42561 2010-07-19 06:50:36 -0700 Crash when computing pseudo-style of a vanished scrollbar in inspector 2010-07-29 09:57:16 -0700 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) PC Windows 7 RESOLVED FIXED P2 Normal --- 1 apavlov simon.fraser hyatt pfeldman simon.fraser oldest_to_newest 253169 0 apavlov 2010-07-19 06:50:36 -0700 1. Open the attached page 2. Open Web Inspector and set a breakpoint on line 8 (return document.getElementById(id);) 3. Click the button. 4. In the Web Inspector, position the mouse pointer over the "zzz" variable. A popup with the variable value appears shortly. 5. Quickly move the pointer over the horizontal scrollbar in the popup and press LMB. 6. If the popup does not disappear shortly, move the pointer outside of the popup with the LMB still pressed. 7. Release LMB after the popup disappears. The following crash happens: > WebKit.dll!WTF::OwnPtr<WebCore::CSSStyleSelector>::operator!() Line 68 + 0x13 bytes C++ WebKit.dll!WebCore::Document::styleSelector() Line 392 + 0xe bytes C++ WebKit.dll!WebCore::RenderObject::getUncachedPseudoStyle(WebCore::PseudoId pseudo=SCROLLBAR_THUMB, WebCore::RenderStyle * parentStyle=0x0a59d4ac, WebCore::RenderStyle * ownStyle=0x00000000) Line 2381 + 0x21 bytes C++ WebKit.dll!WebCore::RenderScrollbar::getScrollbarPseudoStyle(WebCore::ScrollbarPart partType=ThumbPart, WebCore::PseudoId pseudoId=SCROLLBAR_THUMB) Line 135 + 0x27 bytes C++ WebKit.dll!WebCore::RenderScrollbar::updateScrollbarPart(WebCore::ScrollbarPart partType=ThumbPart, bool destroy=false) Line 202 + 0x25 bytes C++ WebKit.dll!WebCore::RenderScrollbar::setPressedPart(WebCore::ScrollbarPart part=NoPart) Line 112 C++ WebKit.dll!WebCore::Scrollbar::mouseUp() Line 385 + 0x11 bytes C++ WebKit.dll!WebCore::EventHandler::handleMouseReleaseEvent(const WebCore::PlatformMouseEvent & mouseEvent={...}) Line 1548 + 0x15 bytes C++ WebKit.dll!WebView::handleMouseEvent(unsigned int message=514, unsigned int wParam=0, long lParam=13762658) Line 1397 C++ WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=0x00020dfe, unsigned int message=514, unsigned int wParam=0, long lParam=13762658) Line 2047 + 0x14 bytes C++ If this helps debugging, the following crash occurs in Chromium: > chrome.dll!WTF::RefCountedBase::ref() Line 36 + 0x24 bytes C++ chrome.dll!WTF::refIfNotNull<WebCore::RenderStyle>(WebCore::RenderStyle * ptr=0x04c0d480) Line 53 C++ chrome.dll!WTF::RefPtr<WebCore::RenderStyle>::operator=(WebCore::RenderStyle * optr=0x04c0d480) Line 129 + 0x9 bytes C++ chrome.dll!WebCore::CSSStyleSelector::pseudoStyleForElement(WebCore::PseudoId pseudo=SCROLLBAR_THUMB, WebCore::Element * e=0x050201e0, WebCore::RenderStyle * parentStyle=0x04c0d480, bool matchVisitedPseudoClass=false) Line 1503 C++ chrome.dll!WebCore::RenderObject::getUncachedPseudoStyle(WebCore::PseudoId pseudo=SCROLLBAR_THUMB, WebCore::RenderStyle * parentStyle=0x04c0d480, WebCore::RenderStyle * ownStyle=0x00000000) Line 2381 + 0x28 bytes C++ chrome.dll!WebCore::RenderScrollbar::getScrollbarPseudoStyle(WebCore::ScrollbarPart partType=ThumbPart, WebCore::PseudoId pseudoId=SCROLLBAR_THUMB) Line 135 + 0x27 bytes C++ chrome.dll!WebCore::RenderScrollbar::updateScrollbarPart(WebCore::ScrollbarPart partType=ThumbPart, bool destroy=false) Line 202 + 0x25 bytes C++ chrome.dll!WebCore::RenderScrollbar::setPressedPart(WebCore::ScrollbarPart part=NoPart) Line 112 C++ chrome.dll!WebCore::Scrollbar::mouseUp() Line 385 + 0x11 bytes C++ chrome.dll!WebCore::EventHandler::handleMouseReleaseEvent(const WebCore::PlatformMouseEvent & mouseEvent={...}) Line 1548 + 0x15 bytes C++ chrome.dll!WebKit::WebViewImpl::mouseUp(const WebKit::WebMouseEvent & event={...}) Line 487 C++ chrome.dll!WebKit::WebViewImpl::handleInputEvent(const WebKit::WebInputEvent & inputEvent={...}) Line 1030 C++ chrome.dll!RenderWidget::OnHandleInputEvent(const IPC::Message & message={...