From djones@zoonami.com  Wed Nov 20 08:44:16 2002
Return-Path: <djones@zoonami.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 47A0637B401
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 20 Nov 2002 08:44:16 -0800 (PST)
Received: from topcat.zoonami.com (topcat.zoonami.com [193.112.141.198])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7AC2343E77
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 20 Nov 2002 08:44:10 -0800 (PST)
	(envelope-from djones@zoonami.com)
Received: (from djones@localhost)
	by topcat.zoonami.com (8.11.3/8.11.3) id gAKGsFu64032;
	Wed, 20 Nov 2002 16:54:15 GMT
	(envelope-from djones)
Message-Id: <200211201654.gAKGsFu64032@topcat.zoonami.com>
Date: Wed, 20 Nov 2002 16:54:15 GMT
From: David Jones <drj@pobox.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: hexdump core-dumps with certain args [PATCH]
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         45529
>Category:       bin
>Synopsis:       [patch] hexdump(1) core-dumps with certain args
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Nov 20 08:50:01 PST 2002
>Closed-Date:    
>Last-Modified:  Mon Jul 02 20:45:18 UTC 2012
>Originator:     David Jones
>Release:        FreeBSD 4.3-RELEASE i386
>Organization:
>Environment:
System: FreeBSD topcat.zoonami.com 4.3-RELEASE FreeBSD 4.3-RELEASE #0: Thu Nov 1 14:13:13 GMT 2001 root@topcat.zoonami.com:/usr/src/sys/compile/GENERIC i386


>Description:

These bugs exists on FreeBSD 4.3 and also on the version that I checked
out from CVS on 2002-11-19 (ie, the latest version).

As far as I can tell this is valid input (but it core dumps):

$ : problem 1
$ hexdump -e '/1 "\\%03o"'
segmentation violation--core dumped
$ hexdump -e '/1 "\t%03o"'
segmentation violation--core dumped

Also, the following has an erroneous error message:

$ : problem 2
$ hexdump -e '/1 "\%o"'
hexdump: %%: bad conversion character

I don't think the following is a valid format, but it shouldn't dump core
(it's worth testing a couple of variations as they exercise differnt
paths through the code):

$ : problem 3
$ hexdump -e '/1 "%03"'
segmentation violation--core dumped
$ hexdump -e '"%"'
segmentation violation--core dumped

=== Analysis ===

problem 1 and problem 2 are due to bugs in the "escape" routine in
parse.c.  It is supposed to handle backslash escapes but due to buggy
coding doesn't (critically, it doesn't have a default action to copy
characters across, it only copies characters that follow a backslash, or
the final NUL).

problem 3 is due to incorrect string scanning using index in the
routines "size" and "rewrite".

Supplied patches fixes these things.

>How-To-Repeat:
As above, any/all of the following:

$ hexdump -e '"%"'
$ hexdump -e '/1 "%03"'
$ hexdump -e '/1 "\%o"'
$ hexdump -e '/1 "\t%03o"'
$ hexdump -e '/1 "\\%03o"'

>Fix:

diff -ru hexdump-20021119/hexdump.h hexdump/hexdump.h
--- hexdump-20021119/hexdump.h	Wed Sep  4 23:29:01 2002
+++ hexdump/hexdump.h	Wed Nov 20 15:34:33 2002
@@ -86,6 +86,7 @@
 void	 badcnt(char *);
 void	 badconv(char *);
 void	 badfmt(const char *);
+void	 badnulconv(void);
 void	 badsfmt(void);
 void	 bpad(PR *);
 void	 conv_c(PR *, u_char *);
diff -ru hexdump-20021119/parse.c hexdump/parse.c
--- hexdump-20021119/parse.c	Wed Sep  4 23:29:01 2002
+++ hexdump/parse.c	Wed Nov 20 15:55:06 2002
@@ -172,7 +172,7 @@
 			 * skip any special chars -- save precision in
 			 * case it's a %s format.
 			 */
-			while (index(spec + 1, *++fmt));
+			while (index(spec + 1, *++fmt) && *fmt);
 			if (*fmt == '.' && isdigit(*++fmt)) {
 				prec = atoi(fmt);
 				while (isdigit(*++fmt));
@@ -244,10 +244,10 @@
 			if (fu->bcnt) {
 				sokay = USEBCNT;
 				/* Skip to conversion character. */
-				for (++p1; index(spec, *p1); ++p1);
+				for (++p1; index(spec, *p1) && *p1; ++p1);
 			} else {
 				/* Skip any special chars, field width. */
-				while (index(spec + 1, *++p1));
+				while (index(spec + 1, *++p1) && *p1);
 				if (*p1 == '.' && isdigit(*++p1)) {
 					sokay = USEPREC;
 					prec = atoi(p1);
@@ -266,6 +266,9 @@
 			 * padding for end of data.
 			 */
 			switch(cs[0]) {
+			case '\0':
+				badnulconv();
+				/* NOTREACHED */
 			case 'c':
 				pr->flags = F_CHAR;
 				switch(fu->bcnt) {
@@ -451,8 +454,8 @@
 
 	/* alphabetic escape sequences have to be done in place */
 	for (p2 = p1;; ++p1, ++p2) {
+		*p2 = *p1;
 		if (!*p1) {
-			*p2 = *p1;
 			break;
 		}
 		if (*p1 == '\\')
@@ -508,4 +511,10 @@
 badconv(char *ch)
 {
 	errx(1, "%%%s: bad conversion character", ch);
+}
+
+void
+badnulconv(void)
+{
+	errx(1, "expected conversion character after %% specifier");
 }
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->johan 
Responsible-Changed-By: johan 
Responsible-Changed-When: Fri Jul 16 08:04:50 GMT 2004 
Responsible-Changed-Why:  
I will have a look at this. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45529 
State-Changed-From-To: open->feedback 
State-Changed-By: johan 
State-Changed-When: Fri Jul 16 13:46:57 GMT 2004 
State-Changed-Why:  
I can not reproduce the seg faults on -CURRENT. 
I suspect that index(3) has been modified and that  
is the reason why this is not a problem any more. 

Can you please try on a more recent release and see if you 
can reproduce the problem there.	 

Please send a mail to bug-followup@freebsd.org with the subject 
of this mail intact with any info you might have. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=45529 

From: Marc Olzheim <marcolz@stack.nl>
To: bug-followup@freebsd.org
Cc:  
Subject: Re: bin/45529: hexdump core-dumps with certain args [PATCH]
Date: Thu, 19 Aug 2004 12:27:20 +0200

 frontier:/>hexdump -e '%' 
 hexdump: "%": bad format
 (1) frontier:/>hexdump -e '/1 "%03"'
 zsh: segmentation fault (core dumped)  hexdump -e '/1 "%03"'
 (139) frontier:/>hexdump -e '/1 "\%o"'
 hexdump: %%: bad conversion character
 (1) frontier:/>hexdump -e '/1 "\t%03o"'
 zsh: segmentation fault (core dumped)  hexdump -e '/1 "\t%03o"'
 (139) frontier:/>hexdump -e '/1 "\\%03o"'
 zsh: segmentation fault (core dumped)  hexdump -e '/1 "\\%03o"'
 (139) frontier:/>
 
 So: fixed, not fixed, fixed, not fixed, not fixed.
 
 On my amd64:
 hammer:/>hexdump -e '%'
 hexdump: "%": bad format
 (1) hammer:/>hexdump -e '/1 "%03"'
 hexdump: %: bad conversion character
 (1) hammer:/>hexdump -e '/1 "\%o"'
 hexdump: %%: bad conversion character
 (1) hammer:/>hexdump -e '/1 "\t%03o"'
 hexdump: %: bad conversion character
 (1) hammer:/>hexdump -e '/1 "\\%03o"'
 hexdump: %: bad conversion character
 (1) hammer:/>
 
 And here's a fresh and new one that made me look into this bugreport:
 
 frontier:/>hexdump -e '2/1 ""'
 zsh: segmentation fault (core dumped)  hexdump -e '2/1 ""'
 (139) frontier:/>
 
 Marc
State-Changed-From-To: feedback->open 
State-Changed-By: linimon 
State-Changed-When: Sun Oct 23 19:12:22 GMT 2005 
State-Changed-Why:  
Feedback was received some time ago. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45529 
Responsible-Changed-From-To: johan->bugs 
Responsible-Changed-By: johan 
Responsible-Changed-When: Sun Oct 23 19:46:44 GMT 2005 
Responsible-Changed-Why:  
Return this to bugs since it is obvious that I do not  
have time/energy to deal with it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45529 

From: "Garrett Cooper" <yanefbsd@gmail.com>
To: bug-followup@FreeBSD.org, drj@pobox.com
Cc:  
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Fri, 20 Jun 2008 19:31:32 -0700

 This set of bugs with hexdump is fixed in 8-CURRENT:
 
 optimus# /devel/hexdump_regr.pl
 hexdump: "%": bad format
 hexdump: "/1": bad format
 hexdump: "/1": bad format
 hexdump: "/1": bad format
 hexdump: "/1": bad format
 hexdump: "2/1": bad format
 optimus# cat /devel/hexdump_regr.pl
 #!/usr/bin/env perl
 
 @args = (
         '%',
         '/1 "%03"',
         '/1 "\%o"',
         '/1 "\t%03o"',
         '/1 "\\%03o"',
         '2/1 ""'
 );
 
 foreach $arg (@args) {
         system("hexdump -e " . $arg);
 }
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Sat Jun 21 03:18:24 UTC 2008 
State-Changed-Why:  
gcooper notes that this bug no longer appears on -current; I have tested it 
on 6.2 and 7.0 and it no longer appears there, either. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45529 
State-Changed-From-To: closed->open 
State-Changed-By: linimon 
State-Changed-When: Sat Jun 21 06:55:51 UTC 2008 
State-Changed-Why:  
No, apparently it still happens for some users. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45529 

From: "Garrett Cooper" <yanegomi@gmail.com>
To: bug-followup@FreeBSD.org, drj@pobox.com
Cc:  
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Sat, 21 Jun 2008 13:23:03 -0700

 This patch fixes the issue (at least from what I can tell):
     http://yanegomi-fbsd-patches.googlecode.com/files/hexdump_parse_fix_draft1.patch
 
 I also fixed the regression script:
     http://yanegomi-fbsd-patches.googlecode.com/files/hexdump_regr.sh
 
 Cheers,
 -Garrett
 
 Proof:
 
 [gcooper@optimus /devel/ncvs/src/usr.bin/hexdump]$
 /devel/hexdump_regr.sh hexdump
 hexdump -e "%,"
 hexdump: "%,": bad format
 hexdump -e "/1 "%03","
 hexdump: "/1 "%03",": bad format
 hexdump -e "/1 "\%o","
 hexdump: "/1 "\%o",": bad format
 hexdump -e "/1 "\t%03o","
 hexdump: "/1 "\t%03o",": bad format
 hexdump -e "/1 "\\%03o","
 hexdump: "/1 "\\%03o",": bad format
 hexdump -e "2/1 """
 Segmentation fault (core dumped)
 [gcooper@optimus /devel/ncvs/src/usr.bin/hexdump]$
 /devel/hexdump_regr.sh ./hexdump
 ./hexdump -e "%,"
 hexdump: "%,": bad format
 ./hexdump -e "/1 "%03","
 hexdump: "/1 "%03",": bad format
 ./hexdump -e "/1 "\%o","
 hexdump: "/1 "\%o",": bad format
 ./hexdump -e "/1 "\t%03o","
 hexdump: "/1 "\t%03o",": bad format
 ./hexdump -e "/1 "\\%03o","
 hexdump: "/1 "\\%03o",": bad format
 ./hexdump -e "2/1 """
 hexdump: "2/1 """: bad format
Responsible-Changed-From-To: freebsd-bugs->gcooper 
Responsible-Changed-By: gavin 
Responsible-Changed-When: Mon Jun 23 17:52:43 UTC 2008 
Responsible-Changed-Why:  
Give to gcooper who is looking at hexdump 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45529 

From: "Garrett Cooper" <yanegomi@gmail.com>
To: drj <drj@pobox.com>, marcolz@stack.nl
Cc: bug-followup@freebsd.org
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Tue, 23 Dec 2008 01:38:01 -0800

 ------=_Part_53535_11127292.1230025081466
 Content-Type: text/plain; charset=ISO-8859-1
 Content-Transfer-Encoding: 7bit
 Content-Disposition: inline
 
 Hi David and Marc,
     Please try the attached patch -- or alternatively
 <http://pastebin.com/f5548a625>. Be sure to check the MD5 if you use
 pastebin though -- it should be:
 
 MD5 (parse.diff) = bf969fe8de1471ad6e44a0954766d67b
 
 Cheers,
 -Garrett
 
 ------=_Part_53535_11127292.1230025081466
 Content-Type: application/octet-stream; name=parse.diff
 Content-Transfer-Encoding: base64
 X-Attachment-Id: file0
 Content-Disposition: attachment; filename=parse.diff
 
