51055 2010-12-14 14:24:49 -0800 NULL deref in WebCore::HTMLEntitySearch::advance 2010-12-18 22:51:40 -0800 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) All All RESOLVED FIXED P1 Normal --- 0 tsepez webkit-unassigned abarth ap commit-queue eric levin webkit.review.bot oldest_to_newest 322204 0 tsepez 2010-12-14 14:24:49 -0800 As initially reported in http://code.google.com/p/chromium/issues/detail?id=66098 by 322207 1 tsepez 2010-12-14 14:26:48 -0800 Reported by aohelin, Dec 09 (5 days ago) VULNERABILITY DETAILS Opening the attached file causes a renderer segmentation fault. The crash looks like a null, behaves like a null and quacks like a null, so it is probably harmless. On the other hand it is in a core component and affects all versions of Chrome I tested, so reporting conservatively as a security issue. I did not find a way to change the crash address or location. VERSION Chrome Version: Chromium 8.0.552.215 (Developer Build 67652) Ubuntu 10.10 (beta), Chrome 8.0.552.215 (Official Build 67652) (stable) Operating System: Ubuntu 10.10, 32- and 64-bit REPRODUCTION CASE Open the attached parse.svg, or data:image/svg+xml,<!DOCTYPE foo PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" ""> <foo foo="&:; FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION Type of crash: tab Crash State: Program received signal SIGSEGV, Segmentation fault. WebCore::HTMLEntitySearch::advance (this=0xbfffd8cc, nextCharacter=58) at third_party/WebKit/WebCore/html/parser/HTMLEntitySearch.cpp:124 124 third_party/WebKit/WebCore/html/parser/HTMLEntitySearch.cpp: No such file or directory. in third_party/WebKit/WebCore/html/parser/HTMLEntitySearch.cpp (gdb) bt 10 #0 WebCore::HTMLEntitySearch::advance (this=0xbfffd8cc, nextCharacter=58) at third_party/WebKit/WebCore/html/parser/HTMLEntitySearch.cpp:124 #1 0xb674e3f3 in WebCore::decodeNamedEntity (name=0xb8241447 ":") at third_party/WebKit/WebCore/html/parser/HTMLEntityParser.cpp:257 #2 0xb6af2a27 in getXHTMLEntity (closure=0xb8288400, name=0xb8241447 ":") at third_party/WebKit/WebCore/dom/XMLDocumentParserLibxml2.cpp:1209 #3 WebCore::getEntityHandler (closure=0xb8288400, name=0xb8241447 ":") at third_party/WebKit/WebCore/dom/XMLDocumentParserLibxml2.cpp:1241 #4 0xb62f61fc in xmlParseEntityRef (ctxt=0xb8288400) at third_party/libxml/src/parser.c:7164 #5 0xb62fbd85 in xmlParseAttValueComplex (ctxt=0xb8288400, len=<value optimized out>, alloc=0xbfffdaf0, normalize=0) at