41554 2010-07-02 17:48:21 -0700 Crash reading past end of block in UniscribeController::shapeAndPlaceItem 2010-07-06 03:17:21 -0700 1 1 1 Unclassified WebKit Text 528+ (Nightly build) PC Windows Vista RESOLVED FIXED http://www.comfever.com/news/gadgets/12768423898935 InRadar P2 Normal --- 1 alice.barraclough alice.barraclough abarth eric mitz webkit.review.bot oldest_to_newest 246175 0 alice.barraclough 2010-07-02 17:48:21 -0700 Under full page heap, Safari on Windows crashes at http://www.comfever.com/news/gadgets/12768423898935. <rdar://problem/6565047> Steps to Repro: 1) gflags -i Safari.exe +hpa (download Debugging Tools for Windows if needed) 2) http://www.comfever.com/news/gadgets/12768423898935 Results: Crash: > WebKit.dll!WebCore::UniscribeController::shapeAndPlaceItem(const wchar_t * cp=0x35c86ff8, unsigned int i=0, const WebCore::SimpleFontData * fontData=0x360cfb88, WebCore::GlyphBuffer * glyphBuffer=0x00000000) Line 291 + 0x1c bytes C++ WebKit.dll!WebCore::UniscribeController::itemizeShapeAndPlace(const wchar_t * cp=0x35c86ff8, unsigned int length=4, const WebCore::SimpleFontData * fontData=0x360cfb88, WebCore::GlyphBuffer * glyphBuffer=0x00000000) Line 199 + 0x18 bytes C++ WebKit.dll!WebCore::UniscribeController::advance(unsigned int offset=4, WebCore::GlyphBuffer * glyphBuffer=0x00000000) Line 177 C++ WebKit.dll!WebCore::Font::floatWidthForComplexText(const WebCore::TextRun & run={...}, WTF::HashSet<WebCore::SimpleFontData const *,WTF::PtrHash<WebCore::SimpleFontData const *>,WTF::HashTraits<WebCore::SimpleFontData const *> > * fallbackFonts=0x0060ddc4, WebCore::GlyphOverflow * glyphOverflow=0x0060ddac) Line 98 C++ WebKit.dll!WebCore::Font::floatWidth(const WebCore::TextRun & run={...}, WTF::HashSet<WebCore::SimpleFontData const *,WTF::PtrHash<WebCore::SimpleFontData const *>,WTF::HashTraits<WebCore::SimpleFontData const *> > * fallbackFonts=0x0060ddc4, WebCore::GlyphOverflow * glyphOverflow=0x0060ddac) Line 174 C++ WebKit.dll!WebCore::Font::width(const WebCore::TextRun & run={...}, WTF::HashSet<WebCore::SimpleFontData const *,WTF::PtrHash<WebCore::SimpleFontData const *>,WTF::HashTraits<WebCore::SimpleFontData const *> > * fallbackFonts=0x0060ddc4, WebCore::GlyphOverflow * glyphOverflow=0x0060ddac) Line 97 + 0x22 bytes C++ WebKit.dll!WebCore::RenderText::widthFromCache(const WebCore::Font & f={...}, int start=14, int len=4, int xPos=128, WTF::HashSet<WebCore::SimpleFontData const *,WTF::PtrHash<WebCore::SimpleFontData const *>,WTF::HashTraits<WebCore::SimpleFontData const *> > * fallbackFonts=0x0060ddc4, WebCore::GlyphOverflow * glyphOverflow=0x0060ddac) Line 536 C++ WebKit.dll!WebCore::RenderText::calcPrefWidths(int leadWidth=61, WTF::HashSet<WebCore::SimpleFontData const *,WTF::PtrHash<WebCore::SimpleFontData const *>,WTF::HashTraits<WebCore::SimpleFontData const *> > & fallbackFonts={...}, WebCore::GlyphOverflow & glyphOverflow={...