82896 2012-04-02 07:09:34 -0700 Segmentation fault in JS drop-down menus in facebook.com 2012-04-10 15:24:35 -0700 1 1 1 Unclassified WebKit Accessibility 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 mario webkit-unassigned cfleizach csaavedra webkit.review.bot oldest_to_newest 593435 0 mario 2012-04-02 07:09:34 -0700 This issue has been observed with upstream webkit + Epiphany browser and does not happen with latest stable release of webkitgtk (1.8). Still, it's not clear to me whether this happens in other ports, since the backtrace seems to suggest that the problem is somewhere in the crossplatform code. It would be wonderful if someone could try it (CCing Chris because of that). STEPS TO REPRODUCE IT: 1. Log in facebook.com 2. Open any of the html menus in facebook (e.g. the one for 'privacy' in one of your posts, or the one that shows up when hovering over a 'Friends' button, to select a list) 3. Let the drop-down menu dissapear (e.g. just hover out of the menu for 'Friends' drop-down menu) EXPECTED OUTCOME: Nothing unexpected happens :P ACTUAL OUTCOME: WebKit crashes with SIGSEGV, spitting the following backtrace in gdb: Program received signal SIGSEGV, Segmentation fault. 0x0000000000000000 in ?? () Missing separate debuginfos, use: debuginfo-install gnome-shell-3.2.2.1-1.fc16.x86_64 google-talkplugin-2.8.5.0-1.x86_64 icedtea-web-1.2-1.fc16.x86_64 nss-myhostname-0.3-1.fc16.x86_64 (gdb) back #0 0x0000000000000000 in ?? () #1 0x00007ffff643c9b5 in WebCore::AccessibilityRenderObject::renderBoxModelObject() const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #2 0x00007ffff643ca28 in WebCore::AccessibilityRenderObject::isAttachment() const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #3 0x00007ffff64311dd in WebCore::AccessibilityObject::clearChildren() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #4 0x00007ffff6435e59 in WebCore::AccessibilityRenderObject::clearChildren() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #5 0x00007ffff643675d in WebCore::AccessibilityRenderObject::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #6 0x00007ffff644919f in WebCore::AXObjectCache::remove(unsigned int) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #7 0x00007ffff64494e0 in WebCore::AXObjectCache::remove(WebCore::RenderObject*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #8 0x00007ffff6b5a0b4 in WebCore::RenderObject::willBeDestroyed() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #9 0x00007ffff6ae1020 in WebCore::RenderBox::willBeDestroyed() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #10 0x00007ffff6aa79c5 in WebCore::RenderBlock::willBeDestroyed() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #11 0x00007ffff6b5928d in WebCore::RenderObject::destroy() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #12 0x00007ffff6621e68 in WebCore::Node::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #13 0x00007ffff660cf3b in WebCore::Element::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #14 0x00007ffff65ce984 in WebCore::ContainerNode::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #15 0x00007ffff660cf3b in WebCore::Element::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #16 0x00007ffff65ce984 in WebCore::ContainerNode::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #17 0x00007ffff660cf3b in WebCore::Element::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #18 