194208 CVE-2019-6251 2019-02-03 17:43:03 -0800 [WPE][GTK] URI spoofing when JS redirects page to something that takes a long time to load 2025-04-16 18:52:16 -0700 1 1 1 Unclassified Security Security WebKit Nightly Build PC Linux RESOLVED FIXED https://bugzilla.redhat.com/show_bug.cgi?id=1667410 https://bugs.webkit.org/show_bug.cgi?id=201176 https://bugs.webkit.org/show_bug.cgi?id=291657 https://gitlab.gnome.org/GNOME/epiphany/issues/532 InRadar P2 Normal --- 194131 1 mcatanzaro webkit-security-unassigned aperez ap bfulgham cgarcia ews-feeder mcatanzaro nawaz7261122 product-security webkit-bug-importer oldest_to_newest 1501704 0 mcatanzaro 2019-02-03 17:43:03 -0800 Epiphany is vulnerable to a URI spoofing attack when JS redirects the page to something that takes a long time to load. See https://gitlab.gnome.org/GNOME/epiphany/issues/532 for full details. The solution is to just not display any URI changes that occur after LOAD_COMMITTED until we have hit LOAD_FINISHED. We could easily solve this at the Epiphany level, but any application using the WPE/GTK API would be affected, so it seems better to handle it in WebKit instead. 1501705 1 webkit-bug-importer 2019-02-03 17:45:26 -0800 <rdar://problem/47776021> 1501708 2 webkit-bug-importer 2019-02-03 17:48:31 -0800 <rdar://problem/47776040> 1501722 3 361034 mcatanzaro 2019-02-03 19:16:09 -0800 Created attachment 361034 Patch 1501723 4 mcatanzaro 2019-02-03 19:16:53 -0800 Not really happy with this, since it desyncs our URI from WebCore's... but this is the best I was able to come up with. 1517004 6 mcatanzaro 2019-03-15 09:55:29 -0700 (This is already public elsewhere, but Security-Sensitive tag should avoid spam.) 1520289 7 365721 cgarcia 2019-03-22 06:41:41 -0700 Created attachment 365721 Patch 1520340 8 365721 mcatanzaro 2019-03-22 09:16:57 -0700 Comment on attachment 365721 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=365721&action=review I was working on this last night and tried several things, but none were correct. I think what you have here might be on the right track, but when the URI is un-blocked, the URI change is not effected. Just browse a few pages and notice that URI is never updated except on API requests or HTTP redirects. So we need to update the URI somewhere. Now, if we do that update after LOAD_STARTED, where you unblock it in this patch, then the spoofing will succeed and this change will fail, so the right place to do the update must be after LOAD_COMMITTED, right? That might look bad, though, because now users won't be able to see redirections happen, but I think, with that changed, this will still be better than my attempts. > Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:2086 > + // Ignore the active URI changes happening before WEBKIT_LOAD_STARTED. In case of API request, > + // the active URI is already the pending API request URL. I think the comment needs more explanation to make us less likely to reintroduce this bug. E.g.: // Ignore the active URI changes happening before WEBKIT_LOAD_STARTED. If they are not user-initiated, // they could be a malicious attempt to trick users by loading an invalid URI on a trusted host, with the load // intended to stall, or perhaps be repeated. If we trust the URI here and display it to the user, then the user's // only indication that something is wrong would be a page loading indicator. If the load request is not // user-initiated, we must not trust it until WEBKIT_LOAD_COMMITTED. If the load is triggered by API // request, then the active URI is already the pending API request URL, so the blocking is harmless and the // client application will still see the URI update immediately. Otherwise, the URI update will be delayed a bit. Note my comment matches my suggestion above, but not what you've implemented. 