65637 2011-08-03 13:04:28 -0700 Crash beneath PlatformCALayerWinInternal::updateTiles when zooming on Google Maps 2011-08-04 11:15:14 -0700 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) PC Windows XP RESOLVED FIXED http://maps.google.com/ InRadar, PlatformOnly P2 Normal --- 1 aroben aroben cmarrin simon.fraser webkit-bug-importer oldest_to_newest 446038 0 aroben 2011-08-03 13:04:28 -0700 To reproduce: 1. Go to Google Maps 2. Select Satellite view 3. Zoom in and out using the scroll wheel Eventually, you'll crash beneath PlatformCALayerWinInternal::updateTiles due to a null CFArrayRef being passed to CFArrayGetValueAtIndex. Here's the backtrace: CoreFoundation.dll!CF_IS_OBJC() C++ CoreFoundation.dll!CFArrayGetValueAtIndex() + 0xe bytes C++ WebKit.dll!WebCore::PlatformCALayerWinInternal::updateTiles() Line 444 + 0x17 bytes C++ WebKit.dll!WebCore::PlatformCALayerWinInternal::setBounds(const WebCore::FloatRect & rect={...}) Line 329 C++ WebKit.dll!WebCore::PlatformCALayer::setBounds(const WebCore::FloatRect & value={...}) Line 364 C++ > WebKit.dll!WebCore::GraphicsLayerCA::updateGeometry(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}) Line 1058 C++ WebKit.dll!WebCore::GraphicsLayerCA::swapFromOrToTiledLayer(bool useTiledLayer=true, float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}) Line 2087 C++ WebKit.dll!WebCore::GraphicsLayerCA::updateGeometry(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}) Line 1018 C++ WebKit.dll!WebCore::GraphicsLayerCA::commitLayerChangesBeforeSublayers(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}) Line 894 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=true) Line 842 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=true) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=true) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=true) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=true) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=true) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=false) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=false) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=false) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::recursiveCommitChanges(float pageScaleFactor=1.0000000, const WebCore::FloatPoint & positionRelativeToBase={...}, bool affectedByPageScale=false) Line 850 C++ WebKit.dll!WebCore::GraphicsLayerCA::syncCompositingState() Line 816 C++ WebKit.dll!WebCore::RenderLayerCompositor::flushPendingLayerChanges(bool isFlushRoot=true) Line 207 + 0x12 bytes C++ WebKit.dll!WebCore::FrameView::syncCompositingStateForThisFrame(WebCore::Frame * rootFrameForSync=0x03d7b580) Line 700 C++ WebKit.dll!WebCore::FrameView::syncCompositingStateIncludingSubframes() Line 