0x00007ffff65ce984 in WebCore::ContainerNode::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #19 0x00007ffff660cf3b in WebCore::Element::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #20 0x00007ffff660d89d in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #21 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #22 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #23 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #24 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #25 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #26 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #27 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #28 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #29 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #30 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #31 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #32 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #33 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #34 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #35 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #36 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #37 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #38 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #39 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #40 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #41 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #42 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #43 0x00007ffff65efe03 in WebCore::Document::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #44 0x00007ffff65f02e3 in WebCore::Document::updateStyleIfNeeded() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #45 0x00007ffff66a3a3f in WebCore::FrameSelection::notifyRendererOfSelectionChange(WebCore::EUserTriggered) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #46 0x00007ffff6958de8 in WebCore::EventHandler::handleMouseReleaseEvent(WebCore::MouseEventWithHitTestResults const&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #47 0x00007ffff695c656 in WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #48 0x00007ffff6338a70 in webkit_web_view_button_release_event(_GtkWidget*, _GdkEventButton*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 #49 0x00007ffff2590c18 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x6f6980, return_value=0x7fffffffcf00, instance=0x10680c0, args=0x7fffffffd098, marshal_data=0x7ffff6338a00, n_params=1, param_types=0x6f69b0) at gtkmarshalers.c:130 #50 0x00007ffff049985c in g_type_class_meta_marshalv (closure=0x6f6980, return_value=0x7fffffffcf00, instance=0x10680c0, args=0x7fffffffd098, marshal_data=0x188, n_params=1, param_types=0x6f69b0) at gclosure.c:997 #51 0x00007ffff0499408 in _g_closure_invoke_va (closure=0x6f6980, return_value=0x7fffffffcf00, instance=0x10680c0, args=0x7fffffffd098, n_params=1, param_types=0x6f69b0) at gclosure.c:840 #52 0x00007ffff04b3d11 in g_signal_emit_valist (instance=0x10680c0, signal_id=29, detail=0, var_args=0x7fffffffd098) at gsignal.c:3207 #53 0x00007ffff04b4ebd in g_signal_emit (instance=0x10680c0, signal_id=29, detail=0) at gsignal.c:3352 #54 0x00007ffff273b690 in gtk_widget_event_internal (widget=0x10680c0, event=0x11b2410) at gtkwidget.c:6380 #55 0x00007ffff273ace0 in gtk_widget_event (widget=0x10680c0, event=0x11b2410) at gtkwidget.c:6037 #56 