40812 2010-06-17 23:16:44 -0700 Narrow cast for span leads to divide by zero and crash in fixed table layout 2012-05-10 08:17:43 -0700 1 1 1 Unclassified Security Security Other All All RESOLVED FIXED InRadar P2 Minor --- 1 inferno webkit-security-unassigned abarth ddkilzer hyatt jamesr levin yong.li.webkit oldest_to_newest 239772 0 inferno 2010-06-17 23:16:44 -0700 credit:Kuzzcc bug: http://code.google.com/p/chromium/issues/detail?id=46754 testcase (indented for better readability): <html> <head> <style type="text/css"> table { table-layout: fixed; width: 1px; } </style> </head> <body> <table> <td width="30">ABC</td> <td colspan="65536">DEF</td> </table> </body> </html> span (int) get narrow casted to short in rendertable.cpp (since m_columns[pos].span is short), so 65536 becomes 0 (even though we want to have it greater than 1, see HTMLTableCellElement.cpp - if (attr->name() == colspanAttr) { m_colSpan = max(1, attr->value().toInt()); ) void RenderTable::appendColumn(int span) { // easy case. int pos = m_columns.size(); int newSize = pos + 1; m_columns.grow(newSize); m_columns[pos].span = span; since autospan is 0, we get crash in fixedtablelayout.cpp. if (m_width[i].isAuto()) { int span = m_table->spanOfEffCol(i); int w = remainingWidth * span / autoSpan; This bug is secseverity none for chromium (since it just crashes tab_ and low for safari (since it crashes browser completely). it should be an easy fix since span is used at int at all places, it does make sense to use it an unsigned int in declaration. unsigned part is kept in a good way to keep its value positive. 240006 1 inferno 2010-06-18 10:20:08 -0700 HTML5 spec also says to have larger values for colspan. so, going from short to int shouldn't be that bad. Also, conversions, one comparison between signed and unsigned int shouldn't be bad since initially we start with colspan b/w 1 and +INT_MAX (m_colSpan = max(1, attr->value().toInt()) and it stays within that range. http://www.whatwg.org/specs/web-apps/current-work/multipage/tabular-data.html#htmltablecellelement interface HTMLTableCellElement : HTMLElement { attribute unsigned long colSpan; attribute unsigned long rowSpan; [PutForwards=value] readonly attribute DOMSettableTokenList headers; readonly attribute long cellIndex; }; I will file a seperate bug to cover some code cleanups, like converting all signed int use of span to unsigned int and remove the width attribute which is no longer used. 240007 2 59129 inferno 2010-06-18 10:20:20 -0700 Created attachment 59129 Patch 240014 3 59129 abarth 2010-06-18 10:24:16 -0700 Comment on attachment 59129 Patch Interesting. What's the memory impact of this change?WebCore/rendering/RenderTableSection.cpp:234 + if (cSpan < static_cast<int>(columns[m_cCol].span)) I don't