third_party/libxml/src/parser.c:3701 #6 xmlParseAttValueInternal (ctxt=0xb8288400, len=<value optimized out>, alloc=0xbfffdaf0, normalize=0) at third_party/libxml/src/parser.c:8578 #7 0xb62fc9ac in xmlParseAttribute2 (ctxt=0xb8288400, pref=<value optimized out>, URI=0xbfffdb9c, tlen=0xbfffdbb0) at third_party/libxml/src/parser.c:8634 #8 xmlParseStartTag2 (ctxt=0xb8288400, pref=<value optimized out>, URI=0xbfffdb9c, tlen=0xbfffdbb0) at third_party/libxml/src/parser.c:8792 #9 0xb63031ad in xmlParseTryOrFinish (ctxt=0xb8288400, terminate=<value optimized out>) at third_party/libxml/src/parser.c:10843 (More stack frames follow...) (gdb) bt 2 full #0 WebCore::HTMLEntitySearch::advance (this=0xbfffd8cc, nextCharacter=58) at third_party/WebKit/WebCore/html/parser/HTMLEntitySearch.cpp:124 No locals. #1 0xb674e3f3 in WebCore::decodeNamedEntity (name=0xb8241447 ":") at third_party/WebKit/WebCore/html/parser/HTMLEntityParser.cpp:257 search = {m_currentLength = 1, m_currentValue = 0, m_mostRecentMatch = 0x0, m_first = 0x0, m_last = 0x0} entityValue = <value optimized out> (More stack frames follow...) (gdb) disas $eip-32, $eip+8 Dump of assembler code from 0xb674f35a to 0xb674f382: 0xb674f35a <WebCore::HTMLEntitySearch::advance(UChar)+42>: mov %edi,(%esp) 0xb674f35d <WebCore::HTMLEntitySearch::advance(UChar)+45>: call 0xb6868a80 <WebCore::HTMLEntityTable::firstEntryStartingWith(UChar)> 0xb674f362 <WebCore::HTMLEntitySearch::advance(UChar)+50>: mov %eax,0xc(%esi) 0xb674f365 <WebCore::HTMLEntitySearch::advance(UChar)+53>: mov %edi,(%esp) 0xb674f368 <WebCore::HTMLEntitySearch::advance(UChar)+56>: call 0xb6868ad0 <WebCore::HTMLEntityTable::lastEntryStartingWith(UChar)> 0xb674f36d <WebCore::HTMLEntitySearch::advance(UChar)+61>: mov (%esi),%edx 0xb674f36f <WebCore::HTMLEntitySearch::advance(UChar)+63>: mov %eax,0x10(%esi) 0xb674f372 <WebCore::HTMLEntitySearch::advance(UChar)+66>: lea 0x1(%edx),%eax 0xb674f375 <WebCore::HTMLEntitySearch::advance(UChar)+69>: mov 0xc(%esi),%edx 0xb674f378 <WebCore::HTMLEntitySearch::advance(UChar)+72>: mov %eax,(%esi) => 0xb674f37a <WebCore::HTMLEntitySearch::advance(UChar)+74>: cmp 0x4(%edx),%eax 0xb674f37d <WebCore::HTMLEntitySearch::advance(UChar)+77>: je 0xb674f3d3 <WebCore::HTMLEntitySearch::advance(UChar)+163> 0xb674f37f <WebCore::HTMLEntitySearch::advance(UChar)+79>: movl $0x0,0x4(%esi) (gdb) info registers eax 0x1 1 ecx 0xffffffd9 -39 edx 0x0 0 ebx 