307828 2012-10-04 11:47:56 +0000 SSE optimized wcscpy, wcscmp, wcsrchr and wcschr trigger uninitialised value and/or invalid read warnings 2013-11-02 16:44:15 +0000 1 1 6 Developer tools valgrind memcheck 3.9.0.SVN unspecified Linux RESOLVED FIXED NOR normal --- 0 mark jseward david.dyck ishikawa 0 oldest_to_newest 1302845 0 mark 2012-10-04 11:47:56 +0000 Take the following example code: // Uses various wchar_t * functions that have hand written SSE assembly // implementations in glibc. wcslen, wcscpy, wcscmp, wcsrchr, wcschr. #include <stdio.h> #include <stdlib.h> #include <wchar.h> int main(int argc, char **argv) { wchar_t a[] = L"The spazzy orange tiger jumped over the tawny jaguar."; wchar_t *b, *c; wchar_t *d, *e; size_t l = wcslen (a); fprintf (stderr, "wcslen: %zd\n", l); // wcslen: 53 b = (wchar_t *) malloc((l + 1) * sizeof (wchar_t)); c = wcscpy (b, a); fprintf (stderr, "wcscmp equal: %d\n", wcscmp (a, b)); // wcscmp equal: 0 d = wcsrchr (a, L'd'); e = wcschr (a, L'd'); fprintf (stderr, "wcsrchr == wcschr: %d\n", d == e); // wcsrchr == wcschr: 1 free (c); // b == c return 0; } On Fedora 17, x86_64 this triggers: wcslen: 53 ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4F88914: __wcscpy_ssse3 (wcscpy-ssse3.S:156) ==9250== by 0x4007AB: main (wcs.c:18) ==9250== ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4F8897E: __wcscpy_ssse3 (wcscpy-ssse3.S:191) ==9250== by 0x4007AB: main (wcs.c:18) ==9250== ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4F88D68: __wcscpy_ssse3 (wcscpy-ssse3.S:499) ==9250== by 0x4007AB: main (wcs.c:18) ==9250== ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4F88D6C: __wcscpy_ssse3 (wcscpy-ssse3.S:501) ==9250== by 0x4007AB: main (wcs.c:18) ==9250== ==9250== Invalid read of size 8 ==9250== at 0x4ECD799: wcscmp (wcscmp.S:435) ==9250== by 0x4007C5: main (wcs.c:20) ==9250== Address 0x51e6118 is 0 bytes after a block of size 216 alloc'd ==9250== at 0x4C286FC: malloc (vg_replace_malloc.c:270) ==9250== by 0x400791: main (wcs.c:17) ==9250== ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4ECD7AC: wcscmp (wcscmp.S:439) ==9250== by 0x4007C5: main (wcs.c:20) ==9250== ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4ECDD74: wcscmp (wcscmp.S:834) ==9250== by 0x4007C5: main (wcs.c:20) ==9250== ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4ECDD79: wcscmp (wcscmp.S:836) ==9250== by 0x4007C5: main (wcs.c:20) ==9250== wcscmp equal: 0 ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4ECE678: wcsrchr (wcsrchr.S:112) ==9250== by 0x4007F4: main (wcs.c:22) ==9250== ==9250== Conditional jump or move depends