47594 2010-10-13 08:44:31 -0700 Misaligned memory access in CloneDeserializer on ARM (<v6) 2010-11-22 08:47:27 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Other Other RESOLVED FIXED P2 Normal --- 1 yong.li.webkit yong.li.webkit abarth barraclough commit-queue dave+webkit deepak.m eric kimmo.t.kinnunen loki oliver ossy staikos thomas webkit.review.bot oldest_to_newest 293442 0 yong.li.webkit 2010-10-13 08:44:31 -0700 Bug 45301 fixes the warning, but the problem still exists. On ARM (<v6), CloneDeserializer::readLittleEndian and readString can result misaligned memory access. #if ASSUME_LITTLE_ENDIAN template <typename T> static bool readLittleEndian(const uint8_t*& ptr, const uint8_t* end, T& value) { if (ptr > end – sizeof(value)) return false; if (sizeof(T) == 1) value = *ptr++; else { value = *reinterpret_cast_ptr<const T*>(ptr); // here I think we should do memcpy(&value, ptr, sizeof(value)) ptr += sizeof(T); } return true; } 293443 1 70612 yong.li.webkit 2010-10-13 08:49:30 -0700 Created attachment 70612 the patch trying to get a test case 293465 2 70617 yong.li.webkit 2010-10-13 09:43:59 -0700 Created attachment 70617 The patch (no test added because...) no new test is added because the crash can be reproduced by loading some existing tests like: LayoutTests/fast/events/message-channel-gc-4.html 293482 3 70617 oliver 2010-10-13 10:08:45 -0700 Comment on attachment 70617 The patch (no test added because...) View in context: https://bugs.webkit.org/attachment.cgi?id=70617&action=review r- due to the issues I noted. The duplicate string copy is the biggest concern. > WebCore/bindings/js/SerializedScriptValue.cpp:824 > + if (reinterpret_cast<unsigned>(ptr) & (sizeof(T) - 1)) when casting a pointer to an integer type you should always use uintptr_t or intptr_t (in this case you want uintptr_t) > WebCore/bindings/js/SerializedScriptValue.cpp:828 > +#else Honestly I think that given the likelihood of an unaligned read we should probably just drop the alignment check on armv5 or lower and always do a memcpy > WebCore/bindings/js/SerializedScriptValue.cpp:924 > + // Use 32-character-long inline buffer as a fast path for small strings. > + Vector<UChar, 32> alignedBuffer(length); > + memcpy(alignedBuffer.data(), ptr, length * sizeof(UChar)); > + str = UString(alignedBuffer.data(), length); This results