quite understand why this cast is needed. Presumably cSpan is a signed int. Would it be better to make cSpan an unsigned? WebCore/rendering/RenderTable.h:78 + unsigned int span; Usually we just say "unsigned" when we mean "unsigned int" 240022 4 inferno 2010-06-18 10:33:06 -0700 Thanks a lot Adam for your fast review. WebCore/rendering/RenderTable.h:78 + unsigned int span; Usually we just say "unsigned" when we mean "unsigned int" --- Ok, i will remember this. i like the unsigned int version :) Interesting. What's the memory impact of this change?WebCore/rendering/RenderTableSection.cpp:234 + if (cSpan < static_cast<int>(columns[m_cCol].span)) I don't quite understand why this cast is needed. Presumably cSpan is a signed int. Would it be better to make cSpan an unsigned? ---- this is the only comparison b/w signed and unsigned int span and fails to compile on mac. as i said in comment #1, the cspan and like 30 more places all use span as signed int. The code needs to be cleaned up to change all spans to unsigned ints and non-used width attribute needs to be removed. for now, it is ok, since at input, we restrict it to 1 to +INT_MAX. Me or Cris Neckar might work on this cleanup. 240036 5 59135 inferno 2010-06-18 10:57:06 -0700 Created attachment 59135 Patch 240083 6 59135 abarth 2010-06-18 13:02:42 -0700 Comment on attachment 59135 Patch Thanks. We might want to ask jamesr or hyatt to make sure we're not using too much extra memory. 240087 7 inferno 2010-06-18 13:10:02 -0700 James, Dave, can you please take a look to see if it is ok to use extra memory for colspan in this patch. 240144 8 inferno 2010-06-18 14:34:35 -0700 I had a chat with Dave and he is fine with this change. 240160 9 abarth 2010-06-18 14:54:42 -0700 (In reply to comment #8) > I had a chat with Dave and he is fine with this change. Thanks for checking. Looks like this is ready to land. 240209 10 levin 2010-06-18 16:14:13 -0700 Committed as http://trac.webkit.org/changeset/61451 245583 11 ddkilzer 2010-07-01 15:22:25 -0700 <rdar://problem/8152839> 245586 12 ddkilzer 2010-07-01 15:24:47 -0700 Removing Security since <http://code.google.com/p/chromium/issues/detail?id=46754> is public and this is a divide-by-zero crash. 59129 2010-06-18 10:20:20 -0700 2010-06-18 10:57:03 -0700 Patch bug-40812-20100618102018.patch text/plain 4554 inferno SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2MTM4NCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjEgQEAKKzIwMTAtMDYtMTggIEFiaGlzaGVrIEFyeWEgIDxpbmZlcm5vQGNocm9t aXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBDb252ZXJ0IGNvbHVtbiBzcGFuIGZyb20gYW4gdW5zaWduZWQgc2hvcnQgdHlwZSB0byBhbiB1 bnNpZ25lZCBpbnQKKyAgICAgICAgdHlwZS4gRml4ZXMgYSBkaXZpZGUtYnktemVybyBjcmFzaCBh cmlzaW5nIGZyb20gdXNpbmcgYSB6ZXJvIGNvbHNwYW4KKyAgICAgICAgdmFsdWUgY29taW5nIGZy