60580 2011-05-10 14:07:30 -0700 Assertion failure in JSC::Structure::typeInfo when reloading weather.com video page 2011-05-10 19:12:13 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) PC Windows 7 RESOLVED FIXED http://www.weather.com/outlook/videos/todays-top-forecast-4276 InRadar P2 Normal --- 1 aroben oliver ggaren oliver oldest_to_newest 401481 0 aroben 2011-05-10 14:07:30 -0700 Here's what I did. I haven't yet tried to reproduce: 1. Go to http://www.weather.com/outlook/videos/todays-top-forecast-4276 2. Pause the video 3. Reload I hit this assertion in JSC::Structure: const TypeInfo& typeInfo() const { ASSERT(structure()->classInfo() == &s_info); return m_typeInfo; } structure()->classInfo() is JSC::JSActivation::s_info. Here's the (partial) backtrace: > JavaScriptCore.dll!JSC::Structure::typeInfo() Line 101 + 0x43 bytes C++ JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 510 + 0xf bytes C++ JavaScriptCore.dll!JSC::JSObject::getPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 521 + 0x14 bytes C++ JavaScriptCore.dll!JSC::JSObject::hasProperty(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}) Line 208 C++ WebKit.dll!WebCore::runtimeObjectCustomGetOwnPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}, WebCore::JSHTMLElement * element=0x0d563768) Line 119 + 0x10 bytes C++ WebKit.dll!WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 38 + 0x15 bytes C++ WebKit.dll!WebCore::JSHTMLObjectElement::getOwnPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 181 + 0x14 bytes C++ JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x06b00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 512 + 0x1b bytes C++ JavaScriptCore.dll!cti_op_get_by_val(void * * args=0x0012c1d0) Line 2353 + 0x1b bytes C++ JavaScriptCore.dll!@cti_op_create_this@4() + 0x1cf bytes C++ JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x03dcadd4, JSC::ExecState * callFrame=0x06b00090, JSC::JSGlobalData * globalData=0x03db6e20) Line 77 + 0x22 bytes C++ JavaScriptCore.dll!JSC::Interpreter::execute(JSC::EvalExecutable * eval=0x048c0cd8, JSC::ExecState * callFrame=0x06b00038, JSC::JSObject * thisObj=0x0a950128, int globalRegisterOffset=18, JSC::ScopeChainNode * scopeChain=0x1bd83068) Line 1138 + 0x2b bytes C++ JavaScriptCore.dll!JSC::Interpreter::callEval(JSC::ExecState * callFrame=0x06b00038, JSC::RegisterFile * registerFile=0x03dcadd4, JSC::Register * argv=0x06b00050, int argc=2, int registerOffset=11) Line 412 + 0x6c bytes C++ JavaScriptCore.dll!cti_op_call_eval(void * * args=0x0012c4c8) Line 3210 C++ JavaScriptCore.dll!