1520341 9 mcatanzaro 2019-03-22 09:19:06 -0700 E.g. load https://www.igalia.com/ by API request. Then click on Services in the top bar. Expected URI is: https://www.igalia.com/services/ But actual URI is still: https://www.igalia.com/ 1520597 10 cgarcia 2019-03-23 02:41:02 -0700 (In reply to Michael Catanzaro from comment #8) > Comment on attachment 365721 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=365721&action=review > > I was working on this last night and tried several things, but none were > correct. I think what you have here might be on the right track, but when > the URI is un-blocked, the URI change is not effected. Just browse a few > pages and notice that URI is never updated except on API requests or HTTP > redirects. Right, I assumed it was going to be updated on committed, but the url hasn't changed in the page load state, so we need to check it manually. HTTP redirects should work, though, because the URL will change in the page load state. > So we need to update the URI somewhere. Now, if we do that update > after LOAD_STARTED, where you unblock it in this patch, then the spoofing > will succeed and this change will fail, so the right place to do the update > must be after LOAD_COMMITTED, right? Yes, committed is the right place. > That might look bad, though, because > now users won't be able to see redirections happen, but I think, with that > changed, this will still be better than my attempts. No, redirections should work because they happen after provisional load started and the URL changes in the page load state. > > Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:2086 > > + // Ignore the active URI changes happening before WEBKIT_LOAD_STARTED. In case of API request, > > + // the active URI is already the pending API request URL. > > I think the comment needs more explanation to make us less likely to > reintroduce this bug. E.g.: > > // Ignore the active URI changes happening before WEBKIT_LOAD_STARTED. If > they are not user-initiated, > // they could be a malicious attempt to trick users by loading an invalid > URI on a trusted host, with the load > // intended to stall, or perhaps be repeated. If we trust the URI here and > display it to the user, then the user's > // only indication that something is wrong would be a page loading > indicator. If the load request is not > // user-initiated, we must not trust it until WEBKIT_LOAD_COMMITTED. If the > load is triggered by API > // request, then the active URI is already the pending API request URL, so > the blocking is harmless and the > // client application will still see the URI update immediately. Otherwise, > the URI update will be delayed a bit. > > Note my comment matches my suggestion above, but not what you've implemented. Ok, thanks 1520598 11 365808 cgarcia 2019-03-23 02:47:48 -0700 Created attachment 365808 Patch 1520728 12 365808 mcatanzaro 2019-03-24 10:47:35 -0700 Comment on attachment 365808 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=365808&action=review OK, so the trick is to unblock during LOAD_STARTED, then restore during LOAD_COMMITTED. Really good job. I don't immediately notice any regressions. > Source/WebKit/ChangeLog:4 > + Need the bug URL (OOPS!). You'll have to fix the URL before it lands. Our scripts don't like security bugs. > Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:2120 > + // Active URL is trusted now, if it's different to our active URI, due to the Active URL is trusted now. If it's different to our active URI, ... 