}) Line 316 + 0x19 bytes C++ 254835 1 62305 apavlov 2010-07-22 08:57:13 -0700 Created attachment 62305 Reduced test case 257322 2 pfeldman 2010-07-28 13:06:49 -0700 In CSSStyleSelector::SelectorChecker::checkScrollbarPseudoClass's case CSSSelector::PseudoCornerPresent: return scrollbar->client()->scrollbarCornerPresent(); scrollbar has no client. We probably need to add a check in between Scrollbar::mouseUp() and this call, but I am not sure where it should be done. Dave, do you have a suggestion? 257333 3 pfeldman 2010-07-28 13:26:51 -0700 Reproduces on latest nightly. Adding the client check late does not help, it crashes in other event handlers. chrome.dll!WTF::RefCountedBase::ref() Line 36 + 0x24 bytes C++ chrome.dll!WTF::refIfNotNull<WebCore::RenderStyle>(WebCore::RenderStyle * ptr=0x0a20a060) Line 53 C++ chrome.dll!WTF::RefPtr<WebCore::RenderStyle>::operator=(WebCore::RenderStyle * optr=0x0a20a060) Line 129 + 0x9 bytes C++ chrome.dll!WebCore::CSSStyleSelector::pseudoStyleForElement(WebCore::PseudoId pseudo=SCROLLBAR_THUMB, WebCore::Element * e=0x0a1fb820, WebCore::RenderStyle * parentStyle=0x0a20a060, bool matchVisitedPseudoClass=false) Line 1503 C++ chrome.dll!WebCore::RenderObject::getUncachedPseudoStyle(WebCore::PseudoId pseudo=SCROLLBAR_THUMB, WebCore::RenderStyle * parentStyle=0x0a20a060, WebCore::RenderStyle * ownStyle=0x00000000) Line 2381 + 0x28 bytes C++ chrome.dll!WebCore::RenderScrollbar::getScrollbarPseudoStyle(WebCore::ScrollbarPart partType=ThumbPart, WebCore::PseudoId pseudoId=SCROLLBAR_THUMB) Line 135 + 0x27 bytes C++ chrome.dll!WebCore::RenderScrollbar::updateScrollbarPart(WebCore::ScrollbarPart partType=ThumbPart, bool destroy=false) Line 202 + 0x25 bytes C++ chrome.dll!WebCore::RenderScrollbar::setHoveredPart(WebCore::ScrollbarPart part=NoPart) Line 100 C++ chrome.dll!WebCore::Scrollbar::mouseExited() Line 379 + 0x11 bytes C++ > chrome.dll!WebCore::EventHandler::updateLastScrollbarUnderMouse(WebCore::Scrollbar * scrollbar=0x00000000, bool setLast=true) Line 2805 C++ chrome.dll!WebCore::EventHandler::handleMouseMoveEvent(const WebCore::PlatformMouseEvent & 257408 4 simon.fraser 2010-07-28 15:49:11 -0700 Part of the issue is that the inspector runs a runloop, which causes us to re-enter the dispatchEvent machinery. Here's the stack for the destruction of the RenderLayer's scrollbar: (gdb) bt #0 WebCore::RenderLayer::destroyScrollbar (this=0x122b792d8, orientation=WebCore::HorizontalScrollbar) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderLayer.cpp:1794 #1 0x0000000103be078a in WebCore::RenderLayer::~RenderLayer (this=0x122b792d8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderLayer.cpp:197 #2 0x0000000103bd8133 in WebCore::RenderLayer::destroy (this=0x122b792d8, renderArena=0x10965e7e0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderLayer.cpp:968 #3 0x0000000103baa7e7 in WebCore::RenderBoxModelObject::destroyLayer (this=0x11f27a0c8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderBoxModelObject.cpp:209 #4 0x0000000103c0b27b in WebCore::RenderObject::destroy (this=0x11f27a0c8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderObject.cpp:2167 #5 0x0000000103baa743 in WebCore::RenderBoxModelObject::destroy (this=0x11f27a0c8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderBoxModelObject.cpp:220 #6 0x0000000103ba203a in WebCore::RenderBox::destroy (this=0x11f27a0c8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderBox.cpp:96 #7 0x0000000103b6fe6f in WebCore::RenderBlock::destroy (this=0x11f27a0c8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderBlock.cpp:199 #8 0x0000000103aebbe7 in WebCore::Node::detach (this=0x11f2fbe10) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:1270 #9 0x000000010334ca4c in WebCore::ContainerNode::detach (this=0x11f2fbe10) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/ContainerNode.cpp:647 #10 0x0000000103596103 in WebCore::Element::detach (this=0x11f2fbe10) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Element.cpp:837 #11 0x000000010334ca26 in WebCore::ContainerNode::detach (this=0x1262816c0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/ContainerNode.cpp:645 #12 0x0000000103596103 in WebCore::Element::detach (this=0x1262816c0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Element.cpp:837 #13 0x000000010334dea7 in WebCore::ContainerNode::removeChild (this=0x12301a0e0, oldChild=0x1262816c0, ec=@0x7fff5fbfc2e8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/ContainerNode.cpp:374 #14 0x0000000103924408 in WebCore::JSNode::removeChild (this=0x1222a8c40, exec=0x11e0102c0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/JSNodeCustom.cpp:97 #15 0x0000000103922b9e in WebCore::jsNodePrototypeFunctionRemoveChild (exec=0x11e0102c0) at /Volumes/InternalData/Development/webkit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSNode.cpp:453 #16 0x000040b4118001aa in ?? () #17 0x0000000101dab28c in JSC::JITCode::execute (this=0x126e36ff8, registerFile=0x10935af68, callFrame=0x11e010150, globalData=0x10a04c000, exception=0x10a04d920) at JITCode.h:77 #18 0x0000000101da6caa in JSC::Interpreter::executeCall (this=0x10935af50, callFrame=0x109673a08, function=0x122ac4d40, callType=JSC::CallTypeJS, callData=@0x7fff5fbfc7a0, thisValue={m_ptr = 0x122ac2a40}, args=@0x7fff5fbfc760, exception=0x10a04d920) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:780 #19 0x0000000101d62a83 in JSC::call (exec=0x109673a08, functionObject={m_ptr = 0x122ac4d40}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfc7a0, thisValue={m_ptr = 0x122ac2a40}, args=@0x7fff5fbfc760) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/CallData.cpp:38 #20 0x00000001037f53b7 in WebCore::JSMainThreadExecState::call (exec=0x109673a08, functionObject={m_ptr = 0x122ac4d40}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfc7a0, thisValue={m_ptr = 0x122ac2a40}, args=@0x7fff5fbfc760) at JSMainThreadExecState.h:48 #21 0x000000010388c1fa in WebCore::JSEventListener::handleEvent (this=0x10c8805f0, scriptExecutionContext=0x10c040468, event=0x107d482e0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/JSEventListener.cpp:124 #22 0x00000001035b10de in WebCore::EventTarget::fireEventListeners (this=0x10c862750, event=0x107d482e0, d=0x10c862300, entry=@0x10c880260) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/EventTarget.cpp:329 #23 0x00000001035b16ff in WebCore::EventTarget::fireEventListeners (this=0x10c862750, event=0x107d482e0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/EventTarget.cpp:290 #24 0x0000000103ae62db in WebCore::Node::handleLocalEvents (this=0x10c862750, event=0x107d482e0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2582 #25 0x0000000103ae695e in WebCore::Node::dispatchGenericEvent (this=0x126eb8310, prpEvent=@0x7fff5fbfcba0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2717 #26 0x0000000103ae6ec7 in WebCore::Node::dispatchEvent (this=0x126eb8310, prpEvent=@0x7fff5fbfcd30) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2645 #27 0x0000000103ae512f in WebCore::Node::dispatchMouseEvent (this=0x126eb8310, eventType=@0x109384e18, button=0, detail=1, pageX=237, pageY=222, screenX=2191, screenY=316, ctrlKey=false, altKey=false, shiftKey=false, metaKey=false, isSimulated=false, relatedTargetArg=0x0, underlyingEvent=@0x7fff5fbfceb0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2937 #28 0x0000000103ae5613 in WebCore::Node::dispatchMouseEvent (this=0x126eb8310, event=@0x7fff5fbfd250, eventType=@0x109384e18, detail=1, relatedTarget=0x0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2846 #29 0x00000001035a04d2 in WebCore::EventHandler::dispatchMouseEvent (this=0x10c024f48, eventType=@0x109384e18, targetNode=0x126eb8310, clickCount=1, mouseEvent=@0x7fff5fbfd250, setUnder=true) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/EventHandler.cpp:1845 #30 0x00000001035a63d1 in WebCore::EventHandler::handleMousePressEvent (this=0x10c024f48, mouseEvent=@0x7fff5fbfd250) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/EventHandler.cpp:1305 #31 0x00000001035ac108 in WebCore::EventHandler::mouseDown (this=0x10c024f48, event=0x107d49c60) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/mac/EventHandlerMac.mm:494 #32 0x00000001025190fd in -[WebHTMLView mouseDown:] (self=0x109622b20, _cmd=0x7fff875b1de8, event=0x107d49c60) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit/mac/WebView/WebHTMLView.mm:3538 #33 0x00007fff86fac763 in -[NSWindow sendEvent:] () #34 0x00007fff86ee1ee2 in -[NSApplication sendEvent:] () #35 0x0000000100080f7f in -[BrowserApplication sendEvent:] (self=0x109010880, _cmd=0x7fff875a7b60, event=0x107d49c60) at /Volumes/InternalData/Development/webkit/Internal/Safari/mac/BrowserApplication.mm:400 #36 0x00000001035ad6ee in WebCore::EventLoop::cycle (this=0x7fff5fbfd98e) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/mac/EventLoopMac.mm:39 #37 0x0000000103ccbe91 in WebCore::ScriptDebugServer::pauseIfNeeded (this=0x109374080, page=0x10c8047b0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScriptDebugServer.cpp:456 #38 0x0000000103ccc4d9 in WebCore::ScriptDebugServer::atStatement (this=0x109374080, debuggerCallFrame=@0x7fff5fbfda30, sourceID=4817558224, lineNumber=8) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScriptDebugServer.cpp:485 #39 0x0000000101da5401 in JSC::Interpreter::debug (this=0x10935af50, callFrame=0x11e0100a0, debugHookID=JSC::WillExecuteStatement, firstLine=8, lastLine=8) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:1125 #40 0x0000000101dcc774 in cti_op_debug (args=0x7fff5fbfdae0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/jit/JITStubs.cpp:3452 Could not find the frame base for "WTF::doubleHash(unsigned int)". #41 0x0000000101dcb1df in WTF::doubleHash (key=) at HashTable.h:447 #42 0x0000000101dab28c in JSC::JITCode::execute (this=0x11f384028, registerFile=0x10935af68, callFrame=0x11e010040, globalData=0x10a04c000, exception=0x10a04d920) at JITCode.h:77 #43 0x0000000101da6caa in JSC::Interpreter::executeCall (this=0x10935af50, callFrame=0x11f28e4c8, function=0x122ae76c0, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdf20, thisValue={m_ptr = 0x122ae7800}, args=@0x7fff5fbfdee0, exception=0x10a04d920) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:780 #44 0x0000000101d62a83 in JSC::call (exec=0x11f28e4c8, functionObject={m_ptr = 0x122ae76c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdf20, thisValue={m_ptr = 0x122ae7800}, args=@0x7fff5fbfdee0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/CallData.cpp:38 #45 0x00000001037f53b7 in WebCore::JSMainThreadExecState::call (exec=0x11f28e4c8, functionObject={m_ptr = 0x122ae76c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdf20, thisValue={m_ptr = 0x122ae7800}, args=@0x7fff5fbfdee0) at JSMainThreadExecState.h:48 #46 0x000000010388c1fa in WebCore::JSEventListener::handleEvent (this=0x11f262d50, scriptExecutionContext=0x10886ec68, event=0x11f384ae0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/JSEventListener.cpp:124 #47 0x00000001035b10de in WebCore::EventTarget::fireEventListeners (this=0x11f262c30, event=0x11f384ae0, d=0x11f2617c0, entry=@0x11f261860) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/EventTarget.cpp:329 #48 0x00000001035b16ff in WebCore::EventTarget::fireEventListeners (this=0x11f262c30, event=0x11f384ae0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/EventTarget.cpp:290 #49 0x0000000103ae62db in WebCore::Node::handleLocalEvents (this=0x11f262c30, event=0x11f384ae0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2582 #50 0x0000000103ae69e7 in WebCore::Node::dispatchGenericEvent (this=0x11f262c30, prpEvent=@0x7fff5fbfe320) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2725 #51 0x0000000103ae6ec7 in WebCore::Node::dispatchEvent (this=0x11f262c30, prpEvent=@0x7fff5fbfe4b0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2645 #52 0x0000000103ae512f in WebCore::Node::dispatchMouseEvent (this=0x11f262c30, eventType=@0x109384d10, button=0, detail=1, pageX=47, pageY=14, screenX=123, screenY=115, ctrlKey=false, altKey=false, shiftKey=false, metaKey=false, isSimulated=false, relatedTargetArg=0x0, underlyingEvent=@0x7fff5fbfe630) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2937 #53 0x0000000103ae5613 in WebCore::Node::dispatchMouseEvent (this=0x11f262c30, event=@0x7fff5fbfe8a0, eventType=@0x109384d10, detail=1, relatedTarget=0x0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Node.cpp:2846 #54 0x00000001035a04d2 in WebCore::EventHandler::dispatchMouseEvent (this=0x109808948, eventType=@0x109384d10, targetNode=0x11f262c30, clickCount=1, mouseEvent=@0x7fff5fbfe8a0, setUnder=true) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/EventHandler.cpp:1845 #55 0x00000001035a3c15 in WebCore::EventHandler::handleMouseReleaseEvent (this=0x109808948, mouseEvent=@0x7fff5fbfe8a0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/EventHandler.cpp:1573 #56 0x00000001035abea5 in WebCore::EventHandler::mouseUp (this=0x109808948, event=0x11f384670) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/mac/EventHandlerMac.mm:534 #57 0x00000001025181bd in -[WebHTMLView mouseUp:] (self=0x10c805c60, _cmd=0x7fff875b27c4, event=0x11f384670) at /Volumes/InternalData/Development/webkit/OpenSource/WebKit/mac/WebView/WebHTMLView.mm:3697 #58 0x00007fff86fac7ed in -[NSWindow sendEvent:] () #59 0x0000000100380ccc in -[Window sendEvent:] (self=0x10961ebe0, _cmd=0x7fff875a7b60, event=0x11f384670) at /Volumes/InternalData/Development/webkit/Internal/Safari/mac/Window.m:100 #60 0x00000001000c5b35 in -[BrowserWindow sendEvent:] (self=0x10961ebe0, _cmd=0x7fff875a7b60, event=0x11f384670) at /Volumes/InternalData/Development/webkit/Internal/Safari/mac/BrowserWindow.mm:417 #61 0x00007fff86ee1ee2 in -[NSApplication sendEvent:] () #62 0x0000000100080f7f in -[BrowserApplication sendEvent:] (self=0x109010880, _cmd=0x7fff875a7b60, event=0x11f384670) at /Volumes/InternalData/Development/webkit/Internal/Safari/mac/BrowserApplication.mm:400 #63 0x00007fff86e78922 in -[NSApplication run] () #64 0x00007fff86e715f8 in NSApplicationMain () #65 0x00000001002300e9 in main (argc=5, argv=0x7fff5fbff150) at /Volumes/InternalData/Development/webkit/Internal/Safari/mac/main.mm:157 Current language: auto; currently objective-c++ Warning: the current language does not match this frame. (gdb) 257453 5 62893 simon.fraser 2010-07-28 17:02:36 -0700 Created attachment 62893 Patch 257546 6 62893 pfeldman 2010-07-28 22:00:00 -0700 Comment on attachment 62893 Patch Thanks for fixing this. I should have mentioning that we were running our own loop while on a breakpoint. WebCore/rendering/RenderScrollbar.h:52 + void setOwningRenderer(RenderBox* owner) { m_owner = owner; } Nit: you seem to only use this with 0, maybe you should keep the API less rich and introduce clearOwningRenderer() instead. 257748 7 simon.fraser 2010-07-29 09:57:16 -0700 http://trac.webkit.org/changeset/64289 62305 2010-07-22 08:57:13 -0700 2010-07-22 08:57:13 -0700 Reduced test case test_crash.html text/html 396 apavlov PGh0bWw+DQo8aGVhZD4NCg0KPHNjcmlwdD4NCg0KZnVuY3Rpb24gJChpZCkgew0KICAgIHZhciB6 enogPSAiYWxzZGtmamFzbGtkamZzYWxka2Zqc2FsZGtmanNkbGtmanNhbGRma2pzYWxkZmtqc2Fs ZGtmanNsa2ZhbHNka2ZqYXNsa2RqZnNhbGRrZmpzYWxka2Zqc2Rsa2Zqc2FsZGZranNhbGRma2pz YWxka2Zqc2xrZmFsc2RrZmphc2xrZGpmc2FsZGtmanNhbGRrZmpzZGxrZmpzYWxkZmtqc2FsZGZr anNhbGRrZmpzbGtmMTIzIjsNCiAgICByZXR1cm4gZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoaWQp Ow0KfQ0KDQo8L3NjcmlwdD4NCjwvaGVhZD4NCg0KPGJvZHk+DQo8aW5wdXQgdHlwZT1idXR0b24g b25jbGljaz0iJCgnZm9vJykiIHZhbHVlPSJDbGljayBtZSI+DQo8L2JvZHk+DQo8L2h0bWw+ 62893 2010-07-28 17:02:36 -0700 2010-07-28 21:59:59 -0700 Patch bug-42561-20100728170235.patch text/plain 8622 simon.fraser ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCA2MjVhZDdkMjhjYjNjYmE3NGRjNzAxNTFhMzY0N2E5ZTlmODRmOTg0Li4wYjIxYTI5 