48485 2010-10-27 16:55:47 -0700 Crash in Function.prototype.call.apply 2010-11-05 20:33:25 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac (Intel) OS X 10.5 RESOLVED FIXED InRadar, Regression P1 Normal --- 1 bz webkit-unassigned ap ggaren oliver zherczeg oldest_to_newest 300708 0 72114 bz 2010-10-27 16:55:47 -0700 Created attachment 72114 Crash test The browser crashes when the following function is run: Function.prototype.call.apply(fn, arguments) where fn is any function, and the arguments object has at least 3 items. I have experienced this only in recent nightly builds, using Mac OS X 10.5.8. The crash doesn't happen while the script debugger is on, or when it is run from the location bar, or when fn has been successfully called before. 300867 1 ap 2010-10-27 21:51:03 -0700 Confirmed with a local debug build of r70400. #0 0x101ccc9d0 in WTF::RefPtr<JSC::JSGlobalData>::get at RefPtr.h:59 #1 0x101d6cc95 in JSC::JSGlobalObject::globalData at JSGlobalObject.h:279 #2 0x101ce66e9 in JSC::Parser::parse<JSC::FunctionBodyNode> at Parser.h:87 #3 0x101cdee51 in JSC::FunctionExecutable::compileForCallInternal at Executable.cpp:181 #4 0x101c78d00 in JSC::FunctionExecutable::compileForCall at Executable.h:315 #5 0x101cf1bae in JSC::Interpreter::executeCall at Interpreter.cpp:795 #6 0x101ca909f in JSC::call at CallData.cpp:38 #7 0x101ceb580 in JSC::functionProtoFuncCall at FunctionPrototype.cpp:147 #8 0x5711998001aa in ?? #9 0x101cf6a86 in JSC::JITCode::execute at JITCode.h:77 #10 0x101cf2bf1 in JSC::Interpreter::execute at Interpreter.cpp:746 #11 0x101cc26c7 in JSC::evaluate at Completion.cpp:63 #12 0x10310b4a0 in WebCore::JSMainThreadExecState::evaluate at JSMainThreadExecState.h:54 301201 2 ggaren 2010-10-28 11:55:17 -0700 <rdar://problem/8606066> 301360 3 zherczeg 2010-10-28 15:00:40 -0700 Interpreter::executeCall CallFrame* newCallFrame = CallFrame::create(oldEnd); size_t dst = 0; newCallFrame->r(0) = thisValue; ArgList::const_iterator end = args.end(); for (ArgList::const_iterator it = args.begin(); it != end; ++it) newCallFrame->r(++dst) = *it; oldEnd < callFrame, so newCallFrame->r(...) overwrites callframe fields. I will continue the debugging tomorrow morning. Hopefully I could find a fix. 301817 4 zherczeg 2010-10-29 09:33:24 -0700 Hi guys, actually I am little confused with this bug as I don't exactly