1520816 13 cgarcia 2019-03-25 02:12:04 -0700 Committed r243434: <https://trac.webkit.org/changeset/243434> 1558889 14 mcatanzaro 2019-08-06 12:59:09 -0700 Finally, I've noticed multiple regressions. Look at Epiphany's load_changed_cb: case WEBKIT_LOAD_STARTED: { const char *loading_uri = NULL; view->load_failed = FALSE; if (view->snapshot_timeout_id) { g_source_remove (view->snapshot_timeout_id); view->snapshot_timeout_id = 0; } loading_uri = webkit_web_view_get_uri (web_view); // PROBLEM! if (ephy_embed_utils_is_no_show_address (loading_uri)) ephy_web_view_freeze_history (view); if (view->address == NULL || view->address[0] == '\0') ephy_web_view_set_address (view, loading_uri); ephy_web_view_set_loading_message (view, loading_uri); if (!view->reader_loading) { g_clear_pointer (&view->reader_byline, g_free); g_clear_pointer (&view->reader_content, g_free); view->reader_active = FALSE; } g_object_notify_by_pspec (G_OBJECT (view), obj_properties[PROP_READER_MODE]); break; } Notice the line I marked with // PROBLEM! After this commit, the URI there can now be stale. It has two undesirable effects: * We freeze the history database if the *current* page is not supposed to go into history, not if the *loading* page is. So, when starting from about:overview and clicking on any of the overview thumbnails, the load will not enter history because about:overview is not supposed to enter history. Epiphany thinks it is loading about:overview again. * The loading message is set incorrectly. E.g. load https://duckduckgo.com/about, scroll down to the DuckDuckGo Blog section, and click any of the links that go do https://spreadprivacy.com. The loading message (in Epiphany's floating status bar) should say "Loading https://spreadprivacy.com" but instead says "Loading https://duckduckgo.com", which is incorrect. But this all is an unavoidable result of this change: delaying the URI update is the only plausible way to fix the security bug, after all. So I think all we can do is update our documentation to warn developers that URI must not be relied on until LOAD_COMMITTED. It also makes me wonder whether it's possible to do much of use in LOAD_REDIRECTED anymore. 1558918 15 mcatanzaro 2019-08-06 13:45:14 -0700 https://gitlab.gnome.org/GNOME/epiphany/merge_requests/403 I recommend an update to the webkit_web_view_get_uri() documentation at least, and probably also WebKitWebView::load-changed since this is a significant footgun. 1558940 16 aperez 2019-08-06 15:12:47 -0700 I think that the regressions observed by Michael very likely have the same root cause as bug #200341 — Carlos García was already looking into it, we should probably check with him. 1558973 17 mcatanzaro 2019-08-06 16:12:28 -0700 Looks to me like two different issues with similar symptoms. 361034 2019-02-03 19:16:09 -0800 2019-03-22 06:41:41 -0700 Patch bug-194208-20190203211608.patch text/plain 6682 mcatanzaro U3VidmVyc2lvbiBSZXZpc2lvbjogMjQwODUwCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IGY3ODllYzJlZDY3MGNlYTM3 MzU4OWJhODE4ZGY4NzdjN2E5NTk0NGYuLjAwZDY4Yzc3NzUxMWViZTcwMjQwYWY2Yjk1ZDk5YTk4 ZGI5ZTY4MTkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMzMgQEAKKzIwMTktMDItMDMgIE1pY2hhZWwg Q2F0YW56YXJvICA8bWNhdGFuemFyb0BpZ2FsaWEuY29tPgorCisgICAgICAgIChDVkUtMjAxOS02 MjUxKSBbV1BFXVtHVEtdIFVSSSBpc3N1ZSB3aGVuIEpTIHJlZGlyZWN0cyBwYWdlIHRvIHNvbWV0 aGluZyB0aGF0IHRha2VzIGEgbG9uZyB0aW1lIHRvIGxvYWQKKyAgICAgICAgaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTE5NDIwOAorICAgICAgICA8cmRhcjovL3Byb2Js ZW0vNDc3NzYwMjE+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgV2UgbXVzdCBub3QgYWxsb3cgVVJJIHVwZGF0ZXMgYmV0d2VlbiBjb21taXR0ZWQgYW5k IGZpbmlzaGVkLCBiZWNhdXNlIHRoaXMgaXMgd2hlbiBKUyBjb3VsZAorICAgICAgICB0cmlnZ2Vy