MDQzY2E2OWVmM2E1M2E2MzhjNWRhNGRkOTE1ZWFhODc0IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0 cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAK KzIwMTAtMDctMjggIFNpbW9uIEZyYXNlciAgPHNpbW9uLmZyYXNlckBhcHBsZS5jb20+CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQ3Jhc2ggd2hlbiBj b21wdXRpbmcgcHNldWRvLXN0eWxlIG9mIGEgdmFuaXNoZWQgc2Nyb2xsYmFyIGluIGluc3BlY3Rv cgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDI1NjEK KyAgICAgICAgCisgICAgICAgIFRlc3QgdGhhdCBkZXN0cm95cyBhIHN0eWxlZCBvdmVyZmxvdzpz Y3JvbGwgc2Nyb2xsYmFyIGluc2lkZSBhbiBldmVudCBoYW5kbGVyLgorCisgICAgICAgICogc2Ny b2xsYmFycy9vdmVyZmxvdy1jdXN0b20tc2Nyb2xsYmFyLWNyYXNoLWV4cGVjdGVkLnR4dDogQWRk ZWQuCisgICAgICAgICogc2Nyb2xsYmFycy9vdmVyZmxvdy1jdXN0b20tc2Nyb2xsYmFyLWNyYXNo Lmh0bWw6IEFkZGVkLgorCiAyMDEwLTA3LTIzICBIZWxkZXIgQ29ycmVpYSAgPGhlbGRlcmNvcnJl aWFAY29kZWF1cm9yYS5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4gQWRsZXIuCmRp ZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9zY3JvbGxiYXJzL292ZXJmbG93LWN1c3RvbS1zY3JvbGxi YXItY3Jhc2gtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvc2Nyb2xsYmFycy9vdmVyZmxvdy1j dXN0b20tc2Nyb2xsYmFyLWNyYXNoLWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NApp bmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi43ZDhkMDg5MWUy NTk2NGU3MWVmZDQ5MDZhNDQyY2JkNGJkYmU3ZjY1Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0 VGVzdHMvc2Nyb2xsYmFycy9vdmVyZmxvdy1jdXN0b20tc2Nyb2xsYmFyLWNyYXNoLWV4cGVjdGVk LnR4dApAQCAtMCwwICsxIEBACitUaGlzIHRlc3Qgc2hvdWxkIG5vdCBjcmFzaApkaWZmIC0tZ2l0 IGEvTGF5b3V0VGVzdHMvc2Nyb2xsYmFycy9vdmVyZmxvdy1jdXN0b20tc2Nyb2xsYmFyLWNyYXNo Lmh0bWwgYi9MYXlvdXRUZXN0cy9zY3JvbGxiYXJzL292ZXJmbG93LWN1c3RvbS1zY3JvbGxiYXIt Y3Jhc2guaHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwLi4yOWQxMDIxOWE4NzgzMjFhMjUzMzZjNzY4ZmFkZDQ0ZWYy NWVkOWZkCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvc2Nyb2xsYmFycy9vdmVyZmxv dy1jdXN0b20tc2Nyb2xsYmFyLWNyYXNoLmh0bWwKQEAgLTAsMCArMSwxMjUgQEAKKzxoZWFkPgor PHN0eWxlPgorCitib2R5IHsKKyAgbWFyZ2luOiAwOworfQorOjotd2Via2l0LXNjcm9sbGJhciB7 CisgICAgd2lkdGg6IDIwcHg7CisgICAgaGVpZ2h0OiAyMHB4OworfQorCisvKiBIb3Jpem9udGFs IFNjcm9sbGJhciBTdHlsZXMgKi8KKworOjotd2Via2l0LXNjcm9sbGJhcjpob3Jpem9udGFsIHsK KyAgICAtd2Via2l0LWJvcmRlci1pbWFnZTogdXJsKHJlc291cmNlcy9ob3Jpem9udGFsLWJ1dHRv bi5wbmcpIDAgMiAwIDI7CisgICAgYm9yZGVyLWNvbG9yOiB0cmFuc3BhcmVudDsKKyAgICBib3Jk ZXItd2lkdGg6IDAgMnB4OworICAgIGJhY2tncm91bmQtaW1hZ2U6IHVybChyZXNvdXJjZXMvaG9y aXpvbnRhbC1idXR0b24tYmFja2dyb3VuZC5wbmcpOworICAgIGJhY2tncm91bmQtcmVwZWF0OiBy ZXBlYXQteDsKK30KKworOjotd2Via2l0LXNjcm9sbGJhci10aHVtYjpob3Jpem9udGFsIHsKKyAg ICAtd2Via2l0LWJvcmRlci1pbWFnZTogdXJsKHJlc291cmNlcy9ob3Jpem9udGFsLXRodW1iLnBu ZykgMCAyMCAwIDIwOworICAgIGJvcmRlci1jb2xvcjogdHJhbnNwYXJlbnQ7CisgICAgYm9yZGVy LXdpZHRoOiAwIDIwcHg7CisgICAgbWluLXdpZHRoOiAyMHB4OworfQorCis6Oi13ZWJraXQtc2Ny b2xsYmFyLXRyYWNrLXBpZWNlOmhvcml6b250YWw6ZGVjcmVtZW50IHsKKyAgICAtd2Via2l0LWJv cmRlci1pbWFnZTogdXJsKHJlc291cmNlcy9ob3Jpem9udGFsLXRyYWNrLnBuZykgMCAyMCAwIDIw OworICAgIGJvcmRlci1jb2xvcjogdHJhbnNwYXJlbnQ7CisgICAgYm9yZGVyLXdpZHRoOiAwIDAg MCAyMHB4OworfQorCis6Oi13ZWJraXQtc2Nyb2xsYmFyLXRyYWNrLXBpZWNlOmhvcml6b250YWw6 aW5jcmVtZW50IHsKKyAgICAtd2Via2l0LWJvcmRlci1pbWFnZTogdXJsKHJlc291cmNlcy9ob3Jp em9udGFsLXRyYWNrLnBuZykgMCAyMCAwIDIwOworICAgIGJvcmRlci1jb2xvcjogdHJhbnNwYXJl bnQ7CisgICAgYm9yZGVyLXdpZHRoOiAwIDIwcHggMCAwOworfQorCis6Oi13ZWJraXQtc2Nyb2xs YmFyLWJ1dHRvbjpob3Jpem9udGFsIHsKKyAgICB3aWR0aDogMjBweDsKKyAgICAtd2Via2l0LWJv cmRlci1pbWFnZTogdXJsKHJlc291cmNlcy9ob3Jpem9udGFsLWJ1dHRvbi5wbmcpIDAgMiAwIDI7 CisgICAgYm9yZGVyLWNvbG9yOiB0cmFuc3BhcmVudDsKKyAgICBib3JkZXItd2lkdGg6IDAgMnB4 OworfQorCis6Oi13ZWJraXQtc2Nyb2xsYmFyLWJ1dHRvbjpob3Jpem9udGFsOmRlY3JlbWVudCB7 CisgICAgYmFja2dyb3VuZC1pbWFnZTogdXJsKHJlc291cmNlcy9ob3Jpem9udGFsLWRlY3JlbWVu dC1hcnJvdy5wbmcpLCB1cmwocmVzb3VyY2VzL2hvcml6b250YWwtYnV0dG9uLWJhY2tncm91bmQu cG5nKTsKKyAgICBiYWNrZ3JvdW5kLXJlcGVhdDogbm8tcmVwZWF0LCByZXBlYXQteDsKKyAgICBi