0x00007ffff2590569 in propagate_event_up (widget=0x10680c0, event=0x11b2410, topmost=0x0) at gtkmain.c:2390 #57 0x00007ffff25908cb in propagate_event (widget=0x10680c0, event=0x11b2410, captured=0, topmost=0x0) at gtkmain.c:2490 #58 0x00007ffff2590999 in gtk_propagate_event (widget=0x10680c0, event=0x11b2410) at gtkmain.c:2525 #59 0x00007ffff258f468 in gtk_main_do_event (event=0x11b2410) at gtkmain.c:1713 #60 0x00007ffff212b5f6 in _gdk_event_emit (event=0x11b2410) at gdkevents.c:69 #61 0x00007ffff2163d64 in gdk_event_source_dispatch (source=0x7283c0, callback=0, user_data=0x0) at gdkeventsource.c:358 #62 0x00007fffefd8e0ab in g_main_dispatch (context=0x72abe0) at gmain.c:2515 #63 0x00007fffefd8ed6c in g_main_context_dispatch (context=0x72abe0) at gmain.c:3052 #64 0x00007fffefd8ef4f in g_main_context_iterate (context=0x72abe0, block=1, dispatch=1, self=0x835300) at gmain.c:3123 #65 0x00007fffefd8f013 in g_main_context_iteration (context=0x72abe0, may_block=1) at gmain.c:3184 #66 0x00007ffff0c706d5 in g_application_run (application=0x858020, argc=1, argv=0x7fffffffd748) at gapplication.c:1496 #67 0x000000000042fe44 in main (argc=1, argv=0x7fffffffd748) at ephy-main.c:481 593546 1 cfleizach 2012-04-02 09:49:36 -0700 It's not happening for me with safari, but all i have is a fake Facebook account for testing so maybe i'm missing something. the backtrace would indicate that m_rendender is 0 while in #1 0x00007ffff643c9b5 in WebCore::AccessibilityRenderObject::renderBoxModelObject() const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 but there are checks for m_renderer in that method. if (!m_renderer || !m_renderer->isBoxModelObject()) return 0; maybe those checks fixed the problem. it would be interesting to attach to the process in gdb and while that menu disappeared observe that this same backtrace still occurs and that it does not crash 594217 2 csaavedra 2012-04-02 23:07:45 -0700 The checkout of webkit that I have locally has those checks and is crashing with the same stacktrace, so I don't think these checks are fixing anything. Unfortunately, I don't have a dbg build, though. 594246 3 mario 2012-04-03 00:00:29 -0700 (In reply to comment #1) > It's not happening for me with safari, but all i have is a fake Facebook account for testing so maybe i'm missing something. In theory, if you seen a JavaScript drop-down menu showing up and then going away without problems, I'd say the problem is not happening there. Thanks for trying. > the backtrace would indicate that m_rendender is 0 while in > > #1 0x00007ffff643c9b5 in WebCore::AccessibilityRenderObject::renderBoxModelObject() const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0 > > but there are checks for m_renderer in that method. > > if (!m_renderer || !m_renderer->isBoxModelObject()) > return 0; > > maybe those checks fixed the problem. As Claudio said, those checks are already in place. Actually I did the following change in the code: - if (!m_renderer || !m_renderer->isBoxModelObject()) + if (!m_renderer) return 0; + + if (!m_renderer->isBoxModelObject()) + return 0; + And it's still crashing in m_renderer->isBoxModelObject(), where m_renderer is not null. Perhaps it points to corrupt memory? It's very weird because if I call from gdb to methods of RenderObject over that m_renderer, they work with no problem... I will keep investigating. 