787 + 0x17 bytes C++ WebKit.dll!WebKit::LayerTreeHostCA::flushPendingLayerChanges() Line 247 C++ WebKit.dll!WebKit::LayerTreeHostCA::performScheduledLayerFlush() Line 224 + 0x8 bytes C++ WebKit.dll!WebKit::LayerTreeHostCAWin::flushPendingLayerChangesNow() Line 240 C++ WebKit.dll!WebCore::LayerChangesFlusher::hookFired(int code=0, unsigned int wParam=1, long lParam=1244088) Line 89 + 0x20 bytes C++ WebKit.dll!WebCore::LayerChangesFlusher::hookCallback(int code=0, unsigned int wParam=1, long lParam=1244088) Line 75 C++ user32.dll!_DispatchHookW@16() + 0x31 bytes user32.dll!_CallHookWithSEH@16() + 0x21 bytes user32.dll!___fnHkINLPMSG@4() + 0x25 bytes ntdll.dll!_KiUserCallbackDispatcher@12() + 0x13 bytes user32.dll!_NtUserGetMessage@16() + 0xc bytes WebKit.dll!RunLoop::run() Line 74 + 0x12 bytes C++ WebKit.dll!WebKit::WebProcessMain(const WebKit::CommandLine & commandLine={...}) Line 82 C++ WebKit.dll!WebKitMain(const WebKit::CommandLine & commandLine={...}) Line 50 + 0x9 bytes C++ WebKit.dll!WebKitMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x00021118, int nCmdShow=10) Line 187 + 0x9 bytes C++ WebKit2WebProcess.exe!wWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x00021118, int nCmdShow=10) Line 66 + 0x18 bytes C++ WebKit2WebProcess.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes 446040 1 aroben 2011-08-03 13:04:52 -0700 <rdar://problem/9784849> 446042 2 aroben 2011-08-03 13:07:29 -0700 PlatformCALayer::setBounds is being passed a rect with size 33554432x33554432. This comes from GraphicsLayerCA::m_size. It looks like both updateTiles and constrainedSize have the same vulnerability to overflow. The overflow is breaking our calculations that try to limit the number of tiles a layer can have. 446043 3 aroben 2011-08-03 13:08:40 -0700 Specifically, the overflow happens in a calculation like this: int numTilesHorizontal = ceil(m_constrainedSize.width / m_tileSize.width); int numTilesVertical = ceil(m_constrainedSize.height / m_tileSize.height); int numTilesTotal = numTilesHorizontal * numTilesVertical; numTilesHorizontal and numTilesVertical are both 65536. The calculation of numTilesTotal results in overflow. 446051 4 aroben 2011-08-03 13:21:02 -0700 I set a breakpoint on GraphicsLayer::setSize to try to figure out where the huge size is coming from. Here's where it got hit, when passed a rect of size 67108864x67108864: > WebKit.dll!WebCore::GraphicsLayer::setSize(const WebCore::FloatSize & size={...}) Line 246 C++ WebKit.dll!WebCore::GraphicsLayerCA::setSize(const WebCore::FloatSize & size={...}) Line 402 C++ WebKit.dll!WebCore::RenderLayerBacking::updateGraphicsLayerGeometry() Line 422 + 0x2d bytes C++ WebKit.dll!WebCore::RenderLayerCompositor::rebuildCompositingLayerTree(WebCore::RenderLayer * layer=0x22bbc6bc, const WebCore::CompositingState & compositingState={...