33469 2010-01-11 07:48:12 -0800 Support injection of inspector scripts into the inspected ScriptState 2010-01-12 00:19:24 -0800 1 1 1 Unclassified WebKit Web Inspector (Deprecated) 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 32554 1 yurys yurys barraclough ggaren oliver pfeldman timothy oldest_to_newest 179359 0 yurys 2010-01-11 07:48:12 -0800 Part of Web Inspector is implemented in JavaScript and needs direct access to the inspected JS objects. To facilitate this there should be a way to compile the inspector utilities(called injected script) in the global scope of the inspected ScriptState and somehow store a reference to it(we need to keep the reference since the injected script keeps some state related to the inspected DOM, CSS styles and JS objects). 179367 1 46277 yurys 2010-01-11 08:13:31 -0800 Created attachment 46277 patch 179369 2 yurys 2010-01-11 08:17:15 -0800 (In reply to comment #1) > Created an attachment (id=46277) [details] > patch This is a fix for JavaScriptCore. Timothy, could you look at it or forward it to a person who can review the JSC specific code? 179426 3 timothy 2010-01-11 10:42:10 -0800 Gavin, Geoff or Oliver should review this. 179484 4 46277 ggaren 2010-01-11 12:28:23 -0800 Comment on attachment 46277 patch Usually, we don't allow direct interaction between a web page and the inspector, because direct interaction opens a security hole. Why should we make an exception here? Is it safe to do so? + void discardInjectedScripts(); This function is never called. Will m_idToInjectedScript grow unbounded? + m_nextInjectedScriptId++; Eventually, this identifier will wrap around, and may collide with previously vended identifiers. To fix this, I would recommend using the (intptr_t) value of injectedScriptObject as your identifier. 179494 5 yurys 2010-01-11 12:53:03 -0800 (In reply to comment #4) > (From update of attachment 46277 [details]) > Usually, we don't allow direct interaction between a web page and the > inspector, because direct interaction opens a security hole. Why should we make > an exception here? Is it safe to do so? > Currently for security reasons Web Inspector works with quarantined objects instead of the objects from the inspected script. This patch is a part of a bigger change(bug 32554) that will allow to get rid of object quarantine. It is possible because all the interaction between Web Inspector front end and the inspected script is going to be serialized into JSON strings. To make that possible there is going to be a small JS piece of Web Inspector(called injected script) sitting in the inspected script and having the same privileges as the inspected script. The injected script