remember how JS call system should work, and I need a little help. This is a simplified example: function g() { Function.prototype.call.apply(g, arguments); } g(0, 0, 0) The byte-code of function g(): [ 0] enter [ 1] init_lazy_reg r1 [ 3] init_lazy_reg r0 [ 5] resolve_global r2, Function(@id0) [ 10] get_by_id r2, r2, prototype(@id1) [ 18] get_by_id r2, r2, call(@id2) [ 26] get_by_id r3, r2, apply(@id3) [ 34] jneq_ptr r3, r-1220017856, 22(->56) [ 38] mov r4, r2 [ 41] get_global_var r6, -6 [ 44] mov r7, r1 [ 47] load_varargs r5, r7 [ 50] call_varargs r4, r5, 12 [ 54] jmp 17(->71) [ 56] mov r4, r2 [ 59] get_global_var r5, -6 [ 62] create_arguments r1 [ 64] mov r6, r1 [ 67] call r3, 3, 13 [ 71] ret undefined(@k0) Before the "enter", the RegisterFile is extended, since the 'g' expects 0 parameter and got 3. Thus op_call_arityCheck() set the registerFile->m_end to 0x..100 (memory returned by mmap is always page aligned, thus the last 3 digit is always the same). As far as I remember, this should be the end of the memory used by the JS functon, shouldn't it? The emit_op_load_varargs does not call the helper-stub function, it just extend %edi (call frame ptr) to 0x...118, which is 3 registers beyond the end of the registerFile, and should be never written by JIT code, shoudn't it? call_varargs pass %edi as the call frame, and in Interpreter::executeCall oldEnd still points to 0x..100, and the callFrame to 0x...118. (I think an assert would be useful here). for (ArgList::const_iterator it = args.begin(); it != end; ++it) newCallFrame->r(++dst) = *it; The 'for' above overwrites callFrame members (still in Interpreter::executeCall). As far as I remember, registerFile->m_end points after the last available register, and no writes should happen after it. Thus I would blame emit_op_load_varargs at the moment, but I would be curious about your opinion. 304288 5 oliver 2010-11-03 14:16:37 -0700 I don't see any error in load_varargs, i see the badness in call_varargs, the callframe register is extended to include the registerOffset, but loadvarargs has not bounds checked that extension, only the space for arguments. 