in multiple copies, rather than str = UString(....) you should do str = UString::adopt(alignedBuffer); 293483 4 yong.li.webkit 2010-10-13 10:11:16 -0700 (In reply to comment #3) > (From update of attachment 70617 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=70617&action=review > > r- due to the issues I noted. The duplicate string copy is the biggest concern. > > > WebCore/bindings/js/SerializedScriptValue.cpp:824 > > + if (reinterpret_cast<unsigned>(ptr) & (sizeof(T) - 1)) > > when casting a pointer to an integer type you should always use uintptr_t or intptr_t (in this case you want uintptr_t) > > > WebCore/bindings/js/SerializedScriptValue.cpp:828 > > +#else > > Honestly I think that given the likelihood of an unaligned read we should probably just drop the alignment check on armv5 or lower and always do a memcpy > > > WebCore/bindings/js/SerializedScriptValue.cpp:924 > > + // Use 32-character-long inline buffer as a fast path for small strings. > > + Vector<UChar, 32> alignedBuffer(length); > > + memcpy(alignedBuffer.data(), ptr, length * sizeof(UChar)); > > + str = UString(alignedBuffer.data(), length); > > This results in multiple copies, rather than str = UString(....) you should do > str = UString::adopt(alignedBuffer); Thanks a lot. I'll update the patch soon 293490 5 70621 yong.li.webkit 2010-10-13 10:23:06 -0700 Created attachment 70621 updated 1. use uintptr_t to cast pointer to integer 2. use UString::adopt to avoid duplicate copy 3. remove the aligned code paths 293506 6 70621 oliver 2010-10-13 10:39:33 -0700 Comment on attachment 70621 updated Nice 293592 7 70621 commit-queue 2010-10-13 12:22:05 -0700 Comment on attachment 70621 updated Clearing flags on attachment: 70621 Committed r69682: <http://trac.webkit.org/changeset/69682> 293593 8 commit-queue 2010-10-13 12:22:12 -0700 All reviewed patches have been landed. Closing bug. 293662 9 webkit.review.bot 2010-10-13 13:15:04 -0700 http://trac.webkit.org/changeset/69682 might have broken GTK Linux 64-bit Debug 294005 10 loki 2010-10-14 00:48:12 -0700 Hmm, it looks like I missed that alignment difference when I fixed that warnings. I assumed the buffer of CloneDeserializer is allocated in a natural way, but the m_data of SerializedScriptValue is allocated as a char vector. Although the fix is good, you should consider the MIPS uses