on uninitialised value(s) ==9250== at 0x4ECE6C3: wcsrchr (wcsrchr.S:135) ==9250== by 0x4007F4: main (wcs.c:22) ==9250== wcsrchr == wcschr: 1 And on Fedora 17, i686: wcslen: 53 ==9242== Conditional jump or move depends on uninitialised value(s) ==9242== at 0x41B3F34: __wcscpy_ssse3 (in /usr/lib/libc-2.15.so) ==9242== by 0x4076634: (below main) (in /usr/lib/libc-2.15.so) ==9242== ==9242== Conditional jump or move depends on uninitialised value(s) ==9242== at 0x41B3E8B: __wcscpy_ssse3 (in /usr/lib/libc-2.15.so) ==9242== by 0x4076634: (below main) (in /usr/lib/libc-2.15.so) ==9242== ==9242== Conditional jump or move depends on uninitialised value(s) ==9242== at 0x41B3F77: __wcscpy_ssse3 (in /usr/lib/libc-2.15.so) ==9242== by 0x4076634: (below main) (in /usr/lib/libc-2.15.so) ==9242== ==9242== Conditional jump or move depends on uninitialised value(s) ==9242== at 0x41B3F93: __wcscpy_ssse3 (in /usr/lib/libc-2.15.so) ==9242== by 0x4076634: (below main) (in /usr/lib/libc-2.15.so) ==9242== wcscmp equal: 0 ==9242== Conditional jump or move depends on uninitialised value(s) ==9242== at 0x41B3804: __wcsrchr_sse2 (in /usr/lib/libc-2.15.so) ==9242== by 0x4076634: (below main) (in /usr/lib/libc-2.15.so) ==9242== ==9242== Conditional jump or move depends on uninitialised value(s) ==9242== at 0x41B3842: __wcsrchr_sse2 (in /usr/lib/libc-2.15.so) ==9242== by 0x4076634: (below main) (in /usr/lib/libc-2.15.so) ==9242== wcsrchr == wcschr: 1 This is an extended bug report from Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=755242 1302846 1 74332 mark 2012-10-04 11:49:33 +0000 Created attachment 74332 Patch that implements overrides in mc_replace_strmem.c plus example code as test case 1313602 2 ishikawa 2012-11-08 16:41:50 +0000 A similar problem happens with memcpy (a ka bcopy). If I compile and run the program below and run it under valgrind, I got the following error shown below. It seems to access outside the allocated area (by malloc()). Now, in the real world example, I think I saw a case where the memory AFTER allocated area is accessed. I am not sure if this is the problem of gnu libc itself or the emulation of CPU hardware done in valgrind. *IF* bcopy under linux (GNU libc that is) does access outside the properly allocated (or mapped) area, this may indeed cause a problem under certain circumstances. (If the copied area is near the end of area obtained by brk(), the access beyond that would cause segmentation error.) I wonder if this is a real bug, but something that is an arti-fact caused by valgrind. TIA --- begin quote --- #include <stdio.h> #include <stdlib.h> #include <strings.h> main() { #define SIZE (32 * 1024) char *sp; char *dp; int i; int j; int k; for (j = 246; j < 279; j++) { for (i = 0; i < 33; i ++ ) { for(k = 0; k < 24; k++) { printf("i, j, k = %d, %d, %d\n", i, j, k); fflush(stdout); sp = malloc(j + 64 + 8); dp = malloc(j + 64 + 8); bzero(&sp[i], j); bcopy(&sp[i], &dp[k], j); free(sp); free(dp); } } } } --- end quote ==6952== Memcheck, a memory error detector ==6952== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==6952== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info ==6952== Command: ./a.out ==6952== i, j, k = 0, 246, 0 i, j, k = 0, 246, 1 ==6952== Invalid read of size 8 ==6952== at 0x4166029: __bcopy_ssse3 (memcpy-ssse3.S:1026) ==6952== by 0x4062E45: (below main) (libc-start.c:228) ==6952== Address 0x41ab300 is 8 bytes before a block of size 318 alloc'd ==6952== at 0x40271C4: malloc (vg_replace_malloc.c:270) ==6952== by 0x80485AC: main (test-copy.c:22) ==6952== i, j, k = 0, 246, 2 ==6952== Invalid read of size 8 ==6952== at 0x4165F99: __bcopy_ssse3 (memcpy-ssse3.S:981) ==6952== by 0x4062E45: (below main) (libc-start.c:228) ==6952== Address 0x41ab5e0 is 8 bytes before a block of size 318 alloc'd ==6952== at 0x40271C4: malloc (vg_replace_malloc.c:270) ==6952== by 0x80485AC: main (test-copy.c:22) ==6952== i, j, k = 0, 246, 3 ==6952== Invalid read of size 8 ==6952== at 0x4165F09: __bcopy_ssse3 (memcpy-ssse3.S:936) ==6952== by 0x4062E45: (below main) (libc-start.c:228) ==6952== Address 0x41ab8c0 is 8 bytes before a block of size 318 alloc'd ==6952== at 0x40271C4: malloc (vg_replace_malloc.c:270) ==6952== by 0x80485AC: main (test-copy.c:22) ==6952== i, j, k = 0, 246, 4 ==6952== Invalid read of size 8 ==6952== at 0x4165E79: __bcopy_ssse3 (memcpy-ssse3.S:891) ==6952== by 0x4062E45: (below main) (libc-start.c:228) ==6952== Address 0x41abba0 is 8 bytes before a block of size 318 alloc'd ==6952== at 0x40271C4: malloc (vg_replace_malloc.c:270) ==6952== by 0x80485AC: main (test-copy.c:22) ==6952== i, j, k = 0, 246, 5 ==6952== Invalid read of size 8 ==6952== at 0x4165DE9: __bcopy_ssse3 (memcpy-ssse3.S:846) ==6952== by 0x4062E45: (below main) (libc-start.c:228) ==6952== Address 0x41abe80 is 8 bytes before a block of size 318 alloc'd ==6952== at 0x40271C4: malloc (vg_replace_malloc.c:270) ==6952== by 0x80485AC: main (test-copy.c:22) ==6952== i, j, k = 0, 246, 6 ==6952== Invalid read of size 8 ==6952== at 0x4165D59: __bcopy_ssse3 (memcpy-ssse3.S:801) ==6952== by 0x4062E45: (below main) (libc-start.c:228) ==6952== Address 0x41ac160 is 8 bytes before a block of size 318 alloc'd ==6952== at 