}, WTF::Vector<WebCore::GraphicsLayer *,0> & childLayersOfEnclosingLayer=[0]()) Line 850 C++ WebKit.dll!WebCore::RenderLayerCompositor::rebuildCompositingLayerTree(WebCore::RenderLayer * layer=0x0c8ac69c, const WebCore::CompositingState & compositingState={...}, WTF::Vector<WebCore::GraphicsLayer *,0> & childLayersOfEnclosingLayer=[0]()) Line 902 C++ WebKit.dll!WebCore::RenderLayerCompositor::rebuildCompositingLayerTree(WebCore::RenderLayer * layer=0x0aa51024, const WebCore::CompositingState & compositingState={...}, WTF::Vector<WebCore::GraphicsLayer *,0> & childLayersOfEnclosingLayer=[0]()) Line 902 C++ WebKit.dll!WebCore::RenderLayerCompositor::rebuildCompositingLayerTree(WebCore::RenderLayer * layer=0x064ad8e4, const WebCore::CompositingState & compositingState={...}, WTF::Vector<WebCore::GraphicsLayer *,0> & childLayersOfEnclosingLayer=[0]()) Line 902 C++ WebKit.dll!WebCore::RenderLayerCompositor::rebuildCompositingLayerTree(WebCore::RenderLayer * layer=0x064da904, const WebCore::CompositingState & compositingState={...}, WTF::Vector<WebCore::GraphicsLayer *,0> & childLayersOfEnclosingLayer=[0]()) Line 902 C++ WebKit.dll!WebCore::RenderLayerCompositor::updateCompositingLayers(WebCore::CompositingUpdateType updateType=CompositingUpdateAfterLayoutOrStyleChange, WebCore::RenderLayer * updateRoot=0x064da904) Line 307 C++ WebKit.dll!WebCore::FrameView::updateCompositingLayers() Line 629 C++ WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 1042 C++ WebKit.dll!WebCore::Document::updateLayout() Line 1621 C++ WebKit.dll!WebCore::RenderLayer::hitTest(const WebCore::HitTestRequest & request={...}, WebCore::HitTestResult & result={...}) Line 2860 C++ WebKit.dll!WebCore::Document::prepareMouseEvent(const WebCore::HitTestRequest & request={...}, const WebCore::IntPoint & documentPoint={...}, const WebCore::PlatformMouseEvent & event={...}) Line 2649 C++ WebKit.dll!WebCore::EventHandler::prepareMouseEvent(const WebCore::HitTestRequest & request={...}, const WebCore::PlatformMouseEvent & mev={...}) Line 1924 + 0x39 bytes C++ WebKit.dll!WebCore::EventHandler::handleMouseMoveEvent(const WebCore::PlatformMouseEvent & mouseEvent={...}, WebCore::HitTestResult * hoveredNode=0x0012f5a4) Line 1605 C++ WebKit.dll!WebCore::EventHandler::mouseMoved(const WebCore::PlatformMouseEvent & event={...}) Line 1536 + 0x10 bytes C++ WebKit.dll!WebKit::handleMouseEvent(const WebKit::WebMouseEvent & mouseEvent={...}, WebCore::Page * page=0x03dc8f20) Line 1053 + 0x13 bytes C++ WebKit.dll!WebKit::WebPage::mouseEvent(const WebKit::WebMouseEvent & mouseEvent={...