IHJlZGlyZWN0cyB0aGF0IHdpbGwgbm90IGV2ZXIgY29tcGxldGUsIGZvciB0aGUgcHVycG9zZSBv ZiBkaXNwbGF5aW5nIHByb2JsZW1hdGljCisgICAgICAgIGNvbnRlbnQgd2l0aCBhIHRydXN0ZWQg VVJJIGluIHRoZSBhZGRyZXNzIGJhci4gVGhlIHVzZXIncyBvbmx5IGluZGljYXRpb24gdGhhdCBz b21ldGhpbmcKKyAgICAgICAgbWlnaHQgYmUgd3Jvbmcgd291bGQgYmUgYSBzcGlubmVyLgorCisg ICAgICAgIEkgdHJpZWQgd3JpdGluZyBhbiBBUEkgdGVzdCBmb3IgdGhpcywgYnV0IGl0J3Mgbm90 IHBvc3NpYmxlIGJlY2F1c2Ugd2Ugd2FudCB0byB1bmZyZWV6ZSB0aGUKKyAgICAgICAgVVJJIGlt bWVkaWF0ZWx5IGJlZm9yZSBlbWl0dGluZyBmaW5pc2hlZCwgb2YgY291cnNlLCBidXQgdGhlbiBh IHRlc3QgaGFzIG5vIHdheSB0byBrbm93IGlmCisgICAgICAgIGl0J3MgaGFwcGVuaW5nIHRvbyBz b29uIG9yIG5vdCwgYmVjYXVzZSB0aGUgdGVzdCBqdXN0IGtub3dzIHRoZSBsb2FkIGhhc24ndCBm aW5pc2hlZCB5ZXQuCisKKyAgICAgICAgTXkgc29sdXRpb24gcmVsaWVzIG9uIHRoZSBmYWN0IHRo YXQgZmluaXNoZWQgaXMgbm93IGFsd2F5cyBlbWl0dGVkIGV2ZW4gaWYgdGhlIGxvYWQgbmV2ZXIK KyAgICAgICAgZmluaXNoZXMsIGJ1dCB0aGlzIGlzIGFsc28gYSBoaW5kcmFuY2UsIGJlY2F1c2Ug dGhlIHByb2JsZW1hdGljIHBhZ2UgY291bGQgY2lyY3VtdmVudCB0aGlzCisgICAgICAgIG5ldyBw cm90ZWN0aW9uIGJ5IGp1c3Qgc3RhcnRpbmcgYSBuZXcgbG9hZCAoY2F1c2luZyB0aGUgcHJldmlv dXMgb25lIHRvICJmaW5pc2giKSwgc28gd2UKKyAgICAgICAgYWxzbyBuZWVkIHRvIG5vdGlmeSB0 aGUgd2ViIHZpZXcgd2hlbiBhIG5ldyBsb2FkIG9jY3VycyBiZWZvcmUgdGhlIHByZXZpb3VzIG9u ZSBmaW5pc2hlZCwKKyAgICAgICAgYW5kIHJlc2V0IHRoZSBVUkkgaW4gdGhpcyBjYXNlLiAoVGhp cyBwYXJ0IG1pZ2h0IGJlIHRlc3RhYmxlLCBidXQgSSBoYXZlbid0IHRyaWVkLikKKworICAgICAg ICAqIFVJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXROYXZpZ2F0aW9uQ2xpZW50LmNwcDoKKyAgICAg ICAgKE5hdmlnYXRpb25DbGllbnQ6Ok5hdmlnYXRpb25DbGllbnQpOgorICAgICAgICAqIFVJUHJv Y2Vzcy9BUEkvZ2xpYi9XZWJLaXRXZWJWaWV3LmNwcDoKKyAgICAgICAgKHdlYmtpdFdlYlZpZXdM b2FkQ2hhbmdlZCk6CisgICAgICAgICh3ZWJraXRXZWJWaWV3UmVzZXRUb0xhc3RDb21taXR0ZWRV UkkpOgorICAgICAgICAqIFVJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXRXZWJWaWV3UHJpdmF0ZS5o OgorCiAyMDE5LTAyLTAzICBNaWNoYWVsIENhdGFuemFybyAgPG1jYXRhbnphcm9AaWdhbGlhLmNv bT4KIAogICAgICAgICBbV1BFXVtHVEtdIExvYWQgZXZlbnRzIG1heSBvY2N1ciBpbiB1bmV4cGVj dGVkIG9yZGVyIHdoZW4gSlMgcmVkaXJlY3RzIHBhZ2UgYmVmb3JlIHN1YnJlc291cmNlIGxvYWQg ZmluaXNoZXMKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL0FQSS9nbGliL1dl YktpdE5hdmlnYXRpb25DbGllbnQuY3BwIGIvU291cmNlL1dlYktpdC9VSVByb2Nlc3MvQVBJL2ds aWIvV2ViS2l0TmF2aWdhdGlvbkNsaWVudC5jcHAKaW5kZXggZmMxYzk0MzEyM2M1ZDJlNDhkN2Zk N2NiZGFjODc0OWY3ZTFiNDc4YS4uYTVkMGRlODNiNDRlNWViOWM4OTM5NmVlYzgwNzI3NmI3MTFh M2FlZiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdC9VSVByb2Nlc3MvQVBJL2dsaWIvV2ViS2l0 TmF2aWdhdGlvbkNsaWVudC5jcHAKKysrIGIvU291cmNlL1dlYktpdC9VSVByb2Nlc3MvQVBJL2ds aWIvV2ViS2l0TmF2aWdhdGlvbkNsaWVudC5jcHAKQEAgLTEwMSw3ICsxMDEsMTMgQEAgY2xhc3Mg TmF2aWdhdGlvbkNsaWVudCA6IHB1YmxpYyBBUEk6Ok5hdmlnYXRpb25DbGllbnQgewogcHVibGlj OgogICAgIGV4cGxpY2l0IE5hdmlnYXRpb25DbGllbnQoV2ViS2l0V2ViVmlldyogd2ViVmlldykK ICAgICAgICAgOiBtX3dlYlZpZXcod2ViVmlldykKLSAgICAgICAgLCBtX25hdmlnYXRpb25TdGF0 ZVRyYWNrZXIoW3RoaXNdIHsgd2Via2l0V2ViVmlld0xvYWRDaGFuZ2VkKG1fd2ViVmlldywgV0VC S0lUX0xPQURfRklOSVNIRUQpOyB9KQorICAgICAgICAsIG1fbmF2aWdhdGlvblN0YXRlVHJhY2tl cihbdGhpc10geworICAgICAgICAgICAgLy8gV2UgaGF2ZSB0byByZXNldCB0aGUgVVJJIGhlcmUg YmVjYXVzZSBhIG1hbGljaW91cyBwYWdlIGNvdWxkCisgICAgICAgICAgICAvLyBhdHRlbXB0IHRv IHNwb29mIGEgVVJJIG9uIGEgbGVnaXRpbWF0ZSBob3N0IGlmIGl0IGtub3dzIHRoYXQKKyAgICAg ICAgICAgIC8vIHRoZSBsb2FkIHdvbid0IGNvbXBsZXRlLgorICAgICAgICAgICAgd2Via2l0V2Vi Vmlld1Jlc2V0VG9MYXN0Q29tbWl0dGVkVVJJKG1fd2ViVmlldyk7CisgICAgICAgICAgICB3ZWJr aXRXZWJWaWV3TG9hZENoYW5nZWQobV93ZWJWaWV3LCBXRUJLSVRfTE9BRF9GSU5JU0hFRCk7Cisg ICAgICAgIH0pCiAgICAgewogICAgIH0KIApkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdC9VSVBy b2Nlc3MvQVBJL2dsaWIvV2ViS2l0V2ViVmlldy5jcHAgYi9Tb3VyY2UvV2ViS2l0L1VJUHJvY2Vz