@cti_op_create_this@4() + 0x1cf bytes C++ JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x03dcadd4, JSC::ExecState * callFrame=0x06b00038, JSC::JSGlobalData * globalData=0x03db6e20) Line 77 + 0x22 bytes C++ JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program=0x048c0c80, JSC::ExecState * callFrame=0x0ba810a0, JSC::ScopeChainNode * scopeChain=0x1bd83068, JSC::JSObject * thisObj=0x0ba81028) Line 767 + 0x25 bytes C++ JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec=0x0ba810a0, JSC::ScopeChainNode * scopeChain=0x1bd83068, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}) Line 66 C++ WebKit.dll!WebKit::NPRuntimeObjectMap::evaluate(NPObject * npObject=0x0d121a90, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4) Line 196 + 0x4f bytes C++ WebKit.dll!WebKit::PluginView::evaluate(NPObject * npObject=0x0d121a90, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4, bool allowPopups=false) Line 983 + 0x1a bytes C++ WebKit.dll!WebKit::NetscapePlugin::evaluate(NPObject * npObject=0x0d121a90, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4) Line 215 + 0x2c bytes C++ WebKit.dll!WebKit::NPN_Evaluate(_NPP * npp=0x0cd59244, NPObject * npObject=0x0d121a90, _NPString * script=0x0012c7e4, _NPVariant * result=0x0012c7d4) Line 681 + 0x1b bytes C++ NPSWF32.dll!15e2e947() [Frames below may be incorrect and/or missing, no symbols loaded for NPSWF32.dll] 401491 1 aroben 2011-05-10 14:17:54 -0700 I don't know what symptoms this causes in a release build. 401492 2 aroben 2011-05-10 14:18:12 -0700 <rdar://problem/9415930> 401496 3 aroben 2011-05-10 14:19:45 -0700 The script being evaluated is: try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; } 401498 4 aroben 2011-05-10 14:20:34 -0700 JSObject::hasProperty is looking for a property named callback5295 401499 5 aroben 2011-05-10 14:24:26 -0700 (In reply to comment #3) > The script being evaluated is: > > try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; } That is the script being passed to NPN_Evaluate. The script being dealt with in Interpreter::callEval is (unsurprisingly): if (typeof(onTemplateLoaded) != "undefined") onTemplateLoaded('myExperience'); 401500 6 aroben 2011-05-10 14:25:45 -0700 Some more data from the debugger: > structure()->classInfo() 0x0317073c struct JSC::ClassInfo const JSC::JSActivation::s_info {className=0x02e2fd00 "JSActivation" parentClass=0x031707d4 staticPropHashTable=0x00000000 ...} className: 0x02e2fd00 "JSActivation" parentClass: 0x031707d4 struct JSC::ClassInfo const JSC::JSObject::s_info {className=0x02e83bc4 "Object" parentClass=0x00000000 staticPropHashTable=0x00000000 ...} staticPropHashTable: 0x00000000 {compactSize=??? compactHashSizeMask=??? values=??? ...} classPropHashTableGetterFunction: 0x00000000 > &s_info 0x03170914 struct JSC::ClassInfo const JSC::Structure::s_info {className=0x02f56614 "Structure" parentClass=0x00000000 staticPropHashTable=0x00000000 ...} className: 0x02f56614 "Structure" parentClass: 0x00000000 {className=??? parentClass=??? staticPropHashTable=??? ...} staticPropHashTable: 0x00000000 {compactSize=??? compactHashSizeMask=??? values=??? ...} classPropHashTableGetterFunction: 0x00000000 401502 7 ggaren 2011-05-10 14:29:31 -0700 This data seems to indicate that JSGlobalData::structureStructure was recycled to allocate JSGlobalData::activationStructure. That is very odd, since both objects are allocated before any webpages are loaded, and both are global roots. I'm flummoxed. 