b20gYSBuYXJyb3cgY2FzdCBvZiBhbiBpbnQgdG8gYW4gdW5zaWduZWQgc2hvcnQuCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00MDgxMgorCisgICAgICAg IFRlc3Q6IGZhc3QvdGFibGUvemVyby1jb2xzcGFuLWNyYXNoLmh0bWwKKworICAgICAgICAqIHJl bmRlcmluZy9SZW5kZXJUYWJsZS5oOiBDaGFuZ2Ugc3BhbiBmcm9tIHVuc2lnbmVkIHNob3J0IHRv IHVuc2lnbmVkIGludC4KKyAgICAgICAgICBDaGFuZ2Ugd2lkdGggdG8gdW5zaWduZWQgaW50IGZv ciBiZXR0ZXIgY2xhcml0eS4KKyAgICAgICAgKiByZW5kZXJpbmcvUmVuZGVyVGFibGVTZWN0aW9u LmNwcDogRml4IGEgY29tcGlsZXIgd2FybmluZyB3aXRoIGNvbXBhcmluZworICAgICAgICAgIHVu c2lnbmVkIGludCB3aXRoIHNpZ25lZCBpbnQuIFZhbHVlIG9mIGFuIHVuc2lnbmVkIGludCBoZXJl IGNhbm5vdCBiZQorICAgICAgICAgIGdyZWF0ZXIgdGhhbiBtYXhpbXVtIHBvc2l0aXZlIHZhbHVl IG9mIGEgc2lnbmVkIGludC4KKyAgICAgICAgKFdlYkNvcmU6OlJlbmRlclRhYmxlU2VjdGlvbjo6 YWRkQ2VsbCk6CisKIDIwMTAtMDYtMTcgIFNoZXJpZmYgQm90ICA8d2Via2l0LnJldmlldy5ib3RA Z21haWwuY29tPgogCiAgICAgICAgIFVucmV2aWV3ZWQsIHJvbGxpbmcgb3V0IHI2MTM3OS4KSW5k ZXg6IFdlYkNvcmUvcmVuZGVyaW5nL1JlbmRlclRhYmxlLmgKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29y ZS9yZW5kZXJpbmcvUmVuZGVyVGFibGUuaAkocmV2aXNpb24gNjEzNzEpCisrKyBXZWJDb3JlL3Jl bmRlcmluZy9SZW5kZXJUYWJsZS5oCSh3b3JraW5nIGNvcHkpCkBAIC03NSw4ICs3NSw4IEBAIHB1 YmxpYzoKICAgICAgICAgewogICAgICAgICB9CiAKLSAgICAgICAgdW5zaWduZWQgc2hvcnQgc3Bh bjsKLSAgICAgICAgdW5zaWduZWQgd2lkdGg7IC8vIHRoZSBjYWxjdWxhdGVkIHBvc2l0aW9uIG9m IHRoZSBjb2x1bW4KKyAgICAgICAgdW5zaWduZWQgaW50IHNwYW47CisgICAgICAgIHVuc2lnbmVk IGludCB3aWR0aDsgLy8gdGhlIGNhbGN1bGF0ZWQgcG9zaXRpb24gb2YgdGhlIGNvbHVtbgogICAg IH07CiAKICAgICBWZWN0b3I8Q29sdW1uU3RydWN0PiYgY29sdW1ucygpIHsgcmV0dXJuIG1fY29s dW1uczsgfQpJbmRleDogV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyVGFibGVTZWN0aW9uLmNwcAo9 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09Ci0tLSBXZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJUYWJsZVNlY3Rpb24uY3BwCShy ZXZpc2lvbiA2MTM3MSkKKysrIFdlYkNvcmUvcmVuZGVyaW5nL1JlbmRlclRhYmxlU2VjdGlvbi5j cHAJKHdvcmtpbmcgY29weSkKQEAgLTIzMSw3ICsyMzEsNyBAQCB2b2lkIFJlbmRlclRhYmxlU2Vj dGlvbjo6YWRkQ2VsbChSZW5kZXJUCiAgICAgICAgICAgICB0YWJsZSgpLT5hcHBlbmRDb2x1bW4o Y1NwYW4pOwogICAgICAgICAgICAgY3VycmVudFNwYW4gPSBjU3BhbjsKICAgICAgICAgfSBlbHNl IHsKLSAgICAgICAgICAgIGlmIChjU3BhbiA8IGNvbHVtbnNbbV9jQ29sXS5zcGFuKQorICAgICAg ICAgICAgaWYgKGNTcGFuIDwgc3RhdGljX2Nhc3Q8aW50Pihjb2x1bW5zW21fY0NvbF0uc3Bhbikp CiAgICAgICAgICAgICAgICAgdGFibGUoKS0+c3BsaXRDb2x1bW4obV9jQ29sLCBjU3Bhbik7CiAg ICAgICAgICAgICBjdXJyZW50U3BhbiA9IGNvbHVtbnNbbV9jQ29sXS5zcGFuOwogICAgICAgICB9 CkluZGV4OiBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCShyZXZpc2lvbiA2MTM4NCkKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwkod29y a2luZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBACisyMDEwLTA2LTE4ICBBYmhpc2hlayBBcnlhICA8 aW5mZXJub0BjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgVGVzdHMgdGhhdCB3ZSBkbyBub3QgY3Jhc2ggd2hpbGUgcmVuZGVyaW5n