 LS0tIC91c3Ivc3JjL3Vzci5iaW4vaGV4ZHVtcC9wYXJzZS5jCTIwMDgtMTItMDEgMTU6MzI6MDgu
 MDAwMDAwMDAwICswMDAwCisrKyBwYXJzZS5jCTIwMDgtMTItMDEgMTU6NTU6NDAuMDAwMDAwMDAw
 ICswMDAwCkBAIC0xMiw4ICsxMiw4IEBACiAgKiAgICBkb2N1bWVudGF0aW9uIGFuZC9vciBvdGhl
 ciBtYXRlcmlhbHMgcHJvdmlkZWQgd2l0aCB0aGUgZGlzdHJpYnV0aW9uLgogICogMy4gQWxsIGFk
 dmVydGlzaW5nIG1hdGVyaWFscyBtZW50aW9uaW5nIGZlYXR1cmVzIG9yIHVzZSBvZiB0aGlzIHNv
 ZnR3YXJlCiAgKiAgICBtdXN0IGRpc3BsYXkgdGhlIGZvbGxvd2luZyBhY2tub3dsZWRnZW1lbnQ6
 Ci0gKglUaGlzIHByb2R1Y3QgaW5jbHVkZXMgc29mdHdhcmUgZGV2ZWxvcGVkIGJ5IHRoZSBVbml2
 ZXJzaXR5IG9mCi0gKglDYWxpZm9ybmlhLCBCZXJrZWxleSBhbmQgaXRzIGNvbnRyaWJ1dG9ycy4K
 KyAqICAgIFRoaXMgcHJvZHVjdCBpbmNsdWRlcyBzb2Z0d2FyZSBkZXZlbG9wZWQgYnkgdGhlIFVu
 aXZlcnNpdHkgb2YKKyAqICAgIENhbGlmb3JuaWEsIEJlcmtlbGV5IGFuZCBpdHMgY29udHJpYnV0
 b3JzLgogICogNC4gTmVpdGhlciB0aGUgbmFtZSBvZiB0aGUgVW5pdmVyc2l0eSBub3IgdGhlIG5h
 bWVzIG9mIGl0cyBjb250cmlidXRvcnMKICAqICAgIG1heSBiZSB1c2VkIHRvIGVuZG9yc2Ugb3Ig
 cHJvbW90ZSBwcm9kdWN0cyBkZXJpdmVkIGZyb20gdGhpcyBzb2Z0d2FyZQogICogICAgd2l0aG91
 dCBzcGVjaWZpYyBwcmlvciB3cml0dGVuIHBlcm1pc3Npb24uCkBAIC00OSwxMDQgKzQ5LDE4NiBA
 QAogI2luY2x1ZGUgPHN0cmluZy5oPgogI2luY2x1ZGUgImhleGR1bXAuaCIKIAotRlUgKmVuZGZ1
 OwkJCQkJLyogZm9ybWF0IGF0IGVuZC1vZi1kYXRhICovCitGVSAqZW5kZnU7ICAgICAgICAgICAg
 ICAgICAgICAvKiBmb3JtYXQgYXQgZW5kLW9mLWRhdGEgKi8KIAogdm9pZAogYWRkZmlsZShjaGFy
 ICpuYW1lKQogewotCXVuc2lnbmVkIGNoYXIgKnA7Ci0JRklMRSAqZnA7Ci0JaW50IGNoOwotCWNo
 YXIgYnVmWzIwNDggKyAxXTsKLQotCWlmICgoZnAgPSBmb3BlbihuYW1lLCAiciIpKSA9PSBOVUxM
 KQotCQllcnIoMSwgIiVzIiwgbmFtZSk7Ci0Jd2hpbGUgKGZnZXRzKGJ1Ziwgc2l6ZW9mKGJ1Ziks
 IGZwKSkgewotCQlpZiAoIShwID0gaW5kZXgoYnVmLCAnXG4nKSkpIHsKLQkJCXdhcm54KCJsaW5l
 IHRvbyBsb25nIik7Ci0JCQl3aGlsZSAoKGNoID0gZ2V0Y2hhcigpKSAhPSAnXG4nICYmIGNoICE9
 IEVPRik7Ci0JCQljb250aW51ZTsKLQkJfQotCQkqcCA9ICdcMCc7Ci0JCWZvciAocCA9IGJ1Zjsg
 KnAgJiYgaXNzcGFjZSgqcCk7ICsrcCk7Ci0JCWlmICghKnAgfHwgKnAgPT0gJyMnKQotCQkJY29u
 dGludWU7Ci0JCWFkZChwKTsKLQl9Ci0JKHZvaWQpZmNsb3NlKGZwKTsKKyAgICB1bnNpZ25lZCBj
 aGFyICpwOworICAgIEZJTEUgKmZwOworICAgIGludCBjaDsKKyAgICBjaGFyIGJ1ZlsyMDQ4ICsg
 MV07CisKKyAgICBpZiAoKGZwID0gZm9wZW4obmFtZSwgInIiKSkgPT0gTlVMTCkKKyAgICAgICAg
 ZXJyKDEsICIlcyIsIG5hbWUpOworICAgIHdoaWxlIChmZ2V0cyhidWYsIHNpemVvZihidWYpLCBm
 cCkpIHsKKyAgICAgICAgaWYgKChwID0gaW5kZXgoYnVmLCAnXG4nKSkgPT0gTlVMTCkgeworICAg
 ICAgICAgICAgd2FybngoImxpbmUgdG9vIGxvbmciKTsKKyAgICAgICAgICAgIHdoaWxlICgoY2gg
 PSBnZXRjaGFyKCkpICE9ICdcbicgJiYgY2ggIT0gRU9GKTsKKyAgICAgICAgICAgIGNvbnRpbnVl
 OworICAgICAgICB9CisgICAgICAgICpwID0gJ1wwJzsKKyAgICAgICAgZm9yIChwID0gYnVmOyAq
 cCAhPSAnXDAnICYmIGlzc3BhY2UoKnApOyArK3ApOworICAgICAgICBpZiAoKnAgPT0gJ1wwJyB8
 fCAqcCA9PSAnIycpCisgICAgICAgICAgICBjb250aW51ZTsKKyAgICAgICAgYWRkKHApOworICAg
 IH0KKyAgICBmY2xvc2UoZnApOwogfQogCiB2b2lkCiBhZGQoY29uc3QgY2hhciAqZm10KQogewot
 CXVuc2lnbmVkIGNvbnN0IGNoYXIgKnAsICpzYXZlcDsKLQlzdGF0aWMgRlMgKipuZXh0ZnM7Ci0J
 RlMgKnRmczsKLQlGVSAqdGZ1LCAqKm5leHRmdTsKLQotCS8qIHN0YXJ0IG5ldyBsaW5rZWQgbGlz
 dCBvZiBmb3JtYXQgdW5pdHMgKi8KLQlpZiAoKHRmcyA9IGNhbGxvYygxLCBzaXplb2YoRlMpKSkg
 PT0gTlVMTCkKLQkJZXJyKDEsIE5VTEwpOwotCWlmICghZnNoZWFkKQotCQlmc2hlYWQgPSB0ZnM7
 Ci0JZWxzZQotCQkqbmV4dGZzID0gdGZzOwotCW5leHRmcyA9ICZ0ZnMtPm5leHRmczsKLQluZXh0
 ZnUgPSAmdGZzLT5uZXh0ZnU7Ci0KLQkvKiB0YWtlIHRoZSBmb3JtYXQgc3RyaW5nIGFuZCBicmVh
 ayBpdCB1cCBpbnRvIGZvcm1hdCB1bml0cyAqLwotCWZvciAocCA9IGZtdDs7KSB7Ci0JCS8qIHNr
 aXAgbGVhZGluZyB3aGl0ZSBzcGFjZSAqLwotCQlmb3IgKDsgaXNzcGFjZSgqcCk7ICsrcCk7Ci0J
 CWlmICghKnApCi0JCQlicmVhazsKLQotCQkvKiBhbGxvY2F0ZSBhIG5ldyBmb3JtYXQgdW5pdCBh
 bmQgbGluayBpdCBpbiAqLwotCQlpZiAoKHRmdSA9IGNhbGxvYygxLCBzaXplb2YoRlUpKSkgPT0g
 TlVMTCkKLQkJCWVycigxLCBOVUxMKTsKLQkJKm5leHRmdSA9IHRmdTsKLQkJbmV4dGZ1ID0gJnRm
 dS0+bmV4dGZ1OwotCQl0ZnUtPnJlcHMgPSAxOwotCi0JCS8qIGlmIGxlYWRpbmcgZGlnaXQsIHJl
 cGV0aXRpb24gY291bnQgKi8KLQkJaWYgKGlzZGlnaXQoKnApKSB7Ci0JCQlmb3IgKHNhdmVwID0g
 cDsgaXNkaWdpdCgqcCk7ICsrcCk7Ci0JCQlpZiAoIWlzc3BhY2UoKnApICYmICpwICE9ICcvJykK
 LQkJCQliYWRmbXQoZm10KTsKLQkJCS8qIG1heSBvdmVyd3JpdGUgZWl0aGVyIHdoaXRlIHNwYWNl
 IG9yIHNsYXNoICovCi0JCQl0ZnUtPnJlcHMgPSBhdG9pKHNhdmVwKTsKLQkJCXRmdS0+ZmxhZ3Mg
 PSBGX1NFVFJFUDsKLQkJCS8qIHNraXAgdHJhaWxpbmcgd2hpdGUgc3BhY2UgKi8KLQkJCWZvciAo
 KytwOyBpc3NwYWNlKCpwKTsgKytwKTsKLQkJfQotCi0JCS8qIHNraXAgc2xhc2ggYW5kIHRyYWls
 aW5nIHdoaXRlIHNwYWNlICovCi0JCWlmICgqcCA9PSAnLycpCi0JCQl3aGlsZSAoaXNzcGFjZSgq
 KytwKSk7Ci0KLQkJLyogYnl0ZSBjb3VudCAqLwotCQlpZiAoaXNkaWdpdCgqcCkpIHsKLQkJCWZv
 ciAoc2F2ZXAgPSBwOyBpc2RpZ2l0KCpwKTsgKytwKTsKLQkJCWlmICghaXNzcGFjZSgqcCkpCi0J
 CQkJYmFkZm10KGZtdCk7Ci0JCQl0ZnUtPmJjbnQgPSBhdG9pKHNhdmVwKTsKLQkJCS8qIHNraXAg
 dHJhaWxpbmcgd2hpdGUgc3BhY2UgKi8KLQkJCWZvciAoKytwOyBpc3NwYWNlKCpwKTsgKytwKTsK
 LQkJfQotCi0JCS8qIGZvcm1hdCAqLwotCQlpZiAoKnAgIT0gJyInKQotCQkJYmFkZm10KGZtdCk7
 Ci0JCWZvciAoc2F2ZXAgPSArK3A7ICpwICE9ICciJzspCi0JCQlpZiAoKnArKyA9PSAwKQotCQkJ
 CWJhZGZtdChmbXQpOwotCQlpZiAoISh0ZnUtPmZtdCA9IG1hbGxvYyhwIC0gc2F2ZXAgKyAxKSkp
 Ci0JCQllcnIoMSwgTlVMTCk7Ci0JCSh2b2lkKSBzdHJuY3B5KHRmdS0+Zm10LCBzYXZlcCwgcCAt
 IHNhdmVwKTsKLQkJdGZ1LT5mbXRbcCAtIHNhdmVwXSA9ICdcMCc7Ci0JCWVzY2FwZSh0ZnUtPmZt
 dCk7Ci0JCXArKzsKLQl9CisgICAgY2hhciAqcDsKKyAgICBjb25zdCBjaGFyICpzYXZlcDsKKyAg
 ICBzdGF0aWMgRlMgKipuZXh0ZnM7CisgICAgRlMgKnRmczsKKyAgICBGVSAqdGZ1LCAqKm5leHRm
 dTsKKworICAgIC8qIHN0YXJ0IG5ldyBsaW5rZWQgbGlzdCBvZiBmb3JtYXQgdW5pdHMgKi8KKyAg
 ICBpZiAoKHRmcyA9IGNhbGxvYygxLCBzaXplb2YoRlMpKSkgPT0gTlVMTCkKKyAgICAgICAgZXJy
 KDEsIE5VTEwpOworICAgIC8qIFhYWCAoZ2Nvb3Blcik6IE5PVCBNUFNBRkUgLS0gc2VlIGhleGR1
 bXAuYyBmb3IgZnNoZWFkIGRlZmluaXRpb24uICovCisKKyAgICAvKgorICAgICAqIFE6IElzIHRo
 ZSBmb3JtYXQgc3RyaW5nIGhlYWQgZW1wdHk/CisgICAgICoKKyAgICAgKiBBOiBZZXMuCisgICAg
 ICoKKyAgICAgKiBYWFggKGdjb29wZXIpOiBUSElTIElTIE5PVCBNUFNBRkUgLS0gc2VlIGhleGR1
 bXAuYyBmb3IgZnNoZWFkCisgICAgICogZGVmaW5pdGlvbi4KKyAgICAgKgorICAgICAqLworICAg
 IGlmIChmc2hlYWQgPT0gTlVMTCkgeworICAgICAgICBmc2hlYWQgPSB0ZnM7CisgICAgfQorICAg
 IC8qIEE6IE5vLiAqLworICAgIGVsc2UgeworICAgICAgICAqbmV4dGZzID0gdGZzOworICAgIH0K
 KyAgICBuZXh0ZnMgPSAmdGZzLT5uZXh0ZnM7CisgICAgbmV4dGZ1ID0gJnRmcy0+bmV4dGZ1Owor
 CisgICAgcCA9IHN0cmR1cChmbXQpOworCisgICAgeworCisgICAgICAgIGludCBpOworCisgICAg
 ICAgIC8qIENsaXAgb2ZmIGFsbCB0YWlsaW5nIHdoaXRlc3BhY2UuICovCisgICAgICAgIGZvciAo
 aSA9IHN0cmxlbihwKS0xOyBpc3NwYWNlKCoocCtpKSkgJiYgMCA8IGk7IGktLSkgeworICAgICAg
 ICAgICAgKihwK2kpID0gJ1wwJzsKKyAgICAgICAgfQorCisgICAgfQorCisgICAgLyogV2hpdGVz
 cGFjZSBvbmx5PyBObyBkaWNlISAqLworICAgIGlmIChzdHJsZW4ocCkgPCA0KSB7CisgICAgICAg
 IGJhZGZtdChmbXQpOworICAgIH0KKworICAgIC8qIHRha2UgdGhlIGZvcm1hdCBzdHJpbmcgYW5k
 IGJyZWFrIGl0IHVwIGludG8gZm9ybWF0IHVuaXRzICovCisgICAgZm9yICggOyAqcCAhPSAnXDAn
 OyBwKyspIHsKKworICAgICAgICAvKiBTa2lwIGxlYWRpbmcgd2hpdGUgc3BhY2UgKi8KKyAgICAg
 ICAgZm9yICg7IGlzc3BhY2UoKnApOyBwKyspIDsKKworICAgICAgICAvKiBBbGxvY2F0ZSBhIG5l
 dyBmb3JtYXQgdW5pdCBhbmQgbGluayBpdCBpbiAqLworICAgICAgICBpZiAoKHRmdSA9IGNhbGxv
 YygxLCBzaXplb2YoRlUpKSkgPT0gTlVMTCkgeworICAgICAgICAgICAgZXJyKDEsIE5VTEwpOwor
 ICAgICAgICB9CisgICAgICAgICpuZXh0ZnUgPSB0ZnU7CisgICAgICAgIG5leHRmdSA9ICZ0ZnUt
 Pm5leHRmdTsKKyAgICAgICAgdGZ1LT5yZXBzID0gMTsKKworICAgICAgICAvKgorICAgICAgICAg
 KiBJZiB0aGVyZSdzIGEgbGVhZGluZyBkaWdpdCwgaXQncyB0aGUgcmVwZXRpdGlvbiBjb3VudCAo
 YXMKKyAgICAgICAgICogZG9jdW1lbnRlZCBpbiB0aGUgbWFucGFnZSkuCisgICAgICAgICAqLwor
 ICAgICAgICBpZiAoaXNkaWdpdCgqcCkpIHsKKworICAgICAgICAgICAgLyogU2tpcCBkaWdpdHMu
 ICovCisgICAgICAgICAgICBmb3IgKHNhdmVwID0gcDsgaXNkaWdpdCgqcCk7IHArKykgOworCisg
 ICAgICAgICAgICAvKiBSZXBldGl0aW9uIGNvdW50cyBjYW4ndCBnbyB3aXRob3V0IGEgc2VwYXJh
 dG9yLiAqLworICAgICAgICAgICAgaWYgKCFpc3NwYWNlKCpwKSAmJiAqcCAhPSAnLycpCisgICAg
 ICAgICAgICAgICAgYmFkZm10KGZtdCk7CisgICAgICAgICAgICAvKiBtYXkgb3ZlcndyaXRlIGVp
 dGhlciB3aGl0ZSBzcGFjZSBvciBzbGFzaCAqLworICAgICAgICAgICAgdGZ1LT5yZXBzID0gYXRv
 aShzYXZlcCk7CisgICAgICAgICAgICB0ZnUtPmZsYWdzID0gRl9TRVRSRVA7CisKKyAgICAgICAg
 ICAgIC8qIFNraXAgdHJhaWxpbmcgd2hpdGUgc3BhY2UgKi8KKyAgICAgICAgICAgIGZvciAocCsr
 OyBpc3NwYWNlKCpwKTsgcCsrKSA7CisKKyAgICAgICAgfQorCisgICAgICAgIC8qCisgICAgICAg
 ICAqIFNraXAgc2xhc2ggYW5kIFtwb3RlbnRpYWxdIHRyYWlsaW5nIHdoaXRlIHNwYWNlLCBiZWZv
 cmUgdGhlIGZvcm1hdAorICAgICAgICAgKiBzdHJpbmcuCisgICAgICAgICAqLworICAgICAgICBp
 ZiAoKnAgPT0gJy8nKSB7CisgICAgICAgICAgICBmb3IgKHArKzsgaXNzcGFjZSgqcCkgJiYgKnAg
 IT0gJ1wwJzsgcCsrKSA7CisgICAgICAgIH0KKworICAgICAgICAvKiBXZSBoYXZlIGEgYnl0ZSBj
 b3VudCB0byBwYXJzZSEgKi8KKyAgICAgICAgaWYgKGlzZGlnaXQoKnApKSB7CisKKyAgICAgICAg
 ICAgIC8qIFNraXAgdGhlIGJ5dGUgY291bnQgZGlnaXRzLiAqLworICAgICAgICAgICAgZm9yIChz
 YXZlcCA9IHA7IGlzZGlnaXQoKnApOyBwKyspIDsKKworICAgICAgICAgICAgLyoKKyAgICAgICAg
 ICAgICAqIE9vcHMgLS0gdGhlcmUgc2hvdWxkIGJlIGEgc3BhY2UgaGVyZSBDaGFybGllIQorICAg
 ICAgICAgICAgICogCisgICAgICAgICAgICAgKiBEb2Vzbid0IG1ha2Ugc2Vuc2UgZm9yIHRoZXJl
 IHRvIGJlIGEgZm9ybWF0IHNldCBsaWtlOgorICAgICAgICAgICAgICoKKyAgICAgICAgICAgICAq
 IGAxLzJkZWFkYmVlZicKKyAgICAgICAgICAgICAqCisgICAgICAgICAgICAgKi8KKyAgICAgICAg
 ICAgIGlmICghaXNzcGFjZSgqcCkpIHsKKyAgICAgICAgICAgICAgICBiYWRmbXQoZm10KTsKKyAg
 ICAgICAgICAgIH0KKworICAgICAgICAgICAgLyogR3JhYiB0aGUgYnl0ZWNvdW50ICovCisgICAg
 ICAgICAgICB0ZnUtPmJjbnQgPSBhdG9pKHNhdmVwKTsKKworICAgICAgICAgICAgLyogU2tpcCB0
 cmFpbGluZyB3aGl0ZSBzcGFjZSAqLworICAgICAgICAgICAgZm9yIChwKys7IGlzc3BhY2UoKnAp
 OyBwKyspIDsKKworICAgICAgICB9CisKKyAgICAgICAgLyoKKyAgICAgICAgICogRm9ybWF0IHN0
 cmluZyBzdGFydHMgaGVyZS4KKyAgICAgICAgICovCisgICAgICAgIGlmICgqcCAhPSAnIicpIHsK
 KyAgICAgICAgICAgIGJhZGZtdChmbXQpOworICAgICAgICB9CisKKyAgICAgICAgcCsrOworCisg
