMsNyBAQCBwcml2YXRlOgogICAgIFJlbmRlck9iamVjdCogbV9w YXJlbnQ7CiAgICAgUmVuZGVyT2JqZWN0KiBtX3ByZXZpb3VzOwogICAgIFJlbmRlck9iamVjdCog bV9uZXh0OworICAgIGludCBtX2RlcHRoOwogCiAjaWZuZGVmIE5ERUJVRwogICAgIGJvb2wgbV9o YXNBWE9iamVjdDsKLS0gCjEuNi4zLjMKCg== 42940 2009-11-11 01:59:43 -0800 2009-11-11 10:48:21 -0800 Proposed patch 0001-Limit-renderer-tree-depth.patch text/plain 5643 tkent RnJvbSBkOGZjNjUyNjc2YjQyMmM0MjRiYWRmYTQ5NGExMzdlYzE5NjM5ZjJlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBLZW50IFRhbXVyYSA8dGtlbnRAY2hyb21pdW0ub3JnPgpEYXRl OiBUdWUsIDEwIE5vdiAyMDA5IDE1OjE5OjQ2ICswOTAwClN1YmplY3Q6IFtQQVRDSF0gTGltaXQg cmVuZGVyZXIgdHJlZSBkZXB0aAoKLS0tCiBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICB8ICAgMTIgKysrKysrKysrKysrCiBMYXlvdXRUZXN0cy9mYXN0 L2RvbS9kZWVwLW5lc3Qtc3RhY2stb3ZlcmZsb3cuaHRtbCB8ICAgMTMgKysrKysrKysrKysrKwog Li4uL2RvbS9zY3JpcHQtdGVzdHMvZGVlcC1uZXN0LXN0YWNrLW92ZXJmbG93LmpzICAgfCAgIDEw ICsrKysrKysrKysKIFdlYkNvcmUvQ2hhbmdlTG9nICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgIHwgICAxOSArKysrKysrKysrKysrKysrKysrCiBXZWJDb3JlL2RvbS9Ob2RlLmNwcCAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAgIDUgKysrKysKIFdlYkNvcmUvcmVuZGVy aW5nL1JlbmRlck9iamVjdC5jcHAgICAgICAgICAgICAgICAgIHwgICAxMSArKysrKysrKysrKwog V2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyT2JqZWN0LmggICAgICAgICAgICAgICAgICAgfCAgICAz ICsrKwogNyBmaWxlcyBjaGFuZ2VkLCA3MyBpbnNlcnRpb25zKCspLCAwIGRlbGV0aW9ucygtKQog Y3JlYXRlIG1vZGUgMTAwNjQ0IExheW91dFRlc3RzL2Zhc3QvZG9tL2RlZXAtbmVzdC1zdGFjay1v dmVyZmxvdy5odG1sCiBjcmVhdGUgbW9kZSAxMDA2NDQgTGF5b3V0VGVzdHMvZmFzdC9kb20vc2Ny aXB0LXRlc3RzL2RlZXAtbmVzdC1zdGFjay1vdmVyZmxvdy5qcwoKZGlmZiAtLWdpdCBhL0xheW91 dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCA2NGE1MDNkLi5i ZTIyZjk3IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVz dHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMDktMTEtMTEgIEtlbnQgVGFtdXJhICA8 dGtlbnRAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEp LgorCisgICAgICAgIEEgdGVzdCB0aGF0IGRlZXBseSBuZXN0ZWQgZWxlbWVudHMgZG9uJ3QgbWFr ZSBhIGNyYXNoLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9MzA4OTgKKworICAgICAgICBGSVhNRTogVGhpcyB0ZXN0IHdpbGwgYmUgdGltZWQgb3V0Lgor CisgICAgICAgICogZmFzdC9kb20vZGVlcC1uZXN0LXN0YWNrLW92ZXJmbG93Lmh0bWw6IEFkZGVk LgorICAgICAgICAqIGZhc3QvZG9tL3NjcmlwdC10ZXN0cy9kZWVwLW5lc3Qtc3RhY2stb3ZlcmZs b3cuanM6IEFkZGVkLgorCiAyMDA5LTEwLTI3ICBDaHJpcyBGbGVpemFjaCAgPGNmbGVpemFjaEBh cHBsZS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4gQWRsZXIuCmRpZmYgLS1naXQg YS9MYXlvdXRUZXN0cy9mYXN0L2RvbS9kZWVwLW5lc3Qtc3RhY2stb3ZlcmZsb3cuaHRtbCBiL0xh eW91dFRlc3RzL2Zhc3QvZG9tL2RlZXAtbmVzdC1zdGFjay1vdmVyZmxvdy5odG1sCm5ldyBmaWxl IG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLmY5Y2FmZTMKLS0tIC9kZXYvbnVsbAorKysgYi9M YXlvdXRUZXN0cy9mYXN0L2RvbS9kZWVwLW5lc3Qtc3RhY2stb3ZlcmZsb3cuaHRtbApAQCAtMCww ICsxLDEzIEBACis8IURPQ1RZUEUgSFRNTCBQVUJMSUMgIi0vL0lFVEYvL0RURCBIVE1MLy9FTiI+ Cis8aHRtbD4KKzxoZWFkPgorPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiBocmVmPSIuLi9qcy9yZXNv dXJjZXMvanMtdGVzdC1zdHlsZS5jc3MiPgorPHNjcmlwdCBzcmM9Ii4uL2pzL3Jlc291cmNlcy9q cy10ZXN0LXByZS5qcyI+PC9zY3JpcHQ+Cis8L2hlYWQ+Cis8Ym9keT4KKzxwIGlkPSJkZXNjcmlw dGlvbiI+PC9wPgorPGRpdiBpZD0iY29uc29sZSI+PC9kaXY+Cis8c2NyaXB0IHNyYz0ic2NyaXB0 LXRlc3RzL2RlZXAtbmVzdC1zdGFjay1vdmVyZmxvdy5qcyI+PC9zY3JpcHQ+Cis8c2NyaXB0IHNy Yz0iLi4vanMvcmVzb3VyY2VzL2pzLXRlc3QtcG9zdC5qcyI+PC9zY3JpcHQ+Cis8L2JvZHk+Cis8 L2h0bWw+CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L2RvbS9zY3JpcHQtdGVzdHMvZGVl cC1uZXN0LXN0YWNrLW92ZXJmbG93LmpzIGIvTGF5b3V0VGVzdHMvZmFzdC9kb20vc2NyaXB0LXRl c3RzL2RlZXAtbmVzdC1zdGFjay1vdmVyZmxvdy5qcwpuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRl eCAwMDAwMDAwLi4zYjk5MDc2Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFzdC9k b20vc2NyaXB0LXRlc3RzL2RlZXAtbmVzdC1zdGFjay1vdmVyZmxvdy5qcwpAQCAtMCwwICsxLDEw IEBACit2YXIgcGFyZW50ID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnZGl2Jyk7Citkb2N1bWVu dC5ib2R5LmFwcGVuZENoaWxkKHBhcmVudCk7CisKK2ZvciAodmFyIGkgPSAwOyBpIDwgMTIwMDA7 IGkrKykgeworICB2YXIgZGl2ID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnZGl2Jyk7CisgIHBh cmVudC5hcHBlbmRDaGlsZChkaXYpOworICBwYXJlbnQgPSBkaXY7Cit9CisKK3ZhciBzdWNjZXNz