}) Line 758 + 0x23 bytes C++ WebKit.dll!WebCore::RenderText::calcPrefWidths(int leadWidth=61) Line 653 C++ WebKit.dll!WebCore::RenderText::trimmedPrefWidths(int leadWidth=61, int & beginMinW=0, bool & beginWS=true, int & endMinW=0, bool & endWS=true, bool & hasBreakableChar=true, bool & hasBreak=false, int & beginMaxW=-858993460, int & endMaxW=-858993460, int & minW=0, int & maxW=0, bool & stripFrontSpaces=true) Line 550 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::calcInlinePrefWidths() Line 4731 C++ WebKit.dll!WebCore::RenderBlock::calcPrefWidths() Line 4411 C++ WebKit.dll!WebCore::RenderBox::minPrefWidth() Line 464 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::calcBlockPrefWidths() Line 4853 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::calcPrefWidths() Line 4414 C++ WebKit.dll!WebCore::RenderListItem::calcPrefWidths() Line 235 C++ WebKit.dll!WebCore::RenderBox::minPrefWidth() Line 464 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::calcBlockPrefWidths() Line 4853 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::calcPrefWidths() Line 4414 C++ WebKit.dll!WebCore::RenderBox::minPrefWidth() Line 464 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBox::calcWidthUsing(WebCore::WidthType widthType=Width, int cw=970) Line 1374 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBox::calcWidth() Line 1313 + 0xe bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false) Line 1135 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1111 + 0x14 bytes C++ WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 544 + 0x30 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutInlineChildren(bool relayoutChildren=true, int & repaintTop=0, int & repaintBottom=0) Line 586 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true) Line 1188 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1111 + 0x14 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x35be2f7c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0) Line 1804 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatBottom=0) Line 1748 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true) Line 1192 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1111 + 0x14 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x35b9cf7c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0) Line 1804 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatBottom=0) Line 1748 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true) Line 1192 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1111 + 0x14 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x35a4bf7c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0) Line 1804 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatBottom=0) Line 1748 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true) Line 1192 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1111 + 0x14 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x34440f7c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0) Line 1804 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=false, int & maxFloatBottom=0) Line 1748 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false) Line 1192 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1111 + 0x14 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x32f8ef7c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0) Line 1804 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=false, int & maxFloatBottom=0) Line 1748 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false) Line 1192 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1111 + 0x14 bytes C++ WebKit.dll!WebCore::RenderView::layout() Line 