YWNrZ3JvdW5kLXBvc2l0aW9uOiAycHggM3B4LCAwIDA7Cit9CisKKzo6LXdlYmtpdC1zY3JvbGxi YXItYnV0dG9uOmhvcml6b250YWw6aW5jcmVtZW50IHsKKyAgICBiYWNrZ3JvdW5kLWltYWdlOiB1 cmwocmVzb3VyY2VzL2hvcml6b250YWwtaW5jcmVtZW50LWFycm93LnBuZyksIHVybChyZXNvdXJj ZXMvaG9yaXpvbnRhbC1idXR0b24tYmFja2dyb3VuZC5wbmcpOworICAgIGJhY2tncm91bmQtcmVw ZWF0OiBuby1yZXBlYXQsIHJlcGVhdC14OworICAgIGJhY2tncm91bmQtcG9zaXRpb246IDdweCAz cHgsIDAgMDsKK30KKworLmNvbnRhaW5lciB7CisgIHBvc2l0aW9uOiBhYnNvbHV0ZTsKKyAgaGVp Z2h0OiAxMDBweDsKKyAgd2lkdGg6IDEwMHB4OworICBiYWNrZ3JvdW5kLWNvbG9yOiBzaWx2ZXI7 Cit9CisKKy5zY3JvbGxlciB7CisgIHBvc2l0aW9uOiBhYnNvbHV0ZTsKKyAgdG9wOiA1MHB4Owor ICBsZWZ0OiAwOworICB3aWR0aDogMzAwcHg7CisgIGhlaWdodDogNTBweDsKKyAgLXdlYmtpdC1i b3gtc2l6aW5nOiBib3JkZXItYm94OworICBib3JkZXI6IDFweCBzb2xpZCBibGFjazsKKyAgb3Zl cmZsb3cteDogc2Nyb2xsOworfQorCisuaW5uZXIgeworICB3aWR0aDogNDAwcHg7Cit9Cis8L3N0 eWxlPgorPHNjcmlwdD4KKyAgZnVuY3Rpb24gc2hvd1Njcm9sbGVyKCkKKyAgeworICAgIHZhciBz Y3JvbGxlciA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ2RpdicpOworICAgIHNjcm9sbGVyLmNs YXNzTmFtZSA9ICdzY3JvbGxlcic7CisgICAgCisgICAgdmFyIGNvbnRlbnRzID0gZG9jdW1lbnQu Y3JlYXRlRWxlbWVudCgnZGl2JykKKyAgICBjb250ZW50cy5jbGFzc05hbWUgPSAnaW5uZXInOwor ICAgIGNvbnRlbnRzLmFwcGVuZENoaWxkKGRvY3VtZW50LmNyZWF0ZVRleHROb2RlKCdpbm5lcicp KTsKKyAgCisgICAgc2Nyb2xsZXIuYXBwZW5kQ2hpbGQoY29udGVudHMpOworICAgIAorICAgIGRv Y3VtZW50LmdldEVsZW1lbnRCeUlkKCdjb250YWluZXInKS5hcHBlbmRDaGlsZChzY3JvbGxlcik7 CisgIH0KKyAgCisgIGZ1bmN0aW9uIGhpZGVTY3JvbGxlcigpCisgIHsKKyAgICB2YXIgc2Nyb2xs ZXIgPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnY29udGFpbmVyJykucXVlcnlTZWxlY3RvckFs bCgnLnNjcm9sbGVyJylbMF07CisgICAgc2Nyb2xsZXIucGFyZW50Tm9kZS5yZW1vdmVDaGlsZChz Y3JvbGxlcik7CisgIH0KKyAgCisgIGZ1bmN0aW9uIGRvVGVzdCgpIHsKKyAgICBpZiAod2luZG93 LmxheW91dFRlc3RDb250cm9sbGVyKQorICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1w QXNUZXh0KCk7CisKKyAgICBpZiAod2luZG93LmV2ZW50U2VuZGVyKSB7CisgICAgICAgIGV2ZW50 U2VuZGVyLmRyYWdNb2RlID0gZmFsc2U7CisgICAgICAgIGV2ZW50U2VuZGVyLm1vdXNlTW92ZVRv KDUwLCA0MCk7CisgICAgICAgIGV2ZW50U2VuZGVyLm1vdXNlTW92ZVRvKDUwLCA1NSk7CisgICAg ICAgIGV2ZW50U2VuZGVyLm1vdXNlTW92ZVRvKDUwLCA5MCk7CisgICAgICAgIGV2ZW50U2VuZGVy Lm1vdXNlRG93bigpOworICAgICAgICBldmVudFNlbmRlci5tb3VzZVVwKCk7CisgICAgICAgIGV2 ZW50U2VuZGVyLm1vdXNlTW92ZVRvKDUwLCAxMjApOworICAgIH0KKyAgfQorCisgIHdpbmRvdy5h ZGRFdmVudExpc3RlbmVyKCdsb2FkJywgZG9UZXN0LCBmYWxzZSk7Cis8L3NjcmlwdD4KKzwvaGVh ZD4KKzxib2R5PgorICA8ZGl2IGlkPSJjb250YWluZXIiIGNsYXNzPSJjb250YWluZXIiIG9ubW91 c2VvdmVyPSJzaG93U2Nyb2xsZXIoKSIgb25tb3VzZW91dD0iaGlkZVNjcm9sbGVyKCkiPgorICA8 L2Rpdj4KKyAgPHA+VGhpcyB0ZXN0IHNob3VsZCBub3QgY3Jhc2g8L3A+Cis8L2JvZHk+ClwgTm8g bmV3bGluZSBhdCBlbmQgb2YgZmlsZQpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9DaGFuZ2VMb2cgYi9X ZWJDb3JlL0NoYW5nZUxvZwppbmRleCA0MzlhOTlmNGQ0OTA0OGFiMWMxM2RjNjYxOWJiYzBhOTI1 YzhkNGU1Li43YzUzNjMwNmI3NWY5Y2E0Yzc5ZjRjNjUxYmE5ZmIzMTRjZDE3NjBkIDEwMDY0NAot LS0gYS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsx LDIzIEBACisyMDEwLTA3LTI4ICBTaW1vbiBGcmFzZXIgIDxzaW1vbi5mcmFzZXJAYXBwbGUuY29t PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIENyYXNo IHdoZW4gY29tcHV0aW5nIHBzZXVkby1zdHlsZSBvZiBhIHZhbmlzaGVkIHNjcm9sbGJhciBpbiBp bnNwZWN0b3IKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTQyNTYxCisgICAgICAgIAorICAgICAgICBXaGVuIGEgc3R5bGVkIG92ZXJmbG93OnNjcm9sbCBz Y3JvbGxiYXIgZ2V0cyBkZXN0cm95ZWQsIHdlIG5lZWQgdG8gY2xlYXIgb3V0IHRoZSBtX293bmVy IHBvaW50ZXIsCisgICAgICAgIG90aGVyd2lzZSB0aGUgZXZlbnQgaGFuZGxpbmcgY29kZSAod2hp Y2gga2VlcHMgdGhlIFNjcm9sbGJhciBhbGl2ZSkgbGF0ZXIgY2F1c2VzIHRoZSBzY3JvbGxiYXIK KyAgICAgICAgdG8gdHJ5IHRvIHVzZSBtX293bmVyIHRvIGdldCBwc2V1ZG8gc3R5bGUuCisKKyAg ICAgICAgVGVzdDogc2Nyb2xsYmFycy9vdmVyZmxvdy1jdXN0b20tc2Nyb2xsYmFyLWNyYXNoLmh0 bWwKKworICAgICAgICAqIHJlbmRlcmluZy9SZW5kZXJMYXllci5jcHA6CisgICAgICAgIChXZWJD b3JlOjpSZW5kZXJMYXllcjo6ZGVzdHJveVNjcm9sbGJhcik6IElmIHRoaXMgaXMgYSBjdXN0b20g c2Nyb2xsYmFyLCBjbGVhciB0aGUgb3duaW5nIHJlbmRlcmVyLgorICAgICAgICAqIHJlbmRlcmlu