}) Line 1079 + 0x15 bytes C++ WebKit.dll!CoreIPC::callMemberFunction<WebKit::WebPage,void (__thiscall WebKit::WebPage::*)(WebKit::WebMouseEvent const &),WebKit::WebMouseEvent>(const CoreIPC::Arguments1<WebKit::WebMouseEvent> & args={...}, WebKit::WebPage * object=0x03dc8b48, void (const WebKit::WebMouseEvent &)* function=0x10008f67) Line 19 + 0xf bytes C++ WebKit.dll!CoreIPC::handleMessage<Messages::WebPage::MouseEvent,WebKit::WebPage,void (__thiscall WebKit::WebPage::*)(WebKit::WebMouseEvent const &)>(CoreIPC::ArgumentDecoder * argumentDecoder=0x223acbd0, WebKit::WebPage * object=0x03dc8b48, void (const WebKit::WebMouseEvent &)* function=0x10008f67) Line 277 + 0x15 bytes C++ WebKit.dll!WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection * __formal=0x03da4cf0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x223acbd0) Line 104 + 0x23 bytes C++ WebKit.dll!WebKit::WebPage::didReceiveMessage(CoreIPC::Connection * connection=0x03da4cf0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x223acbd0) Line 2087 C++ WebKit.dll!WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection * connection=0x03da4cf0, CoreIPC::MessageID messageID={...}, CoreIPC::ArgumentDecoder * arguments=0x223acbd0) Line 642 C++ WebKit.dll!CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder> & message={...}) Line 689 + 0x30 bytes C++ WebKit.dll!CoreIPC::Connection::dispatchMessages() Line 717 C++ WebKit.dll!MemberFunctionWorkItem0<CoreIPC::Connection>::execute() Line 79 + 0x10 bytes C++ WebKit.dll!RunLoop::performWork() Line 63 + 0x1a bytes C++ WebKit.dll!RunLoop::wndProc(HWND__ * hWnd=0x001805c8, unsigned int message=1025, unsigned int wParam=64637248, long lParam=0) Line 62 C++ WebKit.dll!RunLoop::RunLoopWndProc(HWND__ * hWnd=0x001805c8, unsigned int message=1025, unsigned int wParam=64637248, long lParam=0) Line 44 + 0x18 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes WebKit.dll!RunLoop::run() Line 78 + 0xc bytes C++ WebKit.dll!WebKit::WebProcessMain(const WebKit::CommandLine & commandLine={...}) Line 82 C++ WebKit.dll!WebKitMain(const WebKit::CommandLine & commandLine={...}) Line 50 + 0x9 bytes C++ WebKit.dll!WebKitMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x00021118, int nCmdShow=10) Line 187 + 0x9 bytes C++ WebKit2WebProcess.exe!wWinMain(HINSTANCE__ * hInstance=0x00400000, HINSTANCE__ * hPrevInstance=0x00000000, wchar_t * lpstrCmdLine=0x00021118, int nCmdShow=10) Line 66 + 0x18 bytes C++ WebKit2WebProcess.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes 446079 5 aroben 2011-08-03 14:20:45 -0700 Checking for overflow in PlatformCALayerWinInternal::constrainedSize makes the crash go away. Chris Marrin says we will end up just rendering the upper-left portion of the layer, which matches Mac's behavior. 