cy9BUEkvZ2xpYi9XZWJLaXRXZWJWaWV3LmNwcAppbmRleCAyOTc5YjhhNTIzOGM3ZThkNjM1YmRi NDQwZjUyOTQ4YzVmYzg1MzRmLi43NzVkYjU1OTRjNDY2ZTI2MTMwODRmY2M3YmU4YTQ1MzczNzEx ZWM3IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L1VJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXRX ZWJWaWV3LmNwcAorKysgYi9Tb3VyY2UvV2ViS2l0L1VJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXRX ZWJWaWV3LmNwcApAQCAtMjQ2LDkgKzI0NiwxMSBAQCBzdHJ1Y3QgX1dlYktpdFdlYlZpZXdQcml2 YXRlIHsKICAgICBDU3RyaW5nIHRpdGxlOwogICAgIENTdHJpbmcgY3VzdG9tVGV4dEVuY29kaW5n OwogICAgIENTdHJpbmcgYWN0aXZlVVJJOwotICAgIGJvb2wgaXNMb2FkaW5nOwotICAgIGJvb2wg aXNFcGhlbWVyYWw7Ci0gICAgYm9vbCBpc0NvbnRyb2xsZWRCeUF1dG9tYXRpb247CisgICAgQ1N0 cmluZyBsYXN0Q29tbWl0dGVkVVJJOworICAgIGJvb2wgdXJpVXBkYXRlc0FyZUJsb2NrZWQgOiAx OworICAgIGJvb2wgaXNMb2FkaW5nIDogMTsKKyAgICBib29sIGlzRXBoZW1lcmFsIDogMTsKKyAg ICBib29sIGlzQ29udHJvbGxlZEJ5QXV0b21hdGlvbiA6IDE7CiAKICAgICBzdGQ6OnVuaXF1ZV9w dHI8UGFnZUxvYWRTdGF0ZU9ic2VydmVyPiBsb2FkT2JzZXJ2ZXI7CiAKQEAgLTM2MCw3ICszNjIs OCBAQCBwcml2YXRlOgogICAgIHZvaWQgZGlkQ2hhbmdlQWN0aXZlVVJMKCkgb3ZlcnJpZGUKICAg ICB7CiAgICAgICAgIG1fd2ViVmlldy0+cHJpdi0+YWN0aXZlVVJJID0gZ2V0UGFnZShtX3dlYlZp ZXcpLnBhZ2VMb2FkU3RhdGUoKS5hY3RpdmVVUkwoKS51dGY4KCk7Ci0gICAgICAgIGdfb2JqZWN0 X25vdGlmeShHX09CSkVDVChtX3dlYlZpZXcpLCAidXJpIik7CisgICAgICAgIGlmICghbV93ZWJW aWV3LT5wcml2LT51cmlVcGRhdGVzQXJlQmxvY2tlZCkKKyAgICAgICAgICAgIGdfb2JqZWN0X25v dGlmeShHX09CSkVDVChtX3dlYlZpZXcpLCAidXJpIik7CiAgICAgICAgIGdfb2JqZWN0X3RoYXdf bm90aWZ5KEdfT0JKRUNUKG1fd2ViVmlldykpOwogICAgIH0KIApAQCAtMjA3MCwxNiArMjA3Mywy MCBAQCB2b2lkIHdlYmtpdFdlYlZpZXdMb2FkQ2hhbmdlZChXZWJLaXRXZWJWaWV3KiB3ZWJWaWV3 LCBXZWJLaXRMb2FkRXZlbnQgbG9hZEV2ZW50KQogICAgICAgICBwcml2LT5sb2FkaW5nUmVzb3Vy Y2VzTWFwLmNsZWFyKCk7CiAgICAgICAgIHByaXYtPm1haW5SZXNvdXJjZSA9IG51bGxwdHI7CiAg ICAgICAgIGJyZWFrOwotI2lmIFBMQVRGT1JNKEdUSykKICAgICBjYXNlIFdFQktJVF9MT0FEX0NP TU1JVFRFRDogeworI2lmIFBMQVRGT1JNKEdUSykKICAgICAgICAgV2ViS2l0RmF2aWNvbkRhdGFi YXNlKiBkYXRhYmFzZSA9IHdlYmtpdF93ZWJfY29udGV4dF9nZXRfZmF2aWNvbl9kYXRhYmFzZShw cml2LT5jb250ZXh0LmdldCgpKTsKICAgICAgICAgR1VuaXF1ZVB0cjxjaGFyPiBmYXZpY29uVVJJ KHdlYmtpdF9mYXZpY29uX2RhdGFiYXNlX2dldF9mYXZpY29uX3VyaShkYXRhYmFzZSwgcHJpdi0+ YWN0aXZlVVJJLmRhdGEoKSkpOwogICAgICAgICB3ZWJraXRXZWJWaWV3VXBkYXRlRmF2aWNvblVS SSh3ZWJWaWV3LCBmYXZpY29uVVJJLmdldCgpKTsKKyNlbmRpZgorICAgICAgICBwcml2LT51cmlV cGRhdGVzQXJlQmxvY2tlZCA9IHRydWU7CiAgICAgICAgIGJyZWFrOwogICAgIH0KLSNlbmRpZgog ICAgIGNhc2UgV0VCS0lUX0xPQURfRklOSVNIRUQ6CiAgICAgICAgIHdlYmtpdFdlYlZpZXdDYW5j ZWxBdXRoZW50aWNhdGlvblJlcXVlc3Qod2ViVmlldyk7CisgICAgICAgIHByaXYtPnVyaVVwZGF0 ZXNBcmVCbG9ja2VkID0gZmFsc2U7CisgICAgICAgIGlmIChwcml2LT5hY3RpdmVVUkkgIT0gcHJp di0+bGFzdENvbW1pdHRlZFVSSSkKKyAgICAgICAgICAgIGdfb2JqZWN0X25vdGlmeShHX09CSkVD VCh3ZWJWaWV3KSwgInVyaSIpOwogICAgICAgICBicmVhazsKICAgICBkZWZhdWx0OgogICAgICAg ICBicmVhazsKQEAgLTIwODgsNiArMjA5NSwxMSBAQCB2b2lkIHdlYmtpdFdlYlZpZXdMb2FkQ2hh bmdlZChXZWJLaXRXZWJWaWV3KiB3ZWJWaWV3LCBXZWJLaXRMb2FkRXZlbnQgbG9hZEV2ZW50KQog ICAgIGdfc2lnbmFsX2VtaXQod2ViVmlldywgc2lnbmFsc1tMT0FEX0NIQU5HRURdLCAwLCBsb2Fk RXZlbnQpOwogfQogCit2b2lkIHdlYmtpdFdlYlZpZXdSZXNldFRvTGFzdENvbW1pdHRlZFVSSShX ZWJLaXRXZWJWaWV3KiB3ZWJWaWV3KQoreworICAgIHdlYlZpZXctPnByaXYtPmFjdGl2ZVVSSSA9 IHdlYlZpZXctPnByaXYtPmxhc3RDb21taXR0ZWRVUkk7Cit9CisKIHZvaWQgd2Via2l0V2ViVmll d0xvYWRGYWlsZWQoV2ViS2l0V2ViVmlldyogd2ViVmlldywgV2ViS2l0TG9hZEV2ZW50IGxvYWRF dmVudCwgY29uc3QgY2hhciogZmFpbGluZ1VSSSwgR0Vycm9yICplcnJvcikKIHsKICAgICB3ZWJr aXRXZWJWaWV3Q2FuY2VsQXV0aGVudGljYXRpb25SZXF1ZXN0KHdlYlZpZXcpOwpkaWZmIC0tZ2l0 IGEvU291cmNlL1dlYktpdC9VSVByb2Nlc3MvQVBJL2dsaWIvV2ViS2l0V2ViVmlld1ByaXZhdGUu aCBiL1NvdXJjZS9XZWJLaXQvVUlQcm9jZXNzL0FQSS9nbGliL1dlYktpdFdlYlZpZXdQcml2YXRl LmgKaW5kZXggZTllZjYwYzU3N2M0NTQxYjg3MjA5MmQ3MzI0NDRhN2VhYmFkOWE0ZC4uZmIwMzI0 