will be passed InjectedScriptHost instance that will provide it with interface to the Web Inspector front end. All the methods of InjectedScriptHost are supposed to accept only simple type parameters(strings, numbers, booleans, no objetcs) so that no JS objects leak from the inspected context to the Web Inspector front end. It should be safe. > + void discardInjectedScripts(); > > This function is never called. > The interface is intentionally not used yet. I'm going to send V8 implementation in a separate change and after that land the code that uses the new methods(bug 32554). > Will m_idToInjectedScript grow unbounded? > Yes. > + m_nextInjectedScriptId++; > > Eventually, this identifier will wrap around, and may collide with previously > vended identifiers. It's very unlikely since there is a separate counter for a page and its value is bounded by the number of inspected JSDOMGlobalObjects in that page. The resource identifier counter e.g. will wrap around before that. > To fix this, I would recommend using the (intptr_t) value > of injectedScriptObject as your identifier. There is no guarantee that new injectedScriptObject won't be allocated at the same address. 179558 6 ggaren 2010-01-11 14:54:08 -0800 > Currently for security reasons Web Inspector works with quarantined objects > instead of the objects from the inspected script. This patch is a part of a > bigger change(bug 32554) that will allow to get rid of object quarantine. OK, thanks for the additional context. This seems like a good plan. > > + void discardInjectedScripts(); > > > > This function is never called. > > > The interface is intentionally not used yet. OK. > > + m_nextInjectedScriptId++; > > > > Eventually, this identifier will wrap around, and may collide with previously > > vended identifiers. > It's very unlikely since there is a separate counter for a page and its value > is bounded by the number of inspected JSDOMGlobalObjects in that page. The > resource identifier counter e.g. will wrap around before that. > > > > To fix this, I would recommend using the (intptr_t) value > > of injectedScriptObject as your identifier. > There is no guarantee that new injectedScriptObject won't be allocated at the > same address. Since the id is bounded by the number of global objects, I guess it's guaranteed not to wrap around, since you would provably run out of memory before it wrapped around. Still, it seems strange to alias a long to a long, instead of using the original long. As long as the old object is alive, a new object will not be allocated in its place. But maybe you're saying that an identifier must remain good even after the object it identifies has ben destroyed? I