401511 8 ggaren 2011-05-10 14:39:19 -0700 I believe the release build symptom would be a crash. 401517 9 ggaren 2011-05-10 14:47:22 -0700 Oliver pointed out that what's more likely going on here is not that JSGlobalData::structureStructure was recycled, but instead that the current Structure was recycled, and an Activation allocated in its place. 401519 10 ggaren 2011-05-10 14:48:49 -0700 I couldn't reproduce this in a Mac release build. 401529 11 aroben 2011-05-10 14:56:54 -0700 I was able to reproduce this. It doesn't seem to happen every time, but happens maybe once out of every 3 times. 401532 12 aroben 2011-05-10 14:58:07 -0700 Here's the backtrace from another time I reproduced it: > JavaScriptCore.dll!JSC::Structure::typeInfo() Line 101 + 0x43 bytes C++ JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 510 + 0xf bytes C++ JavaScriptCore.dll!JSC::JSObject::getPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 521 + 0x14 bytes C++ JavaScriptCore.dll!JSC::JSObject::hasProperty(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}) Line 208 C++ WebKit.dll!WebCore::runtimeObjectCustomGetOwnPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}, WebCore::JSHTMLElement * element=0x0d3c3768) Line 119 + 0x10 bytes C++ WebKit.dll!WebCore::JSHTMLObjectElement::getOwnPropertySlotDelegate(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 38 + 0x15 bytes C++ WebKit.dll!WebCore::JSHTMLObjectElement::getOwnPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 181 + 0x14 bytes C++ JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x06a00238, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 512 + 0x1b bytes C++ JavaScriptCore.dll!cti_op_get_by_val(void * * args=0x0012c1d0) Line 2353 + 0x1b bytes C++ JavaScriptCore.dll!@cti_op_create_this@4() + 0x1cf bytes C++ JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x03dcaf94, JSC::ExecState * callFrame=0x06a00090, JSC::JSGlobalData * globalData=0x03d2fe50) Line 77 + 0x22 bytes C++ JavaScriptCore.dll!JSC::Interpreter::execute(JSC::EvalExecutable * eval=0x0c200700, JSC::ExecState * callFrame=0x06a00038, JSC::JSObject * thisObj=0x0a940128, int globalRegisterOffset=18, JSC::ScopeChainNode * scopeChain=0x0d9a08c8) Line 1138 + 0x2b bytes C++ JavaScriptCore.dll!JSC::Interpreter::callEval(JSC::ExecState * callFrame=0x06a00038, JSC::RegisterFile * registerFile=0x03dcaf94, JSC::Register * argv=0x06a00050, int argc=2, int registerOffset=11) Line 412 + 0x6c bytes C++ JavaScriptCore.dll!cti_op_call_eval(void * * args=0x0012c4c8) Line 3210 C++ JavaScriptCore.dll!