304317 6 oliver 2010-11-03 15:09:01 -0700 I have a fix, just building webkit 304342 7 72882 oliver 2010-11-03 16:17:40 -0700 Created attachment 72882 Patch 304353 8 oliver 2010-11-03 16:43:07 -0700 Committed r71280: <http://trac.webkit.org/changeset/71280> 305712 9 bz 2010-11-05 20:33:25 -0700 Thank you! 72114 2010-10-27 16:55:47 -0700 2010-10-27 16:55:47 -0700 Crash test test-case.html text/html 423 bz PCFkb2N0eXBlIGh0bWw+CjxodG1sPgo8aGVhZD4KPG1ldGEgY2hhcnNldD0idXRmLTgiIC8+Cjx0 aXRsZT5DcmFzaCBUZXN0OiBGdW5jdGlvbi5wcm90b3R5cGUuY2FsbC5hcHBseTwvdGl0bGU+Cjwv aGVhZD4KPGJvZHk+CjxkaXY+CjwvZGl2Pgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+ CmZ1bmN0aW9uIGFsZXJ0U2VsZigpIHsgYWxlcnQodGhpcyk7IH0KCmlmIChjb25maXJtKCJSZWFk eSB0byBjcmFzaD8iKSkgewoJKGZ1bmN0aW9uICgpIHsKCQlGdW5jdGlvbi5wcm90b3R5cGUuY2Fs bC5hcHBseShhbGVydFNlbGYsIGFyZ3VtZW50cyk7Cgl9KSgnWW91IHN1cnZpdmVkIScsIDAsIDAp OyAvLyBuZWVkcyAzKyBhcmd1bWVudHMKfSBlbHNlIHsKCWFsZXJ0KCdDaGlja2VuLicpOwp9Cjwv c2NyaXB0Pgo8L2JvZHk+CjwvaHRtbD4K 72882 2010-11-03 16:17:40 -0700 2010-11-03 16:19:05 -0700 Patch bug-48485-20101103161739.patch text/plain 9664 oliver ZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZyBiL0phdmFTY3JpcHRDb3JlL0No YW5nZUxvZwppbmRleCA3YjkzNWQ0ZTQ2ZDkyZjM5NGYxY2RjZmI3NmVlOTJmZDRiYjhmYzJmLi44 YjFkZjE2NDViODEwOTgxOWM2YmVjMmQxNTY4NmZjZTVjY2JlNDRkIDEwMDY0NAotLS0gYS9KYXZh U2NyaXB0Q29yZS9DaGFuZ2VMb2cKKysrIGIvSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCkBAIC0x LDMgKzEsMjcgQEAKKzIwMTAtMTEtMDMgIE9saXZlciBIdW50ICA8b2xpdmVyQGFwcGxlLmNvbT4K KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBDcmFzaCBp biBGdW5jdGlvbi5wcm90b3R5cGUuY2FsbC5hcHBseQorICAgICAgICBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDg0ODUKKworICAgICAgICBUaGUgcHJvYmxlbSBoZXJl IHdhcyBvcF9sb2FkX3ZhcmFyZ3MgZmFpbGluZyB0byBlbnN1cmUgdGhhdAorICAgICAgICB0aGVy ZSB3YXMgc3VmZmljaWVudCBzcGFjZSBmb3IgdGhlIGVudGlyZSBjYWxsZnJhbWUgcHJpb3IgdG8K KyAgICAgICAgb3BfY2FsbF92YXJhcmdzLiAgVGhpcyBtZWFudCB0aGF0IHdoZW4gd2UgdGhlbiBy ZS1lbnRlcmVkIHRoZQorICAgICAgICBWTSBpdCB3YXMgcG9zc2libGUgdG8gc3RvbXAgb3ZlciBh biBlYXJsaWVyIHBvcnRpb24gb2YgdGhlCisgICAgICAgIHN0YWNrLCBzbyBjYXVzaW5nIHN1Yi1v cHRpbWFsIGJlaGF2aW91ci4KKworICAgICAgICAqIGJ5dGVjb2RlL09wY29kZS5oOgorICAgICAg ICAqIGJ5dGVjb21waWxlci9CeXRlY29kZUdlbmVyYXRvci5jcHA6CisgICAgICAgIChKU0M6OkJ5 dGVjb2RlR2VuZXJhdG9yOjplbWl0TG9hZFZhcmFyZ3MpOgorICAgICAgICAqIGJ5dGVjb21waWxl ci9CeXRlY29kZUdlbmVyYXRvci5oOgorICAgICAgICAqIGJ5dGVjb21waWxlci9Ob2Rlc0NvZGVn ZW4uY3BwOgorICAgICAgICAoSlNDOjpBcHBseUZ1bmN0aW9uQ2FsbERvdE5vZGU6OmVtaXRCeXRl Y29kZSk6CisgICAgICAgICogaml0L0pJVC5jcHA6CisgICAgICAgIChKU0M6OkpJVDo6cHJpdmF0 