594250 4 mario 2012-04-03 00:11:23 -0700 (In reply to comment #3) > (In reply to comment #1) > > It's not happening for me with safari, but all i have is a fake Facebook > > account for testing so maybe i'm missing something. > > In theory, if you seen a JavaScript drop-down menu showing up and then going > away without problems, I'd say the problem is not happening there. Thanks for > trying. Hmm.. I just realized that opening a drop-down menu and letting it go away is not enough for reproducing the bug. Let's be more specific: STEPS TO REPRODUCE IT: 1. Log in facebook.com 2. Click in a friend else's profile to open it 3. Move the mouse over the 'gear' button in the top-east corner of the profile (under the blue top bar, normally besides a 'Message' button). 4. When the drop-down menu shows up, move the mouse over some of the options there (e.g. 'Poke', 'Report/Block'). 5. Mouse click out of the area of the drop-down menu to let it disappear. If you now see the drop-down menu disappear and your browser does not crash, then your WebKit port is safe, otherwise you're as doomed as the GTK port is :) 594554 5 cfleizach 2012-04-03 09:31:21 -0700 I followed those steps listed and even broke on the crashing method. I saw m_renderer = 0 and everything worked ok Breakpoint 2, WebCore::AccessibilityRenderObject::isAttachment (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:535 535 RenderBoxModelObject* renderer = renderBoxModelObject(); (gdb) x/ca m_renderer 0x0: Cannot access memory at address 0x0 (gdb) s WebCore::AccessibilityRenderObject::renderBoxModelObject (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:133 133 if (!m_renderer || !m_renderer->isBoxModelObject()) (gdb) n 134 return 0; (gdb) bt #0 WebCore::AccessibilityRenderObject::renderBoxModelObject (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:134 594558 6 cfleizach 2012-04-03 09:33:27 -0700 (In reply to comment #5) > I followed those steps listed and even broke on the crashing method. I saw m_renderer = 0 and everything worked ok > > Breakpoint 2, WebCore::AccessibilityRenderObject::isAttachment (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:535 > 535 RenderBoxModelObject* renderer = renderBoxModelObject(); > (gdb) x/ca m_renderer > 0x0: Cannot access memory at address 0x0 > (gdb) s > WebCore::AccessibilityRenderObject::renderBoxModelObject (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:133 > 133 if (!m_renderer || !m_renderer->isBoxModelObject()) > (gdb) n > 134 return 0; > (gdb) bt > #0 WebCore::AccessibilityRenderObject::renderBoxModelObject (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:134 I think this ones up to you figure out. 595505 7 mario 2012-04-04 06:53:41 -0700 (In reply to comment #6) > (In reply to comment #5) > > I followed those steps listed and even broke on the crashing method. I saw m_renderer = 0 and everything worked ok > > > > Breakpoint 2, WebCore::AccessibilityRenderObject::isAttachment (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:535 > > 535 RenderBoxModelObject* renderer = renderBoxModelObject(); > > (gdb) x/ca m_renderer > > 0x0: Cannot access memory at address 0x0 > > (gdb) s > > WebCore::AccessibilityRenderObject::renderBoxModelObject (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:133 > > 133 if (!m_renderer || !m_renderer->isBoxModelObject()) > > (gdb) n > > 134 return 0; > > (gdb) bt > > #0 WebCore::AccessibilityRenderObject::renderBoxModelObject (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:134 > > I think this ones up to you figure out. Thanks Chris for helping me debug this thing. It turns out I did dare to git bisect and, after 11 full builds I finally found the commit where this started failing reliably: http://trac.webkit.org/changeset/110819 I see you're the author of that commit, so I leave this here in the hope you might perhaps have a clue of why this is happening. Now I need to run. Again, thanks! 