IGEgZml4ZWQgdGFibGUgbGF5b3V0LgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9NDA4MTIKKworICAgICAgICAqIGZhc3QvdGFibGUvemVyby1jb2xzcGFu LWNyYXNoLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogZmFzdC90YWJsZS96ZXJvLWNv bHNwYW4tY3Jhc2guaHRtbDogQWRkZWQuCisKIDIwMTAtMDYtMTcgIFJvYiBCdWlzICA8cndsYnVp c0BnbWFpbC5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGF2ZSBIeWF0dC4KSW5kZXg6IExh eW91dFRlc3RzL2Zhc3QvdGFibGUvemVyby1jb2xzcGFuLWNyYXNoLWV4cGVjdGVkLnR4dAo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L3RhYmxlL3plcm8tY29sc3Bhbi1jcmFzaC1leHBl Y3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L3RhYmxlL3plcm8tY29s c3Bhbi1jcmFzaC1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMyBAQAorVGhp cyB0ZXN0IGlzIHRvIGVuc3VyZSB0aGF0IHdlIGRvIG5vdCBjcmFzaCB3aGlsZSByZW5kZXJpbmcg YSBmaXhlZCB0YWJsZSBsYXlvdXQuCitQQVNTOiBEaWQgbm90IGNyYXNoLgorCkluZGV4OiBMYXlv dXRUZXN0cy9mYXN0L3RhYmxlL3plcm8tY29sc3Bhbi1jcmFzaC5odG1sCj09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IExheW91dFRlc3RzL2Zhc3QvdGFibGUvemVyby1jb2xzcGFuLWNyYXNoLmh0bWwJKHJldmlzaW9u IDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L3RhYmxlL3plcm8tY29sc3Bhbi1jcmFzaC5odG1sCShy ZXZpc2lvbiAwKQpAQCAtMCwwICsxLDM0IEBACis8aHRtbD4NCisgIDxoZWFkPg0KKyAgICA8c3R5 bGUgdHlwZT0idGV4dC9jc3MiPg0KKyAgICAgICAgdGFibGUNCisgICAgICAgIHsNCisgICAgICAg ICAgICB0YWJsZS1sYXlvdXQ6IGZpeGVkOw0KKyAgICAgICAgICAgIHdpZHRoOiAxcHg7DQorICAg ICAgICB9DQorICAgIDwvc3R5bGU+DQorICAgIDxzY3JpcHQ+DQorICAgICAgICBpZiAod2luZG93 LmxheW91dFRlc3RDb250cm9sbGVyKSB7DQorICAgICAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xs ZXIuZHVtcEFzVGV4dCgpOw0KKyAgICAgICAgICAgIGxheW91dFRlc3RDb250cm9sbGVyLndhaXRV bnRpbERvbmUoKTsNCisgICAgICAgIH0NCisgICAgPC9zY3JpcHQ+DQorICA8L2hlYWQ+DQorICA8 Ym9keSBvbmxvYWQ9ImZpbmlzaCgpIj4NCisgICAgVGhpcyB0ZXN0IGlzIHRvIGVuc3VyZSB0aGF0 IHdlIGRvIG5vdCBjcmFzaCB3aGlsZSByZW5kZXJpbmcgYSBmaXhlZCB0YWJsZSBsYXlvdXQuDQor ICAgIDxkaXYgaWQ9InJlc3VsdCI+PHNwYW4gc3R5bGU9J2NvbG9yOiByZWQ7Jz5GQUlMOjwvc3Bh bj4gRGlkIG5vdCBjb21wbGV0ZSB0ZXN0PC9kaXY+DQorICAgIDx0YWJsZT4NCisgICAgICA8dGQg d2lkdGg9IjEiPjwvdGQ+DQorICAgICAgPHRkIGNvbHNwYW49IjY1NTM2Ij48L3RkPg0KKyAgICA8 L3RhYmxlPg0KKyAgICA8c2NyaXB0Pg0KKyAgICAgICAgZnVuY3Rpb24gZmluaXNoKCkNCisgICAg ICAgIHsNCisgICAgICAgICAgICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQ0KKyAg ICAgICAgICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5ub3RpZnlEb25lKCk7DQorICAgICAg ICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoInJlc3VsdCIpLmlubmVySFRNTCA9ICI8c3Bh biBzdHlsZT0nY29sb3I6IGdyZWVuOyc+UEFTUzo8L3NwYW4+IERpZCBub3QgY3Jhc2guIjsNCisg ICAgICAgIH0NCisgICAgPC9zY3JpcHQ+DQorICA8L2JvZHk+DQorPC9odG1sPg0KKw0K 59135 2010-06-18 10:57:06 -0700 2010-06-18 13:02:42 -0700 Patch bug-40812-20100618105705.patch text/plain 4361 