Zy9SZW5kZXJTY3JvbGxiYXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6UmVuZGVyU2Nyb2xsYmFy OjpnZXRTY3JvbGxiYXJQc2V1ZG9TdHlsZSk6IEJhaWwgaWYgbV9vd25lciBpcyAwLgorICAgICAg ICAqIHJlbmRlcmluZy9SZW5kZXJTY3JvbGxiYXIuaDoKKyAgICAgICAgKFdlYkNvcmU6OlJlbmRl clNjcm9sbGJhcjo6c2V0T3duaW5nUmVuZGVyZXIpOiBOZXcgbWV0aG9kLgorCiAyMDEwLTA3LTI3 ICBTaW1vbiBGcmFzZXIgIDxzaW1vbi5mcmFzZXJAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmll d2VkIGJ5IERhcmluIEFkbGVyLgpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9XZWJDb3JlLnhjb2RlcHJv ai9wcm9qZWN0LnBieHByb2ogYi9XZWJDb3JlL1dlYkNvcmUueGNvZGVwcm9qL3Byb2plY3QucGJ4 cHJvagppbmRleCA5NDVhYTVkYTAyYmZkNzIxN2JiMDU1ZWNjMWJiYzMwNDgyNjFhOTE2Li5hOGYy ZTRjNjE1YmRiNjBiZGFmNDQzOTQ0MjI2MzdmNzI5NjYxNWU3IDEwMDY0NAotLS0gYS9XZWJDb3Jl L1dlYkNvcmUueGNvZGVwcm9qL3Byb2plY3QucGJ4cHJvagorKysgYi9XZWJDb3JlL1dlYkNvcmUu eGNvZGVwcm9qL3Byb2plY3QucGJ4cHJvagpAQCAtMTk5MDYsNiArMTk5MDYsNyBAQAogCQkJaXNh ID0gUEJYUHJvamVjdDsKIAkJCWJ1aWxkQ29uZmlndXJhdGlvbkxpc3QgPSAxNDlDMjg0MzA4OTAy QjExMDA4QTlFRkMgLyogQnVpbGQgY29uZmlndXJhdGlvbiBsaXN0IGZvciBQQlhQcm9qZWN0ICJX ZWJDb3JlIiAqLzsKIAkJCWNvbXBhdGliaWxpdHlWZXJzaW9uID0gIlhjb2RlIDIuNCI7CisJCQlk ZXZlbG9wbWVudFJlZ2lvbiA9IEVuZ2xpc2g7CiAJCQloYXNTY2FubmVkRm9yRW5jb2RpbmdzID0g MTsKIAkJCWtub3duUmVnaW9ucyA9ICgKIAkJCQlFbmdsaXNoLApkaWZmIC0tZ2l0IGEvV2ViQ29y ZS9yZW5kZXJpbmcvUmVuZGVyTGF5ZXIuY3BwIGIvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyTGF5 ZXIuY3BwCmluZGV4IGQ0MGE2Zjg3NjBhNGFkN2ZkMzcyOGQ3MGI1ZWZlZWI3M2RmNTE1Y2EuLjky OWYxYzIzMGQ4MWY5M2FlMWI3NWZlMDFjMGIzMmYwYWI0NjMxMmMgMTAwNjQ0Ci0tLSBhL1dlYkNv cmUvcmVuZGVyaW5nL1JlbmRlckxheWVyLmNwcAorKysgYi9XZWJDb3JlL3JlbmRlcmluZy9SZW5k ZXJMYXllci5jcHAKQEAgLTE3OTAsNiArMTc5MCw5IEBAIHZvaWQgUmVuZGVyTGF5ZXI6OmRlc3Ry b3lTY3JvbGxiYXIoU2Nyb2xsYmFyT3JpZW50YXRpb24gb3JpZW50YXRpb24pCiB7CiAgICAgUmVm UHRyPFNjcm9sbGJhcj4mIHNjcm9sbGJhciA9IG9yaWVudGF0aW9uID09IEhvcml6b250YWxTY3Jv bGxiYXIgPyBtX2hCYXIgOiBtX3ZCYXI7CiAgICAgaWYgKHNjcm9sbGJhcikgeworICAgICAgICBp ZiAoc2Nyb2xsYmFyLT5pc0N1c3RvbVNjcm9sbGJhcigpKQorICAgICAgICAgICAgc3RhdGljX2Nh c3Q8UmVuZGVyU2Nyb2xsYmFyKj4oc2Nyb2xsYmFyLmdldCgpKS0+c2V0T3duaW5nUmVuZGVyZXIo MCk7CisKICAgICAgICAgc2Nyb2xsYmFyLT5yZW1vdmVGcm9tUGFyZW50KCk7CiAgICAgICAgIHNj cm9sbGJhci0+c2V0Q2xpZW50KDApOwogICAgICAgICBzY3JvbGxiYXIgPSAwOwpkaWZmIC0tZ2l0 IGEvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyU2Nyb2xsYmFyLmNwcCBiL1dlYkNvcmUvcmVuZGVy aW5nL1JlbmRlclNjcm9sbGJhci5jcHAKaW5kZXggNjNmY2U4ZGJiZWYxY2Q5NjRlOTRlODFkMzQ2 ZGM3NzRiZTAyNzE3MC4uODE3ZGQwMmZlMGE2OTc4OTViNjU3OTdmNDUwMmU3MjYyY2VmYWVlMCAx MDA2NDQKLS0tIGEvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyU2Nyb2xsYmFyLmNwcAorKysgYi9X ZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJTY3JvbGxiYXIuY3BwCkBAIC0xMzAsNiArMTMwLDkgQEAg U2Nyb2xsYmFyUGFydCBSZW5kZXJTY3JvbGxiYXI6OnBhcnRGb3JTdHlsZVJlc29sdmUoKQogCiBQ YXNzUmVmUHRyPFJlbmRlclN0eWxlPiBSZW5kZXJTY3JvbGxiYXI6OmdldFNjcm9sbGJhclBzZXVk b1N0eWxlKFNjcm9sbGJhclBhcnQgcGFydFR5cGUsIFBzZXVkb0lkIHBzZXVkb0lkKQogeworICAg IGlmICghbV9vd25lcikKKyAgICAgICAgcmV0dXJuIDA7CisKICAgICBzX3N0eWxlUmVzb2x2ZVBh cnQgPSBwYXJ0VHlwZTsKICAgICBzX3N0eWxlUmVzb2x2ZVNjcm9sbGJhciA9IHRoaXM7CiAgICAg UmVmUHRyPFJlbmRlclN0eWxlPiByZXN1bHQgPSBtX293bmVyLT5nZXRVbmNhY2hlZFBzZXVkb1N0 eWxlKHBzZXVkb0lkLCBtX293bmVyLT5zdHlsZSgpKTsKZGlmZiAtLWdpdCBhL1dlYkNvcmUvcmVu ZGVyaW5nL1JlbmRlclNjcm9sbGJhci5oIGIvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyU2Nyb2xs YmFyLmgKaW5kZXggYjNjMDBlZmUzOTFmOGYyZjRjZTcxYTc1YzU3Mjg0YmVkOWQzNDhkYi4uOTU0 MWIzZDNhODExMTA0MmVkOTdmYjMxODRhODRmMDBkYTkyMjNkNCAxMDA2NDQKLS0tIGEvV2ViQ29y ZS9yZW5kZXJpbmcvUmVuZGVyU2Nyb2xsYmFyLmgKKysrIGIvV2ViQ29yZS9yZW5kZXJpbmcvUmVu ZGVyU2Nyb2xsYmFyLmgKQEAgLTQ5LDYgKzQ5LDcgQEAgcHVibGljOgogICAgIHN0YXRpYyBSZW5k ZXJTY3JvbGxiYXIqIHNjcm9sbGJhckZvclN0eWxlUmVzb2x2ZSgpOwogCiAgICAgUmVuZGVyQm94 KiBvd25pbmdSZW5kZXJlcigpIGNvbnN0IHsgcmV0dXJuIG1fb3duZXI7IH0KKyAgICB2b2lkIHNl dE93bmluZ1JlbmRlcmVyKFJlbmRlckJveCogb3duZXIpIHsgbV9vd25lciA9IG93bmVyOyB9CiAK ICAgICB2b2lkIHBhaW50UGFydChHcmFwaGljc0NvbnRleHQqLCBTY3JvbGxiYXJQYXJ0LCBjb25z dCBJbnRSZWN0Jik7CiAK