@cti_op_create_this@4() + 0x1cf bytes C++ JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x03dcaf94, JSC::ExecState * callFrame=0x06a00038, JSC::JSGlobalData * globalData=0x03d2fe50) Line 77 + 0x22 bytes C++ JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program=0x0c2006a8, JSC::ExecState * callFrame=0x0e880ba0, JSC::ScopeChainNode * scopeChain=0x0d9a08c8, JSC::JSObject * thisObj=0x0e880b28) Line 767 + 0x25 bytes C++ JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec=0x0e880ba0, JSC::ScopeChainNode * scopeChain=0x0d9a08c8, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}) Line 66 C++ WebKit.dll!WebKit::NPRuntimeObjectMap::evaluate(NPObject * npObject=0x0b9debf0, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4) Line 196 + 0x4f bytes C++ WebKit.dll!WebKit::PluginView::evaluate(NPObject * npObject=0x0b9debf0, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4, bool allowPopups=false) Line 983 + 0x1a bytes C++ WebKit.dll!WebKit::NetscapePlugin::evaluate(NPObject * npObject=0x0b9debf0, const WTF::String & scriptString={try { __flash__toXML(eval("if (typeof(onTemplateLoaded) != \"undefined\") onTemplateLoaded('myExperience');")) ; } catch (e) { "<undefined/>"; }}, _NPVariant * result=0x0012c7d4) Line 215 + 0x2c bytes C++ WebKit.dll!WebKit::NPN_Evaluate(_NPP * npp=0x0d3498b4, NPObject * npObject=0x0b9debf0, _NPString * script=0x0012c7e4, _NPVariant * result=0x0012c7d4) Line 681 + 0x1b bytes C++ NPSWF32.dll!1652e947() [Frames below may be incorrect and/or missing, no symbols loaded for NPSWF32.dll] <many NPSWF32.dll frames omitted> NPSWF32.dll!1653262b() WebKit.dll!WTF::removeIterator<unsigned __int64,std::pair<unsigned __int64,RunLoop::TimerBase *>,WTF::PairFirstExtractor<std::pair<unsigned __int64,RunLoop::TimerBase *> >,WTF::IntHash<unsigned __int64>,WTF::PairHashTraits<WTF::HashTraits<unsigned __int64>,WTF::HashTraits<RunLoop::TimerBase *> >,WTF::HashTraits<unsigned __int64> >(WTF::HashTableConstIterator<unsigned __int64,std::pair<unsigned __int64,RunLoop::TimerBase *>,WTF::PairFirstExtractor<std::pair<unsigned __int64,RunLoop::TimerBase *> >,WTF::IntHash<unsigned __int64>,WTF::PairHashTraits<WTF::HashTraits<unsigned __int64>,WTF::HashTraits<RunLoop::TimerBase *> >,WTF::HashTraits<unsigned __int64> > * it=0x00070cf4) Line 1116 + 0xf bytes C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes WebKit.dll!RunLoop::run() Line 78 + 0xc bytes C++ WebKit.dll!WebKit::WebProcessMain(const WebKit::CommandLine & commandLine={...}) Line 82 C++ WebKit.dll!WebKitMain(const WebKit::CommandLine & commandLine={...}) Line 48 + 0x9 bytes C++ WebKit.dll!WebKitMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10) Line 172 + 0x9 bytes C++ WebKit2WebProcess.exe!wWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x0002114c, int nCmdShow=10) Line 66 + 0x18 bytes C++ WebKit2WebProcess.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes This seems to indicate that there is no reentrancy involved. 401579 13 aroben 2011-05-10 15:41:22 -0700 In JSCell::fastGetOwnPropertySlot, "this" is a WebKit::JSNPObject. 401583 14 aroben 2011-05-10 15:42:07 -0700 I have Flash 10.2 r159 installed. 