natural alignment as well. Well, MIPS has unaligned load/store instruction, but the GCC also warns on unaligned data access (see deepak's comments at bug 43963). My suggestion is to create a WTF_CPU_NATURAL_ALIGNMENT_IS_NEEDED macro in Platform.h, and set it for WTF_CPU_ARMV5_OR_LOWER and WTF_CPU_MIPS as well. So, we can use CPU(NATURAL_ALIGNMENT_IS_NEEDED) instead of current CPU(ARMV5_OR_LOWER) check. At first of all it would be nice someone who has MIPS to confirm this warning. 294111 11 yong.li.webkit 2010-10-14 07:55:49 -0700 (In reply to comment #10) > Hmm, it looks like I missed that alignment difference when I fixed that warnings. I assumed the buffer of CloneDeserializer is allocated in a natural way, but the m_data of SerializedScriptValue is allocated as a char vector. > Although the fix is good, you should consider the MIPS uses natural alignment as well. Well, MIPS has unaligned load/store instruction, but the GCC also warns on unaligned data access (see deepak's comments at bug 43963). > My suggestion is to create a WTF_CPU_NATURAL_ALIGNMENT_IS_NEEDED macro in Platform.h, and set it for WTF_CPU_ARMV5_OR_LOWER and WTF_CPU_MIPS as well. So, we can use CPU(NATURAL_ALIGNMENT_IS_NEEDED) instead of current CPU(ARMV5_OR_LOWER) check. > At first of all it would be nice someone who has MIPS to confirm this warning. CPU(NATURAL_ALIGNMENT_IS_NEEDED) is good idea. I used CPU(ARMV5_OR_LOWER) because I see it is also being used somewhere else for alignment isue. About the warning, probably we should find a better way to suppress it. reinterpret_cast_ptr is different from reinterpret_cast only for #if CPU(ARM) && COMPILER(GCC), and it asserts that the pointer is already aligned. ASSERT(isPointerTypeAlignmentOkay(reinterpret_cast<TypePtr>(ptr))); So even on ARMv6, the debug build will throw an assertion, which is also annoying. 302573 12 kimmo.t.kinnunen 2010-10-31 23:36:32 -0700 > CPU(NATURAL_ALIGNMENT_IS_NEEDED) is good idea. I used CPU(ARMV5_OR_LOWER) because I see it is also being used somewhere else for alignment isue. It may be that CPU(NATURAL_ALIGNMENT_IS_NEEDED) is not fine-grained enough. Long longs seem to cause crashes on ARMv7 too (at least on some platform+toolchain combination). Related bug: http://bugs.webkit.org/show_bug.cgi?id=48742 70612 2010-10-13 08:49:30 -0700 2010-10-13 09:44:07 -0700 