inferno SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2MTM4NCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjAgQEAKKzIwMTAtMDYtMTggIEFiaGlzaGVrIEFyeWEgIDxpbmZlcm5vQGNocm9t aXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBDb252ZXJ0IGNvbHVtbiBzcGFuIGZyb20gYW4gdW5zaWduZWQgc2hvcnQgdHlwZSB0byBhbiB1 bnNpZ25lZCBpbnQKKyAgICAgICAgdHlwZS4gRml4ZXMgYSBkaXZpZGUtYnktemVybyBjcmFzaCBh cmlzaW5nIGZyb20gdXNpbmcgYSB6ZXJvIGNvbHNwYW4KKyAgICAgICAgdmFsdWUgY29taW5nIGZy b20gYSBuYXJyb3cgY2FzdCBvZiBhbiBpbnQgdG8gYW4gdW5zaWduZWQgc2hvcnQuCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00MDgxMgorCisgICAgICAg IFRlc3Q6IGZhc3QvdGFibGUvemVyby1jb2xzcGFuLWNyYXNoLmh0bWwKKworICAgICAgICAqIHJl bmRlcmluZy9SZW5kZXJUYWJsZS5oOiBDaGFuZ2Ugc3BhbiBmcm9tIHVuc2lnbmVkIHNob3J0IHRv IHVuc2lnbmVkIGludC4KKyAgICAgICAgKiByZW5kZXJpbmcvUmVuZGVyVGFibGVTZWN0aW9uLmNw cDogRml4IGEgY29tcGlsZXIgd2FybmluZyB3aXRoIGNvbXBhcmluZworICAgICAgICAgIHVuc2ln bmVkIGludCB3aXRoIHNpZ25lZCBpbnQuIFZhbHVlIG9mIGFuIHVuc2lnbmVkIGludCBoZXJlIGNh bm5vdCBiZQorICAgICAgICAgIGdyZWF0ZXIgdGhhbiBtYXhpbXVtIHBvc2l0aXZlIHZhbHVlIG9m IGEgc2lnbmVkIGludC4KKyAgICAgICAgKFdlYkNvcmU6OlJlbmRlclRhYmxlU2VjdGlvbjo6YWRk Q2VsbCk6CisKIDIwMTAtMDYtMTcgIFNoZXJpZmYgQm90ICA8d2Via2l0LnJldmlldy5ib3RAZ21h aWwuY29tPgogCiAgICAgICAgIFVucmV2aWV3ZWQsIHJvbGxpbmcgb3V0IHI2MTM3OS4KSW5kZXg6 IFdlYkNvcmUvcmVuZGVyaW5nL1JlbmRlclRhYmxlLmgKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9y ZW5kZXJpbmcvUmVuZGVyVGFibGUuaAkocmV2aXNpb24gNjEzNzEpCisrKyBXZWJDb3JlL3JlbmRl cmluZy9SZW5kZXJUYWJsZS5oCSh3b3JraW5nIGNvcHkpCkBAIC03NSw3ICs3NSw3IEBAIHB1Ymxp YzoKICAgICAgICAgewogICAgICAgICB9CiAKLSAgICAgICAgdW5zaWduZWQgc2hvcnQgc3BhbjsK KyAgICAgICAgdW5zaWduZWQgc3BhbjsKICAgICAgICAgdW5zaWduZWQgd2lkdGg7IC8vIHRoZSBj YWxjdWxhdGVkIHBvc2l0aW9uIG9mIHRoZSBjb2x1bW4KICAgICB9OwogCkluZGV4OiBXZWJDb3Jl L3JlbmRlcmluZy9SZW5kZXJUYWJsZVNlY3Rpb24uY3BwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUv cmVuZGVyaW5nL1JlbmRlclRhYmxlU2VjdGlvbi5jcHAJKHJldmlzaW9uIDYxMzcxKQorKysgV2Vi Q29yZS9yZW5kZXJpbmcvUmVuZGVyVGFibGVTZWN0aW9uLmNwcAkod29ya2luZyBjb3B5KQpAQCAt MjMxLDcgKzIzMSw3IEBAIHZvaWQgUmVuZGVyVGFibGVTZWN0aW9uOjphZGRDZWxsKFJlbmRlclQK ICAgICAgICAgICAgIHRhYmxlKCktPmFwcGVuZENvbHVtbihjU3Bhbik7CiAgICAgICAgICAgICBj dXJyZW50U3BhbiA9IGNTcGFuOwogICAgICAgICB9IGVsc2UgewotICAgICAgICAgICAgaWYgKGNT cGFuIDwgY29sdW1uc1ttX2NDb2xdLnNwYW4pCisgICAgICAgICAgICBpZiAoY1NwYW4gPCBzdGF0 aWNfY2FzdDxpbnQ+KGNvbHVtbnNbbV9jQ29sXS5zcGFuKSkKICAgICAgICAgICAgICAgICB0YWJs ZSgpLT5zcGxpdENvbHVtbihtX2NDb2wsIGNTcGFuKTsKICAgICAgICAgICAgIGN1cnJlbnRTcGFu ID0gY29sdW1uc1ttX2NDb2xdLnNwYW47CiAgICAgICAgIH0KSW5kZXg6IExheW91dFRlc3RzL0No YW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDYx Mzg0KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEs MTMgQEAKKzIwMTAtMDYtMTggIEFiaGlzaGVrIEFyeWEgIDxpbmZlcm5vQGNocm9taXVtLm9yZz4K KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUZXN0cyB0 aGF0IHdlIGRvIG5vdCBjcmFzaCB3aGlsZSByZW5kZXJpbmcgYSBmaXhlZCB0YWJsZSBsYXlvdXQu CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00MDgxMgor CisgICAgICAgICogZmFzdC90YWJsZS96ZXJvLWNvbHNwYW4tY3Jhc2gtZXhwZWN0ZWQudHh0OiBB ZGRlZC4KKyAgICAgICAgKiBmYXN0L3RhYmxlL3plcm8tY29sc3Bhbi1jcmFzaC5odG1sOiBBZGRl ZC4KKwogMjAxMC0wNi0xNyAgUm9iIEJ1aXMgIDxyd2xidWlzQGdtYWlsLmNvbT4KIAogICAgICAg ICBSZXZpZXdlZCBieSBEYXZlIEh5YXR0LgpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC90YWJsZS96 ZXJvLWNvbHNwYW4tY3Jhc2gtZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3Rz L2Zhc3QvdGFibGUvemVyby1jb2xzcGFuLWNyYXNoLWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkK KysrIExheW91dFRlc3RzL2Zhc3QvdGFibGUvemVyby1jb2xzcGFuLWNyYXNoLWV4cGVjdGVkLnR4 dAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwzIEBACitUaGlzIHRlc3QgaXMgdG8gZW5zdXJlIHRo YXQgd2UgZG8gbm90IGNyYXNoIHdoaWxlIHJlbmRlcmluZyBhIGZpeGVkIHRhYmxlIGxheW91dC4K K1BBU1M6IERpZCBub3QgY3Jhc2guCisKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvdGFibGUvemVy by1jb2xzcGFuLWNyYXNoLmh0bWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC90YWJs ZS96ZXJvLWNvbHNwYW4tY3Jhc2guaHRtbAkocmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2Zh c3QvdGFibGUvemVyby1jb2xzcGFuLWNyYXNoLmh0bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEs MzQgQEAKKzxodG1sPg0KKyAgPGhlYWQ+DQorICAgIDxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQor ICAgICAgICB0YWJsZQ0KKyAgICAgICAgew0KKyAgICAgICAgICAgIHRhYmxlLWxheW91dDogZml4 ZWQ7DQorICAgICAgICAgICAgd2lkdGg6IDFweDsNCisgICAgICAgIH0NCisgICAgPC9zdHlsZT4N CisgICAgPHNjcmlwdD4NCisgICAgICAgIGlmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIp IHsNCisgICAgICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7DQorICAg ICAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIud2FpdFVudGlsRG9uZSgpOw0KKyAgICAgICAg fQ0KKyAgICA8L3NjcmlwdD4NCisgIDwvaGVhZD4NCisgIDxib2R5IG9ubG9hZD0iZmluaXNoKCki Pg0KKyAgICBUaGlzIHRlc3QgaXMgdG8gZW5zdXJlIHRoYXQgd2UgZG8gbm90IGNyYXNoIHdoaWxl IHJlbmRlcmluZyBhIGZpeGVkIHRhYmxlIGxheW91dC4NCisgICAgPGRpdiBpZD0icmVzdWx0Ij48 c3BhbiBzdHlsZT0nY29sb3I6IHJlZDsnPkZBSUw6PC9zcGFuPiBEaWQgbm90IGNvbXBsZXRlIHRl c3Q8L2Rpdj4NCisgICAgPHRhYmxlPg0KKyAgICAgIDx0ZCB3aWR0aD0iMSI+PC90ZD4NCisgICAg ICA8dGQgY29sc3Bhbj0iNjU1MzYiPjwvdGQ+DQorICAgIDwvdGFibGU+DQorICAgIDxzY3JpcHQ+ DQorICAgICAgICBmdW5jdGlvbiBmaW5pc2goKQ0KKyAgICAgICAgew0KKyAgICAgICAgICAgIGlm ICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIpDQorICAgICAgICAgICAgICAgIGxheW91dFRl c3RDb250cm9sbGVyLm5vdGlmeURvbmUoKTsNCisgICAgICAgICAgICBkb2N1bWVudC5nZXRFbGVt ZW50QnlJZCgicmVzdWx0IikuaW5uZXJIVE1MID0gIjxzcGFuIHN0eWxlPSdjb2xvcjogZ3JlZW47 Jz5QQVNTOjwvc3Bhbj4gRGlkIG5vdCBjcmFzaC4iOw0KKyAgICAgICAgfQ0KKyAgICA8L3Njcmlw dD4NCisgIDwvYm9keT4NCis8L2h0bWw+DQorDQo=