ZUNvbXBpbGUpOgorICAgICAgICAqIGppdC9KSVRPcGNvZGVzLmNwcDoKKyAgICAgICAgKEpTQzo6 SklUOjplbWl0X29wX2xvYWRfdmFyYXJncyk6CisKIDIwMTAtMTAtMjkgIE9saXZlciBIdW50ICA8 b2xpdmVyQGFwcGxlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBHYXZpbiBCYXJyYWNsb3Vn aC4KZGlmZiAtLWdpdCBhL0phdmFTY3JpcHRDb3JlL2J5dGVjb2RlL09wY29kZS5oIGIvSmF2YVNj cmlwdENvcmUvYnl0ZWNvZGUvT3Bjb2RlLmgKaW5kZXggZTFlZjAxZWQ1ODg2N2Q1MDY2YTA3NDE0 NGU2ZDY2YWIxZjIyOGE1Ni4uOGVlODJlNzc1MTdhMzgyOGQ1M2E2NjQ1OGU0MjMyYzljNzgwNTY1 MCAxMDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUvYnl0ZWNvZGUvT3Bjb2RlLmgKKysrIGIvSmF2 YVNjcmlwdENvcmUvYnl0ZWNvZGUvT3Bjb2RlLmgKQEAgLTE2Miw3ICsxNjIsNyBAQCBuYW1lc3Bh Y2UgSlNDIHsKICAgICAgICAgbWFjcm8ob3BfY2FsbCwgNCkgXAogICAgICAgICBtYWNybyhvcF9j YWxsX2V2YWwsIDQpIFwKICAgICAgICAgbWFjcm8ob3BfY2FsbF92YXJhcmdzLCA0KSBcCi0gICAg ICAgIG1hY3JvKG9wX2xvYWRfdmFyYXJncywgMykgXAorICAgICAgICBtYWNybyhvcF9sb2FkX3Zh cmFyZ3MsIDQpIFwKICAgICAgICAgbWFjcm8ob3BfdGVhcl9vZmZfYWN0aXZhdGlvbiwgMykgXAog ICAgICAgICBtYWNybyhvcF90ZWFyX29mZl9hcmd1bWVudHMsIDIpIFwKICAgICAgICAgbWFjcm8o b3BfcmV0LCAyKSBcCmRpZmYgLS1naXQgYS9KYXZhU2NyaXB0Q29yZS9ieXRlY29tcGlsZXIvQnl0 ZWNvZGVHZW5lcmF0b3IuY3BwIGIvSmF2YVNjcmlwdENvcmUvYnl0ZWNvbXBpbGVyL0J5dGVjb2Rl R2VuZXJhdG9yLmNwcAppbmRleCA4N2YwYmViZWY2MjBmMzE3NTlmNWI3MWJmZDcxYTcwZmQ2MjM5 N2M3Li43NTM4MzE0M2FkMWJjMWJlMWQwMzhjYzA5MDUwMDAwZGUxY2JmYzY4IDEwMDY0NAotLS0g YS9KYXZhU2NyaXB0Q29yZS9ieXRlY29tcGlsZXIvQnl0ZWNvZGVHZW5lcmF0b3IuY3BwCisrKyBi L0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxlci9CeXRlY29kZUdlbmVyYXRvci5jcHAKQEAgLTE2 NzQsMTIgKzE2NzQsMTMgQEAgUmVnaXN0ZXJJRCogQnl0ZWNvZGVHZW5lcmF0b3I6OmVtaXRDYWxs KE9wY29kZUlEIG9wY29kZUlELCBSZWdpc3RlcklEKiBkc3QsIFJlZ2kKICAgICByZXR1cm4gZHN0 OwogfQogCi1SZWdpc3RlcklEKiBCeXRlY29kZUdlbmVyYXRvcjo6ZW1pdExvYWRWYXJhcmdzKFJl Z2lzdGVySUQqIGFyZ0NvdW50RHN0LCBSZWdpc3RlcklEKiBhcmd1bWVudHMpCitSZWdpc3RlcklE KiBCeXRlY29kZUdlbmVyYXRvcjo6ZW1pdExvYWRWYXJhcmdzKFJlZ2lzdGVySUQqIGFyZ0NvdW50 RHN0LCBSZWdpc3RlcklEKiB0aGlzUmVnaXN0ZXIsIFJlZ2lzdGVySUQqIGFyZ3VtZW50cykKIHsK ICAgICBBU1NFUlQoYXJnQ291bnREc3QtPmluZGV4KCkgPCBhcmd1bWVudHMtPmluZGV4KCkpOwog ICAgIGVtaXRPcGNvZGUob3BfbG9hZF92YXJhcmdzKTsKICAgICBpbnN0cnVjdGlvbnMoKS5hcHBl bmQoYXJnQ291bnREc3QtPmluZGV4KCkpOwogICAgIGluc3RydWN0aW9ucygpLmFwcGVuZChhcmd1 bWVudHMtPmluZGV4KCkpOworICAgIGluc3RydWN0aW9ucygpLmFwcGVuZCh0aGlzUmVnaXN0ZXIt PmluZGV4KCkgKyBSZWdpc3RlckZpbGU6OkNhbGxGcmFtZUhlYWRlclNpemUpOyAvLyBpbml0aWFs