the patch 47594.patch text/plain 2351 yong.li.webkit ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg YjI3ZWNmNS4uY2MxZTFhYSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNSBAQAorMjAxMC0xMC0xMyAgWW9uZyBMaSAgPHlv bGlAcmltLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBGaXggcG90ZW50aWFsIG1pc2FsaWduZWQgbWVtb3J5IGFjY2VzcyBpbiBDbG9uZURlc2Vy aWFsaXplcjo6cmVhZExpdHRsZUVuZGlhbiBhbmQgcmVhZFN0cmluZworICAgICAgICB0aGF0IGNh biByZXN1bHQgY3Jhc2ggb24gQVJNICg8djYpLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDc1OTQgCisKKyAgICAgICAgKiBiaW5kaW5ncy9qcy9TZXJp YWxpemVkU2NyaXB0VmFsdWUuY3BwOgorICAgICAgICAoV2ViQ29yZTo6Q2xvbmVEZXNlcmlhbGl6 ZXI6OnJlYWRMaXR0bGVFbmRpYW4pOgorICAgICAgICAoV2ViQ29yZTo6Q2xvbmVEZXNlcmlhbGl6 ZXI6OnJlYWRTdHJpbmcpOgorCiAyMDEwLTA5LTI5ICBTY290dCBDYW1lcm9uICA8c2NjYW1lcm9u QHJpbS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCmRpZmYgLS1n aXQgYS9XZWJDb3JlL2JpbmRpbmdzL2pzL1NlcmlhbGl6ZWRTY3JpcHRWYWx1ZS5jcHAgYi9XZWJD b3JlL2JpbmRpbmdzL2pzL1NlcmlhbGl6ZWRTY3JpcHRWYWx1ZS5jcHAKaW5kZXggOGNlM2E1OC4u N2QyMjkxMSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9iaW5kaW5ncy9qcy9TZXJpYWxpemVkU2NyaXB0 VmFsdWUuY3BwCisrKyBiL1dlYkNvcmUvYmluZGluZ3MvanMvU2VyaWFsaXplZFNjcmlwdFZhbHVl LmNwcApAQCAtODE5LDcgKzgxOSwxNSBAQCBwcml2YXRlOgogICAgICAgICBpZiAoc2l6ZW9mKFQp ID09IDEpCiAgICAgICAgICAgICB2YWx1ZSA9ICpwdHIrKzsKICAgICAgICAgZWxzZSB7Ci0gICAg ICAgICAgICB2YWx1ZSA9ICpyZWludGVycHJldF9jYXN0X3B0cjxjb25zdCBUKj4ocHRyKTsKKyNp ZiBDUFUoQVJNKSAmJiBXVEZfQVJNX0FSQ0hfVkVSU0lPTiA8IDYKKyAgICAgICAgICAgIC8vIFRv IHByb3RlY3QgbWlzYWxpZ25lZCBtZW1vcnkgYWNjZXNzLgorICAgICAgICAgICAgaWYgKHJlaW50 ZXJwcmV0X2Nhc3Q8dW5zaWduZWQ+KHB0cikgJiAoc2l6ZW9mKFQpIC0gMSkpCisgICAgICAgICAg ICAgICAgbWVtY3B5KCZ2YWx1ZSwgcHRyLCBzaXplb2YoVCkpOworICAgICAgICAgICAgZWxzZQor ICAgICAgICAgICAgICAgIHZhbHVlID0gKnJlaW50ZXJwcmV0X2Nhc3RfcHRyPGNvbnN0IFQqPihw dHIpOworI2Vsc2UKKyAgICAgICAgICAgIHZhbHVlID0gKnJlaW50ZXJwcmV0X2Nhc3Q8Y29uc3Qg VCo+KHB0cik7CisjZW5kaWYKICAgICAgICAgICAgIHB0ciArPSBzaXplb2YoVCk7CiAgICAgICAg IH0KICAgICAgICAgcmV0dXJuIHRydWU7CkBAIC05MDcsNyArOTE1LDE4IEBAIHByaXZhdGU6CiAg ICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAKICNpZiBBU1NVTUVfTElUVExFX0VORElBTgotICAg ICAgICBzdHIgPSBVU3RyaW5nKHJlaW50ZXJwcmV0X2Nhc3RfcHRyPGNvbnN0IFVDaGFyKj4ocHRy KSwgbGVuZ3RoKTsKKyNpZiBDUFUoQVJNKSAmJiBXVEZfQVJNX0FSQ0hfVkVSU0lPTiA8IDYKKyAg