126 C++ WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 764 + 0x12 bytes C++ WebKit.dll!WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView> * __formal=0x2ee6eeb8) Line 1316 C++ WebKit.dll!WebCore::Timer<WebCore::FrameView>::fired() Line 98 + 0x29 bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 112 + 0xf bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFired() Line 91 C++ WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x000909c0, unsigned int message=49681, unsigned int wParam=0, long lParam=0) Line 103 + 0x8 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x23 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xd3 bytes user32.dll!_DispatchMessageWorker@8() + 0xee bytes user32.dll!_DispatchMessageW@4() + 0xf bytes Safari.dll!RunMessagePump(WTL::CMessageLoop & messageLoop={...}) Line 190 + 0xc bytes C++ Safari.dll!run(int nCmdShow=1) Line 256 + 0x9 bytes C++ Safari.dll!safariMain(HINSTANCE__ * hInstance=0x69d90000, HINSTANCE__ * __formal=0x00000000, wchar_t * lpstrCmdLine=0x0006d06c, int nCmdShow=1) Line 597 + 0x9 bytes C++ Safari.dll!safariDLLMain(HINSTANCE__ * hInstance=0x00230000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0006d06c, int nCmdShow=1) Line 52 + 0x15 bytes C++ Safari.exe!wWinMain(HINSTANCE__ * hInstance=0x00230000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0006d06c, int nCmdShow=1) Line 199 + 0x18 bytes C++ Safari.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C kernel32.dll!@BaseThreadInitThunk@12() + 0xe bytes ntdll.dll!___RtlUserThreadStart@8() + 0x23 bytes ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes 246196 1 60429 alice.barraclough 2010-07-02 19:34:40 -0700 Created attachment 60429 patch and layout test 246202 2 60429 mitz 2010-07-02 19:55:25 -0700 Comment on attachment 60429 patch and layout test + if (boundary < m_run.length()) { I wonder how this condition (which the patch doesn’t touch) could ever be false. 246331 3 60429 darin 2010-07-03 10:25:03 -0700 Comment on attachment 60429 patch and layout test A couple drive-by comments? > + // Instead look ahead to the first character of next item, if there is a next one. > + if (k + 1 == len) { I noticed some stray spaces on the ends of these lines. > + if (i + 2 < m_items.size() // Next item is not the terminating item > + && Font::isRoundingHackCharacter(*(cp + m_items[i + 1].iCharPos))) Could this comment explain further why this is "i + 2 < size" rather than "i + 1 < size"? Is there some reason we would not look at a character within the last item? 246520 4 alice.barraclough 2010-07-05 00:53:16 -0700 (In reply to comment #2) > (From update of attachment 60429 [details]) > + if (boundary < m_run.length()) { > I wonder how this condition (which the patch doesn’t touch) could ever be false. Let's ask Hyatt =) It's likely that I just don't understand it at this point, but the calculation of boundary seems strange, like it's over-counting or something. So ya, i wouldn't be surprised if it ran over the run length. 