0xb80d1d14 -1207100140 esp 0xbfffd870 0xbfffd870 ebp 0xbfffd8a8 0xbfffd8a8 esi 0xbfffd8cc -1073751860 edi 0x3a 58 eip 0xb674f37a 0xb674f37a <WebCore::HTMLEntitySearch::advance(UChar)+74> eflags 0x10286 [ PF SF IF RF ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 322216 2 tsepez 2010-12-14 14:32:04 -0800 This is a straight null parser de-ref. It can also be triggered by loading an XML file of the form: <!DOCTYPE foo PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" ""> <foo foo="&:; The HTMLEntityTable::firstEntryStartingWith() method called by HTMLEntitySearch::Advance() may well return null when passed a non-alpha character. The code above this allows an entity name to contain a number of (legit) non-alpha characters. 322239 3 76575 tsepez 2010-12-14 14:47:05 -0800 Created attachment 76575 Propose Patch 322816 4 ap 2010-12-15 14:44:26 -0800 This patch isn't marked for review, please do mark it (click on Details link). 322925 5 76575 ap 2010-12-15 16:37:10 -0800 Comment on attachment 76575 Propose Patch To request review, mark r?. Please see <http://webkit.org/coding/contributing.html>. 322936 6 webkit.review.bot 2010-12-15 16:50:18 -0800 Attachment 76575 did not pass style-queue: Failed to run "['WebKitTools/Scripts/check-webkit-style', '--diff-files', u'LayoutTests/ChangeLog', u'LayoutTests/fast/parser/resources/xml-colon-entity.xml', u'LayoutTests/fast/parser/xml-colon-entity-expected.txt', u'LayoutTests/fast/parser/xml-colon-entity.html', u'WebCore/ChangeLog', u'WebCore/html/parser/HTMLEntitySearch.cpp']" exit_code: 1 WebCore/ChangeLog:7: Line contains tab character. [whitespace/tab] [5] LayoutTests/ChangeLog:7: Line contains tab character. [whitespace/tab] [5] Total errors found: 2 in 6 files If any of these errors are false positives, please file a bug against check-webkit-style. 323216 7 76775 tsepez 2010-12-16 09:28:35 -0800 Created attachment 76775 Proposed patch without tabs in ChangeLogs 324186 8 commit-queue 2010-12-18 22:50:21 -0800 The commit-queue encountered the following flaky tests while processing attachment 76775: http/tests/navigation/target-frame-from-window.html bug 51098 (author: ddkilzer@webkit.org) The commit-queue is continuing to process your patch. 