have two additional comments about the general design here, which I'd like you to consider resolving in future patches: 1. I don't think "InjectedScript", which is a fairly general phrase, is a good name to give to this technology. I'd prefer a name that conveyed the fact that this technology is only safe to use in limited circumstances. How about "InspectorHost" (inside the inspected page) and "InspectorClient" (the Web Inspector UI). 2. I don't think interfaces like this are safe: + ScriptObject injectedScriptFor(ScriptState*); + ScriptObject injectedScriptForId(long); Because you're giving out a generic object, the client of the interface can do anything with the object, including passing it unsafe data. It would be better if the C++ object wrapping the "injected script" controlled all interaction with it, to ensure that no non-primitive data leaked across the boundary. 179559 7 46277 ggaren 2010-01-11 14:55:07 -0800 Comment on attachment 46277 patch r=me 179709 8 yurys 2010-01-12 00:05:30 -0800 (In reply to comment #6) > As long as the old object is alive, a new object will not be allocated in its > place. But maybe you're saying that an identifier must remain good even after > the object it identifies has ben destroyed? > I'd like to avoid reusing the identifiers so that we can detect the cases when already destroyed object is requested(should this happen). Also assigning surrogate identifier to the object will serve both V8 moving GC and JSC non-moving GC. > I have two additional comments about the general design here, which I'd like > you to consider resolving in future patches: > > 1. I don't think "InjectedScript", which is a fairly general phrase, is a good > name to give to this technology. I'd prefer a name that conveyed the fact that > this technology is only safe to use in limited circumstances. How about > "InspectorHost" (inside the inspected page) and "InspectorClient" (the Web > Inspector UI). > I agree with you that the naming is not the best. Currently the inspector front-end delegate is called InjectedScriptHost. We should come up with something more specific. > 2. I don't think interfaces like this are safe: > > + ScriptObject injectedScriptFor(ScriptState*); > + ScriptObject injectedScriptForId(long); > > Because you're giving out a generic object, the client of the interface can do > anything with the object, including passing it unsafe data. It would be better > if the C++ object wrapping the "injected script" controlled all interaction > with it, to ensure that no non-primitive data leaked across the boundary. Eventually we will create a typed interface for that object. Currently it is used only as ScriptFunctionCall