ZnVsbHlQYXJzZWQgPSB0cnVlOwpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9DaGFuZ2VMb2cgYi9XZWJD b3JlL0NoYW5nZUxvZwppbmRleCA4NThjNjVkLi5hN2ZhZDI1IDEwMDY0NAotLS0gYS9XZWJDb3Jl L0NoYW5nZUxvZworKysgYi9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIyIEBACisyMDA5 LTExLTExICBLZW50IFRhbXVyYSAgPHRrZW50QGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBJbnRyb2R1Y2UgdGhlIGRlcHRoIGxp bWl0IG9mIHJlbmRlcmVyIHRyZWVzIHRvIGF2b2lkIHN0YWNrIG92ZXJmbG93cy4KKyAgICAgICAg aHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTMwODk4CisKKyAgICAgICAg VGhlIGRlZmF1bHQgZGVwdGggbGltaXRhdGlvbiBpcyA0LDA5NiwgYW5kIGNhbiBiZSBvdmVycmlk ZGVuIGJ5CisgICAgICAgIHNldHRpbmcgTUFYX1JFTkRFUkVSX0RFUFRIIG1hY3JvLgorCisgICAg ICAgIFRlc3Q6IGZhc3QvZG9tL2RlZXAtbmVzdC1zdGFjay1vdmVyZmxvdy5odG1sCisKKyAgICAg ICAgKiBkb20vTm9kZS5jcHA6CisgICAgICAgIChXZWJDb3JlOjpOb2RlOjpjcmVhdGVSZW5kZXJl cklmTmVlZGVkKToKKyAgICAgICAgKiByZW5kZXJpbmcvUmVuZGVyT2JqZWN0LmNwcDoKKyAgICAg ICAgKFdlYkNvcmU6OlJlbmRlck9iamVjdDo6UmVuZGVyT2JqZWN0KToKKyAgICAgICAgKFdlYkNv cmU6OlJlbmRlck9iamVjdDo6ZGVwdGgpOgorICAgICAgICAqIHJlbmRlcmluZy9SZW5kZXJPYmpl Y3QuaDoKKwogMjAwOS0xMC0yNyAgQ2hyaXMgRmxlaXphY2ggIDxjZmxlaXphY2hAYXBwbGUuY29t PgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhcmluIEFkbGVyLgpkaWZmIC0tZ2l0IGEvV2ViQ29y ZS9kb20vTm9kZS5jcHAgYi9XZWJDb3JlL2RvbS9Ob2RlLmNwcAppbmRleCA2MTJiZjE4Li5hODY4 OWNiIDEwMDY0NAotLS0gYS9XZWJDb3JlL2RvbS9Ob2RlLmNwcAorKysgYi9XZWJDb3JlL2RvbS9O b2RlLmNwcApAQCAtOTgsNiArOTgsMTAgQEAKIAogI2RlZmluZSBEVU1QX05PREVfU1RBVElTVElD UyAwCiAKKyNpZm5kZWYgTUFYX1JFTkRFUkVSX0RFUFRICisjZGVmaW5lIE1BWF9SRU5ERVJFUl9E RVBUSCA4MTkyCisjZW5kaWYKKwogdXNpbmcgbmFtZXNwYWNlIHN0ZDsKIAogbmFtZXNwYWNlIFdl YkNvcmUgewpAQCAtMTM4Miw2ICsxMzg2LDcgQEAgdm9pZCBOb2RlOjpjcmVhdGVSZW5kZXJlcklm TmVlZGVkKCkKICNpZiBFTkFCTEUoU1ZHKSB8fCBFTkFCTEUoWEhUTUxNUCkKICAgICAgICAgJiYg cGFyZW50LT5jaGlsZFNob3VsZENyZWF0ZVJlbmRlcmVyKHRoaXMpCiAjZW5kaWYKKyAgICAgICAg JiYgcGFyZW50UmVuZGVyZXItPmRlcHRoKCkgPCBNQVhfUkVOREVSRVJfREVQVEgKICAgICAgICAg KSB7CiAgICAgICAgIFJlZlB0cjxSZW5kZXJTdHlsZT4gc3R5bGUgPSBzdHlsZUZvclJlbmRlcmVy