IHJlZ2lzdGVyT2Zmc2V0CiAgICAgcmV0dXJuIGFyZ0NvdW50RHN0OwogfQogCmRpZmYgLS1naXQg YS9KYXZhU2NyaXB0Q29yZS9ieXRlY29tcGlsZXIvQnl0ZWNvZGVHZW5lcmF0b3IuaCBiL0phdmFT Y3JpcHRDb3JlL2J5dGVjb21waWxlci9CeXRlY29kZUdlbmVyYXRvci5oCmluZGV4IGQwZTRhNmI0 MGFjOWQzOTE2ODdmNzZjMjM1ZTJkNzg2NGQ3ZGM2MTYuLmIxODk1NjU1OTIyNzU5N2VjNGQ5YmM1 OTY0MjY5N2ZjZThhMWE2OTggMTAwNjQ0Ci0tLSBhL0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxl ci9CeXRlY29kZUdlbmVyYXRvci5oCisrKyBiL0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxlci9C eXRlY29kZUdlbmVyYXRvci5oCkBAIC0zNTAsNyArMzUwLDcgQEAgbmFtZXNwYWNlIEpTQyB7CiAg ICAgICAgIFJlZ2lzdGVySUQqIGVtaXRDYWxsKFJlZ2lzdGVySUQqIGRzdCwgUmVnaXN0ZXJJRCog ZnVuYywgQ2FsbEFyZ3VtZW50cyYsIHVuc2lnbmVkIGRpdm90LCB1bnNpZ25lZCBzdGFydE9mZnNl dCwgdW5zaWduZWQgZW5kT2Zmc2V0KTsKICAgICAgICAgUmVnaXN0ZXJJRCogZW1pdENhbGxFdmFs KFJlZ2lzdGVySUQqIGRzdCwgUmVnaXN0ZXJJRCogZnVuYywgQ2FsbEFyZ3VtZW50cyYsIHVuc2ln bmVkIGRpdm90LCB1bnNpZ25lZCBzdGFydE9mZnNldCwgdW5zaWduZWQgZW5kT2Zmc2V0KTsKICAg ICAgICAgUmVnaXN0ZXJJRCogZW1pdENhbGxWYXJhcmdzKFJlZ2lzdGVySUQqIGRzdCwgUmVnaXN0 ZXJJRCogZnVuYywgUmVnaXN0ZXJJRCogdGhpc1JlZ2lzdGVyLCBSZWdpc3RlcklEKiBhcmdDb3Vu dCwgdW5zaWduZWQgZGl2b3QsIHVuc2lnbmVkIHN0YXJ0T2Zmc2V0LCB1bnNpZ25lZCBlbmRPZmZz ZXQpOwotICAgICAgICBSZWdpc3RlcklEKiBlbWl0TG9hZFZhcmFyZ3MoUmVnaXN0ZXJJRCogYXJn Q291bnREc3QsIFJlZ2lzdGVySUQqIGFyZ3MpOworICAgICAgICBSZWdpc3RlcklEKiBlbWl0TG9h ZFZhcmFyZ3MoUmVnaXN0ZXJJRCogYXJnQ291bnREc3QsIFJlZ2lzdGVySUQqIHRoaXNSZWdpc3Rl ciwgUmVnaXN0ZXJJRCogYXJncyk7CiAKICAgICAgICAgUmVnaXN0ZXJJRCogZW1pdFJldHVybihS ZWdpc3RlcklEKiBzcmMpOwogICAgICAgICBSZWdpc3RlcklEKiBlbWl0RW5kKFJlZ2lzdGVySUQq IHNyYykgeyByZXR1cm4gZW1pdFVuYXJ5Tm9Ec3RPcChvcF9lbmQsIHNyYyk7IH0KZGlmZiAtLWdp dCBhL0phdmFTY3JpcHRDb3JlL2J5dGVjb21waWxlci9Ob2Rlc0NvZGVnZW4uY3BwIGIvSmF2YVNj cmlwdENvcmUvYnl0ZWNvbXBpbGVyL05vZGVzQ29kZWdlbi5jcHAKaW5kZXggZjI4MjU0MjBjYTNm YmVhN2FlYjA4OTZlMGU4MTU0YTIwZjg3ZTgyNS4uNDcxMjlkNTA1NjkzMzBiZjUwMzRmN2RlNmM4 MzhmYzg0MzA1MGQ2NSAxMDA2NDQKLS0tIGEvSmF2YVNjcmlwdENvcmUvYnl0ZWNvbXBpbGVyL05v ZGVzQ29kZWdlbi5jcHAKKysrIGIvSmF2YVNjcmlwdENvcmUvYnl0ZWNvbXBpbGVyL05vZGVzQ29k ZWdlbi5jcHAKQEAgLTUzNiw3ICs1MzYsNyBAQCBSZWdpc3RlcklEKiBBcHBseUZ1bmN0aW9uQ2Fs bERvdE5vZGU6OmVtaXRCeXRlY29kZShCeXRlY29kZUdlbmVyYXRvciYgZ2VuZXJhdG9yLAogICAg ICAgICAgICAgd2hpbGUgKChhcmdzID0gYXJncy0+bV9uZXh0KSkKICAgICAgICAgICAgICAgICBn ZW5lcmF0b3IuZW1pdE5vZGUoYXJncy0+bV9leHByKTsKIAotICAgICAgICAgICAgZ2VuZXJhdG9y