0x40271C4: malloc (vg_replace_malloc.c:270) ==6952== by 0x80485AC: main (test-copy.c:22) ==6952== i, j, k = 0, 246, 7 ==6952== Invalid read of size 8 ==6952== at 0x4165CC9: __bcopy_ssse3 (memcpy-ssse3.S:756) ==6952== by 0x4062E45: (below main) (libc-start.c:228) ==6952== Address 0x41ac440 is 8 bytes before a block of size 318 alloc'd ==6952== at 0x40271C4: malloc (vg_replace_malloc.c:270) ==6952== by 0x80485AC: main (test-copy.c:22) ==6952== i, j, k = 0, 246, 8 ... i, j, k = 32, 278, 23 ==6952== ==6952== HEAP SUMMARY: ==6952== in use at exit: 0 bytes in 0 blocks ==6952== total heap usage: 52,272 allocs, 52,272 frees, 17,458,848 bytes allocated ==6952== ==6952== All heap blocks were freed -- no leaks are possible ==6952== ==6952== For counts of detected and suppressed errors, rerun with: -v ==6952== ERROR SUMMARY: 1176 errors from 7 contexts (suppressed: 11 from 6) 1321662 3 jseward 2012-12-06 17:16:47 +0000 (In reply to comment #1) > Patch that implements overrides in mc_replace_strmem.c plus example code as > test case Committed, r13162. Thanks. 1321663 4 jseward 2012-12-06 17:20:25 +0000 (In reply to comment #2) > A similar problem happens with memcpy (a ka bcopy). I can't reproduce this on Ubuntu 10.04.4 LTS (x86_64). If you can still reproduce it, please open a new bug report add enough details so we can reproduce the problem. (distro, version, gcc version, glibc version) 1322429 5 ishikawa 2012-12-09 13:15:39 +0000 (In reply to comment #4) > (In reply to comment #2) > > A similar problem happens with memcpy (a ka bcopy). > > I can't reproduce this on Ubuntu 10.04.4 LTS (x86_64). If you can > still reproduce it, please open a new bug report add enough details > so we can reproduce the problem. (distro, version, gcc version, > glibc version) I am still seeing this on my PC. So I filed a new bug report, Bug 311407 - ssse3 bcopy (actually converted memcpy) causes invalid read of size 8 under Debian GNU/Linux 32 bits TIA 1408390 6 philippe.waroquiers 2013-11-02 16:44:15 +0000 *** Bug 326955 has been marked as a duplicate of this bug. *** 74332 2012-10-04 11:49:33 +0000 2012-10-04 11:49:33 +0000 Patch that implements overrides in mc_replace_strmem.c plus example code as test case wcs.patch text/plain 6181 mark SW5kZXg6IG1lbWNoZWNrL21jX3JlcGxhY2Vfc3RybWVtLmMKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gbWVtY2hl Y2svbWNfcmVwbGFjZV9zdHJtZW0uYwkocmV2aXNpb24gMTMwMTYpCisrKyBtZW1jaGVjay9tY19y ZXBsYWNlX3N0cm1lbS5jCSh3b3JraW5nIGNvcHkpCkBAIC05Nyw2ICs5NywxMCBAQAogICAgMjAz NTAgU1RSQ0FTRVNUUgogICAgMjAzNjAgTUVNUkNIUgogICAgMjAzNzAgV0NTTEVOCisgICAyMDM4 