KCk7CiAgICAgICAgIGlmIChyZW5kZXJlcklzTmVlZGVkKHN0eWxlLmdldCgpKSkgewpkaWZmIC0t Z2l0IGEvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyT2JqZWN0LmNwcCBiL1dlYkNvcmUvcmVuZGVy aW5nL1JlbmRlck9iamVjdC5jcHAKaW5kZXggYTEwZmZkOS4uOGQ3YTY2NyAxMDA2NDQKLS0tIGEv V2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyT2JqZWN0LmNwcAorKysgYi9XZWJDb3JlL3JlbmRlcmlu Zy9SZW5kZXJPYmplY3QuY3BwCkBAIC0xNzIsNiArMTcyLDcgQEAgUmVuZGVyT2JqZWN0OjpSZW5k ZXJPYmplY3QoTm9kZSogbm9kZSkKICAgICAsIG1fcGFyZW50KDApCiAgICAgLCBtX3ByZXZpb3Vz KDApCiAgICAgLCBtX25leHQoMCkKKyAgICAsIG1fZGVwdGgoMCkKICNpZm5kZWYgTkRFQlVHCiAg ICAgLCBtX2hhc0FYT2JqZWN0KGZhbHNlKQogICAgICwgbV9zZXROZWVkc0xheW91dEZvcmJpZGRl bihmYWxzZSkKQEAgLTI0MTgsNiArMjQxOSwxNiBAQCBWaXNpYmxlUG9zaXRpb24gUmVuZGVyT2Jq ZWN0OjpjcmVhdGVWaXNpYmxlUG9zaXRpb24oY29uc3QgUG9zaXRpb24mIHBvc2l0aW9uKQogICAg IHJldHVybiBjcmVhdGVWaXNpYmxlUG9zaXRpb24oMCwgRE9XTlNUUkVBTSk7CiB9CiAKK2ludCBS ZW5kZXJPYmplY3Q6OmRlcHRoKCkKK3sKKyAgICBpZiAobV9kZXB0aCkKKyAgICAgICAgcmV0dXJu IG1fZGVwdGg7CisgICAgaWYgKG1fcGFyZW50KQorICAgICAgICBtX2RlcHRoID0gbV9wYXJlbnQt PmRlcHRoKCkgKyAxOworICAgIHJldHVybiBtX2RlcHRoOworfQorCisKICNpZiBFTkFCTEUoU1ZH KQogCiBGbG9hdFJlY3QgUmVuZGVyT2JqZWN0OjpvYmplY3RCb3VuZGluZ0JveCgpIGNvbnN0CmRp ZmYgLS1naXQgYS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJPYmplY3QuaCBiL1dlYkNvcmUvcmVu ZGVyaW5nL1JlbmRlck9iamVjdC5oCmluZGV4IGUzNThjOTguLjc5OThhYTcgMTAwNjQ0Ci0tLSBh L1dlYkNvcmUvcmVuZGVyaW5nL1JlbmRlck9iamVjdC5oCisrKyBiL1dlYkNvcmUvcmVuZGVyaW5n L1JlbmRlck9iamVjdC5oCkBAIC03NDMsNiArNzQzLDggQEAgcHVibGljOgogICAgICAgICByZXR1 cm4gb3V0bGluZUJvdW5kc0ZvclJlcGFpbnQoMCk7CiAgICAgfQogCisgICAgaW50IGRlcHRoKCk7 CisKIHByb3RlY3RlZDoKICAgICAvLyBPdmVycmlkZXMgc2hvdWxkIGNhbGwgdGhlIHN1cGVyY2xh c3MgYXQgdGhlIGVuZAogICAgIHZpcnR1YWwgdm9pZCBzdHlsZVdpbGxDaGFuZ2UoU3R5bGVEaWZm ZXJlbmNlLCBjb25zdCBSZW5kZXJTdHlsZSogbmV3U3R5bGUpOwpAQCAtODAxLDYgKzgwMyw3IEBA IHByaXZhdGU6CiAgICAgUmVuZGVyT2JqZWN0KiBtX3BhcmVudDsKICAgICBSZW5kZXJPYmplY3Qq IG1fcHJldmlvdXM7CiAgICAgUmVuZGVyT2JqZWN0KiBtX25leHQ7CisgICAgaW50IG1fZGVwdGg7 CiAKICNpZm5kZWYgTkRFQlVHCiAgICAgYm9vbCBtX2hhc0FYT2JqZWN0OwotLSAKMS42LjMuMwoK