MzllMWE5OTMxMmMwZDZmZWUxZTBjY2UxODE4Yjc3ZjE3OCAxMDA2NDQKLS0tIGEvU291cmNlL1dl YktpdC9VSVByb2Nlc3MvQVBJL2dsaWIvV2ViS2l0V2ViVmlld1ByaXZhdGUuaAorKysgYi9Tb3Vy Y2UvV2ViS2l0L1VJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXRXZWJWaWV3UHJpdmF0ZS5oCkBAIC00 Miw2ICs0Miw3IEBACiB2b2lkIHdlYmtpdFdlYlZpZXdDcmVhdGVQYWdlKFdlYktpdFdlYlZpZXcq LCBSZWY8QVBJOjpQYWdlQ29uZmlndXJhdGlvbj4mJik7CiBXZWJLaXQ6OldlYlBhZ2VQcm94eSYg d2Via2l0V2ViVmlld0dldFBhZ2UoV2ViS2l0V2ViVmlldyopOwogdm9pZCB3ZWJraXRXZWJWaWV3 TG9hZENoYW5nZWQoV2ViS2l0V2ViVmlldyosIFdlYktpdExvYWRFdmVudCk7Cit2b2lkIHdlYmtp dFdlYlZpZXdSZXNldFRvTGFzdENvbW1pdHRlZFVSSShXZWJLaXRXZWJWaWV3Kik7CiB2b2lkIHdl YmtpdFdlYlZpZXdMb2FkRmFpbGVkKFdlYktpdFdlYlZpZXcqLCBXZWJLaXRMb2FkRXZlbnQsIGNv bnN0IGNoYXIqIGZhaWxpbmdVUkksIEdFcnJvciopOwogdm9pZCB3ZWJraXRXZWJWaWV3TG9hZEZh aWxlZFdpdGhUTFNFcnJvcnMoV2ViS2l0V2ViVmlldyosIGNvbnN0IGNoYXIqIGZhaWxpbmdVUkks IEdFcnJvciosIEdUbHNDZXJ0aWZpY2F0ZUZsYWdzLCBHVGxzQ2VydGlmaWNhdGUqKTsKICNpZiBQ TEFURk9STShHVEspCg== 365721 2019-03-22 06:41:41 -0700 2019-03-23 02:47:48 -0700 Patch wk2-active-uri-spoof.diff text/plain 2804 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nIGIvU291cmNlL1dlYktpdC9DaGFu Z2VMb2cKaW5kZXggNzFlZWVlNWY4ZTYuLmNhMDJjYmQxZTMzIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViS2l0L0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViS2l0L0NoYW5nZUxvZwpAQCAtMSwzICsx LDE0IEBACisyMDE5LTAzLTIyICBDYXJsb3MgR2FyY2lhIENhbXBvcyAgPGNnYXJjaWFAaWdhbGlh LmNvbT4KKworICAgICAgICBbR1RLXVtXUEVdIERvIG5vdCBhbGxvdyBjaGFuZ2VzIGluIGFjdGl2 ZSBVUkkgYmVmb3JlIHByb3Zpc2lvbmFsIGxvYWQgc3RhcnRzIGZvciBub24tQVBJIHJlcXVlc3Rz CisgICAgICAgIE5lZWQgdGhlIGJ1ZyBVUkwgKE9PUFMhKS4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIFVJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXRX ZWJWaWV3LmNwcDoKKyAgICAgICAgKHdlYmtpdFdlYlZpZXdXaWxsU3RhcnRMb2FkKTogQmxvY2sg dXBkYXRlcyBvZiBhY3RpdmUgVVJMLgorICAgICAgICAod2Via2l0V2ViVmlld0xvYWRDaGFuZ2Vk KTogVW5ibG9jayB1cGRhdGVzIG9mIGFjdGl2ZSBVUkwgb24gV0VCS0lUX0xPQURfU1RBUlRFRC4K KwogMjAxOS0wMy0yMSAgQ2FybG9zIEdhcmNpYSBDYW1wb3MgIDxjZ2FyY2lhQGlnYWxpYS5jb20+ CiAKICAgICAgICAgR2VvbG9jYXRpb24gcmVxdWVzdCBub3QgY29tcGxldGUgd2hlbiB3YXRjaCBy ZXF1ZXN0IHdhcyBzdGFydGVkIGluIGEgZGlmZmVyZW50IHdlYiBwcm9jZXNzCmRpZmYgLS1naXQg YS9Tb3VyY2UvV2ViS2l0L1VJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXRXZWJWaWV3LmNwcCBiL1Nv dXJjZS9XZWJLaXQvVUlQcm9jZXNzL0FQSS9nbGliL1dlYktpdFdlYlZpZXcuY3BwCmluZGV4IDcy MTg1NDU1ZTY4Li5hODgwNWEzMDk4MyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdC9VSVByb2Nl c3MvQVBJL2dsaWIvV2ViS2l0V2ViVmlldy5jcHAKKysrIGIvU291cmNlL1dlYktpdC9VSVByb2Nl c3MvQVBJL2dsaWIvV2ViS2l0V2ViVmlldy5jcHAKQEAgLTI0Niw2ICsyNDYsNyBAQCBzdHJ1Y3Qg X1dlYktpdFdlYlZpZXdQcml2YXRlIHsKICAgICBDU3RyaW5nIHRpdGxlOwogICAgIENTdHJpbmcg Y3VzdG9tVGV4dEVuY29kaW5nOwogICAgIENTdHJpbmcgYWN0aXZlVVJJOworICAgIGJvb2wgaXNB Y3RpdmVVUklDaGFuZ2VCbG9ja2VkOwogICAgIGJvb2wgaXNMb2FkaW5nOwogICAgIGJvb2wgaXNF cGhlbWVyYWw7CiAgICAgYm9vbCBpc0NvbnRyb2xsZWRCeUF1dG9tYXRpb247CkBAIC0zNTUsMTAg KzM1NiwxNCBAQCBwcml2YXRlOgogCiAgICAgdm9pZCB3aWxsQ2hhbmdlQWN0aXZlVVJMKCkgb3Zl cnJpZGUKICAgICB7CisgICAgICAgIGlmIChtX3dlYlZpZXctPnByaXYtPmlzQWN0aXZlVVJJQ2hh bmdlQmxvY2tlZCkKKyAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgZ19vYmplY3RfZnJlZXpl X25vdGlmeShHX09CSkVDVChtX3dlYlZpZXcpKTsKICAgICB9CiAgICAgdm9pZCBkaWRDaGFuZ2VB Y3RpdmVVUkwoKSBvdmVycmlkZQogICAgIHsKKyAgICAgICAgaWYgKG1fd2ViVmlldy0+cHJpdi0+ aXNBY3RpdmVVUklDaGFuZ2VCbG9ja2VkKQorICAgICAgICAgICAgcmV0dXJuOwogICAgICAgICBt X3dlYlZpZXctPnByaXYtPmFjdGl2ZVVSSSA9IGdldFBhZ2UobV93ZWJWaWV3KS5wYWdlTG9hZFN0 YXRlKCkuYWN0aXZlVVJMKCkudXRmOCgpOwogICAgICAgICBnX29iamVjdF9ub3RpZnkoR19PQkpF Q1QobV93ZWJWaWV3KSwgInVyaSIpOwogICAgICAgICBnX29iamVjdF90aGF3X25vdGlmeShHX09C