595578 8 cfleizach 2012-04-04 08:56:25 -0700 (In reply to comment #7) > (In reply to comment #6) > > (In reply to comment #5) > > > I followed those steps listed and even broke on the crashing method. I saw m_renderer = 0 and everything worked ok > > > > > > Breakpoint 2, WebCore::AccessibilityRenderObject::isAttachment (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:535 > > > 535 RenderBoxModelObject* renderer = renderBoxModelObject(); > > > (gdb) x/ca m_renderer > > > 0x0: Cannot access memory at address 0x0 > > > (gdb) s > > > WebCore::AccessibilityRenderObject::renderBoxModelObject (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:133 > > > 133 if (!m_renderer || !m_renderer->isBoxModelObject()) > > > (gdb) n > > > 134 return 0; > > > (gdb) bt > > > #0 WebCore::AccessibilityRenderObject::renderBoxModelObject (this=0x7fcda238c1e0) at AccessibilityRenderObject.cpp:134 > > > > I think this ones up to you figure out. > > Thanks Chris for helping me debug this thing. It turns out I did dare to git bisect and, after 11 full builds I finally found the commit where this started failing reliably: > > http://trac.webkit.org/changeset/110819 > > I see you're the author of that commit, so I leave this here in the hope you might perhaps have a clue of why this is happening. > > Now I need to run. > > Again, thanks! I think it indicates that a render object was destroyed but the ax object was not updated at the same time. That should not happen, since in RenderObject::willBeDestroyed(), AXObjectCache::remove is called. A way i can see this happening is if AXObjectCache::remove was not called for this child, or if it was it failed for some reason. 599363 9 136478 mario 2012-04-10 10:08:12 -0700 Created attachment 136478 Patch proposal (In reply to comment #8) > [...] > I think it indicates that a render object was destroyed but the ax object was not updated at the same time. That should not happen, since in RenderObject::willBeDestroyed(), AXObjectCache::remove is called. > > A way i can see this happening is if AXObjectCache::remove was not called for this child, or if it was it failed for some reason. I think that a possible reason for this to happen is that in GTK we are treating attachments in a different way than in the Mac, as we're systematically not ignoring them ever: From gtk/AccessibilityObjectAtk.cpp: bool AccessibilityObject::accessibilityIgnoreAttachment() const { return false; } I think a possible solution for this would be to make changes on your patch for r110819 would be to make sure they apply to Mac only. At least that way we would be having the -not segfaulting- behaviour we previously had. Attaching a patch proposal, just in case you already agree with it :) 599421 10 136478 cfleizach 2012-04-10 11:03:41 -0700 Comment on attachment 136478 Patch proposal i think this is ok as a stopgap. i'd still like to know why it's actually crashing... i.e.) what happened to that object 599494 11 136478 mario 2012-04-10 12:24:05 -0700 Comment on attachment 136478 Patch proposal (In reply to comment #10) > (From update of attachment 136478 [details]) > i think this is ok as a stopgap. i'd still like to know why it's actually crashing... i.e.) what happened to that object Thanks. I'll report here if I ever find the reason behind that problem. 