446119 6 102834 aroben 2011-08-03 15:03:44 -0700 Created attachment 102834 Detect and handle overflow in PlatformCALayerWinInternal::constrainedSize 446148 7 aroben 2011-08-03 15:37:58 -0700 Thanks for reviewing, Sam. I'll wait until tomorrow to commit this so that I have time to watch the bots. 446163 8 102834 simon.fraser 2011-08-03 15:57:14 -0700 Comment on attachment 102834 Detect and handle overflow in PlatformCALayerWinInternal::constrainedSize GraphicsLayerCA::constrainedSize() already does some size limiting; why does PlatformCALayerWinInternal need it too? FWIW, that code uses floats to get around the overflow issues. 446165 9 simon.fraser 2011-08-03 15:57:45 -0700 Sorry i clobbered the review status, but perhaps Adam would like to reconsider. 446494 10 aroben 2011-08-04 07:53:28 -0700 (In reply to comment #8) > GraphicsLayerCA::constrainedSize() already does some size limiting; why does PlatformCALayerWinInternal need it too? FWIW, that code uses floats to get around the overflow issues. We in fact have three constrainedSize functions: FloatSize GraphicsLayerCA::constrainedSize() const CGSize PlatformCALayerWinInternal::constrainedSize(const CGSize& size) const CGSize WebTiledLayer::constrainedSize(const CGSize& size) const That seems like two too many to me. (I suspect that the entire WebTiledLayer class isn't even used anymore, but I haven't confirmed this yet.) I'm not sure why we have so many. Chris would probably know, since I think he wrote all but the first. 446514 11 simon.fraser 2011-08-04 08:40:09 -0700 I'm just surprised that PlatformCALayerWinInternal ever saw the huge layer, since I would have expected GraphicsLayerCA to constrain first. Is that not the case? 446519 12 aroben 2011-08-04 08:44:55 -0700 (In reply to comment #11) > I'm just surprised that PlatformCALayerWinInternal ever saw the huge layer, since I would have expected GraphicsLayerCA to constrain first. Is that not the case? GraphicsLayerCA only constrains on Leopard and SnowLeopard. We should change it to constrain on Windows, too. 446583 13 aroben 2011-08-04 09:56:58 -0700 (In reply to comment #12) > (In reply to comment #11) > > I'm just surprised that PlatformCALayerWinInternal ever saw the huge layer, since I would have expected GraphicsLayerCA to constrain first. Is that not the case? > > GraphicsLayerCA only constrains on Leopard and SnowLeopard. We should change it to constrain on Windows, too. I have a patch that gets rid of PlatformCALayerWinInteral's constraining code and uses GraphicsLayerCA's instead. But I noticed a difference between the two implementations: when both width and height are too large, GraphicsLayerCA constrains whichever is larger down to just a single tile, while PlatformCALayerWinInternal constrains both proportionally until we have a small enough number of tiles. PlatformCALayerWinInternal's behavior seems slightly better, since you end up with a proportional rectangle of rendered content in the upper-left rather than just a one-tile-wide strip; maybe we should change GraphicsLayerCA to do the same thing? 