LmVtaXRMb2FkVmFyYXJncyhhcmdzQ291bnRSZWdpc3Rlci5nZXQoKSwgYXJnc1JlZ2lzdGVyLmdl dCgpKTsKKyAgICAgICAgICAgIGdlbmVyYXRvci5lbWl0TG9hZFZhcmFyZ3MoYXJnc0NvdW50UmVn aXN0ZXIuZ2V0KCksIHRoaXNSZWdpc3Rlci5nZXQoKSwgYXJnc1JlZ2lzdGVyLmdldCgpKTsKICAg ICAgICAgICAgIGdlbmVyYXRvci5lbWl0Q2FsbFZhcmFyZ3MoZmluYWxEZXN0aW5hdGlvbk9ySWdu b3JlZC5nZXQoKSwgcmVhbEZ1bmN0aW9uLmdldCgpLCB0aGlzUmVnaXN0ZXIuZ2V0KCksIGFyZ3ND b3VudFJlZ2lzdGVyLmdldCgpLCBkaXZvdCgpLCBzdGFydE9mZnNldCgpLCBlbmRPZmZzZXQoKSk7 CiAgICAgICAgIH0KICAgICAgICAgZ2VuZXJhdG9yLmVtaXRKdW1wKGVuZC5nZXQoKSk7CmRpZmYg LS1naXQgYS9KYXZhU2NyaXB0Q29yZS9qaXQvSklULmNwcCBiL0phdmFTY3JpcHRDb3JlL2ppdC9K SVQuY3BwCmluZGV4IDBlYWJkZjVhMjdhZDQ1NWFiMjU5NjI5ZmZjNjgzZjgzMjhhMmM3MDMuLmU1 YmU0M2I2MjlhZjQ0YzM3ZDY2MzM4NGI1ZDk5YTJhMjU5YTlmODggMTAwNjQ0Ci0tLSBhL0phdmFT Y3JpcHRDb3JlL2ppdC9KSVQuY3BwCisrKyBiL0phdmFTY3JpcHRDb3JlL2ppdC9KSVQuY3BwCkBA IC00NzcsOCArNDc3LDcgQEAgSklUQ29kZSBKSVQ6OnByaXZhdGVDb21waWxlKENvZGVQdHIqIGZ1 bmN0aW9uRW50cnlBcml0eUNoZWNrKQogICAgICAgICBlbWl0UHV0SW1tZWRpYXRlVG9DYWxsRnJh bWVIZWFkZXIobV9jb2RlQmxvY2ssIFJlZ2lzdGVyRmlsZTo6Q29kZUJsb2NrKTsKIAogICAgICAg ICBhZGRQdHIoSW1tMzIobV9jb2RlQmxvY2stPm1fbnVtQ2FsbGVlUmVnaXN0ZXJzICogc2l6ZW9m KFJlZ2lzdGVyKSksIGNhbGxGcmFtZVJlZ2lzdGVyLCByZWdUMSk7Ci0gICAgICAgIHJlZ2lzdGVy RmlsZUNoZWNrID0gYnJhbmNoUHRyKEJlbG93LCBBYnNvbHV0ZUFkZHJlc3MoJm1fZ2xvYmFsRGF0 YS0+aW50ZXJwcmV0ZXItPnJlZ2lzdGVyRmlsZSgpLgotICAgICAgICBtX2VuZCksIHJlZ1QxKTsK KyAgICAgICAgcmVnaXN0ZXJGaWxlQ2hlY2sgPSBicmFuY2hQdHIoQmVsb3csIEFic29sdXRlQWRk cmVzcygmbV9nbG9iYWxEYXRhLT5pbnRlcnByZXRlci0+cmVnaXN0ZXJGaWxlKCkubV9lbmQpLCBy ZWdUMSk7CiAgICAgfQogCiAgICAgTGFiZWwgZnVuY3Rpb25Cb2R5ID0gbGFiZWwoKTsKZGlmZiAt LWdpdCBhL0phdmFTY3JpcHRDb3JlL2ppdC9KSVRPcGNvZGVzLmNwcCBiL0phdmFTY3JpcHRDb3Jl L2ppdC9KSVRPcGNvZGVzLmNwcAppbmRleCAxNTI4Yjc2MmIxMzUyYTg0MzMyODAxYTkxYmM4MzI2 Nzg2MmUwMTUxLi43NDYxYjM2NGZlOWM3NWU5MDM5MGE4MmM0MWUxMmVhMjc0NjcwMjE3IDEwMDY0 NAotLS0gYS9KYXZhU2NyaXB0Q29yZS9qaXQvSklUT3Bjb2Rlcy5jcHAKKysrIGIvSmF2YVNjcmlw dENvcmUvaml0L0pJVE9wY29kZXMuY3BwCkBAIC0xNjY2LDYgKzE2NjYsOSBAQCB2b2lkIEpJVDo6 ZW1pdF9vcF9sb2FkX3ZhcmFyZ3MoSW5zdHJ1Y3Rpb24qIGN1cnJlbnRJbnN0cnVjdGlvbikKIHsK ICAgICBpbnQgYXJnQ291bnREc3QgPSBjdXJyZW50SW5zdHJ1Y3Rpb25bMV0udS5vcGVyYW5kOwog ICAgIGludCBhcmdzT2Zmc2V0ID0gY3VycmVudEluc3RydWN0aW9uWzJdLnUub3BlcmFuZDsKKyAg ICBpbnQgcmVnaXN0ZXJPZmZzZXQgPSBjdXJyZW50SW5zdHJ1Y3Rpb25bM10udS5vcGVyYW5kOwor