 ICAgICAgIC8qIFRoaXMgbWFya3MgdGhlIGVuZCBvZiB0aGUgZm9ybWF0IHN0cmluZy4gKi8KKyAg
 ICAgICAgZm9yIChzYXZlcCA9IHA7ICpwICE9ICdcMCcgJiYgKnAgIT0gJyInOyBwKyspIDsKKwor
 ICAgICAgICBpZiAocCA9PSAnXDAnKSB7CisgICAgICAgICAgICBiYWRmbXQoZm10KTsKKyAgICAg
 ICAgfQorCisgICAgICAgIC8qIEF2b2lkIHN0cmluZ3Mgb2YgdGhlIGZvcm06ICIiICh6ZXJvLWxl
 bmd0aCBzdHJpbmdzKS4gKi8KKyAgICAgICAgaWYgKCAocCAtIHNhdmVwKSA8PSAwICkgeworICAg
 ICAgICAgICAgYmFkZm10KGZtdCk7CisgICAgICAgIH0KKworICAgICAgICAvKiBTYXZlIHRoZSBm
 b3JtYXQgc3RyaW5nLiAqLworICAgICAgICBpZiAoICh0ZnUtPmZtdCA9IG1hbGxvYyhwLXNhdmVw
 ICsgMSkpID09IE5VTEwgKQorICAgICAgICAgICAgZXJyKDEsICJDb3VsZG4ndCBhbGxvY2F0ZSBt
 ZW1vcnkgZm9yIG5leHQgZm9ybWF0IHN0cmluZy4iKTsKKyAgICAgICAgc3RybmNweSh0ZnUtPmZt
 dCwgc2F2ZXAsIHAtc2F2ZXApOworICAgICAgICB0ZnUtPmZtdFtwLXNhdmVwXSA9ICdcMCc7Cisg
 ICAgICAgIGVzY2FwZSh0ZnUtPmZtdCk7CisKKyAgICB9CisKKyAgICAvKiBEb25lIHdpdGggdGhl
 IHN0cmR1cCdlZCBwb2ludGVyLiAqLworICAgIGZyZWUocCk7CisKIH0KIAogc3RhdGljIGNvbnN0
 IGNoYXIgKnNwZWMgPSAiLiMtKyAwMTIzNDU2Nzg5IjsKQEAgLTE1NCwzNjQgKzIzNiw0MjEgQEAK
 IGludAogc2l6ZShGUyAqZnMpCiB7Ci0JRlUgKmZ1OwotCWludCBiY250LCBjdXJzaXplOwotCXVu
 c2lnbmVkIGNoYXIgKmZtdDsKLQlpbnQgcHJlYzsKLQotCS8qIGZpZ3VyZSBvdXQgdGhlIGRhdGEg
 YmxvY2sgc2l6ZSBuZWVkZWQgZm9yIGVhY2ggZm9ybWF0IHVuaXQgKi8KLQlmb3IgKGN1cnNpemUg
 PSAwLCBmdSA9IGZzLT5uZXh0ZnU7IGZ1OyBmdSA9IGZ1LT5uZXh0ZnUpIHsKLQkJaWYgKGZ1LT5i
 Y250KSB7Ci0JCQljdXJzaXplICs9IGZ1LT5iY250ICogZnUtPnJlcHM7Ci0JCQljb250aW51ZTsK
 LQkJfQotCQlmb3IgKGJjbnQgPSBwcmVjID0gMCwgZm10ID0gZnUtPmZtdDsgKmZtdDsgKytmbXQp
 IHsKLQkJCWlmICgqZm10ICE9ICclJykKLQkJCQljb250aW51ZTsKLQkJCS8qCi0JCQkgKiBza2lw
 IGFueSBzcGVjaWFsIGNoYXJzIC0tIHNhdmUgcHJlY2lzaW9uIGluCi0JCQkgKiBjYXNlIGl0J3Mg
 YSAlcyBmb3JtYXQuCi0JCQkgKi8KLQkJCXdoaWxlIChpbmRleChzcGVjICsgMSwgKisrZm10KSAm
 JiAqZm10ICE9IE5VTEwpOwotCQkJaWYgKCpmbXQgPT0gJy4nICYmIGlzZGlnaXQoKisrZm10KSkg
 ewotCQkJCXByZWMgPSBhdG9pKGZtdCk7Ci0JCQkJd2hpbGUgKGlzZGlnaXQoKisrZm10KSk7Ci0J
 CQl9Ci0JCQlzd2l0Y2goKmZtdCkgewotCQkJY2FzZSAnYyc6Ci0JCQkJYmNudCArPSAxOwotCQkJ
 CWJyZWFrOwotCQkJY2FzZSAnZCc6IGNhc2UgJ2knOiBjYXNlICdvJzogY2FzZSAndSc6Ci0JCQlj
 YXNlICd4JzogY2FzZSAnWCc6Ci0JCQkJYmNudCArPSA0OwotCQkJCWJyZWFrOwotCQkJY2FzZSAn
 ZSc6IGNhc2UgJ0UnOiBjYXNlICdmJzogY2FzZSAnZyc6IGNhc2UgJ0cnOgotCQkJCWJjbnQgKz0g
 ODsKLQkJCQlicmVhazsKLQkJCWNhc2UgJ3MnOgotCQkJCWJjbnQgKz0gcHJlYzsKLQkJCQlicmVh
 azsKLQkJCWNhc2UgJ18nOgotCQkJCXN3aXRjaCgqKytmbXQpIHsKLQkJCQljYXNlICdjJzogY2Fz
 ZSAncCc6IGNhc2UgJ3UnOgotCQkJCQliY250ICs9IDE7Ci0JCQkJCWJyZWFrOwotCQkJCX0KLQkJ
 CX0KLQkJfQotCQljdXJzaXplICs9IGJjbnQgKiBmdS0+cmVwczsKLQl9Ci0JcmV0dXJuIChjdXJz
 aXplKTsKKyAgICBGVSAqZnU7CisgICAgaW50IGJjbnQsIGN1cnNpemU7CisgICAgdW5zaWduZWQg
 Y2hhciAqZm10OworICAgIGludCBwcmVjOworCisgICAgLyogRmlndXJlIG91dCB0aGUgZGF0YSBi
 bG9jayBzaXplIG5lZWRlZCBmb3IgZWFjaCBmb3JtYXQgdW5pdCAqLworICAgIGZvciAoY3Vyc2l6
 ZSA9IDAsIGZ1ID0gZnMtPm5leHRmdTsgZnU7IGZ1ID0gZnUtPm5leHRmdSkgeworICAgICAgICBp
 ZiAoZnUtPmJjbnQpIHsKKyAgICAgICAgICAgIGN1cnNpemUgKz0gZnUtPmJjbnQgKiBmdS0+cmVw
 czsKKyAgICAgICAgICAgIGNvbnRpbnVlOworICAgICAgICB9CisgICAgICAgIGZvciAoYmNudCA9
 IHByZWMgPSAwLCBmbXQgPSBmdS0+Zm10OyAqZm10OyArK2ZtdCkgeworCisgICAgICAgICAgICAv
 KiBTa2lwIGVzY2FwZWQgJSdzLiAqLworICAgICAgICAgICAgaWYgKCpmbXQgIT0gJyUnKQorICAg
 ICAgICAgICAgICAgIGNvbnRpbnVlOworCisgICAgICAgICAgICAvKgorICAgICAgICAgICAgICog
 U2tpcCBhbnkgc3BlY2lhbCBjaGFyczsgc2F2ZSBwcmVjaXNpb24gaW4gY2FzZSBpdCdzIGEgJXMg
 Zm9ybWF0LgorICAgICAgICAgICAgICovCisgICAgICAgICAgICBmb3IgKGZtdCsrOyBpbmRleChz
 cGVjKzEsICpmbXQpICE9IE5VTEwgJiYgKmZtdCAhPSAnXDAnOyBmbXQrKykgOworCisgICAgICAg
 ICAgICBpZiAoKmZtdCA9PSAnLicgJiYgaXNkaWdpdCgqKytmbXQpKSB7CisgICAgICAgICAgICAg
 ICAgcHJlYyA9IGF0b2koZm10KTsKKyAgICAgICAgICAgICAgICB3aGlsZSAoaXNkaWdpdCgqKytm
 bXQpKTsKKyAgICAgICAgICAgIH0KKyAgICAgICAgICAgIHN3aXRjaCgqZm10KSB7CisgICAgICAg
 ICAgICBjYXNlICdjJzoKKyAgICAgICAgICAgICAgICBiY250ICs9IHNpemVvZihjaGFyKTsKKyAg
 ICAgICAgICAgICAgICBicmVhazsKKyAgICAgICAgICAgIGNhc2UgJ2QnOgorICAgICAgICAgICAg
 Y2FzZSAnaSc6CisgICAgICAgICAgICBjYXNlICdvJzoKKyAgICAgICAgICAgIGNhc2UgJ3UnOgor
 ICAgICAgICAgICAgY2FzZSAneCc6CisgICAgICAgICAgICBjYXNlICdYJzoKKyAgICAgICAgICAg
 ICAgICBiY250ICs9IHNpemVvZihpbnQpOworICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAg
 ICAgICAgY2FzZSAnZSc6CisgICAgICAgICAgICBjYXNlICdFJzoKKyAgICAgICAgICAgIGNhc2Ug
 J2YnOgorICAgICAgICAgICAgY2FzZSAnZyc6CisgICAgICAgICAgICBjYXNlICdHJzoKKyAgICAg
 ICAgICAgICAgICBiY250ICs9IHNpemVvZihkb3VibGUpOworICAgICAgICAgICAgICAgIGJyZWFr
 OworICAgICAgICAgICAgY2FzZSAncyc6CisgICAgICAgICAgICAgICAgYmNudCArPSBwcmVjOwor
 ICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAgICAgY2FzZSAnXyc6CisgICAgICAgICAg
 ICAgICAgc3dpdGNoKCorK2ZtdCkgeworICAgICAgICAgICAgICAgIGNhc2UgJ2MnOgorICAgICAg
 ICAgICAgICAgIGNhc2UgJ3AnOgorICAgICAgICAgICAgICAgIGNhc2UgJ3UnOgorICAgICAgICAg
 ICAgICAgICAgICBiY250ICs9IHNpemVvZihjaGFyKTsKKyAgICAgICAgICAgICAgICAgICAgYnJl
 YWs7CisgICAgICAgICAgICAgICAgfQorCisgICAgICAgICAgICB9CisKKyAgICAgICAgfQorCisg
 ICAgICAgIGN1cnNpemUgKz0gYmNudCAqIGZ1LT5yZXBzOworICAgIH0KKworICAgIHJldHVybiBj
 dXJzaXplOworCiB9CiAKIHZvaWQKIHJld3JpdGUoRlMgKmZzKQogewotCWVudW0geyBOT1RPS0FZ
 LCBVU0VCQ05ULCBVU0VQUkVDIH0gc29rYXk7Ci0JUFIgKnByLCAqKm5leHRwcjsKLQlGVSAqZnU7
 Ci0JdW5zaWduZWQgY2hhciAqcDEsICpwMiwgKmZtdHA7Ci0JY2hhciBzYXZlY2gsIGNzWzNdOwot
 CWludCBuY29udiwgcHJlYzsKLQlzaXplX3QgbGVuOwotCi0JbmV4dHByID0gTlVMTDsKLQlwcmVj
 ID0gMDsKLQotICAgICAgICBtZW1zZXQoY3MsIDAsIHNpemVvZihjcykpOwotCi0JZm9yIChmdSA9
 IGZzLT5uZXh0ZnU7IGZ1OyBmdSA9IGZ1LT5uZXh0ZnUpIHsKLQkJLyoKLQkJICogQnJlYWsgZWFj
 aCBmb3JtYXQgdW5pdCBpbnRvIHByaW50IHVuaXRzOyBlYWNoIGNvbnZlcnNpb24KLQkJICogY2hh
 cmFjdGVyIGdldHMgaXRzIG93bi4KLQkJICovCi0JCWZvciAobmNvbnYgPSAwLCBmbXRwID0gZnUt
 PmZtdDsgKmZtdHA7IG5leHRwciA9ICZwci0+bmV4dHByKSB7Ci0JCQlpZiAoKHByID0gY2FsbG9j
 KDEsIHNpemVvZihQUikpKSA9PSBOVUxMKQotCQkJCWVycigxLCBOVUxMKTsKLQkJCWlmICghZnUt
 Pm5leHRwcikKLQkJCQlmdS0+bmV4dHByID0gcHI7Ci0JCQllbHNlCi0JCQkJKm5leHRwciA9IHBy
 OwotCi0JCQkvKiBTa2lwIHByZWNlZGluZyB0ZXh0IGFuZCB1cCB0byB0aGUgbmV4dCAlIHNpZ24u
 ICovCi0JCQlmb3IgKHAxID0gZm10cDsgKnAxICYmICpwMSAhPSAnJSc7ICsrcDEpOwotCi0JCQkv
 KiBPbmx5IHRleHQgaW4gdGhlIHN0cmluZy4gKi8KLQkJCWlmICghKnAxKSB7Ci0JCQkJcHItPmZt
 dCA9IGZtdHA7Ci0JCQkJcHItPmZsYWdzID0gRl9URVhUOwotCQkJCWJyZWFrOwotCQkJfQotCi0J
 CQkvKgotCQkJICogR2V0IHByZWNpc2lvbiBmb3IgJXMgLS0gaWYgaGF2ZSBhIGJ5dGUgY291bnQs
 IGRvbid0Ci0JCQkgKiBuZWVkIGl0LgotCQkJICovCi0JCQlpZiAoZnUtPmJjbnQpIHsKLQkJCQlz
 b2theSA9IFVTRUJDTlQ7Ci0JCQkJLyogU2tpcCB0byBjb252ZXJzaW9uIGNoYXJhY3Rlci4gKi8K
 LQkJCQlmb3IgKCsrcDE7IGluZGV4KHNwZWMsICpwMSk7ICsrcDEpOwotCQkJfSBlbHNlIHsKLQkJ
 CQkvKiBTa2lwIGFueSBzcGVjaWFsIGNoYXJzLCBmaWVsZCB3aWR0aC4gKi8KLQkJCQl3aGlsZSAo
 aW5kZXgoc3BlYyArIDEsICorK3AxKSk7Ci0JCQkJaWYgKCpwMSA9PSAnLicgJiYgaXNkaWdpdCgq
 KytwMSkpIHsKLQkJCQkJc29rYXkgPSBVU0VQUkVDOwotCQkJCQlwcmVjID0gYXRvaShwMSk7Ci0J
 CQkJCXdoaWxlIChpc2RpZ2l0KCorK3AxKSk7Ci0JCQkJfSBlbHNlCi0JCQkJCXNva2F5ID0gTk9U
 T0tBWTsKLQkJCX0KLQotCQkJcDIgPSBwMSArIDE7CQkvKiBTZXQgZW5kIHBvaW50ZXIuICovCi0J
 CQljc1swXSA9ICpwMTsJCS8qIFNldCBjb252ZXJzaW9uIHN0cmluZy4gKi8KLQkJCWNzWzFdID0g
 J1wwJzsKLQotCQkJLyoKLQkJCSAqIEZpZ3VyZSBvdXQgdGhlIGJ5dGUgY291bnQgZm9yIGVhY2gg
 Y29udmVyc2lvbjsKLQkJCSAqIHJld3JpdGUgdGhlIGZvcm1hdCBhcyBuZWNlc3NhcnksIHNldCB1
 cCBibGFuay0KLQkJCSAqIHBhZGRpbmcgZm9yIGVuZCBvZiBkYXRhLgotCQkJICovCi0JCQlzd2l0
 Y2goY3NbMF0pIHsKLQkJCWNhc2UgJ2MnOgotCQkJCXByLT5mbGFncyA9IEZfQ0hBUjsKLQkJCQlz
 d2l0Y2goZnUtPmJjbnQpIHsKLQkJCQljYXNlIDA6IGNhc2UgMToKLQkJCQkJcHItPmJjbnQgPSAx
 OwotCQkJCQlicmVhazsKLQkJCQlkZWZhdWx0OgotCQkJCQlwMVsxXSA9ICdcMCc7Ci0JCQkJCWJh
 ZGNudChwMSk7Ci0JCQkJfQotCQkJCWJyZWFrOwotCQkJY2FzZSAnZCc6IGNhc2UgJ2knOgotCQkJ
 CXByLT5mbGFncyA9IEZfSU5UOwotCQkJCWdvdG8gaXNpbnQ7Ci0JCQljYXNlICdvJzogY2FzZSAn
 dSc6IGNhc2UgJ3gnOiBjYXNlICdYJzoKLQkJCQlwci0+ZmxhZ3MgPSBGX1VJTlQ7Ci1pc2ludDoJ
 CQkJLyogY3NbMl0gPSAnXDAnOyAqLwotCQkJCWNzWzFdID0gY3NbMF07Ci0JCQkJY3NbMF0gPSAn
 cSc7Ci0JCQkJc3dpdGNoKGZ1LT5iY250KSB7Ci0JCQkJY2FzZSAwOiBjYXNlIDQ6Ci0JCQkJCXBy
 LT5iY250ID0gNDsKLQkJCQkJYnJlYWs7Ci0JCQkJY2FzZSAxOgotCQkJCQlwci0+YmNudCA9IDE7
 Ci0JCQkJCWJyZWFrOwotCQkJCWNhc2UgMjoKLQkJCQkJcHItPmJjbnQgPSAyOwotCQkJCQlicmVh
 azsKLQkJCQlkZWZhdWx0OgotCQkJCQlwMVsxXSA9ICdcMCc7Ci0JCQkJCWJhZGNudChwMSk7Ci0J
 CQkJfQotCQkJCWJyZWFrOwotCQkJY2FzZSAnZSc6IGNhc2UgJ0UnOiBjYXNlICdmJzogY2FzZSAn
 Zyc6IGNhc2UgJ0cnOgotCQkJCXByLT5mbGFncyA9IEZfREJMOwotCQkJCXN3aXRjaChmdS0+YmNu
 dCkgewotCQkJCWNhc2UgMDogY2FzZSA4OgotCQkJCQlwci0+YmNudCA9IDg7Ci0JCQkJCWJyZWFr
 OwotCQkJCWNhc2UgNDoKLQkJCQkJcHItPmJjbnQgPSA0OwotCQkJCQlicmVhazsKLQkJCQlkZWZh
 dWx0OgotCQkJCQlpZiAoZnUtPmJjbnQgPT0gc2l6ZW9mKGxvbmcgZG91YmxlKSkgewotCQkJCQkJ
 LyogY3NbMl0gPSAnXDAnOyAqLwotCQkJCQkJY3NbMV0gPSBjc1swXTsKLQkJCQkJCWNzWzBdID0g
 J0wnOwotCQkJCQkJcHItPmJjbnQgPSBzaXplb2YobG9uZyBkb3VibGUpOwotCQkJCQl9IGVsc2Ug
 ewotCQkJCQkJcDFbMV0gPSAnXDAnOwotCQkJCQkJYmFkY250KHAxKTsKLQkJCQkJfQotCQkJCX0K
 LQkJCQlicmVhazsKLQkJCWNhc2UgJ3MnOgotCQkJCXByLT5mbGFncyA9IEZfU1RSOwotCQkJCXN3
 aXRjaChzb2theSkgewotCQkJCWNhc2UgTk9UT0tBWToKLQkJCQkJYmFkc2ZtdCgpOwotCQkJCWNh
 c2UgVVNFQkNOVDoKLQkJCQkJcHItPmJjbnQgPSBmdS0+YmNudDsKLQkJCQkJYnJlYWs7Ci0JCQkJ
 Y2FzZSBVU0VQUkVDOgotCQkJCQlwci0+YmNudCA9IHByZWM7Ci0JCQkJCWJyZWFrOwotCQkJCX0K
 LQkJCQlicmVhazsKLQkJCWNhc2UgJ18nOgotCQkJCXAyKys7Ci0JCQkJc3dpdGNoKHAxWzFdKSB7
 Ci0JCQkJY2FzZSAnQSc6Ci0JCQkJCWVuZGZ1ID0gZnU7Ci0JCQkJCWZ1LT5mbGFncyB8PSBGX0lH
 Tk9SRTsKLQkJCQkJLyogRkFMTFRIUk9VR0ggKi8KLQkJCQljYXNlICdhJzoKLQkJCQkJcHItPmZs
 YWdzID0gRl9BRERSRVNTOwotCQkJCQkrK3AyOwotCQkJCQlzd2l0Y2gocDFbMl0pIHsKLQkJCQkJ