446600 14 simon.fraser 2011-08-04 10:25:44 -0700 Agreed. 446623 15 aroben 2011-08-04 10:58:37 -0700 I think it might make the most sense to do this in two parts: 1) Fix the overflow bug that caused this crash using the already-attached patch 2) Unify GraphicsLayerCA::constrainedSize and PlatformCALayerWinInternal::constrainedSize I filed bug 65705 to cover (2). 446636 16 aroben 2011-08-04 11:15:14 -0700 Committed r92389: <http://trac.webkit.org/changeset/92389> 102834 2011-08-03 15:03:44 -0700 2011-08-04 10:58:46 -0700 Detect and handle overflow in PlatformCALayerWinInternal::constrainedSize bug-65637-20110803180410.patch text/plain 5385 aroben U3VidmVyc2lvbiBSZXZpc2lvbjogOTIyOTEKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5n ZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCAxMjhjZGE4MTlhYjhjYWY0ZGMyY2Zi ODQ4OTgxZjc3ZDUzMjEyMGFmLi5hOTg1NDMwNGE4NDQ0Mjc4MzM4MTI3NWFiNGNjMDRjMmNlYjlm ZDlmIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTEtMDgtMDMgIEFkYW0gUm9iZW4gIDxhcm9i ZW5AYXBwbGUuY29tPgorCisgICAgICAgIFRlc3QgdGhhdCBhIDJeMjV4Ml4yNSBwaXhlbCBsYXll ciBkb2Vzbid0IGNhdXNlIGEgY3Jhc2gKKworICAgICAgICBUZXN0IGZvciA8aHR0cDovL3dlYmtp dC5vcmcvYi82NTYzNz4gPHJkYXI6Ly9wcm9ibGVtLzk3ODQ4NDk+IENyYXNoIGJlbmVhdGgKKyAg ICAgICAgUGxhdGZvcm1DQUxheWVyV2luSW50ZXJuYWw6OnVwZGF0ZVRpbGVzIHdoZW4gem9vbWlu ZyBvbiBHb29nbGUgTWFwcworCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgor CisgICAgICAgICogY29tcG9zaXRpbmcvdGlsaW5nL2NyYXNoLWh1Z2UtbGF5ZXItZXhwZWN0ZWQu dHh0OiBBZGRlZC4KKyAgICAgICAgKiBjb21wb3NpdGluZy90aWxpbmcvY3Jhc2gtaHVnZS1sYXll ci5odG1sOiBBZGRlZC4KKwogMjAxMS0wOC0wMyAgQW5kZXJzIENhcmxzc29uICA8YW5kZXJzY2FA YXBwbGUuY29tPgogCiAgICAgICAgIEFkZCBhIE1hYyBMaW9uIHNraXBwZWQgbGlzdC4KZGlmZiAt LWdpdCBhL0xheW91dFRlc3RzL2NvbXBvc2l0aW5nL3RpbGluZy9jcmFzaC1odWdlLWxheWVyLWV4 cGVjdGVkLnR4dCBiL0xheW91dFRlc3RzL2NvbXBvc2l0aW5nL3RpbGluZy9jcmFzaC1odWdlLWxh eWVyLWV4cGVjdGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi5jZDI2Y2Q1M2Y1YmI1Y2I1ZGMyYjE2MGE0NmNj MTc3YTAxNWQ4ZTljCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvY29tcG9zaXRpbmcv dGlsaW5nL2NyYXNoLWh1Z2UtbGF5ZXItZXhwZWN0ZWQudHh0CkBAIC0wLDAgKzEsMyBAQAorVGhp cyBpcyBhIHRlc3QgZm9yIEJ1ZyA2NTYzNzogQ3Jhc2ggYmVuZWF0aCBQbGF0Zm9ybUNBTGF5ZXJX aW5JbnRlcm5hbDo6dXBkYXRlVGlsZXMgd2hlbiB6b29taW5nIG9uIEdvb2dsZSBNYXBzLiBUaGUg dGVzdCBwYXNzZXMgaWYgdGhlIGJyb3dzZXIgZG9lcyBub3QgY3Jhc2guCisKK0RpZCB5b3UgY3Jh c2g/CmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9jb21wb3NpdGluZy90aWxpbmcvY3Jhc2gtaHVn