246521 5 alice.barraclough 2010-07-05 00:55:23 -0700 (In reply to comment #3) > (From update of attachment 60429 [details]) > A couple drive-by comments? Drive by comments are the reason I sometimes delay my patch commitment! I addressed these suggestions. committed http://trac.webkit.org/changeset/62477 246805 6 mitz 2010-07-05 16:18:27 -0700 (In reply to comment #5) > committed http://trac.webkit.org/changeset/62477 Looks like you forgot to land the regression test! 246811 7 alice.barraclough 2010-07-05 17:53:53 -0700 omg whoops! committed from one directory too deep. http://trac.webkit.org/changeset/62512 246985 8 webkit.review.bot 2010-07-06 03:17:21 -0700 http://trac.webkit.org/changeset/62512 might have broken Leopard Intel Release (Tests) 60429 2010-07-02 19:34:40 -0700 2010-07-03 10:25:03 -0700 patch and layout test patch-uniscribe-crash-41554.txt text/plain 4575 alice.barraclough SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2MjQyNCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTYgQEAKKzIwMTAtMDctMDIgIEFsaWNlIExpdSAgPGFsaWNlLmxpdUBhcHBsZS5j b20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQ3Jh c2ggcmVhZGluZyBwYXN0IGVuZCBvZiBibG9jayBpbiBVbmlzY3JpYmVDb250cm9sbGVyOjpzaGFw ZUFuZFBsYWNlSXRlbQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5j Z2k/aWQ9NDE1NTQKKworICAgICAgICBUZXN0OiBwbGF0Zm9ybS93aW4vZmFzdC90ZXh0L3VuaXNj cmliZS1pdGVtLWJvdW5kYXJ5LWNyYXNoLmh0bWwKKworICAgICAgICAqIHBsYXRmb3JtL2dyYXBo aWNzL3dpbi9VbmlzY3JpYmVDb250cm9sbGVyLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlVuaXNj cmliZUNvbnRyb2xsZXI6OnNoYXBlQW5kUGxhY2VJdGVtKToKKyAgICAgICAgRG9uJ3QgbG9vayBv bmUgcGFzdCB0aGUgZW5kIG9mIHN0ci4gSW5zdGVhZCBsb29rIHRvIHRoZSBuZXh0IGl0ZW0sIGlm IGFwcGxpY2FibGUuCisKIDIwMTAtMDctMDIgIFRvbnkgR2VudGlsY29yZSAgPHRvbnlnQGNocm9t aXVtLm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBieSBEaW1pdHJpIEdsYXprb3YuCkluZGV4OiBX ZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL3dpbi9VbmlzY3JpYmVDb250cm9sbGVyLmNwcAo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBXZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL3dpbi9VbmlzY3JpYmVDb250cm9s bGVyLmNwcAkocmV2aXNpb24gNjE4MTUpCisrKyBXZWJDb3JlL3BsYXRmb3JtL2dyYXBoaWNzL3dp bi9VbmlzY3JpYmVDb250cm9sbGVyLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMjg3LDkgKzI4Nywx NiBAQCBib29sIFVuaXNjcmliZUNvbnRyb2xsZXI6OnNoYXBlQW5kUGxhY2VJCiAgICAgICAgICAg ICByb3VuZGluZ0hhY2tDaGFyYWN0ZXJzW2NsdXN0ZXJzW2tdXSA9IG1fY3VycmVudENoYXJhY3Rl ciArIGsgKyBpdGVtLmlDaGFyUG9zOwogCiAgICAgICAgIGludCBib3VuZGFyeSA9IGsgKyBtX2N1 cnJlbnRDaGFyYWN0ZXIgKyBpdGVtLmlDaGFyUG9zOwotICAgICAgICBpZiAoYm91bmRhcnkgPCBt X3J1bi5sZW5ndGgoKSAmJgotICAgICAgICAgICAgRm9udDo6aXNSb3VuZGluZ0hhY2tDaGFyYWN0 ZXIoKihzdHIgKyBrICsgMSkpKQotICAgICAgICAgICAgcm91bmRpbmdIYWNrV29yZEJvdW5kYXJp ZXNbY2x1c3RlcnNba11dID0gYm91bmRhcnk7CisgICAgICAgIGlmIChib3VuZGFyeSA8IG1fcnVu Lmxlbmd0aCgpKSB7CisgICAgICAgICAgICAvLyBXaGVuIGF0IHRoZSBsYXN0IGNoYXJhY3RlciBp biB0aGUgc3RyLCBkb24ndCBsb29rIG9uZSBwYXN0IHRoZSBlbmQgZm9yIGEgcm91bmRpbmcgaGFj ayBjaGFyYWN0ZXIuCisgICAgICAgICAgICAvLyBJbnN0ZWFkIGxvb2sgYWhlYWQgdG8gdGhlIGZp cnN0IGNoYXJhY3RlciBvZiBuZXh0IGl0ZW0sIGlmIHRoZXJlIGlzIGEgbmV4dCBvbmUuIAorICAg ICAgICAgICAgaWYgKGsgKyAxID09IGxlbikgeyAgCisgICAgICAgICAgICAgICAgaWYgKGkgKyAy IDwgbV9pdGVtcy5zaXplKCkgLy8gTmV4dCBpdGVtIGlzIG5vdCB0aGUgdGVybWluYXRpbmcgaXRl bQorICAgICAgICAgICAgICAgICAgICAmJiBGb250Ojppc1JvdW5kaW5nSGFja0NoYXJhY3Rlcigq KGNwICsgbV9pdGVtc1tpICsgMV0uaUNoYXJQb3MpKSkKKyAgICAgICAgICAgICAgICAgICAgcm91 bmRpbmdIYWNrV29yZEJvdW5kYXJpZXNbY2x1c3RlcnNba11dID0gYm91bmRhcnk7CisgICAgICAg