argument but we should restrict the set of functions that can be called on that object, it would make the injected script interface clearer. We've already done similar thing in InspectorFrontend.cpp 179714 9 yurys 2010-01-12 00:19:24 -0800 Committing to http://svn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/bindings/js/JSDOMGlobalObject.cpp M WebCore/bindings/js/JSDOMGlobalObject.h M WebCore/bindings/js/JSInjectedScriptHostCustom.cpp M WebCore/inspector/InjectedScriptHost.cpp M WebCore/inspector/InjectedScriptHost.h Committed r53119 46277 2010-01-11 08:13:31 -0800 2010-01-11 14:55:06 -0800 patch injected-script-factory-jsc.patch text/plain 9476 yurys ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg ZGUzZThmNS4uNmNjZWQyZCAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwzNiBAQAorMjAxMC0wMS0xMSAgWXVyeSBTZW1pa2hh dHNreSAgPHl1cnlzQGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBOZWVkIGEgc2hvcnQgZGVzY3JpcHRpb24gYW5kIGJ1ZyBVUkwg KE9PUFMhKQorICAgICAgICBBbGxvdyBjcmVhdGluZyBpbmplY3RlZCBzY3JpcHQgZm9yIHRoZSBp bnNwZWN0ZWQgc2NyaXB0IHN0YXRlLiBUaGUgSW5qZWN0ZWRTY3JpcHQgaXMKKyAgICAgICAgY2Fj aGVkIG9uIHRoZSBpbnNwZWN0ZWQgRXhlY1N0YXRlIGdsb2JhbCBvYmplY3QgYW5kIHdpbGwgYmUg Z2FyYmFnZSBjb2xsZWN0ZWQgd2hlbiB0aGUKKyAgICAgICAgb2JqZWN0IGlzIGNvbGxlY3RlZC4g RWFjaCBJbmplY3RlZFNjcmlwdCBvYmplY3QgaXMgYXNzaWduZWQgdW5pcXVlIGlkLgorCisgICAg ICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0zMzQ2OQorCisgICAg ICAgICogYmluZGluZ3MvanMvSlNET01HbG9iYWxPYmplY3QuY3BwOgorICAgICAgICAoV2ViQ29y ZTo6SlNET01HbG9iYWxPYmplY3Q6Om1hcmtDaGlsZHJlbik6CisgICAgICAgIChXZWJDb3JlOjpK U0RPTUdsb2JhbE9iamVjdDo6c2V0SW5qZWN0ZWRTY3JpcHQpOgorICAgICAgICAoV2ViQ29yZTo6 SlNET01HbG9iYWxPYmplY3Q6OmluamVjdGVkU2NyaXB0KToKKyAgICAgICAgKiBiaW5kaW5ncy9q cy9KU0RPTUdsb2JhbE9iamVjdC5oOiBJbmplY3RlZFNjcmlwdCBpcyBjYWNoZWQgb24gdGhlIGds b2JhbCBvYmplY3QgYXMgYQorICAgICAgICBmaWVsZCB0aGF0IGlzIG5vdCB2aXNpYmxlIGZyb20g dGhlIGluc3BlY3RlZCBjb2RlLiBUaGlzIEluamVjdGVkU2NyaXB0IHNob3VsZCBiZSBhbGl2ZSBh cyBsb25nIGFzCisgICAgICAgIHRoZSBnbG9iYWwgb2JqZWN0IGlzIGFsaXZlIGFuZCBzaG91bGQg YmUgYWNjZXNzaWJsZSBmcm9tIFdlYiBJbnNwZWN0b3IncyBuYXRpdmUgY29kZS4KKyAgICAgICAg KFdlYkNvcmU6OkpTRE9NR2xvYmFsT2JqZWN0OjpKU0RPTUdsb2JhbE9iamVjdERhdGE6OkpTRE9N R2xvYmFsT2JqZWN0RGF0YSk6CisgICAgICAgICogYmluZGluZ3MvanMvSlNJbmplY3RlZFNjcmlw dEhvc3RDdXN0b20uY3BwOgorICAgICAgICAoV2ViQ29yZTo6Y3JlYXRlSW5qZWN0ZWRTY3JpcHQp OiBDcmVhdGVzIGluamVjdGVkIHNjcmlwdCB1c2luZyB0aGUgbGV4aWNhbCBnbG9iYWwgb2JqZWN0 IG9mIHRoZQorICAgICAgICBpbnNwZWN0ZWQgU2NyaXB0U3RhdGUuIFJlZmVyZW5jZSB0byB0aGUg b2JqZWN0IGlzIHN0b3JlZCBvbiB0aGUgZ2xvYmFsIERPTSBvYmplY3QuCisgICAgICAgIChXZWJD b3JlOjpJbmplY3RlZFNjcmlwdEhvc3Q6OmluamVjdGVkU2NyaXB0Rm9yKToKKyAgICAgICAgKiBp