ZS1sYXllci5odG1sIGIvTGF5b3V0VGVzdHMvY29tcG9zaXRpbmcvdGlsaW5nL2NyYXNoLWh1Z2Ut bGF5ZXIuaHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwLi4xNWM1NDc0ZjYwZGQ4OGQzNGJlMjE3YzBiYjQzMGU4ODMz NGFhYTk5Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvY29tcG9zaXRpbmcvdGlsaW5n L2NyYXNoLWh1Z2UtbGF5ZXIuaHRtbApAQCAtMCwwICsxLDcgQEAKKzwhRE9DVFlQRSBodG1sPgor PHNjcmlwdD4KKyAgICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAgICAgICBs YXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7Cis8L3NjcmlwdD4KKzxwPlRoaXMgaXMg YSB0ZXN0IGZvciA8YSBocmVmPSJodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/ aWQ9NjU2MzciPkJ1ZyA2NTYzNzogQ3Jhc2ggYmVuZWF0aCBQbGF0Zm9ybUNBTGF5ZXJXaW5JbnRl cm5hbDo6dXBkYXRlVGlsZXMgd2hlbiB6b29taW5nIG9uIEdvb2dsZSBNYXBzPC9hPi4gVGhlIHRl c3QgcGFzc2VzIGlmIHRoZSBicm93c2VyIGRvZXMgbm90IGNyYXNoLjwvcD4KKzxkaXYgc3R5bGU9 IndpZHRoOiAzMzU1NDQzMnB4OyBoZWlnaHQ6IDMzNTU0NDMycHg7IC13ZWJraXQtdHJhbnNmb3Jt OiB0cmFuc2xhdGVaKDApOyI+RGlkIHlvdSBjcmFzaD88L2Rpdj4KZGlmZiAtLWdpdCBhL1NvdXJj ZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCA1NTU2 ZjliYzRjYWRjYWM3YTI5MDI3YmU4MTQwMzllY2YzOTAyMjVlLi5jNGNhNDhhZjJlMDQyMzVkZTYz ZmQ1MzczYmY5ZWRkZjA1MDljZjIzIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VM b2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjUgQEAKKzIwMTEt MDgtMDMgIEFkYW0gUm9iZW4gIDxhcm9iZW5AYXBwbGUuY29tPgorCisgICAgICAgIERldGVjdCBh bmQgaGFuZGxlIG92ZXJmbG93IGluIFBsYXRmb3JtQ0FMYXllcldpbkludGVybmFsOjpjb25zdHJh aW5lZFNpemUKKworICAgICAgICBHb29nbGUgTWFwcyBzb21ldGltZXMgcmVxdWVzdHMgdmVyeSBs YXJnZSAoaS5lLiwgMl41MCBwaXhlbHMgb3IgZ3JlYXRlcikgbGF5ZXJzIHdoZW4KKyAgICAgICAg em9vbWluZy4gUGxhdGZvcm1DQUxheWVyV2luSW50ZXJuYWwgaGFzIGNvZGUgdG8gbGltaXQgdGls ZWQgbGF5ZXJzIHRvIDJeMjcgcGl4ZWxzLCBidXQgaXQKKyAgICAgICAgd2FzIG5vdCBjb3JyZWN0 bHkgaGFuZGxpbmcgb3ZlcmZsb3cuIEluIHNvbWUgY2FzZXMsIHRoaXMgd291bGQgbGVhZCB0byBj cmVhdGluZyBhIHRpbGVkCisgICAgICAgIGxheWVyIHdpdGggMCB0aWxlcywgd2hpY2ggd2FzIHRo ZSBjYXVzZSBvZiB0aGlzIGNyYXNoLgorCisgICAgICAgIEZpeGVzIDxodHRwOi8vd2Via2l0Lm9y Zy9iLzY1NjM3PiA8cmRhcjovL3Byb2JsZW0vOTc4NDg0OT4gQ3Jhc2ggYmVuZWF0aAorICAgICAg ICBQbGF0Zm9ybUNBTGF5ZXJXaW5JbnRlcm5hbDo6dXBkYXRlVGlsZXMgd2hlbiB6b29taW5nIG9u IEdvb2dsZSBNYXBzCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgVGVzdDogY29tcG9zaXRpbmcvdGlsaW5nL2NyYXNoLWh1Z2UtbGF5ZXIuaHRtbAorCisg ICAgICAgICogcGxhdGZvcm0vZ3JhcGhpY3MvY2Evd2luL1BsYXRmb3JtQ0FMYXllcldpbkludGVy bmFsLmNwcDoKKyAgICAgICAgKFBsYXRmb3JtQ0FMYXllcldpbkludGVybmFsOjpjb25zdHJhaW5l ZFNpemUpOiBDaGVjayBmb3Igb3ZlcmZsb3cgYmVmb3JlIHNlZWluZyBpZiB0aGUKKyAgICAgICAg bnVtYmVyIG9mIHJlcXVpcmVkIHRpbGVzIGlzIGxhcmdlciB0aGFuIHRoZSBtYXhpbXVtIG51bWJl ciBvZiBhbGxvd2VkIHRpbGVzLgorICAgICAgICAoUGxhdGZvcm1DQUxheWVyV2luSW50ZXJuYWw6 OnVwZGF0ZVRpbGVzKTogQWRkZWQgYW4gYXNzZXJ0aW9uIHRvIGNhdGNoIGNhc2VzIHdoZXJlIHdl