 Y2FzZSAnZCc6IGNhc2UgJ28nOiBjYXNlJ3gnOgotCQkJCQkJY3NbMF0gPSAncSc7Ci0JCQkJCQlj
 c1sxXSA9IHAxWzJdOwotCQkJCQkJY3NbMl0gPSAnXDAnOwotCQkJCQkJYnJlYWs7Ci0JCQkJCWRl
 ZmF1bHQ6Ci0JCQkJCQlwMVszXSA9ICdcMCc7Ci0JCQkJCQliYWRjb252KHAxKTsKLQkJCQkJfQot
 CQkJCQlicmVhazsKLQkJCQljYXNlICdjJzoKLQkJCQkJcHItPmZsYWdzID0gRl9DOwotCQkJCQkv
 KiBjc1swXSA9ICdjJzsJc2V0IGluIGNvbnZfYyAqLwotCQkJCQlnb3RvIGlzaW50MjsKLQkJCQlj
 YXNlICdwJzoKLQkJCQkJcHItPmZsYWdzID0gRl9QOwotCQkJCQljc1swXSA9ICdjJzsKLQkJCQkJ
 Z290byBpc2ludDI7Ci0JCQkJY2FzZSAndSc6Ci0JCQkJCXByLT5mbGFncyA9IEZfVTsKLQkJCQkJ
 LyogY3NbMF0gPSAnYyc7CXNldCBpbiBjb252X3UgKi8KLWlzaW50MjoJCQkJCXN3aXRjaChmdS0+
 YmNudCkgewotCQkJCQljYXNlIDA6IGNhc2UgMToKLQkJCQkJCXByLT5iY250ID0gMTsKLQkJCQkJ
 CWJyZWFrOwotCQkJCQlkZWZhdWx0OgotCQkJCQkJcDFbMl0gPSAnXDAnOwotCQkJCQkJYmFkY250
 KHAxKTsKLQkJCQkJfQotCQkJCQlicmVhazsKLQkJCQlkZWZhdWx0OgotCQkJCQlwMVsyXSA9ICdc
 MCc7Ci0JCQkJCWJhZGNvbnYocDEpOwotCQkJCX0KLQkJCQlicmVhazsKLQkJCWRlZmF1bHQ6Ci0J
 CQkJcDFbMV0gPSAnXDAnOwotCQkJCWJhZGNvbnYocDEpOwotCQkJfQotCi0JCQkvKgotCQkJICog
 Q29weSB0byBQUiBmb3JtYXQgc3RyaW5nLCBzZXQgY29udmVyc2lvbiBjaGFyYWN0ZXIKLQkJCSAq
 IHBvaW50ZXIsIHVwZGF0ZSBvcmlnaW5hbC4KLQkJCSAqLwotCQkJc2F2ZWNoID0gKnAyOwotCQkJ
 cDFbMF0gPSAnXDAnOwotCQkJbGVuID0gc3RybGVuKGZtdHApICsgc3RybGVuKGNzKSArIDE7Ci0J
 CQlpZiAoKHByLT5mbXQgPSBjYWxsb2MoMSwgbGVuKSkgPT0gTlVMTCkKLQkJCQllcnIoMSwgTlVM
 TCk7Ci0JCQlzbnByaW50Zihwci0+Zm10LCBsZW4sICIlcyVzIiwgZm10cCwgY3MpOwotCQkJKnAy
 ID0gc2F2ZWNoOwotCQkJcHItPmNjaGFyID0gcHItPmZtdCArIChwMSAtIGZtdHApOwotCQkJZm10
 cCA9IHAyOwotCi0JCQkvKiBPbmx5IG9uZSBjb252ZXJzaW9uIGNoYXJhY3RlciBpZiBieXRlIGNv
 dW50LiAqLwotCQkJaWYgKCEocHItPmZsYWdzJkZfQUREUkVTUykgJiYgZnUtPmJjbnQgJiYgbmNv
 bnYrKykKLQkgICAgZXJyeCgxLCAiYnl0ZSBjb3VudCB3aXRoIG11bHRpcGxlIGNvbnZlcnNpb24g
 Y2hhcmFjdGVycyIpOwotCQl9Ci0JCS8qCi0JCSAqIElmIGZvcm1hdCB1bml0IGJ5dGUgY291bnQg
 bm90IHNwZWNpZmllZCwgZmlndXJlIGl0IG91dAotCQkgKiBzbyBjYW4gYWRqdXN0IHJlcCBjb3Vu
 dCBsYXRlci4KLQkJICovCi0JCWlmICghZnUtPmJjbnQpCi0JCQlmb3IgKHByID0gZnUtPm5leHRw
 cjsgcHI7IHByID0gcHItPm5leHRwcikKLQkJCQlmdS0+YmNudCArPSBwci0+YmNudDsKLQl9Ci0J
 LyoKLQkgKiBJZiB0aGUgZm9ybWF0IHN0cmluZyBpbnRlcnByZXRzIGFueSBkYXRhIGF0IGFsbCwg
 YW5kIGl0J3MKLQkgKiBub3QgdGhlIHNhbWUgYXMgdGhlIGJsb2Nrc2l6ZSwgYW5kIGl0cyBsYXN0
 IGZvcm1hdCB1bml0Ci0JICogaW50ZXJwcmV0cyBhbnkgZGF0YSBhdCBhbGwsIGFuZCBoYXMgbm8g
 aXRlcmF0aW9uIGNvdW50LAotCSAqIHJlcGVhdCBpdCBhcyBuZWNlc3NhcnkuCi0JICoKLQkgKiBJ
 ZiwgcmVwIGNvdW50IGlzIGdyZWF0ZXIgdGhhbiAxLCBubyB0cmFpbGluZyB3aGl0ZXNwYWNlCi0J
 ICogZ2V0cyBvdXRwdXQgZnJvbSB0aGUgbGFzdCBpdGVyYXRpb24gb2YgdGhlIGZvcm1hdCB1bml0
 LgotCSAqLwotCWZvciAoZnUgPSBmcy0+bmV4dGZ1OyBmdTsgZnUgPSBmdS0+bmV4dGZ1KSB7Ci0J
 CWlmICghZnUtPm5leHRmdSAmJiBmcy0+YmNudCA8IGJsb2Nrc2l6ZSAmJgotCQkgICAgIShmdS0+
 ZmxhZ3MmRl9TRVRSRVApICYmIGZ1LT5iY250KQotCQkJZnUtPnJlcHMgKz0gKGJsb2Nrc2l6ZSAt
 IGZzLT5iY250KSAvIGZ1LT5iY250OwotCQlpZiAoZnUtPnJlcHMgPiAxKSB7Ci0JCQlmb3IgKHBy
 ID0gZnUtPm5leHRwcjs7IHByID0gcHItPm5leHRwcikKLQkJCQlpZiAoIXByLT5uZXh0cHIpCi0J
 CQkJCWJyZWFrOwotCQkJZm9yIChwMSA9IHByLT5mbXQsIHAyID0gTlVMTDsgKnAxOyArK3AxKQot
 CQkJCXAyID0gaXNzcGFjZSgqcDEpID8gcDEgOiBOVUxMOwotCQkJaWYgKHAyKQotCQkJCXByLT5u
 b3NwYWNlID0gcDI7Ci0JCX0KLQl9CisgICAgZW51bSB7IE5PVE9LQVksIFVTRUJDTlQsIFVTRVBS
 RUMgfSBzb2theTsKKyAgICBQUiAqcHIsICoqbmV4dHByOworICAgIEZVICpmdTsKKyAgICB1bnNp
 Z25lZCBjaGFyICpwMSwgKnAyLCAqZm10cDsKKyAgICBjaGFyIHNhdmVjaCwgY3NbM107CisgICAg
 aW50IG5jb252LCBwcmVjOworICAgIHNpemVfdCBsZW47CisKKyAgICBuZXh0cHIgPSBOVUxMOwor
 ICAgIHByZWMgPSAwOworCisgICAgbWVtc2V0KGNzLCAwLCBzaXplb2YoY3MpKTsKKworICAgIGZv
 ciAoZnUgPSBmcy0+bmV4dGZ1OyBmdSAhPSBOVUxMOyBmdSA9IGZ1LT5uZXh0ZnUpIHsKKyAgICAg
 ICAgLyoKKyAgICAgICAgICogQnJlYWsgZWFjaCBmb3JtYXQgdW5pdCBpbnRvIHByaW50IHVuaXRz
 OyBlYWNoIGNvbnZlcnNpb24KKyAgICAgICAgICogY2hhcmFjdGVyIGdldHMgaXRzIG93bi4KKyAg
 ICAgICAgICovCisgICAgICAgIGZvciAobmNvbnYgPSAwLCBmbXRwID0gZnUtPmZtdDsgKmZtdHAg
 IT0gJ1wwJzsgbmV4dHByID0gJnByLT5uZXh0cHIpIHsKKworICAgICAgICAgICAgaWYgKChwciA9
 IGNhbGxvYygxLCBzaXplb2YoUFIpKSkgPT0gTlVMTCkKKyAgICAgICAgICAgICAgICBlcnIoMSwg
 TlVMTCk7CisgICAgICAgICAgICAvKiBTZXQgdGhlIGZ1LT5uZXh0cHIgdG8gdGhlIHByZXZpb3Vz
 IHByLiAqLworICAgICAgICAgICAgaWYgKGZ1LT5uZXh0cHIgPT0gTlVMTCkKKyAgICAgICAgICAg
 ICAgICBmdS0+bmV4dHByID0gcHI7CisgICAgICAgICAgICBlbHNlCisgICAgICAgICAgICAgICAg
 Km5leHRwciA9IHByOworCisgICAgICAgICAgICAvKiBTa2lwIHByZWNlZGluZyB0ZXh0IGFuZCB1
 cCB0byB0aGUgbmV4dCAlIHNpZ24uICovCisgICAgICAgICAgICBmb3IgKHAxID0gZm10cDsgKnAx
 ICE9ICdcMCcgJiYgKnAxICE9ICclJyAmJiAqKHAxKzEpICE9ICclJzsgcDErKykgOworCisgICAg
 ICAgICAgICAvKiBPbmx5IHRleHQgaW4gdGhlIHN0cmluZy4gKi8KKyAgICAgICAgICAgIGlmICgq
 cDEgPT0gJ1wwJykgeworICAgICAgICAgICAgICAgIHByLT5mbXQgPSBmbXRwOworICAgICAgICAg
 ICAgICAgIHByLT5mbGFncyA9IEZfVEVYVDsKKyAgICAgICAgICAgICAgICBicmVhazsKKyAgICAg
 ICAgICAgIH0KKworICAgICAgICAgICAgLyoKKyAgICAgICAgICAgICAqIEdldCBwcmVjaXNpb24g
 Zm9yICVzIC0tIGlmIGhhdmUgYSBieXRlIGNvdW50LCBkb24ndAorICAgICAgICAgICAgICogbmVl
 ZCBpdC4KKyAgICAgICAgICAgICAqLworICAgICAgICAgICAgaWYgKGZ1LT5iY250KSB7CisKKyAg
 ICAgICAgICAgICAgICBzb2theSA9IFVTRUJDTlQ7CisKKyAgICAgICAgICAgICAgICAvKiBTa2lw
 IHRvIGNvbnZlcnNpb24gY2hhcmFjdGVyLiAqLworICAgICAgICAgICAgICAgIGZvciAocDErKzsg
 aW5kZXgoc3BlYywgKnAxKTsgcDErKykgOworCisgICAgICAgICAgICB9IGVsc2UgeworCisgICAg
 ICAgICAgICAgICAgLyogU2tpcCBhbnkgc3BlY2lhbCBjaGFycywgZmllbGQgd2lkdGguICovCisg
 ICAgICAgICAgICAgICAgZm9yIChwMSsrOyBpbmRleChzcGVjKzEsICpwMSkgIT0gTlVMTDsgcDEr
 KykgOworCisgICAgICAgICAgICAgICAgaWYgKCpwMSA9PSAnLicgJiYgaXNkaWdpdCgqKytwMSkp
 IHsKKyAgICAgICAgICAgICAgICAgICAgc29rYXkgPSBVU0VQUkVDOworICAgICAgICAgICAgICAg
 ICAgICBwcmVjID0gYXRvaShwMSk7CisgICAgICAgICAgICAgICAgICAgIGZvciAocDErKzsgaXNk
 aWdpdCgqcDEpOyBwMSsrKSA7CisgICAgICAgICAgICAgICAgfSBlbHNlIHsKKyAgICAgICAgICAg
 ICAgICAgICAgc29rYXkgPSBOT1RPS0FZOworICAgICAgICAgICAgICAgIH0KKworICAgICAgICAg
 ICAgfQorCisgICAgICAgICAgICBwMiA9IHAxKzE7CQkvKiBTZXQgZW5kIHBvaW50ZXIuICovCisg
 ICAgICAgICAgICBjc1swXSA9ICpwMTsJLyogU2V0IGNvbnZlcnNpb24gc3RyaW5nLiAqLworICAg
 ICAgICAgICAgY3NbMV0gPSAnXDAnOworCisgICAgICAgICAgICAvKgorICAgICAgICAgICAgICog
 RmlndXJlIG91dCB0aGUgYnl0ZSBjb3VudCBmb3IgZWFjaCBjb252ZXJzaW9uOworICAgICAgICAg
 ICAgICogcmV3cml0ZSB0aGUgZm9ybWF0IGFzIG5lY2Vzc2FyeSwgc2V0IHVwIGJsYW5rLQorICAg
 ICAgICAgICAgICogcGFkZGluZyBmb3IgZW5kIG9mIGRhdGEuCisgICAgICAgICAgICAgKi8KKyAg
 ICAgICAgICAgIHN3aXRjaChjc1swXSkgeworICAgICAgICAgICAgY2FzZSAnYyc6CisgICAgICAg
 ICAgICAgICAgcHItPmZsYWdzID0gRl9DSEFSOworICAgICAgICAgICAgICAgIHN3aXRjaChmdS0+
 YmNudCkgeworICAgICAgICAgICAgICAgIGNhc2UgMDogY2FzZSAxOgorICAgICAgICAgICAgICAg
 ICAgICBwci0+YmNudCA9IDE7CisgICAgICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAg
 ICAgICAgIGRlZmF1bHQ6CisgICAgICAgICAgICAgICAgICAgIHAxWzFdID0gJ1wwJzsKKyAgICAg
 ICAgICAgICAgICAgICAgYmFkY250KHAxKTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAgICAg
 ICAgICAgYnJlYWs7CisgICAgICAgICAgICBjYXNlICdkJzoKKyAgICAgICAgICAgIGNhc2UgJ2kn
 OgorICAgICAgICAgICAgICAgIHByLT5mbGFncyA9IEZfSU5UOworICAgICAgICAgICAgICAgIGdv
 dG8gaXNpbnQ7CisgICAgICAgICAgICBjYXNlICdvJzoKKyAgICAgICAgICAgIGNhc2UgJ3UnOgor
 ICAgICAgICAgICAgY2FzZSAneCc6CisgICAgICAgICAgICBjYXNlICdYJzoKKyAgICAgICAgICAg
 ICAgICBwci0+ZmxhZ3MgPSBGX1VJTlQ7Citpc2ludDogICAgICAgICAgLyogY3NbMl0gPSAnXDAn
 OyAqLworICAgICAgICAgICAgICAgIGNzWzFdID0gY3NbMF07CisgICAgICAgICAgICAgICAgY3Nb
 MF0gPSAncSc7CisgICAgICAgICAgICAgICAgc3dpdGNoKGZ1LT5iY250KSB7CisgICAgICAgICAg
 ICAgICAgY2FzZSAwOgorICAgICAgICAgICAgICAgIGNhc2UgNDoKKyAgICAgICAgICAgICAgICAg
 ICAgcHItPmJjbnQgPSA0OworICAgICAgICAgICAgICAgICAgICBicmVhazsKKyAgICAgICAgICAg
 ICAgICBjYXNlIDE6CisgICAgICAgICAgICAgICAgICAgIHByLT5iY250ID0gMTsKKyAgICAgICAg
 ICAgICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICAgICAgY2FzZSAyOgorICAgICAgICAgICAg
 ICAgICAgICBwci0+YmNudCA9IDI7CisgICAgICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAg
 ICAgICAgICAgIGRlZmF1bHQ6CisgICAgICAgICAgICAgICAgICAgIHAxWzFdID0gJ1wwJzsKKyAg
 ICAgICAgICAgICAgICAgICAgYmFkY250KHAxKTsKKyAgICAgICAgICAgICAgICB9CisgICAgICAg
 ICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICBjYXNlICdlJzoKKyAgICAgICAgICAgIGNhc2Ug
 J0UnOgorICAgICAgICAgICAgY2FzZSAnZic6CisgICAgICAgICAgICBjYXNlICdnJzoKKyAgICAg
 ICAgICAgIGNhc2UgJ0cnOgorICAgICAgICAgICAgICAgIHByLT5mbGFncyA9IEZfREJMOworICAg
 ICAgICAgICAgICAgIHN3aXRjaChmdS0+YmNudCkgeworICAgICAgICAgICAgICAgIGNhc2UgMDoK
 KyAgICAgICAgICAgICAgICBjYXNlIDg6CisgICAgICAgICAgICAgICAgICAgIHByLT5iY250ID0g
 ODsKKyAgICAgICAgICAgICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICAgICAgY2FzZSA0Ogor
 ICAgICAgICAgICAgICAgICAgICBwci0+YmNudCA9IDQ7CisgICAgICAgICAgICAgICAgICAgIGJy
 ZWFrOworICAgICAgICAgICAgICAgIGRlZmF1bHQ6CisgICAgICAgICAgICAgICAgICAgIGlmIChm
 dS0+YmNudCA9PSBzaXplb2YobG9uZyBkb3VibGUpKSB7CisgICAgICAgICAgICAgICAgICAgICAg
 ICAvKiBjc1syXSA9ICdcMCc7ICovCisgICAgICAgICAgICAgICAgICAgICAgICBjc1sxXSA9IGNz
 WzBdOworICAgICAgICAgICAgICAgICAgICAgICAgY3NbMF0gPSAnTCc7CisgICAgICAgICAgICAg
 ICAgICAgICAgICBwci0+YmNudCA9IHNpemVvZihsb25nIGRvdWJsZSk7CisgICAgICAgICAgICAg
 ICAgICAgIH0gZWxzZSB7CisgICAgICAgICAgICAgICAgICAgICAgICBwMVsxXSA9ICdcMCc7Cisg
 ICAgICAgICAgICAgICAgICAgICAgICBiYWRjbnQocDEpOworICAgICAgICAgICAgICAgICAgICB9
 CisgICAgICAgICAgICAgICAgfQorICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAgICAg
 Y2FzZSAncyc6CisgICAgICAgICAgICAgICAgcHItPmZsYWdzID0gRl9TVFI7CisgICAgICAgICAg
 ICAgICAgc3dpdGNoKHNva2F5KSB7CisgICAgICAgICAgICAgICAgY2FzZSBOT1RPS0FZOgorICAg
 ICAgICAgICAgICAgICAgICBiYWRzZm10KCk7CisgICAgICAgICAgICAgICAgY2FzZSBVU0VCQ05U