324187 9 76775 commit-queue 2010-12-18 22:51:33 -0800 Comment on attachment 76775 Proposed patch without tabs in ChangeLogs Clearing flags on attachment: 76775 Committed r74321: <http://trac.webkit.org/changeset/74321> 324188 10 commit-queue 2010-12-18 22:51:40 -0800 All reviewed patches have been landed. Closing bug. 76575 2010-12-14 14:47:05 -0800 2010-12-16 09:28:35 -0800 Propose Patch XMLColonEntity.txt text/plain 3768 tsepez SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA3NDA2MCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTYgQEAKKzIwMTAtMTItMTQgIFRvbSBTZXBleiAgPHRzZXBlekBjaHJvbWl1bS5v cmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTUxMDU1CisgICAgICAgIEZpeCBh IG51bGwgZGUtcmVmZXJlbmNlIHdoZW4gYW4gWE1MIGZpbGUgY29udGFpbnMgYSBtYWxmb3JtZWQg ZW50aXR5CisJb2YgdGhlIGZvcm0gIiY6OyIuCisKKyAgICAgICAgVGVzdDogZmFzdC9wYXJzZXIv eG1sLWNvbG9uLWVudGl0eS5odG1sCisKKyAgICAgICAgKiBodG1sL3BhcnNlci9IVE1MRW50aXR5 U2VhcmNoLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkhUTUxFbnRpdHlTZWFyY2g6OmFkdmFuY2Up OgorCiAyMDEwLTEyLTE0ICBLeW91bmdhIFJhICA8a3lvdW5nYS5yYUBnbWFpbC5jb20+CiAKICAg ICAgICAgUmV2aWV3ZWQgYnkgQWRhbSBCYXJ0aC4KSW5kZXg6IFdlYkNvcmUvaHRtbC9wYXJzZXIv SFRNTEVudGl0eVNlYXJjaC5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9odG1sL3BhcnNlci9I VE1MRW50aXR5U2VhcmNoLmNwcAkocmV2aXNpb24gNzQwMzMpCisrKyBXZWJDb3JlL2h0bWwvcGFy c2VyL0hUTUxFbnRpdHlTZWFyY2guY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xMTQsNiArMTE0LDgg QEAgdm9pZCBIVE1MRW50aXR5U2VhcmNoOjphZHZhbmNlKFVDaGFyIG5leAogICAgIGlmICghbV9j dXJyZW50TGVuZ3RoKSB7CiAgICAgICAgIG1fZmlyc3QgPSBIVE1MRW50aXR5VGFibGU6OmZpcnN0 RW50cnlTdGFydGluZ1dpdGgobmV4dENoYXJhY3Rlcik7CiAgICAgICAgIG1fbGFzdCA9IEhUTUxF bnRpdHlUYWJsZTo6bGFzdEVudHJ5U3RhcnRpbmdXaXRoKG5leHRDaGFyYWN0ZXIpOworICAgICAg ICBpZiAoIW1fZmlyc3QgfHwgIW1fbGFzdCkKKyAgICAgICAgICAgIHJldHVybiBmYWlsKCk7CiAg ICAgfSBlbHNlIHsKICAgICAgICAgbV9maXJzdCA9IGZpbmRGaXJzdChuZXh0Q2hhcmFjdGVyKTsK ICAgICAgICAgbV9sYXN0ID0gZmluZExhc3QobmV4dENoYXJhY3Rlcik7CkluZGV4OiBMYXlvdXRU ZXN0cy9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCShyZXZp c2lvbiA3NDA2MCkKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAt MSwzICsxLDE1IEBACisyMDEwLTEyLTE0ICBUb20gU2VwZXogIDx0c2VwZXpAY2hyb21pdW0ub3Jn PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIGh0dHBz Oi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD01MTA1NQorICAgICAgICBGaXggYSBu dWxsIGRlLXJlZmVyZW5jZSB3aGVuIGFuIFhNTCBmaWxlIGNvbnRhaW5zIGEgbWFsZm9ybWVkIGVu dGl0eQorCW9mIHRoZSBmb3JtICImOjsiLgorCisgICAgICAgICogZmFzdC9wYXJzZXIvcmVzb3Vy Y2VzL3htbC1jb2xvbi1lbnRpdHkueG1sOiBBZGRlZC4KKyAgICAgICAgKiBmYXN0L3BhcnNlci94 bWwtY29sb24tZW50aXR5LWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogZmFzdC9wYXJz