bnNwZWN0b3IvSW5qZWN0ZWRTY3JpcHRIb3N0LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkluamVj dGVkU2NyaXB0SG9zdDo6SW5qZWN0ZWRTY3JpcHRIb3N0KToKKyAgICAgICAgKFdlYkNvcmU6Oklu amVjdGVkU2NyaXB0SG9zdDo6aW5qZWN0ZWRTY3JpcHRGb3JJZCk6CisgICAgICAgIChXZWJDb3Jl OjpJbmplY3RlZFNjcmlwdEhvc3Q6OmRpc2NhcmRJbmplY3RlZFNjcmlwdHMpOiBUaGlzIG1ldGhv ZCBpcyBleHBlY3RlZCB0byBiZSBjYWxsZWQgd2hlbiB0aGUKKyAgICAgICAgdGhlIEluamVjdGVk U2NyaXB0IGFyZSBubyBsb25nZXIgbmVlZGVkLiBJbiBwYXJ0aWN1bGFyLCB0aGlzIHNob3VsZCBi ZSBjYWxsZWQgYmVmb3JlIGZyYW1lIG5hdmlnYXRpb24uIAorICAgICAgICAqIGluc3BlY3Rvci9J bmplY3RlZFNjcmlwdEhvc3QuaDoKKyAgICAgICAgKFdlYkNvcmU6OkluamVjdGVkU2NyaXB0SG9z dDo6c2V0SW5qZWN0ZWRTY3JpcHRTb3VyY2UpOiBUaGlzIGFsbG93cyB0byBwcm92aWRlIGluamVj dGVkIHNjcmlwdCBzb3VyY2UuCisgICAgICAgIFRoZSBzb3VyY2UgbWF5IGJlIGxvYWRlZCBpbiBh IHBsYXRmb3JtIHNwZWNpZmljIHdheS4KKworCiAyMDEwLTAxLTEwICBPbGl2ZXIgSHVudCAgPG9s aXZlckBhcHBsZS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChCdWlsZCBmaXgp LgpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0RPTUdsb2JhbE9iamVjdC5jcHAg Yi9XZWJDb3JlL2JpbmRpbmdzL2pzL0pTRE9NR2xvYmFsT2JqZWN0LmNwcAppbmRleCAwMTFhNGU0 Li4xMjRmZjUwIDEwMDY0NAotLS0gYS9XZWJDb3JlL2JpbmRpbmdzL2pzL0pTRE9NR2xvYmFsT2Jq ZWN0LmNwcAorKysgYi9XZWJDb3JlL2JpbmRpbmdzL2pzL0pTRE9NR2xvYmFsT2JqZWN0LmNwcApA QCAtNTYsNiArNTYsOSBAQCB2b2lkIEpTRE9NR2xvYmFsT2JqZWN0OjptYXJrQ2hpbGRyZW4oTWFy a1N0YWNrJiBtYXJrU3RhY2spCiAgICAgSlNET01Db25zdHJ1Y3Rvck1hcDo6aXRlcmF0b3IgZW5k MiA9IGNvbnN0cnVjdG9ycygpLmVuZCgpOwogICAgIGZvciAoSlNET01Db25zdHJ1Y3Rvck1hcDo6 aXRlcmF0b3IgaXQyID0gY29uc3RydWN0b3JzKCkuYmVnaW4oKTsgaXQyICE9IGVuZDI7ICsraXQy KQogICAgICAgICBtYXJrU3RhY2suYXBwZW5kKGl0Mi0+c2Vjb25kKTsKKworICAgIGlmIChkKCkt Pm1faW5qZWN0ZWRTY3JpcHQpCisgICAgICAgIG1hcmtTdGFjay5hcHBlbmQoZCgpLT5tX2luamVj dGVkU2NyaXB0KTsKIH0KIAogUGFzc1JlZlB0cjxKU0V2ZW50TGlzdGVuZXI+IEpTRE9NR2xvYmFs T2JqZWN0OjpjcmVhdGVKU0F0dHJpYnV0ZUV2ZW50TGlzdGVuZXIoSlNWYWx1ZSB2YWwpCkBAIC03 Niw2ICs3OSwxNiBAQCBFdmVudCogSlNET01HbG9iYWxPYmplY3Q6OmN1cnJlbnRFdmVudCgpIGNv bnN0CiAgICAgcmV0dXJuIGQoKS0+ZXZ0OwogfQogCit2b2lkIEpTRE9NR2xvYmFsT2JqZWN0Ojpz ZXRJbmplY3RlZFNjcmlwdChKU09iamVjdCogaW5qZWN0ZWRTY3JpcHQpCit7CisgICAgZCgpLT5t X2luamVjdGVkU2NyaXB0ID0gaW5qZWN0ZWRTY3JpcHQ7Cit9CisKK0pTT2JqZWN0KiBKU0RPTUds b2JhbE9iamVjdDo6aW5qZWN0ZWRTY3JpcHQoKSBjb25zdAoreworICAgIHJldHVybiBkKCktPm1f aW5qZWN0ZWRTY3JpcHQ7Cit9CisKIHZvaWQgSlNET01HbG9iYWxPYmplY3Q6OmRlc3Ryb3lKU0RP TUdsb2JhbE9iamVjdERhdGEodm9pZCoganNET01HbG9iYWxPYmplY3REYXRhKQogewogICAgIGRl bGV0ZSBzdGF0aWNfY2FzdDxKU0RPTUdsb2JhbE9iamVjdERhdGEqPihqc0RPTUdsb2JhbE9iamVj dERhdGEpOwpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0RPTUdsb2JhbE9iamVj dC5oIGIvV2ViQ29yZS9iaW5kaW5ncy9qcy9KU0RPTUdsb2JhbE9iamVjdC5oCmluZGV4IDY0Nzcz MGMuLmE1NWNjMzEgMTAwNjQ0Ci0tLSBhL1dlYkNvcmUvYmluZGluZ3MvanMvSlNET01HbG9iYWxP