MCBXQ1NDTVAKKyAgIDIwMzkwIFdDU0NQWQorICAgMjA0MDAgV0NTQ0hSCisgICAyMDQxMCBXQ1NS Q0hSCiAqLwogCiAKQEAgLTE1NzAsNyArMTU3NCwxMTUgQEAKIAogI2VuZGlmCiAKKy8qLS0tLS0t LS0tLS0tLS0tLS0tLS0tLSB3Y3NjbXAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSovCiAKKy8vIFRo aXMgaXMgYSB3Y2hhcl90IGVxdWl2YWxlbnQgdG8gc3RyY21wLiAgV2UgZG9uJ3QKKy8vIGhhdmUg d2NoYXJfdCBhdmFpbGFibGUgaGVyZSwgYnV0IGluIHRoZSBHTlUgQyBMaWJyYXJ5CisvLyB3Y2hh cl90IGlzIGFsd2F5cyAzMiBiaXRzIHdpZGUgYW5kIHdjc2NtcCB1c2VzIHNpZ25lZAorLy8gY29t cGFyaXNvbiwgbm90IHVuc2lnbmVkIGFzIGluIHN0cmNtcCBmdW5jdGlvbi4KKworI2RlZmluZSBX Q1NDTVAoc29uYW1lLCBmbm5hbWUpIFwKKyAgIGludCBWR19SRVBMQUNFX0ZVTkNUSU9OX0VaVSgy MDM4MCxzb25hbWUsZm5uYW1lKSBcCisgICAgICAgICAgKCBjb25zdCBJbnQqIHMxLCBjb25zdCBJ bnQqIHMyICk7IFwKKyAgIGludCBWR19SRVBMQUNFX0ZVTkNUSU9OX0VaVSgyMDM4MCxzb25hbWUs Zm5uYW1lKSBcCisgICAgICAgICAgKCBjb25zdCBJbnQqIHMxLCBjb25zdCBJbnQqIHMyICkgXAor ICAgeyBcCisgICAgICByZWdpc3RlciBJbnQgYzE7IFwKKyAgICAgIHJlZ2lzdGVyIEludCBjMjsg XAorICAgICAgd2hpbGUgKFRydWUpIHsgXAorICAgICAgICAgYzEgPSAqczE7IFwKKyAgICAgICAg IGMyID0gKnMyOyBcCisgICAgICAgICBpZiAoYzEgIT0gYzIpIGJyZWFrOyBcCisgICAgICAgICBp ZiAoYzEgPT0gMCkgYnJlYWs7IFwKKyAgICAgICAgIHMxKys7IHMyKys7IFwKKyAgICAgIH0gXAor ICAgICAgaWYgKGMxIDwgYzIpIHJldHVybiAtMTsgXAorICAgICAgaWYgKGMxID4gYzIpIHJldHVy biAxOyBcCisgICAgICByZXR1cm4gMDsgXAorICAgfQorCisjaWYgZGVmaW5lZChWR09fbGludXgp CisgV0NTQ01QKFZHX1pfTElCQ19TT05BTUUsICAgICAgICAgIHdjc2NtcCkKKyNlbmRpZgorCisv Ki0tLS0tLS0tLS0tLS0tLS0tLS0tLS0gd2NzY3B5IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0qLwor CisvLyBUaGlzIGlzIGEgd2NoYXJfdCBlcXVpdmFsZW50IHRvIHN0cmNweS4gIFdlIGRvbid0Cisv LyBoYXZlIHdjaGFyX3QgYXZhaWxhYmxlIGhlcmUsIGJ1dCBpbiB0aGUgR05VIEMgTGlicmFyeQor Ly8gd2NoYXJfdCBpcyBhbHdheXMgMzIgYml0cyB3aWRlLgorCisjZGVmaW5lIFdDU0NQWShzb25h bWUsIGZubmFtZSkgXAorICAgSW50KiBWR19SRVBMQUNFX0ZVTkNUSU9OX0VaVSgyMDM5MCxzb25h bWUsZm5uYW1lKSBcCisgICAgICAoIEludCogZHN0LCBjb25zdCBJbnQqIHNyYyApOyBcCisgICBJ bnQqIFZHX1JFUExBQ0VfRlVOQ1RJT05fRVpVKDIwMzkwLHNvbmFtZSxmbm5hbWUpIFwKKyAgICAg ICggSW50KiBkc3QsIGNvbnN0IEludCogc3JjICkgXAorICAgeyBcCisgICAgICBjb25zdCBJbnQq IHNyY19vcmlnID0gc3JjOyBcCisgICAgICAgICAgICBJbnQqIGRzdF9vcmlnID0gZHN0OyBcCisg ICAgICBcCisgICAgICB3aGlsZSAoKnNyYykgKmRzdCsrID0gKnNyYysrOyBcCisgICAgICAqZHN0 ID0gMDsgXAorICAgICAgXAorICAgICAgLyogVGhpcyBjaGVja3MgZm9yIG92ZXJsYXAgYWZ0ZXIg Y29weWluZywgdW5hdm9pZGFibGUgd2l0aG91dCAqLyBcCisgICAgICAvKiBwcmUtY291bnRpbmcg bGVuZ3RoLi4uIHNob3VsZCBiZSBvayAqLyBcCisgICAgICBpZiAoaXNfb3ZlcmxhcChkc3Rfb3Jp ZywgIFwKKyAgICAgICAgICAgICAgICAgICAgIHNyY19vcmlnLCAgXAorICAgICAgICAgICAgICAg ICAgICAgKEFkZHIpZHN0LShBZGRyKWRzdF9vcmlnKzEsIFwKKyAgICAgICAgICAgICAgICAgICAg