 OgorICAgICAgICAgICAgICAgICAgICBwci0+YmNudCA9IGZ1LT5iY250OworICAgICAgICAgICAg
 ICAgICAgICBicmVhazsKKyAgICAgICAgICAgICAgICBjYXNlIFVTRVBSRUM6CisgICAgICAgICAg
 ICAgICAgICAgIHByLT5iY250ID0gcHJlYzsKKyAgICAgICAgICAgICAgICAgICAgYnJlYWs7Cisg
 ICAgICAgICAgICAgICAgfQorICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAgICAgY2Fz
 ZSAnXyc6CisgICAgICAgICAgICAgICAgcDIrKzsKKyAgICAgICAgICAgICAgICBzd2l0Y2gocDFb
 MV0pIHsKKyAgICAgICAgICAgICAgICBjYXNlICdBJzoKKyAgICAgICAgICAgICAgICAgICAgZW5k
 ZnUgPSBmdTsKKyAgICAgICAgICAgICAgICAgICAgZnUtPmZsYWdzIHw9IEZfSUdOT1JFOworICAg
 ICAgICAgICAgICAgICAgICAvKiBGQUxMVEhST1VHSCAqLworICAgICAgICAgICAgICAgIGNhc2Ug
 J2EnOgorICAgICAgICAgICAgICAgICAgICBwci0+ZmxhZ3MgPSBGX0FERFJFU1M7CisgICAgICAg
 ICAgICAgICAgICAgICsrcDI7CisgICAgICAgICAgICAgICAgICAgIHN3aXRjaChwMVsyXSkgewor
 ICAgICAgICAgICAgICAgICAgICBjYXNlICdkJzoKKyAgICAgICAgICAgICAgICAgICAgY2FzZSAn
 byc6CisgICAgICAgICAgICAgICAgICAgIGNhc2UgJ3gnOgorICAgICAgICAgICAgICAgICAgICAg
 ICAgY3NbMF0gPSAncSc7CisgICAgICAgICAgICAgICAgICAgICAgICBjc1sxXSA9IHAxWzJdOwor
 ICAgICAgICAgICAgICAgICAgICAgICAgLyogY3NbMl0gPSAnXDAnOyAqLworICAgICAgICAgICAg
 ICAgICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICAgICAgICAgIGRlZmF1bHQ6CisgICAgICAg
 ICAgICAgICAgICAgICAgICBwMVszXSA9ICdcMCc7CisgICAgICAgICAgICAgICAgICAgICAgICBi
 YWRjb252KHAxKTsKKyAgICAgICAgICAgICAgICAgICAgfQorICAgICAgICAgICAgICAgICAgICBi
 cmVhazsKKyAgICAgICAgICAgICAgICBjYXNlICdjJzoKKyAgICAgICAgICAgICAgICAgICAgcHIt
 PmZsYWdzID0gRl9DOworICAgICAgICAgICAgICAgICAgICAvKiBjc1swXSA9ICdjJzsgICAgc2V0
 IGluIGNvbnZfYyAqLworICAgICAgICAgICAgICAgICAgICBnb3RvIGlzaW50MjsKKyAgICAgICAg
 ICAgICAgICBjYXNlICdwJzoKKyAgICAgICAgICAgICAgICAgICAgcHItPmZsYWdzID0gRl9QOwor
 ICAgICAgICAgICAgICAgICAgICBjc1swXSA9ICdjJzsKKyAgICAgICAgICAgICAgICAgICAgZ290
 byBpc2ludDI7CisgICAgICAgICAgICAgICAgY2FzZSAndSc6CisgICAgICAgICAgICAgICAgICAg
 IHByLT5mbGFncyA9IEZfVTsKKyAgICAgICAgICAgICAgICAgICAgLyogY3NbMF0gPSAnYyc7ICAg
 IHNldCBpbiBjb252X3UgKi8KK2lzaW50MjogICAgICAgICAgICAgc3dpdGNoKGZ1LT5iY250KSB7
 CisgICAgICAgICAgICAgICAgICAgIGNhc2UgMDoKKyAgICAgICAgICAgICAgICAgICAgY2FzZSAx
 OgorICAgICAgICAgICAgICAgICAgICAgICAgcHItPmJjbnQgPSAxOworICAgICAgICAgICAgICAg
 ICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICAgICAgICAgIGRlZmF1bHQ6CisgICAgICAgICAg
 ICAgICAgICAgICAgICBwMVsyXSA9ICdcMCc7CisgICAgICAgICAgICAgICAgICAgICAgICBiYWRj
 bnQocDEpOworICAgICAgICAgICAgICAgICAgICB9CisgICAgICAgICAgICAgICAgICAgIGJyZWFr
 OworICAgICAgICAgICAgICAgIGRlZmF1bHQ6CisgICAgICAgICAgICAgICAgICAgIHAxWzJdID0g
 J1wwJzsKKyAgICAgICAgICAgICAgICAgICAgYmFkY29udihwMSk7CisgICAgICAgICAgICAgICAg
 fQorICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAgICAgZGVmYXVsdDoKKyAgICAgICAg
 ICAgICAgICBwMVsxXSA9ICdcMCc7CisgICAgICAgICAgICAgICAgYmFkY29udihwMSk7CisgICAg
 ICAgICAgICB9CisKKyAgICAgICAgICAgIC8qCisgICAgICAgICAgICAgKiBDb3B5IHRvIFBSIGZv
 cm1hdCBzdHJpbmcsIHNldCBjb252ZXJzaW9uIGNoYXJhY3RlcgorICAgICAgICAgICAgICogcG9p
 bnRlciwgdXBkYXRlIG9yaWdpbmFsLgorICAgICAgICAgICAgICovCisgICAgICAgICAgICBzYXZl
 Y2ggPSAqcDI7CisgICAgICAgICAgICBwMVswXSA9ICdcMCc7CisgICAgICAgICAgICBsZW4gPSBz
 dHJsZW4oZm10cCkgKyBzdHJsZW4oY3MpICsgMTsKKworICAgICAgICAgICAgaWYgKChwci0+Zm10
 ID0gY2FsbG9jKDEsIGxlbikpID09IE5VTEwpCisgICAgICAgICAgICAgICAgZXJyKDEsIE5VTEwp
 OworCisgICAgICAgICAgICBzbnByaW50Zihwci0+Zm10LCBsZW4sICIlcyVzIiwgZm10cCwgY3Mp
 OworICAgICAgICAgICAgKnAyID0gc2F2ZWNoOworICAgICAgICAgICAgcHItPmNjaGFyID0gcHIt
 PmZtdCArIChwMSAtIGZtdHApOworICAgICAgICAgICAgZm10cCA9IHAyOworCisgICAgICAgICAg
 ICAvKiBPbmx5IG9uZSBjb252ZXJzaW9uIGNoYXJhY3RlciBpZiBieXRlIGNvdW50LiAqLworICAg
 ICAgICAgICAgaWYgKCEocHItPmZsYWdzICYgRl9BRERSRVNTKSAmJiBmdS0+YmNudCAmJiBuY29u
 disrKSB7CisgICAgICAgICAgICAgICAgZXJyeCgxLCAiYnl0ZSBjb3VudCB3aXRoIG11bHRpcGxl
 IGNvbnZlcnNpb24gY2hhcmFjdGVycyIpOworICAgICAgICAgICAgfQorCisgICAgICAgIH0KKyAg
 ICAgICAgLyoKKyAgICAgICAgICogSWYgZm9ybWF0IHVuaXQgYnl0ZSBjb3VudCBub3Qgc3BlY2lm
 aWVkLCBmaWd1cmUgaXQgb3V0CisgICAgICAgICAqIHNvIGNhbiBhZGp1c3QgcmVwIGNvdW50IGxh
 dGVyLgorICAgICAgICAgKi8KKyAgICAgICAgaWYgKGZ1LT5iY250ID09IDApCisgICAgICAgICAg
 ICBmb3IgKHByID0gZnUtPm5leHRwcjsgcHIgIT0gTlVMTDsgcHIgPSBwci0+bmV4dHByKQorICAg
 ICAgICAgICAgICAgIGZ1LT5iY250ICs9IHByLT5iY250OworICAgIH0KKyAgICAvKgorICAgICAq
 IElmIHRoZSBmb3JtYXQgc3RyaW5nIGludGVycHJldHMgYW55IGRhdGEgYXQgYWxsLCBhbmQgaXQn
 cworICAgICAqIG5vdCB0aGUgc2FtZSBhcyB0aGUgYmxvY2tzaXplLCBhbmQgaXRzIGxhc3QgZm9y
 bWF0IHVuaXQKKyAgICAgKiBpbnRlcnByZXRzIGFueSBkYXRhIGF0IGFsbCwgYW5kIGhhcyBubyBp
 dGVyYXRpb24gY291bnQsCisgICAgICogcmVwZWF0IGl0IGFzIG5lY2Vzc2FyeS4KKyAgICAgKgor
 ICAgICAqIElmLCByZXAgY291bnQgaXMgZ3JlYXRlciB0aGFuIDEsIG5vIHRyYWlsaW5nIHdoaXRl
 c3BhY2UKKyAgICAgKiBnZXRzIG91dHB1dCBmcm9tIHRoZSBsYXN0IGl0ZXJhdGlvbiBvZiB0aGUg
 Zm9ybWF0IHVuaXQuCisgICAgICovCisgICAgZm9yIChmdSA9IGZzLT5uZXh0ZnU7IGZ1ICE9IE5V
 TEw7IGZ1ID0gZnUtPm5leHRmdSkgeworICAgICAgICBpZiAoIWZ1LT5uZXh0ZnUgJiYgZnMtPmJj
 bnQgPCBibG9ja3NpemUgJiYKKyAgICAgICAgICAgICEoZnUtPmZsYWdzICYgRl9TRVRSRVApICYm
 IGZ1LT5iY250KSB7CisgICAgICAgICAgICBmdS0+cmVwcyArPSAoYmxvY2tzaXplIC0gZnMtPmJj
 bnQpIC8gZnUtPmJjbnQ7CisgICAgICAgIH0KKyAgICAgICAgaWYgKGZ1LT5yZXBzID4gMSkgewor
 ICAgICAgICAgICAgZm9yIChwciA9IGZ1LT5uZXh0cHI7IDsgcHIgPSBwci0+bmV4dHByKQorICAg
 ICAgICAgICAgICAgIGlmICghcHItPm5leHRwcikKKyAgICAgICAgICAgICAgICAgICAgYnJlYWs7
 CisgICAgICAgICAgICBmb3IgKHAxID0gcHItPmZtdCwgcDIgPSBOVUxMOyAqcDEgIT0gJ1wwJzsg
 cDErKykKKyAgICAgICAgICAgICAgICBwMiA9IGlzc3BhY2UoKnAxKSA/IHAxIDogTlVMTDsKKyAg
 ICAgICAgICAgIGlmIChwMiA9PSBOVUxMKQorICAgICAgICAgICAgICAgIHByLT5ub3NwYWNlID0g
 cDI7CisgICAgICAgIH0KKyAgICB9CiAjaWZkZWYgREVCVUcKLQlmb3IgKGZ1ID0gZnMtPm5leHRm
 dTsgZnU7IGZ1ID0gZnUtPm5leHRmdSkgewotCQkodm9pZClwcmludGYoImZtdDoiKTsKLQkJZm9y
 IChwciA9IGZ1LT5uZXh0cHI7IHByOyBwciA9IHByLT5uZXh0cHIpCi0JCQkodm9pZClwcmludGYo
 IiB7JXN9IiwgcHItPmZtdCk7Ci0JCSh2b2lkKXByaW50ZigiXG4iKTsKLQl9CisgICAgZm9yIChm
 dSA9IGZzLT5uZXh0ZnU7IGZ1OyBmdSA9IGZ1LT5uZXh0ZnUpIHsKKyAgICAgICAgcHJpbnRmKCJm
 bXQ6Iik7CisgICAgICAgIGZvciAocHIgPSBmdS0+bmV4dHByOyBwcjsgcHIgPSBwci0+bmV4dHBy
 KSB7CisgICAgICAgICAgICBwcmludGYoIiB7JXN9IiwgcHItPmZtdCk7CisgICAgICAgIH0KKyAg
 ICAgICAgcHJpbnRmKCJcbiIpOworICAgIH0KICNlbmRpZgogfQogCiB2b2lkCiBlc2NhcGUoY2hh
 ciAqcDEpCiB7Ci0JY2hhciAqcDI7CiAKLQkvKiBhbHBoYWJldGljIGVzY2FwZSBzZXF1ZW5jZXMg
 aGF2ZSB0byBiZSBkb25lIGluIHBsYWNlICovCi0JZm9yIChwMiA9IHAxOzsgKytwMSwgKytwMikg
 ewotCQlpZiAoISpwMSkgewotCQkJKnAyID0gKnAxOwotCQkJYnJlYWs7Ci0JCX0KLQkJaWYgKCpw
 MSA9PSAnXFwnKQotCQkJc3dpdGNoKCorK3AxKSB7Ci0JCQljYXNlICdhJzoKLQkJCSAgICAgLyog
 KnAyID0gJ1xhJzsgKi8KLQkJCQkqcDIgPSAnXDAwNyc7Ci0JCQkJYnJlYWs7Ci0JCQljYXNlICdi
 JzoKLQkJCQkqcDIgPSAnXGInOwotCQkJCWJyZWFrOwotCQkJY2FzZSAnZic6Ci0JCQkJKnAyID0g
 J1xmJzsKLQkJCQlicmVhazsKLQkJCWNhc2UgJ24nOgotCQkJCSpwMiA9ICdcbic7Ci0JCQkJYnJl
 YWs7Ci0JCQljYXNlICdyJzoKLQkJCQkqcDIgPSAnXHInOwotCQkJCWJyZWFrOwotCQkJY2FzZSAn
 dCc6Ci0JCQkJKnAyID0gJ1x0JzsKLQkJCQlicmVhazsKLQkJCWNhc2UgJ3YnOgotCQkJCSpwMiA9
 ICdcdic7Ci0JCQkJYnJlYWs7Ci0JCQlkZWZhdWx0OgotCQkJCSpwMiA9ICpwMTsKLQkJCQlicmVh
 azsKLQkJCX0KLQl9CisgICAgY2hhciAqcDI7CisKKyAgICAvKiBhbHBoYWJldGljIGVzY2FwZSBz
 ZXF1ZW5jZXMgaGF2ZSB0byBiZSBkb25lIGluIHBsYWNlICovCisgICAgZm9yIChwMiA9IHAxOyAq
 cDEgIT0gJ1wwJzsgKytwMSwgKytwMikgeworCisgICAgICAgIGlmICgqcDEgPT0gJ1xcJykgewor
 CisgICAgICAgICAgICBzd2l0Y2goKisrcDEpIHsKKyAgICAgICAgICAgIGNhc2UgJ2EnOgorICAg
 ICAgICAgICAgICAgIC8qCisgICAgICAgICAgICAgICAgICogIFhYWCAoZ2Nvb3Blcik6CisgICAg
 ICAgICAgICAgICAgICogV2hhdCBkaWQgdGhlIG9yaWdpbmFsIGF1dGhvciBtZWFuIGhlcmU/Pz8g
 VGhpcyBzaG91bGQgYmUgYQorICAgICAgICAgICAgICAgICAqIHZhbGlkIGVzY2FwZS4uCisgICAg
 ICAgICAgICAgICAgICoKKyAgICAgICAgICAgICAgICAgKiAqcDIgPSAnXGEnOworICAgICAgICAg
 ICAgICAgICAqLworICAgICAgICAgICAgICAgICpwMiA9ICdcMDA3JzsKKyAgICAgICAgICAgICAg
 ICBicmVhazsKKyAgICAgICAgICAgIGNhc2UgJ2InOgorICAgICAgICAgICAgICAgICpwMiA9ICdc
 Yic7CisgICAgICAgICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICBjYXNlICdmJzoKKyAgICAg
 ICAgICAgICAgICAqcDIgPSAnXGYnOworICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAg
 ICAgY2FzZSAnbic6CisgICAgICAgICAgICAgICAgKnAyID0gJ1xuJzsKKyAgICAgICAgICAgICAg
 ICBicmVhazsKKyAgICAgICAgICAgIGNhc2UgJ3InOgorICAgICAgICAgICAgICAgICpwMiA9ICdc
 cic7CisgICAgICAgICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICBjYXNlICd0JzoKKyAgICAg
 ICAgICAgICAgICAqcDIgPSAnXHQnOworICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAg
 ICAgY2FzZSAndic6CisgICAgICAgICAgICAgICAgKnAyID0gJ1x2JzsKKyAgICAgICAgICAgICAg
 ICBicmVhazsKKyAgICAgICAgICAgIGRlZmF1bHQ6CisgICAgICAgICAgICAgICAgKnAyID0gKnAx
 OworICAgICAgICAgICAgICAgIGJyZWFrOworICAgICAgICAgICAgfQorCisgICAgICAgIH0KKwor
 ICAgIH0KKworICAgICpwMiA9ICpwMTsKKwogfQogCiB2b2lkCiBiYWRjbnQoY2hhciAqcykKIHsK
 LQllcnJ4KDEsICIlczogYmFkIGJ5dGUgY291bnQiLCBzKTsKKyAgICBlcnJ4KDEsICJgJXMnOiBi
 YWQgYnl0ZSBjb3VudCIsIHMpOwogfQogCiB2b2lkCiBiYWRzZm10KHZvaWQpCiB7Ci0JZXJyeCgx
 LCAiJSVzOiByZXF1aXJlcyBhIHByZWNpc2lvbiBvciBhIGJ5dGUgY291bnQiKTsKKyAgICBlcnJ4
 KDEsICJgJSVzJzogcmVxdWlyZXMgYSBwcmVjaXNpb24gb3IgYSBieXRlIGNvdW50Iik7CiB9CiAK
 IHZvaWQKIGJhZGZtdChjb25zdCBjaGFyICpmbXQpCiB7Ci0JZXJyeCgxLCAiXCIlc1wiOiBiYWQg
 Zm9ybWF0IiwgZm10KTsKKyAgICBlcnJ4KDEsICJgJXMnOiBiYWQgZm9ybWF0IiwgZm10KTsKIH0K
 IAogdm9pZAogYmFkY29udihjaGFyICpjaCkKIHsKLQllcnJ4KDEsICIlJSVzOiBiYWQgY29udmVy
 c2lvbiBjaGFyYWN0ZXIiLCBjaCk7CisgICAgZXJyeCgxLCAiYCUlJXMnOiBiYWQgY29udmVyc2lv
 biBjaGFyYWN0ZXIiLCBjaCk7CiB9Cg==
 ------=_Part_53535_11127292.1230025081466--