401690 15 93058 oliver 2011-05-10 18:36:27 -0700 Created attachment 93058 Patch 401693 16 93058 ggaren 2011-05-10 18:39:20 -0700 Comment on attachment 93058 Patch Nice! r=me 401709 17 oliver 2011-05-10 19:12:13 -0700 Committed r86206: <http://trac.webkit.org/changeset/86206> 93058 2011-05-10 18:36:27 -0700 2011-05-10 18:39:20 -0700 Patch bug-60580-20110510183626.patch text/plain 4240 oliver U3VidmVyc2lvbiBSZXZpc2lvbjogODYyMDIKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwppbmRleCA1YTVmNjQ2MTZlODU1OGVi NjgzYzQ0Y2VmNWVjZjIxOTQ2ZTNhN2U5Li5lN2M0NTM1YTY1YTU4ODkxOTQ2NmI4MjZjMzRjZjRl ZDU5YTAxZGRkIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjAgQEAKKzIwMTEtMDUtMTAgIE9saXZl ciBIdW50ICA8b2xpdmVyQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBBc3NlcnRpb24gZmFpbHVyZSBpbiBKU0M6OlN0cnVjdHVyZTo6 dHlwZUluZm8gd2hlbiByZWxvYWRpbmcgd2VhdGhlci5jb20gdmlkZW8gcGFnZQorICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NjA1ODAKKworICAgICAgICBU aGUgcGx1Z2luIG9iamVjdCBtYXAgd2FzIGluY29ycmVjdCB0cnlpbmcgdG8gaW1wbGVtZW50IGEg d2VhayBtYXAgaXRzZWxmIHVzaW5nCisgICAgICAgIGRlc3RydWN0b3JzLiAgU3dpdGNoIHRvIGEg V2Vha0dDTWFwIGFuZCB0aGUgcHJvYmxlbSBpcyBmaXhlZC4KKworICAgICAgICAqIFdlYlByb2Nl c3MvUGx1Z2lucy9OZXRzY2FwZS9KU05QT2JqZWN0LmNwcDoKKyAgICAgICAgKFdlYktpdDo6SlNO UE9iamVjdDo6fkpTTlBPYmplY3QpOgorICAgICAgICAqIFdlYlByb2Nlc3MvUGx1Z2lucy9OZXRz Y2FwZS9OUFJ1bnRpbWVPYmplY3RNYXAuY3BwOgorICAgICAgICAoV2ViS2l0OjpOUFJ1bnRpbWVP YmplY3RNYXA6OmdldE9yQ3JlYXRlSlNPYmplY3QpOgorICAgICAgICAoV2ViS2l0OjpOUFJ1bnRp bWVPYmplY3RNYXA6OmludmFsaWRhdGUpOgorICAgICAgICAqIFdlYlByb2Nlc3MvUGx1Z2lucy9O ZXRzY2FwZS9OUFJ1bnRpbWVPYmplY3RNYXAuaDoKKwogMjAxMS0wNS0xMCAgU2FtIFdlaW5pZyAg PHNhbUB3ZWJraXQub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhbiBCZXJuc3RlaW4uCmRp ZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1BsdWdpbnMvTmV0c2NhcGUvSlNO UE9iamVjdC5jcHAgYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1BsdWdpbnMvTmV0c2NhcGUv SlNOUE9iamVjdC5jcHAKaW5kZXggOTNmOWZjNWJiODcwOTQ1NWU2MDQwMWU2YjlmY2YzNGZiNmMw NGFkMC4uZjIzYzgzZGQ0MjI0MDFhZWNiNTMxNGY3MzBmMmQ3ZDdlYTg5OTRmYSAxMDA2NDQKLS0t IGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9QbHVnaW5zL05ldHNjYXBlL0pTTlBPYmplY3Qu Y3BwCisrKyBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvUGx1Z2lucy9OZXRzY2FwZS9KU05Q T2JqZWN0LmNwcApAQCAtNjYsOCArNjYsNiBAQCBKU05QT2JqZWN0Ojp+SlNOUE9iamVjdCgpCiB7 CiAgICAgaWYgKCFtX25wT2JqZWN0KQogICAgICAgICByZXR1cm47Ci0KLSAgICBtX29iamVjdE1h cC0+anNOUE9iamVjdERlc3Ryb3llZCh0aGlzKTsKICAgICByZWxlYXNlTlBPYmplY3QobV9ucE9i amVjdCk7CiB9CiAKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvUGx1Z2lu cy9OZXRzY2FwZS9OUFJ1bnRpbWVPYmplY3RNYXAuY3BwIGIvU291cmNlL1dlYktpdDIvV2ViUHJv Y2Vzcy9QbHVnaW5zL05ldHNjYXBlL05QUnVudGltZU9iamVjdE1hcC5jcHAKaW5kZXggMWNmNjBk Mjc1NGIzZWZhZmJiMmYyNzc3NTYwZmM0NWY1MDdlZjI3OS4uMjE0ODVkZjllMWUzMDJiMWI4OWRm ZWEyNTAxY2E5ZWY5NWFiMmRlNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vz cy9QbHVnaW5zL05ldHNjYXBlL05QUnVudGltZU9iamVjdE1hcC5jcHAKKysrIGIvU291cmNlL1dl YktpdDIvV2ViUHJvY2Vzcy9QbHVnaW5zL05ldHNjYXBlL05QUnVudGltZU9iamVjdE1hcC5jcHAK QEAgLTk5LDE4ICs5OSwxMSBAQCBKU09iamVjdCogTlBSdW50aW1lT2JqZWN0TWFwOjpnZXRPckNy