IChBZGRyKXNyYy0oQWRkcilzcmNfb3JpZysxKSkgXAorICAgICAgICAgUkVDT1JEX09WRVJMQVBf RVJST1IoIndjc2NweSIsIGRzdF9vcmlnLCBzcmNfb3JpZywgMCk7IFwKKyAgICAgIFwKKyAgICAg IHJldHVybiBkc3Rfb3JpZzsgXAorICAgfQorCisjaWYgZGVmaW5lZChWR09fbGludXgpCisgV0NT Q1BZKFZHX1pfTElCQ19TT05BTUUsIHdjc2NweSkKKyNlbmRpZgorCisKKy8qLS0tLS0tLS0tLS0t LS0tLS0tLS0tLSB3Y3NjaHIgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLSovCisKKy8vIFRoaXMgaXMg YSB3Y2hhcl90IGVxdWl2YWxlbnQgdG8gc3RyY2hyLiAgV2UgZG9uJ3QKKy8vIGhhdmUgd2NoYXJf dCBhdmFpbGFibGUgaGVyZSwgYnV0IGluIHRoZSBHTlUgQyBMaWJyYXJ5CisvLyB3Y2hhcl90IGlz IGFsd2F5cyAzMiBiaXRzIHdpZGUuCisKKyNkZWZpbmUgV0NTQ0hSKHNvbmFtZSwgZm5uYW1lKSBc CisgICBJbnQqIFZHX1JFUExBQ0VfRlVOQ1RJT05fRVpVKDIwNDAwLHNvbmFtZSxmbm5hbWUpICgg Y29uc3QgSW50KiBzLCBJbnQgYyApOyBcCisgICBJbnQqIFZHX1JFUExBQ0VfRlVOQ1RJT05fRVpV KDIwNDAwLHNvbmFtZSxmbm5hbWUpICggY29uc3QgSW50KiBzLCBJbnQgYyApIFwKKyAgIHsgXAor ICAgICAgSW50KiBwICA9IChJbnQqKXM7IFwKKyAgICAgIHdoaWxlIChUcnVlKSB7IFwKKyAgICAg ICAgIGlmICgqcCA9PSBjKSByZXR1cm4gcDsgXAorICAgICAgICAgaWYgKCpwID09IDApIHJldHVy biBOVUxMOyBcCisgICAgICAgICBwKys7IFwKKyAgICAgIH0gXAorICAgfQorCisjaWYgZGVmaW5l ZChWR09fbGludXgpCisgV0NTQ0hSKFZHX1pfTElCQ19TT05BTUUsICAgICAgICAgIHdjc2NocikK KyNlbmRpZgorLyotLS0tLS0tLS0tLS0tLS0tLS0tLS0tIHdjc3JjaHIgLS0tLS0tLS0tLS0tLS0t LS0tLS0tLSovCisKKy8vIFRoaXMgaXMgYSB3Y2hhcl90IGVxdWl2YWxlbnQgdG8gc3RycmNoci4g IFdlIGRvbid0CisvLyBoYXZlIHdjaGFyX3QgYXZhaWxhYmxlIGhlcmUsIGJ1dCBpbiB0aGUgR05V IEMgTGlicmFyeQorLy8gd2NoYXJfdCBpcyBhbHdheXMgMzIgYml0cyB3aWRlLgorCisjZGVmaW5l IFdDU1JDSFIoc29uYW1lLCBmbm5hbWUpIFwKKyAgIEludCogVkdfUkVQTEFDRV9GVU5DVElPTl9F WlUoMjA0MTAsc29uYW1lLGZubmFtZSkoIGNvbnN0IEludCogcywgSW50IGMgKTsgXAorICAgSW50 KiBWR19SRVBMQUNFX0ZVTkNUSU9OX0VaVSgyMDQxMCxzb25hbWUsZm5uYW1lKSggY29uc3QgSW50 KiBzLCBJbnQgYyApIFwKKyAgIHsgXAorICAgICAgSW50KiBwICAgID0gKEludCopIHM7IFwKKyAg ICAgIEludCogbGFzdCA9IE5VTEw7IFwKKyAgICAgIHdoaWxlIChUcnVlKSB7IFwKKyAgICAgICAg IGlmICgqcCA9PSBjKSBsYXN0ID0gcDsgXAorICAgICAgICAgaWYgKCpwID09IDApIHJldHVybiBs YXN0OyBcCisgICAgICAgICBwKys7IFwKKyAgICAgIH0gXAorICAgfQorCisjaWYgZGVmaW5lZChW R09fbGludXgpCisgV0NTUkNIUihWR19aX0xJQkNfU09OQU1FLCB3Y3NyY2hyKQorI2VuZGlmCisK IC8qLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tKi8KIC8qLS0tIEltcHJvdmUgZGVmaW5lZG5lc3MgY2hlY2tpbmcgb2YgcHJvY2VzcyBl bnZpcm9ubWVudCAgLS0tKi8KIC8qLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKi8KSW5kZXg6IG1lbWNoZWNrL3Rlc3RzL01ha2VmaWxl LmFtCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT0KLS0tIG1lbWNoZWNrL3Rlc3RzL01ha2VmaWxlLmFtCShyZXZpc2lvbiAx MzAxNikKKysrIG1lbWNoZWNrL3Rlc3RzL01ha2VmaWxlLmFtCSh3b3JraW5nIGNvcHkpCkBAIC0y MTYsNiArMjE3LDcgQEAKIAl2Y3B1X2ZiZW5jaC5zdGRvdXQuZXhwIHZjcHVfZmJlbmNoLnN0ZGVy