From: Garrett Cooper <yanegomi@gmail.com>
To: bug-followup@FreeBSD.org, drj@pobox.com, marcolz@stack.nl
Cc: Wesley Shields <wxs@freebsd.org>
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Sat, 13 Mar 2010 15:46:49 -0800

 --001636ed629ff7dff10481b74267
 Content-Type: text/plain; charset=ISO-8859-1
 
 Hi all,
     Here's a correct patch that I've tested with the negative cases
 provided before and a limited set of positive unit tests I've
 generated (which I'll commit to tools/regression once everything's
 been checked in). It seems correct given my basic unit testing and
 manual inspection, but I would like if others could please look at it
 as well and make sure that it doesn't regress behavior.
     I tried to strip this patch down as much as possible, but it has
 several dependent factors involved between add(..), size(..), and
 rewrite(..), so if I fix one piece I have to also fix the rest.
     The changes to add(..) and size(..) are required to fix the
 original issue reported by David Jones, and the change in rewrite(..)
 is required to fix the issue described by Marc in the 3rd message.
 Thanks,
 -Garrett
 
 --001636ed629ff7dff10481b74267
 Content-Type: application/octet-stream; name="bin.45529.diff"
 Content-Disposition: attachment; filename="bin.45529.diff"
 Content-Transfer-Encoding: base64
 X-Attachment-Id: f_g6r2azrq1
 