IGhhdmUgYQorICAgICAgICBub24tZW1wdHkgdGlsZWQgbGF5ZXIgdGhhdCBjb250YWlucyAwIHRp bGVzLCB3aGljaCB3b3VsZCBjYXVzZSB0aGUgY3Jhc2ggaW4gdGhpcyBidWcgcmVwb3J0LgorCiAy MDExLTA4LTAzICBMdWtlIE1hY3BoZXJzb24gICA8bWFjcGhlcnNvbkBjaHJvbWl1bS5vcmc+CiAK ICAgICAgICAgVXNlIGFwcHJvcHJpYXRlIG1hY3JvIGZvciBDU1NQcm9wZXJ0eUltYWdlUmVuZGVy aW5nLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGxhdGZvcm0vZ3JhcGhpY3MvY2Evd2lu L1BsYXRmb3JtQ0FMYXllcldpbkludGVybmFsLmNwcCBiL1NvdXJjZS9XZWJDb3JlL3BsYXRmb3Jt L2dyYXBoaWNzL2NhL3dpbi9QbGF0Zm9ybUNBTGF5ZXJXaW5JbnRlcm5hbC5jcHAKaW5kZXggOGIw YzM3OGFhNGJjNjY2NzViNjhmMGIwMDgxYTQzZDcxODRjN2U4NC4uYWFmZWRlYjYwMWRhZTgyZTBm ZTM3M2FjNzgxYzFiOTI1MjA1ZDBhYiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGxhdGZv cm0vZ3JhcGhpY3MvY2Evd2luL1BsYXRmb3JtQ0FMYXllcldpbkludGVybmFsLmNwcAorKysgYi9T b3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9ncmFwaGljcy9jYS93aW4vUGxhdGZvcm1DQUxheWVyV2lu SW50ZXJuYWwuY3BwCkBAIC0zNTAsMTMgKzM1MCwxNCBAQCBDR1NpemUgUGxhdGZvcm1DQUxheWVy V2luSW50ZXJuYWw6OmNvbnN0cmFpbmVkU2l6ZShjb25zdCBDR1NpemUmIHNpemUpIGNvbnN0CiAK ICAgICBpbnQgdGlsZUNvbHVtbnMgPSBjZWlsZihjb25zdHJhaW5lZFNpemUud2lkdGggLyBtX3Rp bGVTaXplLndpZHRoKTsKICAgICBpbnQgdGlsZVJvd3MgPSBjZWlsZihjb25zdHJhaW5lZFNpemUu aGVpZ2h0IC8gbV90aWxlU2l6ZS5oZWlnaHQpOwotICAgIGludCBudW1UaWxlcyA9IHRpbGVDb2x1 bW5zICogdGlsZVJvd3M7CisKKyAgICBib29sIHRvb01hbnlUaWxlcyA9IHRpbGVDb2x1bW5zICYm IG51bWVyaWNfbGltaXRzPGludD46Om1heCgpIC8gdGlsZUNvbHVtbnMgPCB0aWxlUm93cyB8fCB0 aWxlQ29sdW1ucyAqIHRpbGVSb3dzID4gY01heFRpbGVDb3VudDsKIAogICAgIC8vIElmIG51bWJl ciBvZiB0aWxlcyB2ZXJ0aWNhbGx5IG9yIGhvcml6b250YWxseSBpcyA8IHNxcnQoY01heFRpbGVD b3VudCkKICAgICAvLyBqdXN0IHNob3J0ZW4gdGhlIGxvbmdlciBkaW1lbnNpb24uIE90aGVyd2lz ZSBzaG9ydGVuIGJvdGggZGltZW5zaW9ucwogICAgIC8vIGFjY29yZGluZyB0byB0aGUgcmF0aW8g b2Ygd2lkdGggdG8gaGVpZ2h0CiAKLSAgICBpZiAobnVtVGlsZXMgPiBjTWF4VGlsZUNvdW50KSB7 CisgICAgaWYgKHRvb01hbnlUaWxlcykgewogICAgICAgICBpZiAodGlsZVJvd3MgPCBjU3FydE1h eFRpbGVDb3VudCkKICAgICAgICAgICAgIHRpbGVDb2x1bW5zID0gZmxvb3JmKGNNYXhUaWxlQ291 bnQgLyB0aWxlUm93cyk7CiAgICAgICAgIGVsc2UgaWYgKHRpbGVDb2x1bW5zIDwgY1NxcnRNYXhU aWxlQ291bnQpCkBAIC00MjMsNiArNDI0LDcgQEAgdm9pZCBQbGF0Zm9ybUNBTGF5ZXJXaW5JbnRl cm5hbDo6dXBkYXRlVGlsZXMoKQogICAgIGludCBudW1UaWxlc0hvcml6b250YWwgPSBjZWlsKG1f Y29uc3RyYWluZWRTaXplLndpZHRoIC8gbV90aWxlU2l6ZS53aWR0aCk7CiAgICAgaW50IG51bVRp bGVzVmVydGljYWwgPSBjZWlsKG1fY29uc3RyYWluZWRTaXplLmhlaWdodCAvIG1fdGlsZVNpemUu aGVpZ2h0KTsKICAgICBpbnQgbnVtVGlsZXNUb3RhbCA9IG51bVRpbGVzSG9yaXpvbnRhbCAqIG51 bVRpbGVzVmVydGljYWw7CisgICAgQVNTRVJUKCFtX2NvbnN0cmFpbmVkU2l6ZS5oZWlnaHQgfHwg IW1fY29uc3RyYWluZWRTaXplLndpZHRoIHx8IG51bVRpbGVzVG90YWwgPiAwKTsKIAogICAgIGlu dCBudW1UaWxlc1RvQ2hhbmdlID0gbnVtVGlsZXNUb3RhbCAtIHRpbGVDb3VudCgpOwogICAgIGlm IChudW1UaWxlc1RvQ2hhbmdlID49IDApIHsK