YmplY3QuaAorKysgYi9XZWJDb3JlL2JpbmRpbmdzL2pzL0pTRE9NR2xvYmFsT2JqZWN0LmgKQEAg LTY0LDYgKzY0LDkgQEAgbmFtZXNwYWNlIFdlYkNvcmUgewogICAgICAgICB2b2lkIHNldEN1cnJl bnRFdmVudChFdmVudCopOwogICAgICAgICBFdmVudCogY3VycmVudEV2ZW50KCkgY29uc3Q7CiAK KyAgICAgICAgdm9pZCBzZXRJbmplY3RlZFNjcmlwdChKU09iamVjdCopOworICAgICAgICBKU09i amVjdCogaW5qZWN0ZWRTY3JpcHQoKSBjb25zdDsKKwogICAgICAgICB2aXJ0dWFsIHZvaWQgbWFy a0NoaWxkcmVuKEpTQzo6TWFya1N0YWNrJik7CiAKICAgICAgICAgRE9NV3JhcHBlcldvcmxkKiB3 b3JsZCgpIHsgcmV0dXJuIGQoKS0+bV93b3JsZC5nZXQoKTsgfQpAQCAtNzQsNiArNzcsNyBAQCBu YW1lc3BhY2UgV2ViQ29yZSB7CiAgICAgICAgICAgICAgICAgOiBKU0dsb2JhbE9iamVjdERhdGEo ZGVzdHJ1Y3RvcikKICAgICAgICAgICAgICAgICAsIGV2dCgwKQogICAgICAgICAgICAgICAgICwg bV93b3JsZCh3b3JsZCkKKyAgICAgICAgICAgICAgICAsIG1faW5qZWN0ZWRTY3JpcHQoMCkKICAg ICAgICAgICAgIHsKICAgICAgICAgICAgIH0KIApAQCAtODIsNiArODYsNyBAQCBuYW1lc3BhY2Ug V2ViQ29yZSB7CiAKICAgICAgICAgICAgIEV2ZW50KiBldnQ7CiAgICAgICAgICAgICBSZWZQdHI8 RE9NV3JhcHBlcldvcmxkPiBtX3dvcmxkOworICAgICAgICAgICAgSlNPYmplY3QqIG1faW5qZWN0 ZWRTY3JpcHQ7CiAgICAgICAgIH07CiAKICAgICBwcml2YXRlOgpkaWZmIC0tZ2l0IGEvV2ViQ29y ZS9iaW5kaW5ncy9qcy9KU0luamVjdGVkU2NyaXB0SG9zdEN1c3RvbS5jcHAgYi9XZWJDb3JlL2Jp bmRpbmdzL2pzL0pTSW5qZWN0ZWRTY3JpcHRIb3N0Q3VzdG9tLmNwcAppbmRleCA4ZGZjNWU0Li4x NDA5YmViIDEwMDY0NAotLS0gYS9XZWJDb3JlL2JpbmRpbmdzL2pzL0pTSW5qZWN0ZWRTY3JpcHRI b3N0Q3VzdG9tLmNwcAorKysgYi9XZWJDb3JlL2JpbmRpbmdzL2pzL0pTSW5qZWN0ZWRTY3JpcHRI b3N0Q3VzdG9tLmNwcApAQCAtNTksNiArNTksNyBAQAogI2VuZGlmCiAjaW5jbHVkZSAiVGV4dEl0 ZXJhdG9yLmgiCiAjaW5jbHVkZSAiVmlzaWJsZVBvc2l0aW9uLmgiCisjaW5jbHVkZSA8cGFyc2Vy L1NvdXJjZUNvZGUuaD4KICNpbmNsdWRlIDxydW50aW1lL0pTQXJyYXkuaD4KICNpbmNsdWRlIDxy dW50aW1lL0pTTG9jay5oPgogI2luY2x1ZGUgPHd0Zi9WZWN0b3IuaD4KQEAgLTczLDYgKzc0LDMx IEBAIHVzaW5nIG5hbWVzcGFjZSBKU0M7CiAKIG5hbWVzcGFjZSBXZWJDb3JlIHsKIAorc3RhdGlj IFNjcmlwdE9iamVjdCBjcmVhdGVJbmplY3RlZFNjcmlwdChjb25zdCBTdHJpbmcmIHNvdXJjZSwg SW5qZWN0ZWRTY3JpcHRIb3N0KiBpbmplY3RlZFNjcmlwdEhvc3QsIFNjcmlwdFN0YXRlKiBzY3Jp cHRTdGF0ZSwgbG9uZyBpZCkKK3sKKyAgICBTb3VyY2VDb2RlIHNvdXJjZUNvZGUgPSBtYWtlU291 cmNlKHNvdXJjZSk7CisgICAgSlNMb2NrIGxvY2soU2lsZW5jZUFzc2VydGlvbnNPbmx5KTsKKyAg ICBKU0RPTUdsb2JhbE9iamVjdCogZ2xvYmFsT2JqZWN0ID0gc3RhdGljX2Nhc3Q8SlNET01HbG9i YWxPYmplY3QqPihzY3JpcHRTdGF0ZS0+bGV4aWNhbEdsb2JhbE9iamVjdCgpKTsKKyAgICBKU1Zh bHVlIGdsb2JhbFRoaXNWYWx1ZSA9IHNjcmlwdFN0YXRlLT5nbG9iYWxUaGlzVmFsdWUoKTsKKyAg ICBDb21wbGV0aW9uIGNvbXAgPSBKU0M6OmV2YWx1YXRlKHNjcmlwdFN0YXRlLCBnbG9iYWxPYmpl Y3QtPmdsb2JhbFNjb3BlQ2hhaW4oKSwgc291cmNlQ29kZSwgZ2xvYmFsVGhpc1ZhbHVlKTsKKyAg ICBpZiAoY29tcC5jb21wbFR5cGUoKSAhPSBKU0M6Ok5vcm1hbCAmJiBjb21wLmNvbXBsVHlwZSgp ICE9IEpTQzo6UmV0dXJuVmFsdWUpCisgICAgICAgIHJldHVybiBTY3JpcHRPYmplY3QoKTsKKyAg ICBKU1ZhbHVlIGZ1bmN0aW9uVmFsdWUgPSBjb21wLnZhbHVlKCk7CisgICAgQ2FsbERhdGEgY2Fs