599710 12 136478 webkit.review.bot 2012-04-10 15:24:31 -0700 Comment on attachment 136478 Patch proposal Clearing flags on attachment: 136478 Committed r113778: <http://trac.webkit.org/changeset/113778> 599711 13 webkit.review.bot 2012-04-10 15:24:35 -0700 All reviewed patches have been landed. Closing bug. 136478 2012-04-10 10:08:12 -0700 2012-04-10 15:24:30 -0700 Patch proposal 0001-2012-04-10-Mario-Sanchez-Prada-msanchez-igalia.com.patch text/plain 6742 mario RnJvbSBlNGNkYTA3NDA3ODUyNmY5MmYzYThlMjIyOTJjMTIyZjdmYWViNDFiIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBNYXJpbyBTYW5jaGV6IFByYWRhIDxtc2FuY2hlekBpZ2FsaWEu Y29tPgpEYXRlOiBUdWUsIDEwIEFwciAyMDEyIDE5OjA3OjA1ICswMjAwClN1YmplY3Q6IFtQQVRD SF0gMjAxMi0wNC0xMCAgTWFyaW8gU2FuY2hleiBQcmFkYSAgPG1zYW5jaGV6QGlnYWxpYS5jb20+ CgogICAgICAgIFNlZ21lbnRhdGlvbiBmYXVsdCBpbiBKUyBkcm9wLWRvd24gbWVudXMgaW4gZmFj ZWJvb2suY29tCiAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTgyODk2CgogICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgoKICAgICAgICBNYWtl IHN1cmUgY2hhbmdlcyBpbnRyb2R1Y2VkIHdpdGggcjExMDgxOSBhZmZlY3QgdG8gdGhlIE1hYwog ICAgICAgIHBsYXRmb3JtIG9ubHksIHNpbmNlIHRoZXkgZGVwZW5kIG9uIHBsYXRmb3JtIHNwZWNp ZmljIGJlaGF2aW91ciwKICAgICAgICBhcyBub3QgYWxsIHRoZSBwbGF0Zm9ybXMgdHJlYXQgYXR0 YWNobWVudHMgaW4gdGhlIHNhbWUgd2F5LgoKICAgICAgICAqIGFjY2Vzc2liaWxpdHkvQWNjZXNz aWJpbGl0eU9iamVjdC5jcHA6CiAgICAgICAgKFdlYkNvcmU6OkFjY2Vzc2liaWxpdHlPYmplY3Q6 OnVwZGF0ZUNoaWxkcmVuSWZOZWNlc3NhcnkpOgogICAgICAgICogYWNjZXNzaWJpbGl0eS9BY2Nl c3NpYmlsaXR5T2JqZWN0Lmg6CiAgICAgICAgKEFjY2Vzc2liaWxpdHlPYmplY3QpOgogICAgICAg IChXZWJDb3JlOjpBY2Nlc3NpYmlsaXR5T2JqZWN0OjpkZXRhY2hGcm9tUGFyZW50KToKICAgICAg ICAqIGFjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdC5jcHA6CiAgICAgICAg KFdlYkNvcmUpOgogICAgICAgIChXZWJDb3JlOjpBY2Nlc3NpYmlsaXR5UmVuZGVyT2JqZWN0Ojph ZGRDaGlsZHJlbik6CiAgICAgICAgKiBhY2Nlc3NpYmlsaXR5L0FjY2Vzc2liaWxpdHlSZW5kZXJP YmplY3QuaDoKICAgICAgICAoQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdCk6CiAgICAgICAgKiBh Y2Nlc3NpYmlsaXR5L21hYy9BY2Nlc3NpYmlsaXR5T2JqZWN0TWFjLm1tOgogICAgICAgIChXZWJD b3JlOjpBY2Nlc3NpYmlsaXR5T2JqZWN0OjpkZXRhY2hGcm9tUGFyZW50KToKICAgICAgICAoV2Vi Q29yZSk6Ci0tLQogU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nICAgICAgICAgICAgICAgICAgICAg ICAgICAgfCAgIDI1ICsrKysrKysrKysrKysrKysrKysrCiAuLi4vV2ViQ29yZS9hY2Nlc3NpYmls aXR5L0FjY2Vzc2liaWxpdHlPYmplY3QuY3BwICB8ICAgIDYgLS0tLQogU291cmNlL1dlYkNvcmUv YWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5T2JqZWN0LmggfCAgICA0ICsrKwogLi4uL2FjY2Vz c2liaWxpdHkvQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdC5jcHAgICAgfCAgICA5ICsrKysrLQog Li4uL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdC5oICAgICAgfCAgICA0 ICsrLQogLi4uL2FjY2Vzc2liaWxpdHkvbWFjL0FjY2Vzc2liaWxpdHlPYmplY3RNYWMubW0gICAg fCAgICA2ICsrKysKIDYgZmlsZXMgY2hhbmdlZCwgNDUgaW5zZXJ0aW9ucygrKSwgOSBkZWxldGlv bnMoLSkKCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cKaW5kZXggYTdlNmM0ZC4uZGI2M2Q5ZiAxMDA2NDQKLS0tIGEvU291cmNl L1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwz ICsxLDI4IEBACisyMDEyLTA0LTEwICBNYXJpbyBTYW5jaGV6IFByYWRhICA8bXNhbmNoZXpAaWdh bGlhLmNvbT4KKworICAgICAgICBTZWdtZW50YXRpb24gZmF1bHQgaW4gSlMgZHJvcC1kb3duIG1l bnVzIGluIGZhY2Vib29rLmNvbQorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9ODI4OTYKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBNYWtlIHN1cmUgY2hhbmdlcyBpbnRyb2R1Y2VkIHdpdGggcjExMDgxOSBhZmZl Y3QgdG8gdGhlIE1hYworICAgICAgICBwbGF0Zm9ybSBvbmx5LCBzaW5jZSB0aGV5IGRlcGVuZCBv biBwbGF0Zm9ybSBzcGVjaWZpYyBiZWhhdmlvdXIsCisgICAgICAgIGFzIG5vdCBhbGwgdGhlIHBs YXRmb3JtcyB0cmVhdCBhdHRhY2htZW50cyBpbiB0aGUgc2FtZSB3YXkuCisKKyAgICAgICAgKiBh Y2Nlc3NpYmlsaXR5L0FjY2Vzc2liaWxpdHlPYmplY3QuY3BwOgorICAgICAgICAoV2ViQ29yZTo6 QWNjZXNzaWJpbGl0eU9iamVjdDo6dXBkYXRlQ2hpbGRyZW5JZk5lY2Vzc2FyeSk6CisgICAgICAg ICogYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5T2JqZWN0Lmg6CisgICAgICAgIChBY2Nlc3Np YmlsaXR5T2JqZWN0KToKKyAgICAgICAgKFdlYkNvcmU6OkFjY2Vzc2liaWxpdHlPYmplY3Q6OmRl dGFjaEZyb21QYXJlbnQpOgorICAgICAgICAqIGFjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eVJl bmRlck9iamVjdC5jcHA6CisgICAgICAgIChXZWJDb3JlKToKKyAgICAgICAgKFdlYkNvcmU6OkFj Y2Vzc2liaWxpdHlSZW5kZXJPYmplY3Q6OmFkZENoaWxkcmVuKToKKyAgICAgICAgKiBhY2Nlc3Np YmlsaXR5L0FjY2Vzc2liaWxpdHlSZW5kZXJPYmplY3QuaDoKKyAgICAgICAgKEFjY2Vzc2liaWxp dHlSZW5kZXJPYmplY3QpOgorICAgICAgICAqIGFjY2Vzc2liaWxpdHkvbWFjL0FjY2Vzc2liaWxp dHlPYmplY3RNYWMubW06CisgICAgICAgIChXZWJDb3JlOjpBY2Nlc3NpYmlsaXR5T2JqZWN0Ojpk ZXRhY2hGcm9tUGFyZW50KToKKyAgICAgICAgKFdlYkNvcmUpOgorCiAyMDEyLTA0LTEwICBQYXZl bCBGZWxkbWFuICA8cGZlbGRtYW5AY2hyb21pdW0ub3JnPgogCiAgICAgICAgIFdlYiBJbnNwZWN0 b3I6IG1ha2UgZXJyb3IgYSBzdHJpbmcgb24gdGhlIGZyb250LWVuZCBzaWRlLCBub3QgYW4gb2Jq ZWN0LgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmls aXR5T2JqZWN0LmNwcCBiL1NvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0 eU9iamVjdC5jcHAKaW5kZXggZDA2YzI3Yy4uOTQ0MWQ1MyAxMDA2NDQKLS0tIGEvU291cmNlL1dl YkNvcmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5T2JqZWN0LmNwcAorKysgYi9Tb3VyY2Uv V2ViQ29yZS9hY2Nlc3NpYmlsaXR5L0FjY2Vzc2liaWxpdHlPYmplY3QuY3BwCkBAIC0xMTQwLDEy ICsxMTQwLDYgQEAgdm9pZCBBY2Nlc3NpYmlsaXR5T2JqZWN0Ojp1cGRhdGVDaGlsZHJlbklmTmVj ZXNzYXJ5KCkKICAgICBpZiAoIWhhc0NoaWxkcmVuKCkpCiAgICAgICAgIGFkZENoaWxkcmVuKCk7 ICAgIAogfQotCi12b2lkIEFjY2Vzc2liaWxpdHlPYmplY3Q6OmRldGFjaEZyb21QYXJlbnQoKQot ewotICAgIGlmIChpc0F0dGFjaG1lbnQoKSkKLSAgICAgICAgb3ZlcnJpZGVBdHRhY2htZW50UGFy ZW50KDApOwotfQogICAgIAogdm9pZCBBY2Nlc3NpYmlsaXR5T2JqZWN0OjpjbGVhckNoaWxkcmVu KCkKIHsKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJp bGl0eU9iamVjdC5oIGIvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5 T2JqZWN0LmgKaW5kZXggZDQzYzg3Mi4uMDg1MmExNSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNv cmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5T2JqZWN0LmgKKysrIGIvU291cmNlL1dlYkNv cmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5T2JqZWN0LmgKQEAgLTU2MCw3ICs1NjAsMTEg QEAgcHVibGljOgogICAgIHZpcnR1YWwgdm9pZCB1cGRhdGVDaGlsZHJlbklmTmVjZXNzYXJ5KCk7 CiAgICAgdmlydHVhbCB2b2lkIHNldE5lZWRzVG9VcGRhdGVDaGlsZHJlbigpIHsgfQogICAgIHZp cnR1YWwgdm9pZCBjbGVhckNoaWxkcmVuKCk7CisjaWYgUExBVEZPUk0oTUFDKQogICAgIHZpcnR1 YWwgdm9pZCBkZXRhY2hGcm9tUGFyZW50KCk7CisjZWxzZQorICAgIHZpcnR1YWwgdm9pZCBkZXRh Y2hGcm9tUGFyZW50KCkgeyB9CisjZW5kaWYKIAogICAgIHZpcnR1YWwgdm9pZCBzZWxlY3RlZENo aWxkcmVuKEFjY2Vzc2liaWxpdHlDaGlsZHJlblZlY3RvciYpIHsgfQogICAgIHZpcnR1YWwgdm9p ZCB2aXNpYmxlQ2hpbGRyZW4oQWNjZXNzaWJpbGl0eUNoaWxkcmVuVmVjdG9yJikgeyB9CmRpZmYg LS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9hY2Nlc3NpYmlsaXR5L0FjY2Vzc2liaWxpdHlSZW5kZXJP