ICAgIEFTU0VSVChhcmdzT2Zmc2V0IDw9IHJlZ2lzdGVyT2Zmc2V0KTsKKyAgICAKICAgICBpbnQg ZXhwZWN0ZWRQYXJhbXMgPSBtX2NvZGVCbG9jay0+bV9udW1QYXJhbWV0ZXJzIC0gMTsKICAgICAv LyBEb24ndCBkbyBpbmxpbmUgY29weWluZyBpZiB3ZSBhcmVuJ3QgZ3VhcmFudGVlZCB0byBoYXZl IGEgc2luZ2xlIHN0cmVhbQogICAgIC8vIG9mIGFyZ3VtZW50cwpAQCAtMTY5NSw2ICsxNjk4LDcg QEAgdm9pZCBKSVQ6OmVtaXRfb3BfbG9hZF92YXJhcmdzKEluc3RydWN0aW9uKiBjdXJyZW50SW5z dHJ1Y3Rpb24pCiAgICAgCiAgICAgLy8gQm91bmRzIGNoZWNrIHRoZSByZWdpc3RlcmZpbGUKICAg ICBhZGRQdHIocmVnVDIsIHJlZ1QzKTsKKyAgICBhZGRQdHIoSW1tMzIoKHJlZ2lzdGVyT2Zmc2V0 IC0gYXJnc09mZnNldCkgKiBzaXplb2YoUmVnaXN0ZXIpKSwgcmVnVDMpOwogICAgIGFkZFNsb3dD YXNlKGJyYW5jaFB0cihCZWxvdywgQWJzb2x1dGVBZGRyZXNzKCZtX2dsb2JhbERhdGEtPmludGVy cHJldGVyLT5yZWdpc3RlckZpbGUoKS5tX2VuZCksIHJlZ1QzKSk7CiAKICAgICBzdWIzMihJbW0z MigxKSwgcmVnVDApOwpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nIGIvTGF5b3V0 VGVzdHMvQ2hhbmdlTG9nCmluZGV4IGUzZTU4NTRkYTVkMmFjYjM2MTdkY2E3ZmNmZjkwYzM2MjIy MWRhZTIuLjMyYzQ3YjhkYTY3NDNkNmQ2ZWRlZDdkYTU2NDgxMmU4Y2QxZDNmYzIgMTAwNjQ0Ci0t LSBhL0xheW91dFRlc3RzL0NoYW5nZUxvZworKysgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKQEAg LTEsMyArMSwxOCBAQAorMjAxMC0xMS0wMyAgT2xpdmVyIEh1bnQgIDxvbGl2ZXJAYXBwbGUuY29t PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIENyYXNo IGluIEZ1bmN0aW9uLnByb3RvdHlwZS5jYWxsLmFwcGx5CisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00ODQ4NQorCisgICAgICAgIFRlc3QgZm9yIGFwcGx5 aW5nIGFyZ3VtZW50cyB0byBjYWxsIGF0IHRoZSBlZGdlIG9mCisgICAgICAgIHRoZSBhbGxvY2F0 ZWQgcmVnaW9uIG9mIHRoZSByZWdpc3RlcmZpbGUuCisKKyAgICAgICAgKiBmYXN0L2pzL2NhbGwt YXBwbHktY3Jhc2gtZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBmYXN0L2pzL2NhbGwt YXBwbHktY3Jhc2guaHRtbDogQWRkZWQuCisgICAgICAgICogZmFzdC9qcy9zY3JpcHQtdGVzdHMv Y2FsbC1hcHBseS1jcmFzaC5qczogQWRkZWQuCisgICAgICAgICh0ZXN0TG9nKToKKwogMjAxMC0x MC0yOSAgT2xpdmVyIEh1bnQgIDxvbGl2ZXJAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2Vk IGJ5IEdhdmluIEJhcnJhY2xvdWdoLgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvZmFzdC9qcy9j YWxsLWFwcGx5LWNyYXNoLWV4cGVjdGVkLnR4dCBiL0xheW91dFRlc3RzL2Zhc3QvanMvY2FsbC1h cHBseS1jcmFzaC1leHBlY3RlZC50eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4uYmMyOGM5NjZiNGVhMzEwMDhiYjU4 OTcxY2U2ODYwM2E2NzIzMTJjZgotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zhc3Qv anMvY2FsbC1hcHBseS1jcmFzaC1leHBlY3RlZC50eHQKQEAgLTAsMCArMSwxMSBAQAorVGVzdCB0 byBlbnN1cmUgdGhhdCB0aGUgcmVnaXN0ZXJmaWxlIGlzIGdyb3duIGNvcnJlY3RseSB3aGVuIGNh