bERhdGE7CisgICAgQ2FsbFR5cGUgY2FsbFR5cGUgPSBmdW5jdGlvblZhbHVlLmdldENhbGxEYXRh KGNhbGxEYXRhKTsKKyAgICBpZiAoY2FsbFR5cGUgPT0gQ2FsbFR5cGVOb25lKQorICAgICAgICBy ZXR1cm4gU2NyaXB0T2JqZWN0KCk7CisKKyAgICBNYXJrZWRBcmd1bWVudEJ1ZmZlciBhcmdzOwor ICAgIGFyZ3MuYXBwZW5kKHRvSlMoc2NyaXB0U3RhdGUsIGdsb2JhbE9iamVjdCwgaW5qZWN0ZWRT Y3JpcHRIb3N0KSk7CisgICAgYXJncy5hcHBlbmQoZ2xvYmFsVGhpc1ZhbHVlKTsKKyAgICBhcmdz LmFwcGVuZChqc051bWJlcihzY3JpcHRTdGF0ZSwgaWQpKTsKKyAgICBKU1ZhbHVlIHJlc3VsdCA9 IEpTQzo6Y2FsbChzY3JpcHRTdGF0ZSwgZnVuY3Rpb25WYWx1ZSwgY2FsbFR5cGUsIGNhbGxEYXRh LCBnbG9iYWxUaGlzVmFsdWUsIGFyZ3MpOworICAgIGlmIChyZXN1bHQuaXNPYmplY3QoKSkKKyAg ICAgICAgcmV0dXJuIFNjcmlwdE9iamVjdChzY3JpcHRTdGF0ZSwgcmVzdWx0LmdldE9iamVjdCgp KTsKKyAgICByZXR1cm4gU2NyaXB0T2JqZWN0KCk7Cit9CisKICNpZiBFTkFCTEUoREFUQUJBU0Up CiBKU1ZhbHVlIEpTSW5qZWN0ZWRTY3JpcHRIb3N0OjpkYXRhYmFzZUZvcklkKEV4ZWNTdGF0ZSog ZXhlYywgY29uc3QgQXJnTGlzdCYgYXJncykKIHsKQEAgLTIxNSw2ICsyNDEsMjIgQEAgSlNWYWx1 ZSBKU0luamVjdGVkU2NyaXB0SG9zdDo6c2VsZWN0RE9NU3RvcmFnZShFeGVjU3RhdGUqLCBjb25z dCBBcmdMaXN0JiBhcmdzKQogfQogI2VuZGlmCiAKK1NjcmlwdE9iamVjdCBJbmplY3RlZFNjcmlw dEhvc3Q6OmluamVjdGVkU2NyaXB0Rm9yKFNjcmlwdFN0YXRlKiBzY3JpcHRTdGF0ZSkKK3sKKyAg ICBKU0xvY2sgbG9jayhTaWxlbmNlQXNzZXJ0aW9uc09ubHkpOworICAgIEpTRE9NR2xvYmFsT2Jq ZWN0KiBnbG9iYWxPYmplY3QgPSBzdGF0aWNfY2FzdDxKU0RPTUdsb2JhbE9iamVjdCo+KHNjcmlw dFN0YXRlLT5sZXhpY2FsR2xvYmFsT2JqZWN0KCkpOworICAgIEpTT2JqZWN0KiBpbmplY3RlZFNj cmlwdCA9IGdsb2JhbE9iamVjdC0+aW5qZWN0ZWRTY3JpcHQoKTsKKyAgICBpZiAoaW5qZWN0ZWRT Y3JpcHQpCisgICAgICAgIHJldHVybiBTY3JpcHRPYmplY3Qoc2NyaXB0U3RhdGUsIGluamVjdGVk U2NyaXB0KTsKKworICAgIEFTU0VSVCghbV9pbmplY3RlZFNjcmlwdFNvdXJjZS5pc0VtcHR5KCkp OworICAgIFNjcmlwdE9iamVjdCBpbmplY3RlZFNjcmlwdE9iamVjdCA9IGNyZWF0ZUluamVjdGVk U2NyaXB0KG1faW5qZWN0ZWRTY3JpcHRTb3VyY2UsIHRoaXMsIHNjcmlwdFN0YXRlLCBtX25leHRJ bmplY3RlZFNjcmlwdElkKTsKKyAgICBnbG9iYWxPYmplY3QtPnNldEluamVjdGVkU2NyaXB0KGlu amVjdGVkU2NyaXB0T2JqZWN0LmpzT2JqZWN0KCkpOworICAgIG1faWRUb0luamVjdGVkU2NyaXB0 LnNldChtX25leHRJbmplY3RlZFNjcmlwdElkLCBpbmplY3RlZFNjcmlwdE9iamVjdCk7CisgICAg bV9uZXh0SW5qZWN0ZWRTY3JpcHRJZCsrOworICAgIHJldHVybiBpbmplY3RlZFNjcmlwdE9iamVj dDsKK30KKwogfSAvLyBuYW1lc3BhY2UgV2ViQ29yZQogCiAjZW5kaWYgLy8gRU5BQkxFKElOU1BF Q1RPUikKZGlmZiAtLWdpdCBhL1dlYkNvcmUvaW5zcGVjdG9yL0luamVjdGVkU2NyaXB0SG9zdC5j cHAgYi9XZWJDb3JlL2luc3BlY3Rvci9JbmplY3RlZFNjcmlwdEhvc3QuY3BwCmluZGV4IDQ3YjI5 MTYuLmNlNmYzNjkgMTAwNjQ0Ci0tLSBhL1dlYkNvcmUvaW5zcGVjdG9yL0luamVjdGVkU2NyaXB0 SG9zdC5jcHAKKysrIGIvV2ViQ29yZS9pbnNwZWN0b3IvSW5qZWN0ZWRTY3JpcHRIb3N0LmNwcApA QCAtNzIsNiArNzIsNyBAQCBuYW1lc3BhY2UgV2ViQ29yZSB7CiAKIEluamVjdGVkU2NyaXB0SG9z dDo6SW5qZWN0ZWRTY3JpcHRIb3N0KEluc3BlY3RvckNvbnRyb2xsZXIqIGluc3BlY3RvckNvbnRy