ICAgICAgLy8gVG8gcHJvdGVjdCBtaXNhbGlnbmVkIG1lbW9yeSBhY2Nlc3MuCisgICAgICAgIGlm IChyZWludGVycHJldF9jYXN0PHVuc2lnbmVkPihwdHIpICYgKHNpemVvZihVQ2hhcikgLSAxKSkg eworICAgICAgICAgICAgLy8gVXNlIDMyLWNoYXJhY3Rlci1sb25nIGlubGluZSBidWZmZXIgYXMg YSBmYXN0IHBhdGggZm9yIHNtYWxsIHN0cmluZ3MuCisgICAgICAgICAgICBWZWN0b3I8VUNoYXIs IDMyPiBhbGlnbmVkQnVmZmVyKGxlbmd0aCk7CisgICAgICAgICAgICBtZW1jcHkoYWxpZ25lZEJ1 ZmZlci5kYXRhKCksIHB0ciwgbGVuZ3RoICogc2l6ZW9mKFVDaGFyKSk7CisgICAgICAgICAgICBz dHIgPSBVU3RyaW5nKGFsaWduZWRCdWZmZXIuZGF0YSgpLCBsZW5ndGgpOworICAgICAgICB9IGVs c2UKKyAgICAgICAgICAgIHN0ciA9IFVTdHJpbmcocmVpbnRlcnByZXRfY2FzdF9wdHI8Y29uc3Qg VUNoYXIqPihwdHIpLCBsZW5ndGgpOworI2Vsc2UKKyAgICAgICAgc3RyID0gVVN0cmluZyhyZWlu dGVycHJldF9jYXN0PGNvbnN0IFVDaGFyKj4ocHRyKSwgbGVuZ3RoKTsKKyNlbmRpZgogICAgICAg ICBwdHIgKz0gbGVuZ3RoICogc2l6ZW9mKFVDaGFyKTsKICNlbHNlCiAgICAgICAgIFZlY3RvcjxV Q2hhcj4gYnVmZmVyOwo= 70617 2010-10-13 09:43:59 -0700 2010-10-13 10:23:06 -0700 The patch (no test added because...) 47594.patch text/plain 2466 yong.li.webkit ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg NWY0YzY4Ni4uNTFiYjIxNSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxOCBAQAorMjAxMC0xMC0xMyAgWW9uZyBMaSAgPHlv bGlAcmltLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBGaXggcG90ZW50aWFsIG1pc2FsaWduZWQgbWVtb3J5IGFjY2VzcyBpbiBDbG9uZURlc2Vy aWFsaXplcjo6cmVhZExpdHRsZUVuZGlhbiBhbmQgcmVhZFN0cmluZworICAgICAgICB0aGF0IGNh biByZXN1bHQgY3Jhc2ggb24gQVJNICg8djYpLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDc1OTQKKworICAgICAgICBObyBuZXcgdGVzdCBhZGRlZCwg YmVjYXVzZSB0aGUgY3Jhc2ggY2FuIGJlIHByb2R1Y2VkIGJ5IGV4aXN0aW5nIHRlc3RzIGxpa2U6 CisgICAgICAgIExheW91dFRlc3RzL2Zhc3QvZXZlbnRzL21lc3NhZ2UtY2hhbm5lbC1nYy00Lmh0 bWwKKworICAgICAgICAqIGJpbmRpbmdzL2pzL1NlcmlhbGl6ZWRTY3JpcHRWYWx1ZS5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjpDbG9uZURlc2VyaWFsaXplcjo6cmVhZExpdHRsZUVuZGlhbik6Cisg ICAgICAgIChXZWJDb3JlOjpDbG9uZURlc2VyaWFsaXplcjo6cmVhZFN0cmluZyk6CisKIDIwMTAt MTAtMTMgIFl1cnkgU2VtaWtoYXRza3kgIDx5dXJ5c0BjaHJvbWl1bS5vcmc+CiAKICAgICAgICAg UmV2aWV3ZWQgYnkgUGF2ZWwgRmVsZG1hbi4KZGlmZiAtLWdpdCBhL1dlYkNvcmUvYmluZGluZ3Mv anMvU2VyaWFsaXplZFNjcmlwdFZhbHVlLmNwcCBiL1dlYkNvcmUvYmluZGluZ3MvanMvU2VyaWFs aXplZFNjcmlwdFZhbHVlLmNwcAppbmRleCA4Y2NhZjljLi41MTc1ZDBmIDEwMDY0NAotLS0gYS9X ZWJDb3JlL2JpbmRpbmdzL2pzL1NlcmlhbGl6ZWRTY3JpcHRWYWx1ZS5jcHAKKysrIGIvV2ViQ29y ZS9iaW5kaW5ncy9qcy9TZXJpYWxpemVkU2NyaXB0VmFsdWUuY3BwCkBAIC04MTksNyArODE5LDE1 