SkVDVChtX3dlYlZpZXcpKTsKQEAgLTIwNzcsNiArMjA4MiwxMCBAQCBXZWJQYWdlUHJveHkmIHdl YmtpdFdlYlZpZXdHZXRQYWdlKFdlYktpdFdlYlZpZXcqIHdlYlZpZXcpCiAKIHZvaWQgd2Via2l0 V2ViVmlld1dpbGxTdGFydExvYWQoV2ViS2l0V2ViVmlldyogd2ViVmlldykKIHsKKyAgICAvLyBJ Z25vcmUgdGhlIGFjdGl2ZSBVUkkgY2hhbmdlcyBoYXBwZW5pbmcgYmVmb3JlIFdFQktJVF9MT0FE X1NUQVJURUQuIEluIGNhc2Ugb2YgQVBJIHJlcXVlc3QsCisgICAgLy8gdGhlIGFjdGl2ZSBVUkkg aXMgYWxyZWFkeSB0aGUgcGVuZGluZyBBUEkgcmVxdWVzdCBVUkwuCisgICAgd2ViVmlldy0+cHJp di0+aXNBY3RpdmVVUklDaGFuZ2VCbG9ja2VkID0gdHJ1ZTsKKwogICAgIC8vIFRoaXMgaXMgY2Fs bGVkIGJlZm9yZSBOYXZpZ2F0aW9uQ2xpZW50OjpkaWRTdGFydFByb3Zpc2lvbmFsTmF2aWdhdGlv bigpLCB0aGUgcGFnZSBsb2FkIHN0YXRlIGhhc24ndCBiZWVuIGNvbW1pdHRlZCB5ZXQuCiAgICAg YXV0byYgcGFnZUxvYWRTdGF0ZSA9IGdldFBhZ2Uod2ViVmlldykucGFnZUxvYWRTdGF0ZSgpOwog ICAgIGlmIChwYWdlTG9hZFN0YXRlLmlzRmluaXNoZWQoKSkKQEAgLTIwOTksNiArMjEwOCw3IEBA IHZvaWQgd2Via2l0V2ViVmlld0xvYWRDaGFuZ2VkKFdlYktpdFdlYlZpZXcqIHdlYlZpZXcsIFdl YktpdExvYWRFdmVudCBsb2FkRXZlbnQpCiAgICAgICAgIHdlYmtpdFdlYlZpZXdDYW5jZWxBdXRo ZW50aWNhdGlvblJlcXVlc3Qod2ViVmlldyk7CiAgICAgICAgIHByaXYtPmxvYWRpbmdSZXNvdXJj ZXNNYXAuY2xlYXIoKTsKICAgICAgICAgcHJpdi0+bWFpblJlc291cmNlID0gbnVsbHB0cjsKKyAg ICAgICAgd2ViVmlldy0+cHJpdi0+aXNBY3RpdmVVUklDaGFuZ2VCbG9ja2VkID0gZmFsc2U7CiAg ICAgICAgIGJyZWFrOwogI2lmIFBMQVRGT1JNKEdUSykKICAgICBjYXNlIFdFQktJVF9MT0FEX0NP TU1JVFRFRDogewo= 365808 2019-03-23 02:47:48 -0700 2019-03-24 10:47:35 -0700 Patch wk2-uri-spoof.diff text/plain 4335 cgarcia ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nIGIvU291cmNlL1dlYktpdC9DaGFu Z2VMb2cKaW5kZXggNzFlZWVlNWY4ZTYuLmNhMDJjYmQxZTMzIDEwMDY0NAotLS0gYS9Tb3VyY2Uv V2ViS2l0L0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViS2l0L0NoYW5nZUxvZwpAQCAtMSwzICsx LDE0IEBACisyMDE5LTAzLTIyICBDYXJsb3MgR2FyY2lhIENhbXBvcyAgPGNnYXJjaWFAaWdhbGlh LmNvbT4KKworICAgICAgICBbR1RLXVtXUEVdIERvIG5vdCBhbGxvdyBjaGFuZ2VzIGluIGFjdGl2 ZSBVUkkgYmVmb3JlIHByb3Zpc2lvbmFsIGxvYWQgc3RhcnRzIGZvciBub24tQVBJIHJlcXVlc3Rz CisgICAgICAgIE5lZWQgdGhlIGJ1ZyBVUkwgKE9PUFMhKS4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIFVJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXRX ZWJWaWV3LmNwcDoKKyAgICAgICAgKHdlYmtpdFdlYlZpZXdXaWxsU3RhcnRMb2FkKTogQmxvY2sg dXBkYXRlcyBvZiBhY3RpdmUgVVJMLgorICAgICAgICAod2Via2l0V2ViVmlld0xvYWRDaGFuZ2Vk KTogVW5ibG9jayB1cGRhdGVzIG9mIGFjdGl2ZSBVUkwgb24gV0VCS0lUX0xPQURfU1RBUlRFRC4K KwogMjAxOS0wMy0yMSAgQ2FybG9zIEdhcmNpYSBDYW1wb3MgIDxjZ2FyY2lhQGlnYWxpYS5jb20+ CiAKICAgICAgICAgR2VvbG9jYXRpb24gcmVxdWVzdCBub3QgY29tcGxldGUgd2hlbiB3YXRjaCBy ZXF1ZXN0IHdhcyBzdGFydGVkIGluIGEgZGlmZmVyZW50IHdlYiBwcm9jZXNzCmRpZmYgLS1naXQg YS9Tb3VyY2UvV2ViS2l0L1VJUHJvY2Vzcy9BUEkvZ2xpYi9XZWJLaXRXZWJWaWV3LmNwcCBiL1Nv dXJjZS9XZWJLaXQvVUlQcm9jZXNzL0FQSS9nbGliL1dlYktpdFdlYlZpZXcuY3BwCmluZGV4IDcy MTg1NDU1ZTY4Li5lZjcxMzkwNjMwNiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdC9VSVByb2Nl c3MvQVBJL2dsaWIvV2ViS2l0V2ViVmlldy5jcHAKKysrIGIvU291cmNlL1dlYktpdC9VSVByb2Nl c3MvQVBJL2dsaWIvV2ViS2l0V2ViVmlldy5jcHAKQEAgLTI0Niw2ICsyNDYsNyBAQCBzdHJ1Y3Qg X1dlYktpdFdlYlZpZXdQcml2YXRlIHsKICAgICBDU3RyaW5nIHRpdGxlOwogICAgIENTdHJpbmcg Y3VzdG9tVGV4dEVuY29kaW5nOwogICAgIENTdHJpbmcgYWN0aXZlVVJJOworICAgIGJvb2wgaXNB Y3RpdmVVUklDaGFuZ2VCbG9ja2VkOwogICAgIGJvb2wgaXNMb2FkaW5nOwogICAgIGJvb2wgaXNF cGhlbWVyYWw7CiAgICAgYm9vbCBpc0NvbnRyb2xsZWRCeUF1dG9tYXRpb247CkBAIC0zNTUsMTAg KzM1NiwxNCBAQCBwcml2YXRlOgogCiAgICAgdm9pZCB3aWxsQ2hhbmdlQWN0aXZlVVJMKCkgb3Zl cnJpZGUKICAgICB7CisgICAgICAgIGlmIChtX3dlYlZpZXctPnByaXYtPmlzQWN0aXZlVVJJQ2hh bmdlQmxvY2tlZCkKKyAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgZ19vYmplY3RfZnJlZXpl X25vdGlmeShHX09CSkVDVChtX3dlYlZpZXcpKTsKICAgICB9CiAgICAgdm9pZCBkaWRDaGFuZ2VB Y3RpdmVVUkwoKSBvdmVycmlkZQogICAgIHsKKyAgICAgICAgaWYgKG1fd2ViVmlldy0+cHJpdi0+ aXNBY3RpdmVVUklDaGFuZ2VCbG9ja2VkKQorICAgICAgICAgICAgcmV0dXJuOwogICAgICAgICBt X3dlYlZpZXctPnByaXYtPmFjdGl2ZVVSSSA9IGdldFBhZ2UobV93ZWJWaWV3KS5wYWdlTG9hZFN0 YXRlKCkuYWN0aXZlVVJMKCkudXRmOCgpOwogICAgICAgICBnX29iamVjdF9ub3RpZnkoR19PQkpF Q1QobV93ZWJWaWV3KSwgInVyaSIpOwogICAgICAgICBnX29iamVjdF90aGF3X25vdGlmeShHX09C SkVDVChtX3dlYlZpZXcpKTsKQEAgLTIwNzcsNiArMjA4MiwxNSBAQCBXZWJQYWdlUHJveHkmIHdl YmtpdFdlYlZpZXdHZXRQYWdlKFdlYktpdFdlYlZpZXcqIHdlYlZpZXcpCiAKIHZvaWQgd2Via2l0 V2ViVmlld1dpbGxTdGFydExvYWQoV2ViS2l0V2ViVmlldyogd2ViVmlldykKIHsKKyAgICAvLyBJ Z25vcmUgdGhlIGFjdGl2ZSBVUkkgY2hhbmdlcyBoYXBwZW5pbmcgYmVmb3JlIFdFQktJVF9MT0FE X1NUQVJURUQuIElmIHRoZXkgYXJlIG5vdCB1c2VyLWluaXRpYXRlZCwKKyAgICAvLyB0aGV5IGNv dWxkIGJlIGEgbWFsaWNpb3VzIGF0dGVtcHQgdG8gdHJpY2sgdXNlcnMgYnkgbG9hZGluZyBhbiBp bnZhbGlkIFVSSSBvbiBhIHRydXN0ZWQgaG9zdCwgd2l0aCB0aGUgbG9hZAorICAgIC8vIGludGVu ZGVkIHRvIHN0YWxsLCBvciBwZXJoYXBzIGJlIHJlcGVhdGVkLiBJZiB3ZSB0cnVzdCB0aGUgVVJJ IGhlcmUgYW5kIGRpc3BsYXkgaXQgdG8gdGhlIHVzZXIsIHRoZW4gdGhlIHVzZXIncworICAgIC8v IG9ubHkgaW5kaWNhdGlvbiB0aGF0IHNvbWV0aGluZyBpcyB3cm9uZyB3b3VsZCBiZSBhIHBhZ2Ug bG9hZGluZyBpbmRpY2F0b3IuIElmIHRoZSBsb2FkIHJlcXVlc3QgaXMgbm90CisgICAgLy8gdXNl ci1pbml0aWF0ZWQsIHdlIG11c3Qgbm90IHRydXN0IGl0IHVudGlsIFdFQktJVF9MT0FEX0NPTU1J VFRFRC4gSWYgdGhlIGxvYWQgaXMgdHJpZ2dlcmVkIGJ5IEFQSQorICAgIC8vIHJlcXVlc3QsIHRo ZW4gdGhlIGFjdGl2ZSBVUkkgaXMgYWxyZWFkeSB0aGUgcGVuZGluZyBBUEkgcmVxdWVzdCBVUkws IHNvIHRoZSBibG9ja2luZyBpcyBoYXJtbGVzcyBhbmQgdGhlCisgICAgLy8gY2xpZW50IGFwcGxp Y2F0aW9uIHdpbGwgc3RpbGwgc2VlIHRoZSBVUkkgdXBkYXRlIGltbWVkaWF0ZWx5LiBPdGhlcndp c2UsIHRoZSBVUkkgdXBkYXRlIHdpbGwgYmUgZGVsYXllZCBhIGJpdC4KKyAgICB3ZWJWaWV3LT5w cml2LT5pc0FjdGl2ZVVSSUNoYW5nZUJsb2NrZWQgPSB0cnVlOworCiAgICAgLy8gVGhpcyBpcyBj YWxsZWQgYmVmb3JlIE5hdmlnYXRpb25DbGllbnQ6OmRpZFN0YXJ0UHJvdmlzaW9uYWxOYXZpZ2F0 aW9uKCksIHRoZSBwYWdlIGxvYWQgc3RhdGUgaGFzbid0IGJlZW4gY29tbWl0dGVkIHlldC4KICAg ICBhdXRvJiBwYWdlTG9hZFN0YXRlID0gZ2V0UGFnZSh3ZWJWaWV3KS5wYWdlTG9hZFN0YXRlKCk7 CiAgICAgaWYgKHBhZ2VMb2FkU3RhdGUuaXNGaW5pc2hlZCgpKQpAQCAtMjA5OSwxNSArMjExMywy NCBAQCB2b2lkIHdlYmtpdFdlYlZpZXdMb2FkQ2hhbmdlZChXZWJLaXRXZWJWaWV3KiB3ZWJWaWV3 LCBXZWJLaXRMb2FkRXZlbnQgbG9hZEV2ZW50KQogICAgICAgICB3ZWJraXRXZWJWaWV3Q2FuY2Vs QXV0aGVudGljYXRpb25SZXF1ZXN0KHdlYlZpZXcpOwogICAgICAgICBwcml2LT5sb2FkaW5nUmVz b3VyY2VzTWFwLmNsZWFyKCk7CiAgICAgICAgIHByaXYtPm1haW5SZXNvdXJjZSA9IG51bGxwdHI7 CisgICAgICAgIHdlYlZpZXctPnByaXYtPmlzQWN0aXZlVVJJQ2hhbmdlQmxvY2tlZCA9IGZhbHNl OwogICAgICAgICBicmVhazsKLSNpZiBQTEFURk9STShHVEspCiAgICAgY2FzZSBXRUJLSVRfTE9B RF9DT01NSVRURUQ6IHsKKyAgICAgICAgYXV0byBhY3RpdmVVUkwgPSBnZXRQYWdlKHdlYlZpZXcp LnBhZ2VMb2FkU3RhdGUoKS5hY3RpdmVVUkwoKS51dGY4KCk7CisgICAgICAgIC8vIEFjdGl2ZSBV UkwgaXMgdHJ1c3RlZCBub3csIGlmIGl0J3MgZGlmZmVyZW50IHRvIG91ciBhY3RpdmUgVVJJLCBk dWUgdG8gdGhlCisgICAgICAgIC8vIHVwZGF0ZSBibG9jayBiZWZvcmUgV0VCS0lUX0xPQURfU1RB UlRFRCwgd2UgdXBkYXRlIGl0IGhlcmUgdG8gYmUgaW4gc3luYworICAgICAgICAvLyBhZ2FpbiB3 aXRoIHRoZSBwYWdlIGxvYWQgc3RhdGUuCisgICAgICAgIGlmIChhY3RpdmVVUkwgIT0gcHJpdi0+ YWN0aXZlVVJJKSB7CisgICAgICAgICAgICBwcml2LT5hY3RpdmVVUkkgPSBhY3RpdmVVUkw7Cisg ICAgICAgICAgICBnX29iamVjdF9ub3RpZnkoR19PQkpFQ1Qod2ViVmlldyksICJ1cmkiKTsKKyAg ICAgICAgfQorI2lmIFBMQVRGT1JNKEdUSykKICAgICAgICAgV2ViS2l0RmF2aWNvbkRhdGFiYXNl KiBkYXRhYmFzZSA9IHdlYmtpdF93ZWJfY29udGV4dF9nZXRfZmF2aWNvbl9kYXRhYmFzZShwcml2 LT5jb250ZXh0LmdldCgpKTsKICAgICAgICAgR1VuaXF1ZVB0cjxjaGFyPiBmYXZpY29uVVJJKHdl YmtpdF9mYXZpY29uX2RhdGFiYXNlX2dldF9mYXZpY29uX3VyaShkYXRhYmFzZSwgcHJpdi0+YWN0 aXZlVVJJLmRhdGEoKSkpOwogICAgICAgICB3ZWJraXRXZWJWaWV3VXBkYXRlRmF2aWNvblVSSSh3 ZWJWaWV3LCBmYXZpY29uVVJJLmdldCgpKTsKKyNlbmRpZgogICAgICAgICBicmVhazsKICAgICB9 Ci0jZW5kaWYKICAgICBjYXNlIFdFQktJVF9MT0FEX0ZJTklTSEVEOgogICAgICAgICB3ZWJraXRX ZWJWaWV3Q2FuY2VsQXV0aGVudGljYXRpb25SZXF1ZXN0KHdlYlZpZXcpOwogICAgICAgICBicmVh azsK