b2xsZXIpCiAgICAgOiBtX2luc3BlY3RvckNvbnRyb2xsZXIoaW5zcGVjdG9yQ29udHJvbGxlcikK KyAgICAsIG1fbmV4dEluamVjdGVkU2NyaXB0SWQoMSkKIHsKIH0KIApAQCAtMTgwLDYgKzE4MSwx NiBAQCB2b2lkIEluamVjdGVkU2NyaXB0SG9zdDo6cmVwb3J0RGlkRGlzcGF0Y2hPbkluamVjdGVk U2NyaXB0KGxvbmcgY2FsbElkLCBjb25zdCBTdAogICAgICAgICBmcm9udGVuZC0+ZGlkRGlzcGF0 Y2hPbkluamVjdGVkU2NyaXB0KGNhbGxJZCwgcmVzdWx0LCBpc0V4Y2VwdGlvbik7CiB9CiAKK1Nj cmlwdE9iamVjdCBJbmplY3RlZFNjcmlwdEhvc3Q6OmluamVjdGVkU2NyaXB0Rm9ySWQobG9uZyBp ZCkKK3sKKyAgICByZXR1cm4gbV9pZFRvSW5qZWN0ZWRTY3JpcHQuZ2V0KGlkKTsKK30KKwordm9p ZCBJbmplY3RlZFNjcmlwdEhvc3Q6OmRpc2NhcmRJbmplY3RlZFNjcmlwdHMoKQoreworICAgIG1f aWRUb0luamVjdGVkU2NyaXB0LmNsZWFyKCk7Cit9CisKIEluc3BlY3RvckRPTUFnZW50KiBJbmpl Y3RlZFNjcmlwdEhvc3Q6Omluc3BlY3RvckRPTUFnZW50KCkKIHsKICAgICBpZiAoIW1faW5zcGVj dG9yQ29udHJvbGxlcikKZGlmZiAtLWdpdCBhL1dlYkNvcmUvaW5zcGVjdG9yL0luamVjdGVkU2Ny aXB0SG9zdC5oIGIvV2ViQ29yZS9pbnNwZWN0b3IvSW5qZWN0ZWRTY3JpcHRIb3N0LmgKaW5kZXgg ZTkwMjE3Zi4uNjU0YjlmOCAxMDA2NDQKLS0tIGEvV2ViQ29yZS9pbnNwZWN0b3IvSW5qZWN0ZWRT Y3JpcHRIb3N0LmgKKysrIGIvV2ViQ29yZS9pbnNwZWN0b3IvSW5qZWN0ZWRTY3JpcHRIb3N0LmgK QEAgLTMzLDcgKzMzLDkgQEAKICNpbmNsdWRlICJDb25zb2xlLmgiCiAjaW5jbHVkZSAiSW5zcGVj dG9yQ29udHJvbGxlci5oIgogI2luY2x1ZGUgIlBsYXRmb3JtU3RyaW5nLmgiCisjaW5jbHVkZSAi U2NyaXB0U3RhdGUuaCIKIAorI2luY2x1ZGUgPHd0Zi9IYXNoTWFwLmg+CiAjaW5jbHVkZSA8d3Rm L1JlZkNvdW50ZWQuaD4KIAogbmFtZXNwYWNlIFdlYkNvcmUgewpAQCAtNTUsNiArNTcsOCBAQCBw dWJsaWM6CiAKICAgICB+SW5qZWN0ZWRTY3JpcHRIb3N0KCk7CiAKKyAgICB2b2lkIHNldEluamVj dGVkU2NyaXB0U291cmNlKGNvbnN0IFN0cmluZyYgc291cmNlKSB7IG1faW5qZWN0ZWRTY3JpcHRT b3VyY2UgPSBzb3VyY2U7IH0KKwogICAgIEluc3BlY3RvckNvbnRyb2xsZXIqIGluc3BlY3RvckNv bnRyb2xsZXIoKSB7IHJldHVybiBtX2luc3BlY3RvckNvbnRyb2xsZXI7IH0KICAgICB2b2lkIGRp c2Nvbm5lY3RDb250cm9sbGVyKCkgeyBtX2luc3BlY3RvckNvbnRyb2xsZXIgPSAwOyB9CiAKQEAg LTgxLDEyICs4NSwyMCBAQCBwdWJsaWM6CiAjZW5kaWYKICAgICB2b2lkIHJlcG9ydERpZERpc3Bh dGNoT25JbmplY3RlZFNjcmlwdChsb25nIGNhbGxJZCwgY29uc3QgU3RyaW5nJiByZXN1bHQsIGJv b2wgaXNFeGNlcHRpb24pOwogCisgICAgU2NyaXB0T2JqZWN0IGluamVjdGVkU2NyaXB0Rm9yKFNj cmlwdFN0YXRlKik7CisgICAgU2NyaXB0T2JqZWN0IGluamVjdGVkU2NyaXB0Rm9ySWQobG9uZyk7 CisgICAgdm9pZCBkaXNjYXJkSW5qZWN0ZWRTY3JpcHRzKCk7CisKIHByaXZhdGU6CiAgICAgSW5q ZWN0ZWRTY3JpcHRIb3N0KEluc3BlY3RvckNvbnRyb2xsZXIqIGluc3BlY3RvckNvbnRyb2xsZXIp OwogICAgIEluc3BlY3RvckRPTUFnZW50KiBpbnNwZWN0b3JET01BZ2VudCgpOwogICAgIEluc3Bl Y3RvckZyb250ZW5kKiBpbnNwZWN0b3JGcm9udGVuZCgpOwogCiAgICAgSW5zcGVjdG9yQ29udHJv bGxlciogbV9pbnNwZWN0b3JDb250cm9sbGVyOworICAgIFN0cmluZyBtX2luamVjdGVkU2NyaXB0 U291cmNlOworICAgIGxvbmcgbV9uZXh0SW5qZWN0ZWRTY3JpcHRJZDsKKyAgICB0eXBlZGVmIEhh c2hNYXA8bG9uZywgU2NyaXB0T2JqZWN0PiBJZFRvSW5qZWN0ZWRTY3JpcHRNYXA7CisgICAgSWRU b0luamVjdGVkU2NyaXB0TWFwIG1faWRUb0luamVjdGVkU2NyaXB0OwogfTsKIAogfSAvLyBuYW1l c3BhY2UgV2ViQ29yZQo=