IEBAIHByaXZhdGU6CiAgICAgICAgIGlmIChzaXplb2YoVCkgPT0gMSkKICAgICAgICAgICAgIHZh bHVlID0gKnB0cisrOwogICAgICAgICBlbHNlIHsKLSAgICAgICAgICAgIHZhbHVlID0gKnJlaW50 ZXJwcmV0X2Nhc3RfcHRyPGNvbnN0IFQqPihwdHIpOworI2lmIENQVShBUk1WNV9PUl9MT1dFUikK KyAgICAgICAgICAgIC8vIFRvIHByb3RlY3QgbWlzYWxpZ25lZCBtZW1vcnkgYWNjZXNzLgorICAg ICAgICAgICAgaWYgKHJlaW50ZXJwcmV0X2Nhc3Q8dW5zaWduZWQ+KHB0cikgJiAoc2l6ZW9mKFQp IC0gMSkpCisgICAgICAgICAgICAgICAgbWVtY3B5KCZ2YWx1ZSwgcHRyLCBzaXplb2YoVCkpOwor ICAgICAgICAgICAgZWxzZQorICAgICAgICAgICAgICAgIHZhbHVlID0gKnJlaW50ZXJwcmV0X2Nh c3RfcHRyPGNvbnN0IFQqPihwdHIpOworI2Vsc2UKKyAgICAgICAgICAgIHZhbHVlID0gKnJlaW50 ZXJwcmV0X2Nhc3Q8Y29uc3QgVCo+KHB0cik7CisjZW5kaWYKICAgICAgICAgICAgIHB0ciArPSBz aXplb2YoVCk7CiAgICAgICAgIH0KICAgICAgICAgcmV0dXJuIHRydWU7CkBAIC05MDcsNyArOTE1 LDE4IEBAIHByaXZhdGU6CiAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAKICNpZiBBU1NVTUVf TElUVExFX0VORElBTgotICAgICAgICBzdHIgPSBVU3RyaW5nKHJlaW50ZXJwcmV0X2Nhc3RfcHRy PGNvbnN0IFVDaGFyKj4ocHRyKSwgbGVuZ3RoKTsKKyNpZiBDUFUoQVJNVjVfT1JfTE9XRVIpCisg ICAgICAgIC8vIFRvIHByb3RlY3QgbWlzYWxpZ25lZCBtZW1vcnkgYWNjZXNzLgorICAgICAgICBp ZiAocmVpbnRlcnByZXRfY2FzdDx1bnNpZ25lZD4ocHRyKSAmIChzaXplb2YoVUNoYXIpIC0gMSkp IHsKKyAgICAgICAgICAgIC8vIFVzZSAzMi1jaGFyYWN0ZXItbG9uZyBpbmxpbmUgYnVmZmVyIGFz IGEgZmFzdCBwYXRoIGZvciBzbWFsbCBzdHJpbmdzLgorICAgICAgICAgICAgVmVjdG9yPFVDaGFy LCAzMj4gYWxpZ25lZEJ1ZmZlcihsZW5ndGgpOworICAgICAgICAgICAgbWVtY3B5KGFsaWduZWRC dWZmZXIuZGF0YSgpLCBwdHIsIGxlbmd0aCAqIHNpemVvZihVQ2hhcikpOworICAgICAgICAgICAg c3RyID0gVVN0cmluZyhhbGlnbmVkQnVmZmVyLmRhdGEoKSwgbGVuZ3RoKTsKKyAgICAgICAgfSBl bHNlCisgICAgICAgICAgICBzdHIgPSBVU3RyaW5nKHJlaW50ZXJwcmV0X2Nhc3RfcHRyPGNvbnN0 IFVDaGFyKj4ocHRyKSwgbGVuZ3RoKTsKKyNlbHNlCisgICAgICAgIHN0ciA9IFVTdHJpbmcocmVp bnRlcnByZXRfY2FzdDxjb25zdCBVQ2hhcio+KHB0ciksIGxlbmd0aCk7CisjZW5kaWYKICAgICAg ICAgcHRyICs9IGxlbmd0aCAqIHNpemVvZihVQ2hhcik7CiAjZWxzZQogICAgICAgICBWZWN0b3I8 VUNoYXI+IGJ1ZmZlcjsK 70621 2010-10-13 10:23:06 -0700 2010-10-13 12:22:05 -0700 updated 47594.patch text/plain 2040 yong.li.webkit ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg NWY0YzY4Ni4uNTFiYjIxNSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxOCBAQAorMjAxMC0xMC0xMyAgWW9uZyBMaSAgPHlv bGlAcmltLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBGaXggcG90ZW50aWFsIG1pc2FsaWduZWQgbWVtb3J5IGFjY2VzcyBpbiBDbG9uZURlc2Vy