 SW5kZXg6IHBhcnNlLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
 PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gcGFyc2UuYwkocmV2aXNpb24gMjA1MTM3KQor
 KysgcGFyc2UuYwkod29ya2luZyBjb3B5KQpAQCAtOTQsNTggKzk0LDExMiBAQAogCW5leHRmcyA9
 ICZ0ZnMtPm5leHRmczsKIAluZXh0ZnUgPSAmdGZzLT5uZXh0ZnU7CiAKLQkvKiB0YWtlIHRoZSBm
 b3JtYXQgc3RyaW5nIGFuZCBicmVhayBpdCB1cCBpbnRvIGZvcm1hdCB1bml0cyAqLwotCWZvciAo
 cCA9IGZtdDs7KSB7Ci0JCS8qIHNraXAgbGVhZGluZyB3aGl0ZSBzcGFjZSAqLwotCQlmb3IgKDsg
 aXNzcGFjZSgqcCk7ICsrcCk7Ci0JCWlmICghKnApCi0JCQlicmVhazsKKwkvKiAKKwkgKiBUYWtl
 IHRoZSBmb3JtYXQgc3RyaW5nIGFuZCBicmVhayBpdCB1cCBpbnRvIGZvcm1hdCB1bml0cy4KKwkg
 KgorCSAqIFRoZSBzdHJ1Y3R1cmUgb2YgZWFjaCBmb3JtYXQgdW5pdCBpcyBhcyBmb2xsb3dzOgor
 CSAqCisJICogCWl0ZXJhdGlvbl9jb3VudC9ieXRlX2NvdW50CisJICoKKwkgKiBpdGVyYXRpb25f
 Y291bnQgYW5kIGJ5dGVfY291bnQgYXJlIG9wdGlvbmFsLCBidXQgZWl0aGVyIG9uZSBvciB0aGUK
 KwkgKiBvdGhlciBtdXN0IGJlIHByZXNlbnQuCisJICoKKwkgKiBJdGVyYXRpb24gY291bnQgZGVm
 YXVsdHMgdG8gMSwgYW5kIGJ5dGUgY291bnQgZGVmYXVsdHMgdmFyeQorCSAqIGRlcGVuZGluZyB1
 cG9uIHRoZSBmb3JtYXQgc3RyaW5nIHNwZWNpZmllZC4gU2VlIHNpemUgZm9yIG1vcmUKKwkgKiBk
 ZXRhaWxzLgorCSAqLworCWZvciAocCA9IGZtdDsgKnA7ICkgewogCi0JCS8qIGFsbG9jYXRlIGEg
 bmV3IGZvcm1hdCB1bml0IGFuZCBsaW5rIGl0IGluICovCi0JCWlmICgodGZ1ID0gY2FsbG9jKDEs
 IHNpemVvZihGVSkpKSA9PSBOVUxMKQotCQkJZXJyKDEsIE5VTEwpOwotCQkqbmV4dGZ1ID0gdGZ1
 OwotCQluZXh0ZnUgPSAmdGZ1LT5uZXh0ZnU7Ci0JCXRmdS0+cmVwcyA9IDE7CisJCS8qIFNraXAg
 YW55IGFuZCBhbGwgbGVhZGluZyB3aGl0ZSBzcGFjZS4gKi8KKwkJZm9yICg7IGlzc3BhY2UoKnAp
 OyBwKyspIDsKIAotCQkvKiBpZiBsZWFkaW5nIGRpZ2l0LCByZXBldGl0aW9uIGNvdW50ICovCi0J
 CWlmIChpc2RpZ2l0KCpwKSkgewotCQkJZm9yIChzYXZlcCA9IHA7IGlzZGlnaXQoKnApOyArK3Ap
 OwotCQkJaWYgKCFpc3NwYWNlKCpwKSAmJiAqcCAhPSAnLycpCisJCS8qIFRoZXJlJ3MgbW9yZSBp
 bmZvcm1hdGlvbiBvbiB0aGUgbGluZSB0byBzY2FuLiAqLworCQlpZiAoKnApIHsKKworCQkJLyog
 YWxsb2NhdGUgYSBuZXcgZm9ybWF0IHVuaXQgYW5kIGxpbmsgaXQgaW4gKi8KKwkJCWlmICgodGZ1
 ID0gY2FsbG9jKDEsIHNpemVvZihGVSkpKSA9PSBOVUxMKQorCQkJCWVycigxLCAiY2FsbG9jIik7
 CisJCQkqbmV4dGZ1ID0gdGZ1OworCQkJbmV4dGZ1ID0gJnRmdS0+bmV4dGZ1OworCQkJLyogRGVm
 YXVsdCB0byBvbmUgaXRlcmF0aW9uIGNvdW50LiAqLworCQkJdGZ1LT5yZXBzID0gMTsKKworCQkJ
 LyogCisJCQkgKiBTY2FuIHRoZSBsZWFkaW5nIGRpZ2l0IC0tIGl0J3MgdGhlIHJlcGV0aXRpb24g
 Y291bnQuCisJCQkgKi8KKwkJCWlmIChpc2RpZ2l0KCpwKSkgeworCisJCQkJZm9yIChzYXZlcCA9
 IHA7IGlzZGlnaXQoKnApOyArK3ApOworCQkJCS8qIAorCQkJCSAqIE5leHQgY2hhcmFjdGVyIHNj
 YW5uZWQgd2Fzbid0ICcvJyAtLSB0aGUKKwkJCQkgKiBpdGVyYXRpb24gY291bnQgaXMgaW52YWxp
 ZC4KKwkJCQkgKi8KKwkJCQlpZiAoIWlzc3BhY2UoKnApICYmICpwICE9ICcvJykKKwkJCQkJYmFk
 Zm10KGZtdCk7CisJCQkJLyogTWF5IG92ZXJ3cml0ZSBlaXRoZXIgd2hpdGUgc3BhY2Ugb3Igc2xh
 c2ggKi8KKwkJCQl0ZnUtPnJlcHMgPSAoaW50KSBzdHJ0b2woc2F2ZXAsIE5VTEwsIDEwKTsKKwkJ
 CQkvKgorCQkJCSAqIFdlIG9ubHkgd2FudCBub24temVybyBudW1iZXJzLiBBbGwgbmVnYXRpdmUK
 KwkJCQkgKiBudW1iZXJzIHdvdWxkIGJlIGNhdWdodCBiZWxvdyBhdCB0aGUgPT0gJyInCisJCQkJ
 ICogY2hlY2sgYmVjYXVzZSB0aGUgbGVhZGluZyBjaGFyYWN0ZXIgaXMgYC0nLgorCQkJCSAqLwor
 CQkJCWlmICh0ZnUtPnJlcHMgPT0gMCkKKwkJCQkJYmFkZm10KGZtdCk7CisJCQkJdGZ1LT5mbGFn
 cyA9IEZfU0VUUkVQOworCQkJCS8qIHNraXAgdHJhaWxpbmcgd2hpdGUgc3BhY2UgKi8KKwkJCQlm
 b3IgKCsrcDsgaXNzcGFjZSgqcCk7ICsrcCkgOworCisJCQl9CisKKwkJCS8qIFNraXAgdGhlIHNs
 YXNoIGFuZCB0cmFpbGluZyB3aGl0ZSBzcGFjZSAqLworCQkJaWYgKCpwID09ICcvJykKKwkJCQl3
 aGlsZSAoaXNzcGFjZSgqKytwKSk7CisKKwkJCS8qIFNjYW4gdGhlIHRyYWlsaW5nIGRpZ2l0IC0t
 IGl0J3MgdGhlIGJ5dGUgY291bnQuICovCisJCQlpZiAoaXNkaWdpdCgqcCkpIHsKKworCQkJCWZv
 ciAoc2F2ZXAgPSBwOyBpc2RpZ2l0KCpwKTsgKytwKTsKKwkJCQlpZiAoIWlzc3BhY2UoKnApKQor
 CQkJCQliYWRmbXQoZm10KTsKKwkJCQl0ZnUtPmJjbnQgPSAoaW50KSBzdHJ0b2woc2F2ZXAsIE5V
 TEwsIDEwKTsKKwkJCQkvKgorCQkJCSAqIFdlIG9ubHkgd2FudCBub24temVybyBudW1iZXJzLiBB
 bGwgbmVnYXRpdmUKKwkJCQkgKiBudW1iZXJzIHdvdWxkIGJlIGNhdWdodCBiZWxvdyBhdCB0aGUg
 PT0gJyInCisJCQkJICogY2hlY2sgYmVjYXVzZSB0aGUgbGVhZGluZyBjaGFyYWN0ZXIgaXMgYC0n
 LgorCQkJCSAqLworCQkJCWlmICh0ZnUtPmJjbnQgPT0gMCkKKwkJCQkJYmFkZm10KGZtdCk7CisJ
 CQkJLyogc2tpcCB0cmFpbGluZyB3aGl0ZSBzcGFjZSAqLworCQkJCWZvciAoKytwOyBpc3NwYWNl
 KCpwKTsgKytwKSA7CisKKwkJCX0KKworCQkJLyogVGhpcyB3YXNuJ3QgYSB2YWxpZCBmb3JtYXQg
 c3RyaW5nICovCisJCQlpZiAoKnArKyAhPSAnIicpCiAJCQkJYmFkZm10KGZtdCk7Ci0JCQkvKiBt
 YXkgb3ZlcndyaXRlIGVpdGhlciB3aGl0ZSBzcGFjZSBvciBzbGFzaCAqLwotCQkJdGZ1LT5yZXBz
 ID0gYXRvaShzYXZlcCk7Ci0JCQl0ZnUtPmZsYWdzID0gRl9TRVRSRVA7Ci0JCQkvKiBza2lwIHRy
 YWlsaW5nIHdoaXRlIHNwYWNlICovCi0JCQlmb3IgKCsrcDsgaXNzcGFjZSgqcCk7ICsrcCk7Ci0J
 CX0KKwkJCS8qIAorCQkJICogQ29weSB0aGUgZm9ybWF0IHN0cmluZyBiZXR3ZWVuIHRoZSAnIicK
 KwkJCSAqIHRlcm1pbmF0b3JzLgorCQkJICovCisJCQlmb3IgKHNhdmVwID0gcDsgKnAgIT0gJyIn
 OyBwKyspIHsKIAotCQkvKiBza2lwIHNsYXNoIGFuZCB0cmFpbGluZyB3aGl0ZSBzcGFjZSAqLwot
 CQlpZiAoKnAgPT0gJy8nKQotCQkJd2hpbGUgKGlzc3BhY2UoKisrcCkpOworCQkJCS8qIFRoZSBm
 b3JtYXQgc3RyaW5nIGlzbid0IHZhbGlkIChjb3VsZG4ndCBmaW5kCisJCQkJICogYSAnIicgdGVy
 bWluYXRvcikgKi8KKwkJCQlpZiAoKnAgPT0gJ1wwJykKKwkJCQkJYmFkZm10KGZtdCk7CiAKLQkJ
 LyogYnl0ZSBjb3VudCAqLwotCQlpZiAoaXNkaWdpdCgqcCkpIHsKLQkJCWZvciAoc2F2ZXAgPSBw
 OyBpc2RpZ2l0KCpwKTsgKytwKTsKLQkJCWlmICghaXNzcGFjZSgqcCkpCi0JCQkJYmFkZm10KGZt
 dCk7Ci0JCQl0ZnUtPmJjbnQgPSBhdG9pKHNhdmVwKTsKLQkJCS8qIHNraXAgdHJhaWxpbmcgd2hp
 dGUgc3BhY2UgKi8KLQkJCWZvciAoKytwOyBpc3NwYWNlKCpwKTsgKytwKTsKKwkJCX0KKwkJCWlm
 ICghKHRmdS0+Zm10ID0gbWFsbG9jKHAgLSBzYXZlcCArIDEpKSkKKwkJCQllcnIoMSwgIm1hbGxv
 YyIpOworCQkJKHZvaWQpIHN0cmxjcHkodGZ1LT5mbXQsIHNhdmVwLCBwIC0gc2F2ZXAgKyAxKTsK
 KwkJCS8qIEVuZCBmb3JtYXQgc3RyaW5nIGNvcHkuICovCisJCQllc2NhcGUodGZ1LT5mbXQpOwor
 CQkJcCsrOworCiAJCX0KIAotCQkvKiBmb3JtYXQgKi8KLQkJaWYgKCpwICE9ICciJykKLQkJCWJh
 ZGZtdChmbXQpOwotCQlmb3IgKHNhdmVwID0gKytwOyAqcCAhPSAnIic7KQotCQkJaWYgKCpwKysg
 PT0gMCkKLQkJCQliYWRmbXQoZm10KTsKLQkJaWYgKCEodGZ1LT5mbXQgPSBtYWxsb2MocCAtIHNh
 dmVwICsgMSkpKQotCQkJZXJyKDEsIE5VTEwpOwotCQkodm9pZCkgc3RybGNweSh0ZnUtPmZtdCwg
 c2F2ZXAsIHAgLSBzYXZlcCArIDEpOwotCQllc2NhcGUodGZ1LT5mbXQpOwotCQlwKys7CiAJfQor
 CiB9CiAKIHN0YXRpYyBjb25zdCBjaGFyICpzcGVjID0gIi4jLSsgMDEyMzQ1Njc4OSI7CkBAIC0x
 NjAsNDcgKzIxNCw2NyBAQAogCiAJLyogZmlndXJlIG91dCB0aGUgZGF0YSBibG9jayBzaXplIG5l
 ZWRlZCBmb3IgZWFjaCBmb3JtYXQgdW5pdCAqLwogCWZvciAoY3Vyc2l6ZSA9IDAsIGZ1ID0gZnMt
 Pm5leHRmdTsgZnU7IGZ1ID0gZnUtPm5leHRmdSkgewotCQlpZiAoZnUtPmJjbnQpIHsKLQkJCWN1
 cnNpemUgKz0gZnUtPmJjbnQgKiBmdS0+cmVwczsKLQkJCWNvbnRpbnVlOwotCQl9Ci0JCWZvciAo
 YmNudCA9IHByZWMgPSAwLCBmbXQgPSBmdS0+Zm10OyAqZm10OyArK2ZtdCkgewotCQkJaWYgKCpm
 bXQgIT0gJyUnKQotCQkJCWNvbnRpbnVlOwotCQkJLyoKLQkJCSAqIHNraXAgYW55IHNwZWNpYWwg
 Y2hhcnMgLS0gc2F2ZSBwcmVjaXNpb24gaW4KLQkJCSAqIGNhc2UgaXQncyBhICVzIGZvcm1hdC4K
 LQkJCSAqLwotCQkJd2hpbGUgKGluZGV4KHNwZWMgKyAxLCAqKytmbXQpKTsKLQkJCWlmICgqZm10
 ID09ICcuJyAmJiBpc2RpZ2l0KCorK2ZtdCkpIHsKLQkJCQlwcmVjID0gYXRvaShmbXQpOwotCQkJ
 CXdoaWxlIChpc2RpZ2l0KCorK2ZtdCkpOwotCQkJfQotCQkJc3dpdGNoKCpmbXQpIHsKLQkJCWNh
 c2UgJ2MnOgotCQkJCWJjbnQgKz0gMTsKLQkJCQlicmVhazsKLQkJCWNhc2UgJ2QnOiBjYXNlICdp
 JzogY2FzZSAnbyc6IGNhc2UgJ3UnOgotCQkJY2FzZSAneCc6IGNhc2UgJ1gnOgotCQkJCWJjbnQg
 Kz0gNDsKLQkJCQlicmVhazsKLQkJCWNhc2UgJ2UnOiBjYXNlICdFJzogY2FzZSAnZic6IGNhc2Ug
 J2cnOiBjYXNlICdHJzoKLQkJCQliY250ICs9IDg7Ci0JCQkJYnJlYWs7Ci0JCQljYXNlICdzJzoK
 LQkJCQliY250ICs9IHByZWM7Ci0JCQkJYnJlYWs7Ci0JCQljYXNlICdfJzoKLQkJCQlzd2l0Y2go
 KisrZm10KSB7Ci0JCQkJY2FzZSAnYyc6IGNhc2UgJ3AnOiBjYXNlICd1JzoKLQkJCQkJYmNudCAr
 PSAxOwotCQkJCQlicmVhazsKKworCQliY250ID0gZnUtPmJjbnQ7CisKKwkJaWYgKGJjbnQgPT0g
 MCkgeworCisJCQlmb3IgKHByZWMgPSAwLCBmbXQgPSBmdS0+Zm10OyAqZm10OyArK2ZtdCkgewor
 CisJCQkJaWYgKCpmbXQgPT0gJyUnKSB7CisKKwkJCQkJLyoKKwkJCQkJICogU2tpcCBhbnkgc3Bl
 Y2lhbCBjaGFycyBtaW51cyBgLicuCisJCQkJCSAqIFNhdmUgcHJlY2lzaW9uIGluIGNhc2UgaXQn
 cyBhICVzCisJCQkJCSAqIGZvcm1hdC4KKwkJCQkJICovCisJCQkJCXdoaWxlIChpbmRleChzcGVj
 KzEsICorK2ZtdCkgIT0gTlVMTCkgOworCisJCQkJCWlmICgqZm10ID09ICcuJyAmJiBpc2RpZ2l0
 KCorK2ZtdCkpIHsKKwkJCQkJCXByZWMgPSBzdHJ0b2woZm10LCBOVUxMLCAxMCk7CisJCQkJCQlp
 ZiAocHJlYyA9PSAwKSB7CisJCQkJCQkJZXJyeCgxLCAiQmFkIHByZWNpc2lvbiAiCisJCQkJCQkJ
 CSJ2YWx1ZTogJXMiLAorCQkJCQkJCQlmbXQpOworCQkJCQkJfQorCQkJCQkJd2hpbGUgKGlzZGln
 aXQoKisrZm10KSkgOworCQkJCQl9CisJCQkJCXN3aXRjaCgqZm10KSB7CisJCQkJCWNhc2UgJ2Mn
 OgorCQkJCQkJYmNudCArPSAxOworCQkJCQkJYnJlYWs7CisJCQkJCWNhc2UgJ2QnOiBjYXNlICdp
 JzogY2FzZSAnbyc6IGNhc2UgJ3UnOgorCQkJCQljYXNlICd4JzogY2FzZSAnWCc6CisJCQkJCQli
 Y250ICs9IDQ7CisJCQkJCQlicmVhazsKKwkJCQkJY2FzZSAnZSc6IGNhc2UgJ0UnOiBjYXNlICdm
 JzogY2FzZSAnZyc6CisJCQkJCWNhc2UgJ0cnOgorCQkJCQkJYmNudCArPSA4OworCQkJCQkJYnJl
 YWs7CisJCQkJCWNhc2UgJ3MnOgorCQkJCQkJYmNudCArPSBwcmVjOworCQkJCQkJYnJlYWs7CisJ
 CQkJCWNhc2UgJ18nOgorCQkJCQkJc3dpdGNoKCorK2ZtdCkgeworCQkJCQkJY2FzZSAnYyc6IGNh
 c2UgJ3AnOiBjYXNlICd1JzoKKwkJCQkJCQliY250ICs9IDE7CisJCQkJCQkJYnJlYWs7CisJCQkJ
 CQl9CisKKwkJCQkJfQorCiAJCQkJfQorCiAJCQl9CisKIAkJfQorCiAJCWN1cnNpemUgKz0gYmNu
 dCAqIGZ1LT5yZXBzOworCiAJfQorCiAJcmV0dXJuIChjdXJzaXplKTsKKwogfQogCiB2b2lkCkBA
 IC0zOTYsNyArNDcwLDcgQEAKIAkJCXAxWzBdID0gJ1wwJzsKIAkJCWxlbiA9IHN0cmxlbihmbXRw
 KSArIHN0cmxlbihjcykgKyAxOwogCQkJaWYgKChwci0+Zm10ID0gY2FsbG9jKDEsIGxlbikpID09
 IE5VTEwpCi0JCQkJZXJyKDEsIE5VTEwpOworCQkJCWVycigxLCAiY2FsbG9jIik7CiAJCQlzbnBy
 aW50Zihwci0+Zm10LCBsZW4sICIlcyVzIiwgZm10cCwgY3MpOwogCQkJKnAyID0gc2F2ZWNoOwog
 CQkJcHItPmNjaGFyID0gcHItPmZtdCArIChwMSAtIGZtdHApOwpAQCAtNDI1LDE2ICs0OTksMjAg
 QEAKIAkgKi8KIAlmb3IgKGZ1ID0gZnMtPm5leHRmdTsgZnU7IGZ1ID0gZnUtPm5leHRmdSkgewog
 CQlpZiAoIWZ1LT5uZXh0ZnUgJiYgZnMtPmJjbnQgPCBibG9ja3NpemUgJiYKLQkJICAgICEoZnUt
 PmZsYWdzJkZfU0VUUkVQKSAmJiBmdS0+YmNudCkKKwkJICAgICEoZnUtPmZsYWdzICYgRl9TRVRS
 RVApICYmIGZ1LT5iY250KQogCQkJZnUtPnJlcHMgKz0gKGJsb2Nrc2l6ZSAtIGZzLT5iY250KSAv
 IGZ1LT5iY250OwogCQlpZiAoZnUtPnJlcHMgPiAxKSB7Ci0JCQlmb3IgKHByID0gZnUtPm5leHRw
 cjs7IHByID0gcHItPm5leHRwcikKLQkJCQlpZiAoIXByLT5uZXh0cHIpCi0JCQkJCWJyZWFrOwot
 CQkJZm9yIChwMSA9IHByLT5mbXQsIHAyID0gTlVMTDsgKnAxOyArK3AxKQotCQkJCXAyID0gaXNz
 cGFjZSgqcDEpID8gcDEgOiBOVUxMOwotCQkJaWYgKHAyKQotCQkJCXByLT5ub3NwYWNlID0gcDI7
 CisKKwkJCWZvciAocHIgPSBmdS0+bmV4dHByOyBwciAmJiBwci0+bmV4dHByOyBwciA9IHByLT5u
 ZXh0cHIpIDsKKworCQkJLyogQXZvaWQgYSBOVUxMIHBvaW50ZXIuICovCisJCQlpZiAocHIgIT0g
 TlVMTCkgeworCQkJCWZvciAocDEgPSBwci0+Zm10LCBwMiA9IE5VTEw7ICpwMTsgKytwMSkKKwkJ
 CQkJcDIgPSBpc3NwYWNlKCpwMSkgPyBwMSA6IE5VTEw7CisJCQkJaWYgKHAyKQorCQkJCQlwci0+
 bm9zcGFjZSA9IHAyOworCQkJfQorCiAJCX0KIAl9CiAjaWZkZWYgREVCVUcK
 --001636ed629ff7dff10481b74267--