ZWF0ZUpTT2JqZWN0KEpTR2xvYmFsT2JqZWN0KiBnbG9iYWxPYmplY3QsCiAgICAgICAgIHJldHVy biBqc05QT2JqZWN0OwogCiAgICAgSlNOUE9iamVjdCoganNOUE9iamVjdCA9IG5ldyAoJmdsb2Jh bE9iamVjdC0+Z2xvYmFsRGF0YSgpKSBKU05QT2JqZWN0KGdsb2JhbE9iamVjdCwgdGhpcywgbnBP YmplY3QpOwotICAgIG1fanNOUE9iamVjdHMuc2V0KG5wT2JqZWN0LCBqc05QT2JqZWN0KTsKKyAg ICBtX2pzTlBPYmplY3RzLnNldChnbG9iYWxPYmplY3QtPmdsb2JhbERhdGEoKSwgbnBPYmplY3Qs IGpzTlBPYmplY3QpOwogCiAgICAgcmV0dXJuIGpzTlBPYmplY3Q7CiB9CiAKLXZvaWQgTlBSdW50 aW1lT2JqZWN0TWFwOjpqc05QT2JqZWN0RGVzdHJveWVkKEpTTlBPYmplY3QqIGpzTlBPYmplY3Qp Ci17Ci0gICAgLy8gUmVtb3ZlIHRoZSBvYmplY3QgZnJvbSB0aGUgbWFwLgotICAgIEFTU0VSVCht X2pzTlBPYmplY3RzLmNvbnRhaW5zKGpzTlBPYmplY3QtPm5wT2JqZWN0KCkpKTsKLSAgICBtX2pz TlBPYmplY3RzLnJlbW92ZShqc05QT2JqZWN0LT5ucE9iamVjdCgpKTsKLX0KLQogSlNWYWx1ZSBO UFJ1bnRpbWVPYmplY3RNYXA6OmNvbnZlcnROUFZhcmlhbnRUb0pTVmFsdWUoSlNDOjpFeGVjU3Rh dGUqIGV4ZWMsIEpTQzo6SlNHbG9iYWxPYmplY3QqIGdsb2JhbE9iamVjdCwgY29uc3QgTlBWYXJp YW50JiB2YXJpYW50KQogewogICAgIHN3aXRjaCAodmFyaWFudC50eXBlKSB7CkBAIC0yMjQsMTMg KzIxNyw5IEBAIHZvaWQgTlBSdW50aW1lT2JqZWN0TWFwOjppbnZhbGlkYXRlKCkKICAgICAvLyBX ZSBzaG91bGRuJ3QgaGF2ZSBhbnkgTlBKU09iamVjdHMgbGVmdCBub3cuCiAgICAgQVNTRVJUKG1f bnBKU09iamVjdHMuaXNFbXB0eSgpKTsKIAotICAgIFZlY3RvcjxKU05QT2JqZWN0Kj4ganNOUE9i amVjdHM7Ci0gICAgY29weVZhbHVlc1RvVmVjdG9yKG1fanNOUE9iamVjdHMsIGpzTlBPYmplY3Rz KTsKLQotICAgIC8vIEludmFsaWRhdGUgYWxsIHRoZSBKU09iamVjdHMgdGhhdCB3cmFwIE5QT2Jq ZWN0cy4KLSAgICBmb3IgKHNpemVfdCBpID0gMDsgaSA8IGpzTlBPYmplY3RzLnNpemUoKTsgKytp KQotICAgICAgICBqc05QT2JqZWN0c1tpXS0+aW52YWxpZGF0ZSgpOwotCisgICAgV2Vha0dDTWFw PE5QT2JqZWN0KiwgSlNOUE9iamVjdD46Oml0ZXJhdG9yIGVuZCA9IG1fanNOUE9iamVjdHMuZW5k KCk7CisgICAgZm9yIChXZWFrR0NNYXA8TlBPYmplY3QqLCBKU05QT2JqZWN0Pjo6aXRlcmF0b3Ig cHRyID0gbV9qc05QT2JqZWN0cy5iZWdpbigpOyBwdHIgIT0gZW5kOyArK3B0cikKKyAgICAgICAg cHRyLmdldCgpLnNlY29uZC0+aW52YWxpZGF0ZSgpOwogICAgIG1fanNOUE9iamVjdHMuY2xlYXIo KTsKIH0KIApkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9QbHVnaW5zL05l dHNjYXBlL05QUnVudGltZU9iamVjdE1hcC5oIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9Q bHVnaW5zL05ldHNjYXBlL05QUnVudGltZU9iamVjdE1hcC5oCmluZGV4IGQxM2UxZmVmOGNkOTBh NTU4NjUwZGE1OGZlMjBmMDMzMjU3MmQwODEuLjAxZTAzYmFhYmNkNzFmNjljYjAzNGNkMWM0YzY4 NDdkNzJmMWY2OGQgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvUGx1Z2lu cy9OZXRzY2FwZS9OUFJ1bnRpbWVPYmplY3RNYXAuaAorKysgYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQ cm9jZXNzL1BsdWdpbnMvTmV0c2NhcGUvTlBSdW50aW1lT2JqZWN0TWFwLmgKQEAgLTI2LDYgKzI2 LDcgQEAKICNpZm5kZWYgTlBKU09iamVjdFdyYXBwZXJNYXBfaAogI2RlZmluZSBOUEpTT2JqZWN0 V3JhcHBlck1hcF9oCiAKKyNpbmNsdWRlIDxKYXZhU2NyaXB0Q29yZS9XZWFrR0NNYXAuaD4KICNp bmNsdWRlIDx3dGYvRm9yd2FyZC5oPgogI2luY2x1ZGUgPHd0Zi9IYXNoTWFwLmg+CiAKQEAgLTg3 LDcgKzg4LDcgQEAgcHJpdmF0ZToKICAgICBQbHVnaW5WaWV3KiBtX3BsdWdpblZpZXc7CiAKICAg ICBIYXNoTWFwPEpTQzo6SlNPYmplY3QqLCBOUEpTT2JqZWN0Kj4gbV9ucEpTT2JqZWN0czsKLSAg ICBIYXNoTWFwPE5QT2JqZWN0KiwgSlNOUE9iamVjdCo+IG1fanNOUE9iamVjdHM7CisgICAgSlND OjpXZWFrR0NNYXA8TlBPYmplY3QqLCBKU05QT2JqZWN0PiBtX2pzTlBPYmplY3RzOwogfTsKIAog fSAvLyBuYW1lc3BhY2UgV2ViS2l0Cg==