ZXIveG1sLWNvbG9uLWVudGl0eS5odG1sOiBBZGRlZC4KKwogMjAxMC0xMi0xNCAgU2hlcmlmZiBC b3QgIDx3ZWJraXQucmV2aWV3LmJvdEBnbWFpbC5jb20+CiAKICAgICAgICAgVW5yZXZpZXdlZCwg cm9sbGluZyBvdXQgcjc0MDQwLgpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9wYXJzZXIveG1sLWNv bG9uLWVudGl0eS1leHBlY3RlZC50eHQKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9w YXJzZXIveG1sLWNvbG9uLWVudGl0eS1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCisrKyBMYXlv dXRUZXN0cy9mYXN0L3BhcnNlci94bWwtY29sb24tZW50aXR5LWV4cGVjdGVkLnR4dAkocmV2aXNp b24gMCkKQEAgLTAsMCArMSwxNCBAQAorQ1JBU0g6IG1hbGZvcm1lZCBlbnRpdHkgb2YgJjogaW4g eG1sIGNhdXNlcyBhY2Nlc3MgdmlvbGF0aW9uLgorCitJZiB5b3UgZG9uJ3QgY3Jhc2gsIHlvdSBw YXNzLiBBIHBhcnNpbmcgZXJyb3IgaW4gdGhlICJ4bWwtcGFyc2VyIiBzdWJmcmFtZSBpcyBleHBl Y3RlZC4KKworCisKKy0tLS0tLS0tCitGcmFtZTogJ3htbC1wYXJzZXInCistLS0tLS0tLQorVGhp cyBwYWdlIGNvbnRhaW5zIHRoZSBmb2xsb3dpbmcgZXJyb3JzOgorCitlcnJvciBvbiBsaW5lIDIg YXQgY29sdW1uIDEzOiBFbnRpdHkgJzonIG5vdCBkZWZpbmVkCitlcnJvciBvbiBsaW5lIDUgYXQg Y29sdW1uIDE6IEF0dFZhbHVlOiAnIGV4cGVjdGVkCitCZWxvdyBpcyBhIHJlbmRlcmluZyBvZiB0 aGUgcGFnZSB1cCB0byB0aGUgZmlyc3QgZXJyb3IuCkluZGV4OiBMYXlvdXRUZXN0cy9mYXN0L3Bh cnNlci94bWwtY29sb24tZW50aXR5Lmh0bWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFz dC9wYXJzZXIveG1sLWNvbG9uLWVudGl0eS5odG1sCShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVz dHMvZmFzdC9wYXJzZXIveG1sLWNvbG9uLWVudGl0eS5odG1sCShyZXZpc2lvbiAwKQpAQCAtMCww ICsxLDE1IEBACis8aHRtbD4KKzxib2R5PgorPHA+Q1JBU0g6IG1hbGZvcm1lZCBlbnRpdHkgb2Yg JjogaW4geG1sIGNhdXNlcyBhY2Nlc3MgdmlvbGF0aW9uLjwvcD4KKzxzY3JpcHQ+CitpZiAod2lu ZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7CisgIGxheW91dFRlc3RDb250cm9sbGVyLmR1bXBB c1RleHQoKTsKKyAgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVtcENoaWxkRnJhbWVzQXNUZXh0KCk7 Cit9Cis8L3NjcmlwdD4KKworPHA+SWYgeW91IGRvbid0IGNyYXNoLCB5b3UgcGFzcy4gQSBwYXJz aW5nIGVycm9yIGluIHRoZSAieG1sLXBhcnNlciIgc3ViZnJhbWUgaXMgZXhwZWN0ZWQuPC9wPgor Cis8aWZyYW1lIGlkPSJ4bWwtcGFyc2VyIiBzcmM9InJlc291cmNlcy94bWwtY29sb24tZW50aXR5 LnhtbCI+PC9pZnJhbWU+Cis8L2JvZHk+Cis8L2h0bWw+CkluZGV4OiBMYXlvdXRUZXN0cy9mYXN0 L3BhcnNlci9yZXNvdXJjZXMveG1sLWNvbG9uLWVudGl0eS54bWwKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5 b3V0VGVzdHMvZmFzdC9wYXJzZXIvcmVzb3VyY2VzL3htbC1jb2xvbi1lbnRpdHkueG1sCShyZXZp c2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9wYXJzZXIvcmVzb3VyY2VzL3htbC1jb2xvbi1l bnRpdHkueG1sCShyZXZpc2lvbiAwKQpAQCAtMCwwICsxLDQgQEAKKzwhRE9DVFlQRSBmb28gUFVC TElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgU3RyaWN0Ly9FTiIgIiI+IAorPGZvbyBmb289IiY6 OworCisK 76775 2010-12-16 09:28:35 -0800 2010-12-18 22:51:33 -0800 Proposed patch without tabs in ChangeLogs XMLColonEntity.txt text/plain 3782 tsepez SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA3NDA2MCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTYgQEAKKzIwMTAtMTItMTQgIFRvbSBTZXBleiAgPHRzZXBlekBjaHJvbWl1bS5v cmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTUxMDU1CisgICAgICAgIEZpeCBh IG51bGwgZGUtcmVmZXJlbmNlIHdoZW4gYW4gWE1MIGZpbGUgY29udGFpbnMgYSBtYWxmb3JtZWQg ZW50aXR5CisgICAgICAgIG9mIHRoZSBmb3JtICImOjsiLgorCisgICAgICAgIFRlc3Q6IGZhc3Qv cGFyc2VyL3htbC1jb2xvbi1lbnRpdHkuaHRtbAorCisgICAgICAgICogaHRtbC9wYXJzZXIvSFRN TEVudGl0eVNlYXJjaC5jcHA6CisgICAgICAgIChXZWJDb3JlOjpIVE1MRW50aXR5U2VhcmNoOjph ZHZhbmNlKToKKwogMjAxMC0xMi0xNCAgS3lvdW5nYSBSYSAgPGt5b3VuZ2EucmFAZ21haWwuY29t PgogCiAgICAgICAgIFJldmlld2VkIGJ5IEFkYW0gQmFydGguCkluZGV4OiBXZWJDb3JlL2h0bWwv cGFyc2VyL0hUTUxFbnRpdHlTZWFyY2guY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvaHRtbC9w YXJzZXIvSFRNTEVudGl0eVNlYXJjaC5jcHAJKHJldmlzaW9uIDc0MDMzKQorKysgV2ViQ29yZS9o dG1sL3BhcnNlci9IVE1MRW50aXR5U2VhcmNoLmNwcAkod29ya2luZyBjb3B5KQpAQCAtMTE0LDYg KzExNCw4IEBAIHZvaWQgSFRNTEVudGl0eVNlYXJjaDo6YWR2YW5jZShVQ2hhciBuZXgKICAgICBp ZiAoIW1fY3VycmVudExlbmd0aCkgewogICAgICAgICBtX2ZpcnN0ID0gSFRNTEVudGl0eVRhYmxl OjpmaXJzdEVudHJ5U3RhcnRpbmdXaXRoKG5leHRDaGFyYWN0ZXIpOwogICAgICAgICBtX2xhc3Qg PSBIVE1MRW50aXR5VGFibGU6Omxhc3RFbnRyeVN0YXJ0aW5nV2l0aChuZXh0Q2hhcmFjdGVyKTsK KyAgICAgICAgaWYgKCFtX2ZpcnN0IHx8ICFtX2xhc3QpCisgICAgICAgICAgICByZXR1cm4gZmFp bCgpOwogICAgIH0gZWxzZSB7CiAgICAgICAgIG1fZmlyc3QgPSBmaW5kRmlyc3QobmV4dENoYXJh Y3Rlcik7CiAgICAgICAgIG1fbGFzdCA9IGZpbmRMYXN0KG5leHRDaGFyYWN0ZXIpOwpJbmRleDog TGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxv ZwkocmV2aXNpb24gNzQwNjApCisrKyBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29w eSkKQEAgLTEsMyArMSwxNSBAQAorMjAxMC0xMi0xNCAgVG9tIFNlcGV6ICA8dHNlcGV6QGNocm9t aXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NTEwNTUKKyAgICAgICAg Rml4IGEgbnVsbCBkZS1yZWZlcmVuY2Ugd2hlbiBhbiBYTUwgZmlsZSBjb250YWlucyBhIG1hbGZv cm1lZCBlbnRpdHkKKyAgICAgICAgb2YgdGhlIGZvcm0gIiY6OyIuCisKKyAgICAgICAgKiBmYXN0 L3BhcnNlci9yZXNvdXJjZXMveG1sLWNvbG9uLWVudGl0eS54bWw6IEFkZGVkLgorICAgICAgICAq IGZhc3QvcGFyc2VyL3htbC1jb2xvbi1lbnRpdHktZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAg ICAgKiBmYXN0L3BhcnNlci94bWwtY29sb24tZW50aXR5Lmh0bWw6IEFkZGVkLgorCiAyMDEwLTEy LTE0ICBTaGVyaWZmIEJvdCAgPHdlYmtpdC5yZXZpZXcuYm90QGdtYWlsLmNvbT4KIAogICAgICAg ICBVbnJldmlld2VkLCByb2xsaW5nIG91dCByNzQwNDAuCkluZGV4OiBMYXlvdXRUZXN0cy9mYXN0 L3BhcnNlci94bWwtY29sb24tZW50aXR5LWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlv dXRUZXN0cy9mYXN0L3BhcnNlci94bWwtY29sb24tZW50aXR5LWV4cGVjdGVkLnR4dAkocmV2aXNp b24gMCkKKysrIExheW91dFRlc3RzL2Zhc3QvcGFyc2VyL3htbC1jb2xvbi1lbnRpdHktZXhwZWN0 ZWQudHh0CShyZXZpc2lvbiAwKQpAQCAtMCwwICsxLDE0IEBACitDUkFTSDogbWFsZm9ybWVkIGVu dGl0eSBvZiAmOiBpbiB4bWwgY2F1c2VzIGFjY2VzcyB2aW9sYXRpb24uCisKK0lmIHlvdSBkb24n dCBjcmFzaCwgeW91IHBhc3MuIEEgcGFyc2luZyBlcnJvciBpbiB0aGUgInhtbC1wYXJzZXIiIHN1 YmZyYW1lIGlzIGV4cGVjdGVkLgorCisKKworLS0tLS0tLS0KK0ZyYW1lOiAneG1sLXBhcnNlcicK Ky0tLS0tLS0tCitUaGlzIHBhZ2UgY29udGFpbnMgdGhlIGZvbGxvd2luZyBlcnJvcnM6CisKK2Vy cm9yIG9uIGxpbmUgMiBhdCBjb2x1bW4gMTM6IEVudGl0eSAnOicgbm90IGRlZmluZWQKK2Vycm9y IG9uIGxpbmUgNSBhdCBjb2x1bW4gMTogQXR0VmFsdWU6ICcgZXhwZWN0ZWQKK0JlbG93IGlzIGEg cmVuZGVyaW5nIG9mIHRoZSBwYWdlIHVwIHRvIHRoZSBmaXJzdCBlcnJvci4KSW5kZXg6IExheW91 dFRlc3RzL2Zhc3QvcGFyc2VyL3htbC1jb2xvbi1lbnRpdHkuaHRtbAo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBM YXlvdXRUZXN0cy9mYXN0L3BhcnNlci94bWwtY29sb24tZW50aXR5Lmh0bWwJKHJldmlzaW9uIDAp CisrKyBMYXlvdXRUZXN0cy9mYXN0L3BhcnNlci94bWwtY29sb24tZW50aXR5Lmh0bWwJKHJldmlz aW9uIDApCkBAIC0wLDAgKzEsMTUgQEAKKzxodG1sPgorPGJvZHk+Cis8cD5DUkFTSDogbWFsZm9y bWVkIGVudGl0eSBvZiAmOiBpbiB4bWwgY2F1c2VzIGFjY2VzcyB2aW9sYXRpb24uPC9wPgorPHNj cmlwdD4KK2lmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIpIHsKKyAgbGF5b3V0VGVzdENv bnRyb2xsZXIuZHVtcEFzVGV4dCgpOworICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQ2hpbGRG cmFtZXNBc1RleHQoKTsKK30KKzwvc2NyaXB0PgorCis8cD5JZiB5b3UgZG9uJ3QgY3Jhc2gsIHlv dSBwYXNzLiBBIHBhcnNpbmcgZXJyb3IgaW4gdGhlICJ4bWwtcGFyc2VyIiBzdWJmcmFtZSBpcyBl eHBlY3RlZC48L3A+CisKKzxpZnJhbWUgaWQ9InhtbC1wYXJzZXIiIHNyYz0icmVzb3VyY2VzL3ht bC1jb2xvbi1lbnRpdHkueG1sIj48L2lmcmFtZT4KKzwvYm9keT4KKzwvaHRtbD4KSW5kZXg6IExh eW91dFRlc3RzL2Zhc3QvcGFyc2VyL3Jlc291cmNlcy94bWwtY29sb24tZW50aXR5LnhtbAo9PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L3BhcnNlci9yZXNvdXJjZXMveG1sLWNvbG9uLWVu dGl0eS54bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L3BhcnNlci9yZXNvdXJj ZXMveG1sLWNvbG9uLWVudGl0eS54bWwJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsNCBAQAorPCFE T0NUWVBFIGZvbyBQVUJMSUMgIi0vL1czQy8vRFREIFhIVE1MIDEuMCBTdHJpY3QvL0VOIiAiIj4g Cis8Zm9vIGZvbz0iJjo7CisKKwo=