YmplY3QuY3BwIGIvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5UmVu ZGVyT2JqZWN0LmNwcAppbmRleCAyY2JlNmQ5Li5iOWE1YTVkIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViQ29yZS9hY2Nlc3NpYmlsaXR5L0FjY2Vzc2liaWxpdHlSZW5kZXJPYmplY3QuY3BwCisrKyBi L1NvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdC5j cHAKQEAgLTM1NTgsNyArMzU1OCw4IEBAIHZvaWQgQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdDo6 YWRkQXR0YWNobWVudENoaWxkcmVuKCkKICAgICBpZiAoIWF4V2lkZ2V0LT5hY2Nlc3NpYmlsaXR5 SXNJZ25vcmVkKCkpCiAgICAgICAgIG1fY2hpbGRyZW4uYXBwZW5kKGF4V2lkZ2V0KTsKIH0KLSAg ICAKKworI2lmIFBMQVRGT1JNKE1BQykKIHZvaWQgQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdDo6 dXBkYXRlQXR0YWNobWVudFZpZXdQYXJlbnRzKCkKIHsKICAgICAvLyBPbmx5IHRoZSB1bmlnbm9y ZWQgcGFyZW50IHNob3VsZCBzZXQgdGhlIGF0dGFjaG1lbnQgcGFyZW50LCBiZWNhdXNlIHRoYXQn cyB3aGF0IGlzIHJlZmxlY3RlZCBpbiB0aGUgQVggCkBAIC0zNTcyLDcgKzM1NzMsOCBAQCB2b2lk IEFjY2Vzc2liaWxpdHlSZW5kZXJPYmplY3Q6OnVwZGF0ZUF0dGFjaG1lbnRWaWV3UGFyZW50cygp CiAgICAgICAgICAgICBtX2NoaWxkcmVuW2tdLT5vdmVycmlkZUF0dGFjaG1lbnRQYXJlbnQodGhp cyk7CiAgICAgfQogfQotICAgIAorI2VuZGlmCisKIHZvaWQgQWNjZXNzaWJpbGl0eVJlbmRlck9i amVjdDo6YWRkQ2hpbGRyZW4oKQogewogICAgIC8vIElmIHRoZSBuZWVkIHRvIGFkZCBtb3JlIGNo aWxkcmVuIGluIGFkZGl0aW9uIHRvIGV4aXN0aW5nIGNoaWxkcmVuIGFyaXNlcywgCkBAIC0zNjEw LDcgKzM2MTIsMTAgQEAgdm9pZCBBY2Nlc3NpYmlsaXR5UmVuZGVyT2JqZWN0OjphZGRDaGlsZHJl bigpCiAgICAgYWRkQXR0YWNobWVudENoaWxkcmVuKCk7CiAgICAgYWRkSW1hZ2VNYXBDaGlsZHJl bigpOwogICAgIGFkZFRleHRGaWVsZENoaWxkcmVuKCk7CisKKyNpZiBQTEFURk9STShNQUMpCiAg ICAgdXBkYXRlQXR0YWNobWVudFZpZXdQYXJlbnRzKCk7CisjZW5kaWYKIH0KICAgICAgICAgCiBj b25zdCBBdG9taWNTdHJpbmcmIEFjY2Vzc2liaWxpdHlSZW5kZXJPYmplY3Q6OmFyaWFMaXZlUmVn aW9uU3RhdHVzKCkgY29uc3QKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxp dHkvQWNjZXNzaWJpbGl0eVJlbmRlck9iamVjdC5oIGIvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJp bGl0eS9BY2Nlc3NpYmlsaXR5UmVuZGVyT2JqZWN0LmgKaW5kZXggMWEyNWE3NC4uNmI2ZjcyMCAx MDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmlsaXR5UmVu ZGVyT2JqZWN0LmgKKysrIGIvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9BY2Nlc3NpYmls aXR5UmVuZGVyT2JqZWN0LmgKQEAgLTMwNyw4ICszMDcsMTAgQEAgcHJpdmF0ZToKICAgICB2b2lk IGFkZFRleHRGaWVsZENoaWxkcmVuKCk7CiAgICAgdm9pZCBhZGRJbWFnZU1hcENoaWxkcmVuKCk7 CiAgICAgdm9pZCBhZGRBdHRhY2htZW50Q2hpbGRyZW4oKTsKKyNpZiBQTEFURk9STShNQUMpCiAg ICAgdm9pZCB1cGRhdGVBdHRhY2htZW50Vmlld1BhcmVudHMoKTsKLSAgICAKKyNlbmRpZgorCiAg ICAgdm9pZCBhcmlhU2VsZWN0ZWRSb3dzKEFjY2Vzc2liaWxpdHlDaGlsZHJlblZlY3RvciYpOwog ICAgIAogICAgIGJvb2wgZWxlbWVudEF0dHJpYnV0ZVZhbHVlKGNvbnN0IFF1YWxpZmllZE5hbWUm KSBjb25zdDsKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvbWFjL0Fj Y2Vzc2liaWxpdHlPYmplY3RNYWMubW0gYi9Tb3VyY2UvV2ViQ29yZS9hY2Nlc3NpYmlsaXR5L21h Yy9BY2Nlc3NpYmlsaXR5T2JqZWN0TWFjLm1tCmluZGV4IDU5NWExOGUuLmZkNDk4N2YgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvbWFjL0FjY2Vzc2liaWxpdHlPYmpl Y3RNYWMubW0KKysrIGIvU291cmNlL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9tYWMvQWNjZXNzaWJp bGl0eU9iamVjdE1hYy5tbQpAQCAtMzMsNiArMzMsMTIgQEAKIAogbmFtZXNwYWNlIFdlYkNvcmUg ewogCit2b2lkIEFjY2Vzc2liaWxpdHlPYmplY3Q6OmRldGFjaEZyb21QYXJlbnQoKQoreworICAg IGlmIChpc0F0dGFjaG1lbnQoKSkKKyAgICAgICAgb3ZlcnJpZGVBdHRhY2htZW50UGFyZW50KDAp OworfQorCiB2b2lkIEFjY2Vzc2liaWxpdHlPYmplY3Q6Om92ZXJyaWRlQXR0YWNobWVudFBhcmVu dChBY2Nlc3NpYmlsaXR5T2JqZWN0KiBwYXJlbnQpCiB7CiAgICAgaWYgKCFpc0F0dGFjaG1lbnQo KSkKLS0gCjEuNy43LjYKCg==