aWFsaXplcjo6cmVhZExpdHRsZUVuZGlhbiBhbmQgcmVhZFN0cmluZworICAgICAgICB0aGF0IGNh biByZXN1bHQgY3Jhc2ggb24gQVJNICg8djYpLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDc1OTQKKworICAgICAgICBObyBuZXcgdGVzdCBhZGRlZCwg YmVjYXVzZSB0aGUgY3Jhc2ggY2FuIGJlIHByb2R1Y2VkIGJ5IGV4aXN0aW5nIHRlc3RzIGxpa2U6 CisgICAgICAgIExheW91dFRlc3RzL2Zhc3QvZXZlbnRzL21lc3NhZ2UtY2hhbm5lbC1nYy00Lmh0 bWwKKworICAgICAgICAqIGJpbmRpbmdzL2pzL1NlcmlhbGl6ZWRTY3JpcHRWYWx1ZS5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjpDbG9uZURlc2VyaWFsaXplcjo6cmVhZExpdHRsZUVuZGlhbik6Cisg ICAgICAgIChXZWJDb3JlOjpDbG9uZURlc2VyaWFsaXplcjo6cmVhZFN0cmluZyk6CisKIDIwMTAt MTAtMTMgIFl1cnkgU2VtaWtoYXRza3kgIDx5dXJ5c0BjaHJvbWl1bS5vcmc+CiAKICAgICAgICAg UmV2aWV3ZWQgYnkgUGF2ZWwgRmVsZG1hbi4KZGlmZiAtLWdpdCBhL1dlYkNvcmUvYmluZGluZ3Mv anMvU2VyaWFsaXplZFNjcmlwdFZhbHVlLmNwcCBiL1dlYkNvcmUvYmluZGluZ3MvanMvU2VyaWFs aXplZFNjcmlwdFZhbHVlLmNwcAppbmRleCA4Y2NhZjljLi4xNzExNjg3IDEwMDY0NAotLS0gYS9X ZWJDb3JlL2JpbmRpbmdzL2pzL1NlcmlhbGl6ZWRTY3JpcHRWYWx1ZS5jcHAKKysrIGIvV2ViQ29y ZS9iaW5kaW5ncy9qcy9TZXJpYWxpemVkU2NyaXB0VmFsdWUuY3BwCkBAIC04MTksNyArODE5LDEy IEBAIHByaXZhdGU6CiAgICAgICAgIGlmIChzaXplb2YoVCkgPT0gMSkKICAgICAgICAgICAgIHZh bHVlID0gKnB0cisrOwogICAgICAgICBlbHNlIHsKLSAgICAgICAgICAgIHZhbHVlID0gKnJlaW50 ZXJwcmV0X2Nhc3RfcHRyPGNvbnN0IFQqPihwdHIpOworI2lmIENQVShBUk1WNV9PUl9MT1dFUikK KyAgICAgICAgICAgIC8vIFRvIHByb3RlY3QgbWlzYWxpZ25lZCBtZW1vcnkgYWNjZXNzLgorICAg ICAgICAgICAgbWVtY3B5KCZ2YWx1ZSwgcHRyLCBzaXplb2YoVCkpOworI2Vsc2UKKyAgICAgICAg ICAgIHZhbHVlID0gKnJlaW50ZXJwcmV0X2Nhc3Q8Y29uc3QgVCo+KHB0cik7CisjZW5kaWYKICAg ICAgICAgICAgIHB0ciArPSBzaXplb2YoVCk7CiAgICAgICAgIH0KICAgICAgICAgcmV0dXJuIHRy dWU7CkBAIC05MDcsNyArOTEyLDE0IEBAIHByaXZhdGU6CiAgICAgICAgICAgICByZXR1cm4gZmFs c2U7CiAKICNpZiBBU1NVTUVfTElUVExFX0VORElBTgotICAgICAgICBzdHIgPSBVU3RyaW5nKHJl aW50ZXJwcmV0X2Nhc3RfcHRyPGNvbnN0IFVDaGFyKj4ocHRyKSwgbGVuZ3RoKTsKKyNpZiBDUFUo QVJNVjVfT1JfTE9XRVIpCisgICAgICAgIC8vIFRvIHByb3RlY3QgbWlzYWxpZ25lZCBtZW1vcnkg YWNjZXNzLgorICAgICAgICBWZWN0b3I8VUNoYXI+IGFsaWduZWRCdWZmZXIobGVuZ3RoKTsKKyAg ICAgICAgbWVtY3B5KGFsaWduZWRCdWZmZXIuZGF0YSgpLCBwdHIsIGxlbmd0aCAqIHNpemVvZihV Q2hhcikpOworICAgICAgICBzdHIgPSBVU3RyaW5nOjphZG9wdChhbGlnbmVkQnVmZmVyKTsKKyNl bHNlCisgICAgICAgIHN0ciA9IFVTdHJpbmcocmVpbnRlcnByZXRfY2FzdDxjb25zdCBVQ2hhcio+ KHB0ciksIGxlbmd0aCk7CisjZW5kaWYKICAgICAgICAgcHRyICs9IGxlbmd0aCAqIHNpemVvZihV Q2hhcik7CiAjZWxzZQogICAgICAgICBWZWN0b3I8VUNoYXI+IGJ1ZmZlcjsK