ICAgICB9IGVsc2UgaWYgKEZvbnQ6OmlzUm91bmRpbmdIYWNrQ2hhcmFjdGVyKCooc3RyICsgayAr IDEpKSkKKyAgICAgICAgICAgICAgICByb3VuZGluZ0hhY2tXb3JkQm91bmRhcmllc1tjbHVzdGVy c1trXV0gPSBib3VuZGFyeTsKKyAgICAgICAgfQogICAgIH0KIAogICAgIC8vIFBvcHVsYXRlIG91 ciBnbHlwaCBidWZmZXIgd2l0aCB0aGlzIGluZm9ybWF0aW9uLgpJbmRleDogTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24g NjI0MjQpCisrKyBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyAr MSwxMyBAQAorMjAxMC0wNy0wMiAgQWxpY2UgTGl1ICA8YWxpY2UubGl1QGFwcGxlLmNvbT4KKwor ICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDcmFzaCByZWFk aW5nIHBhc3QgZW5kIG9mIGJsb2NrIGluIFVuaXNjcmliZUNvbnRyb2xsZXI6OnNoYXBlQW5kUGxh Y2VJdGVtCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00 MTU1NAorCisgICAgICAgICogcGxhdGZvcm0vd2luL2Zhc3QvdGV4dC91bmlzY3JpYmUtaXRlbS1i b3VuZGFyeS1jcmFzaC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIHBsYXRmb3JtL3dp bi9mYXN0L3RleHQvdW5pc2NyaWJlLWl0ZW0tYm91bmRhcnktY3Jhc2guaHRtbDogQWRkZWQuCisK IDIwMTAtMDctMDIgIEFuZHJlYXMgS2xpbmcgIDxhbmRyZWFzLmtsaW5nQG5va2lhLmNvbT4KIAog ICAgICAgICBSZXZpZXdlZCBieSBPbGl2ZXIgSHVudC4KSW5kZXg6IExheW91dFRlc3RzL3BsYXRm b3JtL3dpbi9mYXN0L3RleHQvdW5pc2NyaWJlLWl0ZW0tYm91bmRhcnktY3Jhc2gtZXhwZWN0ZWQu dHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL3BsYXRmb3JtL3dpbi9mYXN0L3RleHQvdW5p c2NyaWJlLWl0ZW0tYm91bmRhcnktY3Jhc2gtZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAwKQorKysg TGF5b3V0VGVzdHMvcGxhdGZvcm0vd2luL2Zhc3QvdGV4dC91bmlzY3JpYmUtaXRlbS1ib3VuZGFy eS1jcmFzaC1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsNSBAQAorVGVzdCBm b3IgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTQxNTU0LiBDcmFzaCBy ZWFkaW5nIHBhc3QgZW5kIG9mIGJsb2NrIGluIFVuaXNjcmliZUNvbnRyb2xsZXI6OnNoYXBlQW5k UGxhY2VJdGVtCisKK0Z1bGwgcGFnZSBoZWFwIChnZmxhZ3MgK2hwYSkgc2hvdWxkIGJlIGVuYWJs ZWQgcmVwcm9kdWNlIGEgY3Jhc2guIE5vIGNyYXNoIG1lYW5zIHRlc3QgcGFzc2VkLgorCivguJzg uLnguYnguYDguIrguLXguYjguKLguKHguIrguKHguYDguKfguJrguYTguIvguJXguYwKSW5kZXg6 IExheW91dFRlc3RzL3BsYXRmb3JtL3dpbi9mYXN0L3RleHQvdW5pc2NyaWJlLWl0ZW0tYm91bmRh cnktY3Jhc2guaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9wbGF0Zm9ybS93aW4vZmFz dC90ZXh0L3VuaXNjcmliZS1pdGVtLWJvdW5kYXJ5LWNyYXNoLmh0bWwJKHJldmlzaW9uIDApCisr KyBMYXlvdXRUZXN0cy9wbGF0Zm9ybS93aW4vZmFzdC90ZXh0L3VuaXNjcmliZS1pdGVtLWJvdW5k YXJ5LWNyYXNoLmh0bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMTUgQEAKKzxIVE1MPg0KKzxI RUFEPg0KKzxNRVRBIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0idGV4dC9odG1s OyBjaGFyc2V0PXV0Zi04Ij4NCis8dGl0bGU+VGVzdCBmb3IgYnVnIDQxNTU0IDogQ3Jhc2ggcmVh ZGluZyBwYXN0IGVuZCBvZiBibG9jayBpbiBVbmlzY3JpYmVDb250cm9sbGVyOjpzaGFwZUFuZFBs YWNlSXRlbTwvdGl0bGU+DQorPHNjcmlwdD4NCitpZiAod2luZG93LmxheW91dFRlc3RDb250cm9s bGVyKQ0KKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7DQorPC9zY3JpcHQ+ DQorPC9IRUFEPg0KKzxCT0RZPg0KKzxwPg0KK1Rlc3QgZm9yIDxhIGhyZWY9Imh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00MTU1NCI+aHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTQxNTU0PC9hPi4gQ3Jhc2ggcmVhZGluZyBwYXN0IGVuZCBvZiBi bG9jayBpbiBVbmlzY3JpYmVDb250cm9sbGVyOjpzaGFwZUFuZFBsYWNlSXRlbTwvcD4NCis8cD5G dWxsIHBhZ2UgaGVhcCAoZ2ZsYWdzICtocGEpIHNob3VsZCBiZSBlbmFibGVkIHJlcHJvZHVjZSBh IGNyYXNoLiAgTm8gY3Jhc2ggbWVhbnMgdGVzdCBwYXNzZWQuPC9wPg0KKzxzcGFuPuC4nOC4ueC5 ieC5gOC4iuC4teC5iOC4ouC4oeC4iuC4oeC5gOC4p+C4muC5hOC4i+C4leC5jDwvc3Bhbj4NCis8 L0JPRFk+PC9IVE1MPg0K