ci5leHAgdmNwdV9mYmVuY2gudmd0ZXN0IFwKIAl2Y3B1X2ZuZm5zLnN0ZG91dC5leHAgdmNwdV9m bmZucy5zdGRvdXQuZXhwLWdsaWJjMjgtYW1kNjQgXAogCXZjcHVfZm5mbnMuc3Rkb3V0LmV4cC1k YXJ3aW4gdmNwdV9mbmZucy5zdGRlcnIuZXhwIHZjcHVfZm5mbnMudmd0ZXN0IFwKKwl3Y3Mudmd0 ZXN0IHdjcy5zdGRlcnIuZXhwIFwKIAl3cmFwMS52Z3Rlc3Qgd3JhcDEuc3Rkb3V0LmV4cCB3cmFw MS5zdGRlcnIuZXhwIFwKIAl3cmFwMi52Z3Rlc3Qgd3JhcDIuc3Rkb3V0LmV4cCB3cmFwMi5zdGRl cnIuZXhwIFwKIAl3cmFwMy52Z3Rlc3Qgd3JhcDMuc3Rkb3V0LmV4cCB3cmFwMy5zdGRlcnIuZXhw IFwKQEAgLTI5Miw2ICsyOTQsNyBAQAogCXZhcmluZm8xIHZhcmluZm8yIHZhcmluZm8zIHZhcmlu Zm80IFwKIAl2YXJpbmZvNSB2YXJpbmZvNXNvLnNvIHZhcmluZm82IFwKIAl2Y3B1X2ZiZW5jaCB2 Y3B1X2ZuZm5zIFwKKwl3Y3MgXAogCXhtbDEgXAogCXdyYXAxIHdyYXAyIHdyYXAzIHdyYXA0IHdy YXA1IHdyYXA2IHdyYXA3IHdyYXA3c28uc28gd3JhcDggXAogCXdyaXRldjEKSW5kZXg6IG1lbWNo ZWNrL3Rlc3RzL3djcy5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIG1lbWNoZWNrL3Rlc3RzL3djcy5jCShyZXZp c2lvbiAwKQorKysgbWVtY2hlY2svdGVzdHMvd2NzLmMJKHdvcmtpbmcgY29weSkKQEAgLTAsMCAr MSwyOSBAQAorLy8gVXNlcyB2YXJpb3VzIHdjaGFyX3QgKiBmdW5jdGlvbnMgdGhhdCBoYXZlIGhh bmQgd3JpdHRlbiBTU0UgYXNzZW1ibHkKKy8vIGltcGxlbWVudGF0aW9ucyBpbiBnbGliYy4gd2Nz bGVuLCB3Y3NjcHksIHdjc2NtcCwgd2NzcmNociwgd2NzY2hyLgorCisjaW5jbHVkZSA8c3RkaW8u aD4KKyNpbmNsdWRlIDxzdGRsaWIuaD4KKyNpbmNsdWRlIDx3Y2hhci5oPgorCitpbnQgbWFpbihp bnQgYXJnYywgY2hhciAqKmFyZ3YpCit7CisgIHdjaGFyX3QgYVtdID0gTCJUaGUgc3Bhenp5IG9y YW5nZSB0aWdlciBqdW1wZWQgb3ZlciB0aGUgdGF3bnkgamFndWFyLiI7CisgIHdjaGFyX3QgKmIs ICpjOworICB3Y2hhcl90ICpkLCAqZTsKKworICBzaXplX3QgbCA9IHdjc2xlbiAoYSk7CisgIGZw cmludGYgKHN0ZGVyciwgIndjc2xlbjogJXpkXG4iLCBsKTsgLy8gd2NzbGVuOiA1MworCisgIGIg PSAod2NoYXJfdCAqKSBtYWxsb2MoKGwgKyAxKSAqIHNpemVvZiAod2NoYXJfdCkpOworICBjID0g d2NzY3B5IChiLCBhKTsKKworICBmcHJpbnRmIChzdGRlcnIsICJ3Y3NjbXAgZXF1YWw6ICVkXG4i LCB3Y3NjbXAgKGEsIGIpKTsgLy8gd2NzY21wIGVxdWFsOiAwCisKKyAgZCA9IHdjc3JjaHIgKGEs IEwnZCcpOworICBlID0gd2NzY2hyIChhLCBMJ2QnKTsKKworICBmcHJpbnRmIChzdGRlcnIsICJ3 Y3NyY2hyID09IHdjc2NocjogJWRcbiIsIGQgPT0gZSk7IC8vIHdjc3JjaHIgPT0gd2NzY2hyOiAx CisKKyAgZnJlZSAoYyk7IC8vIGIgPT0gYworICByZXR1cm4gMDsKK30KSW5kZXg6IG1lbWNoZWNr L3Rlc3RzL3djcy5zdGRlcnIuZXhwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIG1lbWNoZWNrL3Rlc3RzL3djcy5z dGRlcnIuZXhwCShyZXZpc2lvbiAwKQorKysgbWVtY2hlY2svdGVzdHMvd2NzLnN0ZGVyci5leHAJ KHdvcmtpbmcgY29weSkKQEAgLTAsMCArMSwzIEBACit3Y3NsZW46IDUzCit3Y3NjbXAgZXF1YWw6 IDAKK3djc3JjaHIgPT0gd2NzY2hyOiAxCkluZGV4OiBtZW1jaGVjay90ZXN0cy93Y3Mudmd0ZXN0 Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIG1lbWNoZWNrL3Rlc3RzL3djcy52Z3Rlc3QJKHJldmlzaW9uIDApCisr KyBtZW1jaGVjay90ZXN0cy93Y3Mudmd0ZXN0CSh3b3JraW5nIGNvcHkpCkBAIC0wLDAgKzEsMiBA QAorcHJvZzogd2NzCit2Z29wdHM6IC1xCg==