bGxpbmcgYXBwbHkKKworT24gc3VjY2VzcywgeW91IHdpbGwgc2VlIGEgc2VyaWVzIG9mICJQQVNT IiBtZXNzYWdlcywgZm9sbG93ZWQgYnkgIlRFU1QgQ09NUExFVEUiLgorCisKK1BBU1MgRGlkIG5v dCBjcmFzaCB1c2luZyBhcHBseQorUEFTUyBEaWQgbm90IGNyYXNoIHVzaW5nIGFwcGx5CitQQVNT IHN1Y2Nlc3NmdWxseVBhcnNlZCBpcyB0cnVlCisKK1RFU1QgQ09NUExFVEUKKwpkaWZmIC0tZ2l0 IGEvTGF5b3V0VGVzdHMvZmFzdC9qcy9jYWxsLWFwcGx5LWNyYXNoLmh0bWwgYi9MYXlvdXRUZXN0 cy9mYXN0L2pzL2NhbGwtYXBwbHktY3Jhc2guaHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRl eCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi4yYjlkZGE3Yjk1YWIy MzZlZTI1NWFhYjY5ZjcyMThkMDNiMDEwNzhiCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVz dHMvZmFzdC9qcy9jYWxsLWFwcGx5LWNyYXNoLmh0bWwKQEAgLTAsMCArMSwxMyBAQAorPCFET0NU WVBFIEhUTUwgUFVCTElDICItLy9JRVRGLy9EVEQgSFRNTC8vRU4iPgorPGh0bWw+Cis8aGVhZD4K KzxsaW5rIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0icmVzb3VyY2VzL2pzLXRlc3Qtc3R5bGUuY3Nz Ij4KKzxzY3JpcHQgc3JjPSJyZXNvdXJjZXMvanMtdGVzdC1wcmUuanMiPjwvc2NyaXB0PgorPC9o ZWFkPgorPGJvZHk+Cis8cCBpZD0iZGVzY3JpcHRpb24iPjwvcD4KKzxkaXYgaWQ9ImNvbnNvbGUi PjwvZGl2PgorPHNjcmlwdCBzcmM9InNjcmlwdC10ZXN0cy9jYWxsLWFwcGx5LWNyYXNoLmpzIj48 L3NjcmlwdD4KKzxzY3JpcHQgc3JjPSJyZXNvdXJjZXMvanMtdGVzdC1wb3N0LmpzIj48L3Njcmlw dD4KKzwvYm9keT4KKzwvaHRtbD4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvanMvc2Ny aXB0LXRlc3RzL2NhbGwtYXBwbHktY3Jhc2guanMgYi9MYXlvdXRUZXN0cy9mYXN0L2pzL3Njcmlw dC10ZXN0cy9jYWxsLWFwcGx5LWNyYXNoLmpzCm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLmZhOWIyYTk2ZTFhZjdlNTI0 NWQ0ZTE3ZGVjZWUyNzVkY2YyN2JiOGEKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9m YXN0L2pzL3NjcmlwdC10ZXN0cy9jYWxsLWFwcGx5LWNyYXNoLmpzCkBAIC0wLDAgKzEsMTMgQEAK K2Rlc2NyaXB0aW9uKCJUZXN0IHRvIGVuc3VyZSB0aGF0IHRoZSByZWdpc3RlcmZpbGUgaXMgZ3Jv d24gY29ycmVjdGx5IHdoZW4gY2FsbGluZyBhcHBseSIpOworCitmdW5jdGlvbiB0ZXN0TG9nKCkg eyB0ZXN0UGFzc2VkKHRoaXMpOyB9CisoZnVuY3Rpb24gKCkgeworICAgIEZ1bmN0aW9uLnByb3Rv dHlwZS5jYWxsLmFwcGx5KHRlc3RMb2csIGFyZ3VtZW50cyk7Cit9KSgnRGlkIG5vdCBjcmFzaCB1 c2luZyBhcHBseScsIDAsIDApOyAvLyBuZWVkcyAzKyBhcmd1bWVudHMKKyhmdW5jdGlvbiAoKSB7 CisgICAgYXJndW1lbnRzOyAvLyByZWlmeSB0aGUgYXJndW1lbnRzIG9iamVjdC4KKyAgICBGdW5j dGlvbi5wcm90b3R5cGUuY2FsbC5hcHBseSh0ZXN0TG9nLCBhcmd1bWVudHMpOworfSkoJ0RpZCBu b3QgY3Jhc2ggdXNpbmcgYXBwbHknLCAwLCAwKTsgLy8gbmVlZHMgMysgYXJndW1lbnRzCisKKwor dmFyIHN1Y2Nlc3NmdWxseVBhcnNlZCA9IHRydWU7Cg==