From: Marc Olzheim <marcolz@stack.nl>
To: Garrett Cooper <yanegomi@gmail.com>
Cc: bug-followup@FreeBSD.org, drj@pobox.com, marcolz@stack.nl,
	Wesley Shields <wxs@freebsd.org>
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Tue, 16 Mar 2010 15:17:44 +0100

 On Sat, Mar 13, 2010 at 03:46:49PM -0800, Garrett Cooper wrote:
 >     Here's a correct patch that I've tested with the negative cases
 > provided before and a limited set of positive unit tests I've
 > generated (which I'll commit to tools/regression once everything's
 > been checked in). It seems correct given my basic unit testing and
 > manual inspection, but I would like if others could please look at it
 > as well and make sure that it doesn't regress behavior.
 
 Hmm, it depends on how you define passing the test... Yes, it does not
 segfault anymore, but it does scan over and print uninitialized data.
 
 The "for (++p1; index(spec, *p1); ++p1);" on line 324 scans over '\0'
 characters, which is should not.
 
 Check for instance:
 hexdump -e '/1 "\\%03o"'
 
 Marc

From: Garrett Cooper <yanegomi@gmail.com>
To: Marc Olzheim <marcolz@stack.nl>
Cc: bug-followup@freebsd.org, drj@pobox.com, Wesley Shields <wxs@freebsd.org>
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Wed, 17 Mar 2010 01:07:18 -0700

 On Tue, Mar 16, 2010 at 7:17 AM, Marc Olzheim <marcolz@stack.nl> wrote:
 > On Sat, Mar 13, 2010 at 03:46:49PM -0800, Garrett Cooper wrote:
 >> =A0 =A0 Here's a correct patch that I've tested with the negative cases
 >> provided before and a limited set of positive unit tests I've
 >> generated (which I'll commit to tools/regression once everything's
 >> been checked in). It seems correct given my basic unit testing and
 >> manual inspection, but I would like if others could please look at it
 >> as well and make sure that it doesn't regress behavior.
 >
 > Hmm, it depends on how you define passing the test... Yes, it does not
 > segfault anymore, but it does scan over and print uninitialized data.
 >
 > The "for (++p1; index(spec, *p1); ++p1);" on line 324 scans over '\0'
 > characters, which is should not.
 >
 > Check for instance:
 > hexdump -e '/1 "\\%03o"'
 
     That's a part of what needs to be resolved in bin/81495 (I have a
 patch attached to that as well -- feel free to join the two together).
     When you combine the changes in those two patches, things work a lot be=
 tter.
     Also about the index(3) item, you would be correct if I was
 printing out stuff in display.c, but this is in fact parse.c which
 works with human input only, and NUL ('\0') terminates strings as per
 printf(3).
 Thanks,
 -Garrett

From: Garrett Cooper <yanegomi@gmail.com>
To: Marc Olzheim <marcolz@stack.nl>
Cc: bug-followup@freebsd.org, drj@pobox.com, Wesley Shields <wxs@freebsd.org>
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Wed, 17 Mar 2010 01:09:25 -0700

 On Wed, Mar 17, 2010 at 1:07 AM, Garrett Cooper <yanegomi@gmail.com> wrote:
 > On Tue, Mar 16, 2010 at 7:17 AM, Marc Olzheim <marcolz@stack.nl> wrote:
 >> On Sat, Mar 13, 2010 at 03:46:49PM -0800, Garrett Cooper wrote:
 >>> =A0 =A0 Here's a correct patch that I've tested with the negative cases
 >>> provided before and a limited set of positive unit tests I've
 >>> generated (which I'll commit to tools/regression once everything's
 >>> been checked in). It seems correct given my basic unit testing and
 >>> manual inspection, but I would like if others could please look at it
 >>> as well and make sure that it doesn't regress behavior.
 >>
 >> Hmm, it depends on how you define passing the test... Yes, it does not
 >> segfault anymore, but it does scan over and print uninitialized data.
 >>
 >> The "for (++p1; index(spec, *p1); ++p1);" on line 324 scans over '\0'
 >> characters, which is should not.
 >>
 >> Check for instance:
 >> hexdump -e '/1 "\\%03o"'
 >
 > =A0 =A0That's a part of what needs to be resolved in bin/81495 (I have a
 > patch attached to that as well -- feel free to join the two together).
 
 Well, bin/81495 and bin/144722 ... bin/144722 most likely applies more
 in this case because this involves improper rewriting for \\.
 
 > =A0 =A0When you combine the changes in those two patches, things work a l=
 ot better.
 > =A0 =A0Also about the index(3) item, you would be correct if I was
 > printing out stuff in display.c, but this is in fact parse.c which
 > works with human input only, and NUL ('\0') terminates strings as per
 > printf(3).
 
 -Garrett

From: Marc Olzheim <marcolz@stack.nl>
To: Garrett Cooper <yanegomi@gmail.com>
Cc: Marc Olzheim <marcolz@stack.nl>, bug-followup@freebsd.org,
	drj@pobox.com, Wesley Shields <wxs@freebsd.org>
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Wed, 17 Mar 2010 09:17:34 +0100

 On Wed, Mar 17, 2010 at 01:07:18AM -0700, Garrett Cooper wrote:
 > > Hmm, it depends on how you define passing the test... Yes, it does not
 > > segfault anymore, but it does scan over and print uninitialized data.
 > >
 > > The "for (++p1; index(spec, *p1); ++p1);" on line 324 scans over '\0'
 > > characters, which is should not.
 > >
 > > Check for instance:
 > > hexdump -e '/1 "\\%03o"'
 > 
 >     That's a part of what needs to be resolved in bin/81495 (I have a
 > patch attached to that as well -- feel free to join the two together).
 >     When you combine the changes in those two patches, things work a lot better.
 >     Also about the index(3) item, you would be correct if I was
 > printing out stuff in display.c, but this is in fact parse.c which
 > works with human input only, and NUL ('\0') terminates strings as per
 > printf(3).
 
 I'm not sure what you mean by the printing part in display.c. badconv()
 ,which is in parse.c, prints out a character pointed to by p1, while p1
 is far (well, a page) beyond what it should be pointing to. In my tests
 it will print
 "hexdump: %�: bad conversion character" when compiled with -O0 and
 '%(' when compiled with -O2, none of which appears in my format string.
 Upon inspecting with gdb i found that the for loop needs to be changed
 to:
 
 for (++p1; *p1 && index(spec, *p1); ++p1)
 
 The index() on line 324 is not the only place it goes wrong; the other
 lines doing index(spec, ...) are incorrect in the same way.
 
 Marc

From: Garrett Cooper <yanegomi@gmail.com>
To: Marc Olzheim <marcolz@stack.nl>
Cc: bug-followup@freebsd.org, drj@pobox.com, Wesley Shields <wxs@freebsd.org>
Subject: Re: bin/45529: [patch] hexdump(1) core-dumps with certain args
Date: Wed, 17 Mar 2010 13:12:15 -0700

 On Wed, Mar 17, 2010 at 1:17 AM, Marc Olzheim <marcolz@stack.nl> wrote:
 > On Wed, Mar 17, 2010 at 01:07:18AM -0700, Garrett Cooper wrote:
 >> > Hmm, it depends on how you define passing the test... Yes, it does not
 >> > segfault anymore, but it does scan over and print uninitialized data.
 >> >
 >> > The "for (++p1; index(spec, *p1); ++p1);" on line 324 scans over '\0'
 >> > characters, which is should not.
 >> >
 >> > Check for instance:
 >> > hexdump -e '/1 "\\%03o"'
 >>
 >> =C2=A0 =C2=A0 That's a part of what needs to be resolved in bin/81495 (I=
  have a
 >> patch attached to that as well -- feel free to join the two together).
 >> =C2=A0 =C2=A0 When you combine the changes in those two patches, things =
 work a lot better.
 >> =C2=A0 =C2=A0 Also about the index(3) item, you would be correct if I wa=
 s
 >> printing out stuff in display.c, but this is in fact parse.c which
 >> works with human input only, and NUL ('\0') terminates strings as per
 >> printf(3).
 >
 > I'm not sure what you mean by the printing part in display.c. badconv()
 > ,which is in parse.c, prints out a character pointed to by p1, while p1
 > is far (well, a page) beyond what it should be pointing to. In my tests
 > it will print
 > "hexdump: %=EF=BF=BD: bad conversion character" when compiled with -O0 an=
 d
 > '%(' when compiled with -O2, none of which appears in my format string.
 > Upon inspecting with gdb i found that the for loop needs to be changed
 > to:
 >
 > for (++p1; *p1 && index(spec, *p1); ++p1)
 >
 > The index() on line 324 is not the only place it goes wrong; the other
 > lines doing index(spec, ...) are incorrect in the same way.
 
 Ok, yes... that's a stupid mistake waiting to happen. I'll fix that
 and respin the diff when I get back home...
 Thanks,
 -Garrett
Responsible-Changed-From-To: gcooper->freebsd-bugs 
Responsible-Changed-By: crees 
Responsible-Changed-When: Mon Jul 2 20:45:10 UTC 2012 
Responsible-Changed-Why:  
gcooper is not a developer 

http://www.freebsd.org/cgi/query-pr.cgi?pr=45529 
>Unformatted:
