Paste of CF_HTML with embedded '\0' crashes browser process |
|||||||||||||||||||
Issue descriptionIMPORTANT: Your crash has already been automatically reported to our crash system. Please file this bug only if you can provide more information about it. Chrome Version: 51.0.2704.22 Operating System: Windows NT 6.1 SP1 URL (if applicable) where crash occurred: https://mail.google.com Can you reproduce this crash? Yes What steps will reproduce this crash? (If it's not reproducible, what were you doing just before the crash?) 1. Visit mail.google.com 2. Begin composing an email response 3. Hit CTRL+V to paste data from the clipboard Data attached as Crashdata.dat; simplest way to get it on the clipboard is probably to load the SAZ file, right-click session and choose "Copy to Clipboard" ****DO NOT CHANGE BELOW THIS LINE**** Crash ID: crash/b619daac00000000
,
May 11 2016
There are '\0' at 0xA6B, 0xAAF, 0AB3-0xAB5, it seems clipboard data is somehow broken. Do we think '\0' makes HTML parser in trouble?
,
Apr 3 2017
Re-tested the issue on latest Stable# 57.0.2987.133 on Windows and could not observe the Crash. @elawrence -- Could you please re-check on latest stable mentioned and provide us the update so that the issue would get further triaging. Thanks in Advance.
,
Apr 21 2017
I continue to crash here in Chrome 60.3076 on Windows. Another repro file attached. Server crash ID: a6635f1190000000
,
Apr 21 2017
Attached is a simpler repro, containing a single null byte; paste the Session into a new mail in GMail and it blows away the latest Canary browser process.
,
Apr 21 2017
This appears not to crash in 32bit Chrome. The reason is that the failing check is: *fragment_end = base::checked_cast<uint32_t>(offsets[1]); In the failing case, the offsets[1] value is 4294967295, which is uint32.max. In 64-bit Chrome, the value is probably uint64.max, which cannot be checked_cast to a 32bit integer.
,
Apr 21 2017
I've confirmed the theory of #6; in the failing case, 64bit Chrome has an offset[1] value of 18446744073709551615, uint64.max.
start_index: 97 html_start:97 end_index: 414 fragment_start: 0 fragment_end: [crashes when assigning 18446744073709551615]
ClipboardWin::ReadHTML calls UTF8ToUTF16AndAdjustOffsets which calls LimitOffset to limit each inbound component to the string "length". Perhaps unintuitively, however, the way LimitOffset works is that if value exceeds the max the value is replaced with npos (-1).
The problem in the failing scenario is that the string "length" is computed by finding the first null byte (position 391) which is before the EndFragment specified in the CF_HTML data (position 414). So we end up with -1 (aka nativeUInt.max) in our endFragment offset and this blows up in the checked cast.
Fixing this is probably pretty trivial, e.g.
markup->assign(base::UTF8ToUTF16AndAdjustOffsets(cf_html.data() + html_start,
&offsets));
*fragment_start = base::checked_cast<uint32_t>(offsets[0]);
+
+ // Ensure EndFragment points within the string, crbug.com/607181
+ size_t endfrag = offsets[1];
+ if (endfrag > markup->length()) endfrag = markup->length();
*fragment_end = base::checked_cast<uint32_t>(endfrag);
,
Apr 21 2017
https://codereview.chromium.org/2834893002
,
Apr 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d2338b606d6536d20975a601c197d3e2ee3cec0e commit d2338b606d6536d20975a601c197d3e2ee3cec0e Author: elawrence <elawrence@chromium.org> Date: Wed Apr 26 16:57:32 2017 Ensure ClipboardWin::ReadHTML does not crash on embedded nulls If the CF_HTML content on the clipboard contains a null byte, a 64-bit browser process would crash when attempting to perform a checked_cast of 0xFFFFFFFFFFFFFFFF (string::npos) to uint32_t. This change avoids the crash by ensuring that the offset remains within the length of the data. BUG= 607181 Review-Url: https://codereview.chromium.org/2834893002 Cr-Commit-Position: refs/heads/master@{#467350} [modify] https://crrev.com/d2338b606d6536d20975a601c197d3e2ee3cec0e/ui/base/clipboard/clipboard_win.cc
,
Apr 26 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/d2338b606d6536d20975a601c197d3e2ee3cec0e commit d2338b606d6536d20975a601c197d3e2ee3cec0e Author: elawrence <elawrence@chromium.org> Date: Wed Apr 26 16:57:32 2017 Ensure ClipboardWin::ReadHTML does not crash on embedded nulls If the CF_HTML content on the clipboard contains a null byte, a 64-bit browser process would crash when attempting to perform a checked_cast of 0xFFFFFFFFFFFFFFFF (string::npos) to uint32_t. This change avoids the crash by ensuring that the offset remains within the length of the data. BUG= 607181 Review-Url: https://codereview.chromium.org/2834893002 Cr-Commit-Position: refs/heads/master@{#467350} [modify] https://crrev.com/d2338b606d6536d20975a601c197d3e2ee3cec0e/ui/base/clipboard/clipboard_win.cc
,
May 1 2017
|
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Apr 27 2016Labels: -Restrict-View-EditIssue
Summary: Chrome crashes on paste of CF_HTML (was: Chrome crashes when data is pasted into Gmail)
Ah. "Crashdata.dat" didn't get attached, but it doesn't matter anyway, because the crash is an assertion failure in the CF_HTML parser. This doesn't appear to be a security issue. 00000000 56 65 72 73 69 6F 6E 3A Version: 00000008 31 2E 30 0D 0A 53 74 61 1.0..Sta 00000010 72 74 48 54 4D 4C 3A 30 rtHTML:0 00000018 30 30 30 30 30 39 37 0D 0000097. 00000020 0A 45 6E 64 48 54 4D 4C .EndHTML 00000028 3A 30 30 30 30 32 37 38 :0000278 00000030 31 0D 0A 53 74 61 72 74 1..Start 00000038 46 72 61 67 6D 65 6E 74 Fragment 00000040 3A 30 30 30 30 30 30 39 :0000009 00000048 37 0D 0A 45 6E 64 46 72 7..EndFr 00000050 61 67 6D 65 6E 74 3A 30 agment:0 00000058 30 30 30 32 37 38 31 0D 0002781. 00000060 0A 3C 48 54 4D 4C 3E 3C .<HTML>< 00000068 48 45 41 44 3E 3C 53 54 HEAD><ST 00000070 59 4C 45 3E 2E 52 45 51 YLE>.REQ 00000078 55 45 53 54 20 7B 20 66 UEST { f 00000080 6F 6E 74 3A 20 38 70 74 ont: 8pt 00000088 20 43 6F 75 72 69 65 72 Courier 00000090 20 4E 65 77 3B 20 63 6F New; co 00000098 6C 6F 72 3A 20 62 6C 75 lor: blu 000000A0 65 3B 7D 20 2E 52 45 53 e;} .RES 000000A8 50 4F 4E 53 45 20 7B 20 PONSE { 000000B0 66 6F 6E 74 3A 20 38 70 font: 8p 000000B8 74 20 43 6F 75 72 69 65 t Courie 000000C0 72 20 4E 65 77 3B 20 63 r New; c 000000C8 6F 6C 6F 72 3A 20 67 72 olor: gr 000000D0 65 65 6E 3B 7D 3C 2F 53 een;}</S 000000D8 54 59 4C 45 3E 3C 2F 48 TYLE></H 000000E0 45 41 44 3E 3C 42 4F 44 EAD><BOD 000000E8 59 3E 3C 73 70 61 6E 20 Y><span 000000F0 63 6C 61 73 73 3D 27 52 class='R 000000F8 45 51 55 45 53 54 27 3E EQUEST'> 00000100 50 4F 53 54 20 68 74 74 POST htt 00000108 70 73 3A 2F 2F 77 77 77 ps://www 00000110 2E 67 6F 6F 67 6C 65 61 .googlea 00000118 70 69 73 2E 63 6F 6D 2F pis.com/ 00000120 67 65 6F 6C 6F 63 61 74 geolocat 00000128 69 6F 6E 2F 76 31 2F 67 ion/v1/g 00000130 65 6F 6C 6F 63 61 74 65 eolocate 00000138 3F 6B 65 79 3D 41 49 7A ?key=AIz 00000140 61 53 79 44 5F 44 72 7A aSyD_Drz 00000148 61 68 65 34 64 42 7A 47 ahe4dBzG 00000150 43 5A 39 41 72 76 6F 77 CZ9Arvow 00000158 43 76 72 50 78 5F 79 46 CvrPx_yF 00000160 72 6C 43 4D 20 48 54 54 rlCM HTT 00000168 50 2F 31 2E 31 3C 62 72 P/1.1<br 00000170 20 2F 3E 48 6F 73 74 3A />Host: 00000178 20 77 77 77 2E 67 6F 6F www.goo 00000180 67 6C 65 61 70 69 73 2E gleapis. 00000188 63 6F 6D 3C 62 72 20 2F com<br / 00000190 3E 55 73 65 72 2D 41 67 >User-Ag 00000198 65 6E 74 3A 20 4D 6F 7A ent: Moz 000001A0 69 6C 6C 61 2F 35 2E 30 illa/5.0 000001A8 20 28 57 69 6E 64 6F 77 (Window 000001B0 73 20 4E 54 20 36 2E 31 s NT 6.1 000001B8 3B 20 57 4F 57 36 34 3B ; WOW64; 000001C0 20 72 76 3A 34 36 2E 30 rv:46.0 000001C8 29 20 47 65 63 6B 6F 2F ) Gecko/ 000001D0 32 30 31 30 30 31 30 31 20100101 000001D8 20 46 69 72 65 66 6F 78 Firefox 000001E0 2F 34 36 2E 30 3C 62 72 /46.0<br 000001E8 20 2F 3E 41 63 63 65 70 />Accep 000001F0 74 3A 20 74 65 78 74 2F t: text/ 000001F8 68 74 6D 6C 2C 61 70 70 html,app 00000200 6C 69 63 61 74 69 6F 6E lication 00000208 2F 78 68 74 6D 6C 2B 78 /xhtml+x 00000210 6D 6C 2C 61 70 70 6C 69 ml,appli 00000218 63 61 74 69 6F 6E 2F 78 cation/x 00000220 6D 6C 3B 71 3D 30 2E 39 ml;q=0.9 00000228 2C 2A 2F 2A 3B 71 3D 30 ,*/*;q=0 00000230 2E 38 3C 62 72 20 2F 3E .8<br /> 00000238 41 63 63 65 70 74 2D 4C Accept-L 00000240 61 6E 67 75 61 67 65 3A anguage: 00000248 20 65 6E 2D 55 53 2C 65 en-US,e 00000250 6E 3B 71 3D 30 2E 35 3C n;q=0.5< 00000258 62 72 20 2F 3E 41 63 63 br />Acc 00000260 65 70 74 2D 45 6E 63 6F ept-Enco 00000268 64 69 6E 67 3A 20 67 7A ding: gz 00000270 69 70 2C 20 64 65 66 6C ip, defl 00000278 61 74 65 2C 20 62 72 3C ate, br< 00000280 62 72 20 2F 3E 43 6F 6E br />Con 00000288 74 65 6E 74 2D 54 79 70 tent-Typ 00000290 65 3A 20 61 70 70 6C 69 e: appli 00000298 63 61 74 69 6F 6E 2F 6A cation/j 000002A0 73 6F 6E 3B 20 63 68 61 son; cha 000002A8 72 73 65 74 3D 55 54 46 rset=UTF 000002B0 2D 38 3C 62 72 20 2F 3E -8<br /> 000002B8 43 6F 6E 74 65 6E 74 2D Content- 000002C0 4C 65 6E 67 74 68 3A 20 Length: 000002C8 32 3C 62 72 20 2F 3E 43 2<br />C 000002D0 6F 6E 6E 65 63 74 69 6F onnectio 000002D8 6E 3A 20 6B 65 65 70 2D n: keep- 000002E0 61 6C 69 76 65 3C 62 72 alive<br 000002E8 20 2F 3E 3C 62 72 20 2F /><br / 000002F0 3E 7B 7D 3C 2F 73 70 61 >{}</spa 000002F8 6E 3E 3C 62 72 20 2F 3E n><br /> 00000300 3C 73 70 61 6E 20 63 6C <span cl 00000308 61 73 73 3D 27 52 45 53 ass='RES 00000310 50 4F 4E 53 45 27 3E 48 PONSE'>H 00000318 54 54 50 2F 31 2E 31 20 TTP/1.1 00000320 32 30 30 20 4F 4B 3C 62 200 OK<b 00000328 72 20 2F 3E 58 2D 47 6F r />X-Go 00000330 6F 67 6C 65 2D 4E 65 74 ogle-Net 00000338 6D 6F 6E 2D 4C 61 62 65 mon-Labe 00000340 6C 3A 20 2F 62 6E 73 2F l: /bns/ 00000348 6F 65 2F 62 6F 72 67 2F oe/borg/ 00000350 6F 65 2F 62 6E 73 2F 61 oe/bns/a 00000358 70 69 73 65 72 76 69 6E piservin 00000360 67 2F 70 72 6F 64 5F 61 g/prod_a 00000368 70 69 5F 66 72 6F 6E 74 pi_front 00000370 65 6E 64 2E 73 65 72 76 end.serv 00000378 65 72 2F 39 3C 62 72 20 er/9<br 00000380 2F 3E 58 2D 47 6F 6F 67 />X-Goog 00000388 6C 65 2D 47 46 45 2D 42 le-GFE-B 00000390 61 63 6B 65 6E 64 2D 52 ackend-R 00000398 65 71 75 65 73 74 2D 49 equest-I 000003A0 6E 66 6F 3A 20 65 69 64 nfo: eid 000003A8 3D 79 39 49 67 56 38 6A =y9IgV8j 000003B0 54 42 75 54 69 38 67 48 TBuTi8gH 000003B8 45 78 59 54 34 43 51 3C ExYT4CQ< 000003C0 62 72 20 2F 3E 43 61 63 br />Cac 000003C8 68 65 2D 43 6F 6E 74 72 he-Contr 000003D0 6F 6C 3A 20 6E 6F 2D 63 ol: no-c 000003D8 61 63 68 65 2C 20 6E 6F ache, no 000003E0 2D 73 74 6F 72 65 2C 20 -store, 000003E8 6D 61 78 2D 61 67 65 3D max-age= 000003F0 30 2C 20 6D 75 73 74 2D 0, must- 000003F8 72 65 76 61 6C 69 64 61 revalida 00000400 74 65 3C 62 72 20 2F 3E te<br /> 00000408 50 72 61 67 6D 61 3A 20 Pragma: 00000410 6E 6F 2D 63 61 63 68 65 no-cache 00000418 3C 62 72 20 2F 3E 45 78 <br />Ex 00000420 70 69 72 65 73 3A 20 4D pires: M 00000428 6F 6E 2C 20 30 31 20 4A on, 01 J 00000430 61 6E 20 31 39 39 30 20 an 1990 00000438 30 30 3A 30 30 3A 30 30 00:00:00 00000440 20 47 4D 54 3C 62 72 20 GMT<br 00000448 2F 3E 44 61 74 65 3A 20 />Date: 00000450 57 65 64 2C 20 32 37 20 Wed, 27 00000458 41 70 72 20 32 30 31 36 Apr 2016 00000460 20 31 34 3A 35 35 3A 30 14:55:0 00000468 37 20 47 4D 54 3C 62 72 7 GMT<br 00000470 20 2F 3E 45 54 61 67 3A />ETag: 00000478 20 26 71 75 6F 74 3B 70 "p 00000480 2D 48 57 70 4E 71 4B 56 -HWpNqKV 00000488 6D 52 61 59 58 74 71 54 mRaYXtqT 00000490 43 34 64 30 4F 4B 57 32 C4d0OKW2 00000498 4F 30 2F 54 4A 6F 79 6E O0/TJoyn 000004A0 5F 5F 75 72 42 66 30 6D __urBf0m 000004A8 46 36 7A 48 2D 34 32 6A F6zH-42j 000004B0 41 7A 72 76 75 6F 26 71 Azrvuo&q 000004B8 75 6F 74 3B 3C 62 72 20 uot;<br 000004C0 2F 3E 56 61 72 79 3A 20 />Vary: 000004C8 4F 72 69 67 69 6E 3C 62 Origin<b 000004D0 72 20 2F 3E 56 61 72 79 r />Vary 000004D8 3A 20 58 2D 4F 72 69 67 : X-Orig 000004E0 69 6E 3C 62 72 20 2F 3E in<br /> 000004E8 58 2D 47 6F 6F 67 6C 65 X-Google 000004F0 2D 53 65 73 73 69 6F 6E -Session 000004F8 2D 49 6E 66 6F 3A 20 47 -Info: G 00000500 67 49 59 42 69 41 42 3C gIYBiAB< 00000508 62 72 20 2F 3E 43 6F 6E br />Con 00000510 74 65 6E 74 2D 54 79 70 tent-Typ 00000518 65 3A 20 61 70 70 6C 69 e: appli 00000520 63 61 74 69 6F 6E 2F 6A cation/j 00000528 73 6F 6E 3B 20 63 68 61 son; cha 00000530 72 73 65 74 3D 55 54 46 rset=UTF 00000538 2D 38 3C 62 72 20 2F 3E -8<br /> 00000540 43 6F 6E 74 65 6E 74 2D Content- 00000548 45 6E 63 6F 64 69 6E 67 Encoding 00000550 3A 20 67 7A 69 70 3C 62 : gzip<b 00000558 72 20 2F 3E 58 2D 43 6F r />X-Co 00000560 6E 74 65 6E 74 2D 54 79 ntent-Ty 00000568 70 65 2D 4F 70 74 69 6F pe-Optio 00000570 6E 73 3A 20 6E 6F 73 6E ns: nosn 00000578 69 66 66 3C 62 72 20 2F iff<br / 00000580 3E 58 2D 46 72 61 6D 65 >X-Frame 00000588 2D 4F 70 74 69 6F 6E 73 -Options 00000590 3A 20 53 41 4D 45 4F 52 : SAMEOR 00000598 49 47 49 4E 3C 62 72 20 IGIN<br 000005A0 2F 3E 58 2D 58 53 53 2D />X-XSS- 000005A8 50 72 6F 74 65 63 74 69 Protecti 000005B0 6F 6E 3A 20 31 3B 20 6D on: 1; m 000005B8 6F 64 65 3D 62 6C 6F 63 ode=bloc 000005C0 6B 3C 62 72 20 2F 3E 53 k<br />S 000005C8 65 72 76 65 72 3A 20 47 erver: G 000005D0 53 45 3C 62 72 20 2F 3E SE<br /> 000005D8 58 2D 47 6F 6F 67 6C 65 X-Google 000005E0 2D 53 65 72 76 65 72 54 -ServerT 000005E8 79 70 65 3A 20 61 70 69 ype: api 000005F0 73 65 72 76 69 6E 67 3C serving< 000005F8 62 72 20 2F 3E 58 2D 47 br />X-G 00000600 6F 6F 67 6C 65 2D 42 61 oogle-Ba 00000608 63 6B 65 6E 64 73 3A 20 ckends: 00000610 69 73 62 62 36 37 3A 39 isbb67:9 00000618 38 33 33 2C 2F 62 6E 73 833,/bns 00000620 2F 6F 65 2F 62 6F 72 67 /oe/borg 00000628 2F 6F 65 2F 62 6E 73 2F /oe/bns/ 00000630 61 70 69 73 65 72 76 69 apiservi 00000638 6E 67 2F 70 72 6F 64 5F ng/prod_ 00000640 61 70 69 5F 66 72 6F 6E api_fron 00000648 74 65 6E 64 2E 73 65 72 tend.ser 00000650 76 65 72 2F 39 2C 61 63 ver/9,ac 00000658 64 66 77 63 31 35 3A 34 dfwc15:4 00000660 34 33 3C 62 72 20 2F 3E 43<br /> 00000668 58 2D 47 6F 6F 67 6C 65 X-Google 00000670 2D 47 46 45 2D 52 65 71 -GFE-Req 00000678 75 65 73 74 2D 54 72 61 uest-Tra 00000680 63 65 3A 20 61 63 64 66 ce: acdf 00000688 77 63 31 35 3A 34 34 33 wc15:443 00000690 2C 2F 62 6E 73 2F 6F 65 ,/bns/oe 00000698 2F 62 6F 72 67 2F 6F 65 /borg/oe 000006A0 2F 62 6E 73 2F 61 70 69 /bns/api 000006A8 73 65 72 76 69 6E 67 2F serving/ 000006B0 70 72 6F 64 5F 61 70 69 prod_api 000006B8 5F 66 72 6F 6E 74 65 6E _fronten 000006C0 64 2E 73 65 72 76 65 72 d.server 000006C8 2F 39 2C 61 63 64 66 77 /9,acdfw 000006D0 63 31 35 3A 34 34 33 3C c15:443< 000006D8 62 72 20 2F 3E 58 2D 47 br />X-G 000006E0 6F 6F 67 6C 65 2D 44 4F oogle-DO 000006E8 53 2D 53 65 72 76 69 63 S-Servic 000006F0 65 2D 54 72 61 63 65 3A e-Trace: 000006F8 20 6D 61 69 6E 3A 61 70 main:ap 00000700 69 73 65 72 76 69 6E 67 iserving 00000708 3C 62 72 20 2F 3E 58 2D <br />X- 00000710 47 6F 6F 67 6C 65 2D 53 Google-S 00000718 65 72 76 69 63 65 3A 20 ervice: 00000720 61 70 69 73 65 72 76 69 apiservi 00000728 6E 67 3C 62 72 20 2F 3E ng<br /> 00000730 58 2D 47 6F 6F 67 6C 65 X-Google 00000738 2D 47 46 45 2D 52 65 73 -GFE-Res 00000740 70 6F 6E 73 65 2D 43 6F ponse-Co 00000748 64 65 2D 44 65 74 61 69 de-Detai 00000750 6C 73 2D 54 72 61 63 65 ls-Trace 00000758 3A 20 72 65 73 70 6F 6E : respon 00000760 73 65 5F 63 6F 64 65 5F se_code_ 00000768 73 65 74 5F 62 79 5F 62 set_by_b 00000770 61 63 6B 65 6E 64 3C 62 ackend<b 00000778 72 20 2F 3E 58 2D 47 6F r />X-Go 00000780 6F 67 6C 65 2D 47 46 45 ogle-GFE 00000788 2D 52 65 73 70 6F 6E 73 -Respons 00000790 65 2D 42 6F 64 79 2D 54 e-Body-T 00000798 72 61 6E 73 66 6F 72 6D ransform 000007A0 61 74 69 6F 6E 73 3A 20 ations: 000007A8 63 68 75 6E 6B 65 64 3C chunked< 000007B0 62 72 20 2F 3E 58 2D 47 br />X-G 000007B8 6F 6F 67 6C 65 2D 53 68 oogle-Sh 000007C0 65 6C 6C 66 69 73 68 2D ellfish- 000007C8 53 74 61 74 75 73 3A 20 Status: 000007D0 43 49 67 43 51 45 59 3C CIgCQEY< 000007D8 62 72 20 2F 3E 41 6C 74 br />Alt 000007E0 65 72 6E 61 74 65 2D 50 ernate-P 000007E8 72 6F 74 6F 63 6F 6C 3A rotocol: 000007F0 20 34 34 33 3A 71 75 69 443:qui 000007F8 63 3C 62 72 20 2F 3E 41 c<br />A 00000800 6C 74 2D 53 76 63 3A 20 lt-Svc: 00000808 71 75 69 63 3D 26 71 75 quic=&qu 00000810 6F 74 3B 3A 34 34 33 26 ot;:443& 00000818 71 75 6F 74 3B 3B 20 6D quot;; m 00000820 61 3D 32 35 39 32 30 30 a=259200 00000828 30 3B 20 76 3D 26 71 75 0; v=&qu 00000830 6F 74 3B 33 32 2C 33 31 ot;32,31 00000838 2C 33 30 2C 32 39 2C 32 ,30,29,2 00000840 38 2C 32 37 2C 32 36 2C 8,27,26, 00000848 32 35 26 71 75 6F 74 3B 25" 00000850 3C 62 72 20 2F 3E 58 2D <br />X- 00000858 47 6F 6F 67 6C 65 2D 47 Google-G 00000860 46 45 2D 53 65 72 76 69 FE-Servi 00000868 63 65 2D 54 72 61 63 65 ce-Trace 00000870 3A 20 61 70 69 73 65 72 : apiser 00000878 76 69 6E 67 3C 62 72 20 ving<br 00000880 2F 3E 54 72 61 6E 73 66 />Transf 00000888 65 72 2D 45 6E 63 6F 64 er-Encod 00000890 69 6E 67 3A 20 63 68 75 ing: chu 00000898 6E 6B 65 64 3C 62 72 20 nked<br 000008A0 2F 3E 3C 62 72 20 2F 3E /><br /> 000008A8 30 30 30 30 30 30 30 31 00000001 000008B0 3C 62 72 20 2F 3E 1F 3C <br />.< 000008B8 62 72 20 2F 3E 30 30 30 br />000 000008C0 30 30 30 30 31 3C 62 72 00001<br 000008C8 20 2F 3E 3F 3C 62 72 20 />?<br 000008D0 2F 3E 30 30 30 30 30 30 />000000 000008D8 30 31 3C 62 72 20 2F 3E 01<br /> 000008E0 08 3C 62 72 20 2F 3E 30 .<br />0 000008E8 30 30 30 30 30 30 31 3C 0000001< 000008F0 62 72 20 2F 3E 00 3C 62 br />.<b 000008F8 72 20 2F 3E 30 30 30 30 r />0000 00000900 30 30 30 31 3C 62 72 20 0001<br 00000908 2F 3E 00 3C 62 72 20 2F />.<br / 00000910 3E 30 30 30 30 30 30 30 >0000000 00000918 31 3C 62 72 20 2F 3E 00 1<br />. 00000920 3C 62 72 20 2F 3E 30 30 <br />00 00000928 30 30 30 30 30 31 3C 62 000001<b 00000930 72 20 2F 3E 00 3C 62 72 r />.<br 00000938 20 2F 3E 30 30 30 30 30 />00000 00000940 30 30 31 3C 62 72 20 2F 001<br / 00000948 3E 00 3C 62 72 20 2F 3E >.<br /> 00000950 30 30 30 30 30 30 30 31 00000001 00000958 3C 62 72 20 2F 3E 00 3C <br />.< 00000960 62 72 20 2F 3E 30 30 30 br />000 00000968 30 30 30 30 31 3C 62 72 00001<br 00000970 20 2F 3E 00 3C 62 72 20 />.<br 00000978 2F 3E 30 30 30 30 30 30 />000000 00000980 30 31 3C 62 72 20 2F 3E 01<br /> 00000988 3F 3C 62 72 20 2F 3E 30 ?<br />0 00000990 30 30 30 30 30 30 31 3C 0000001< 00000998 62 72 20 2F 3E 3F 3C 62 br />?<b 000009A0 72 20 2F 3E 30 30 30 30 r />0000 000009A8 30 30 30 31 3C 62 72 20 0001<br 000009B0 2F 3E 52 3C 62 72 20 2F />R<br / 000009B8 3E 30 30 30 30 30 30 30 >0000000 000009C0 31 3C 62 72 20 2F 3E 50 1<br />P 000009C8 3C 62 72 20 2F 3E 30 30 <br />00 000009D0 30 30 30 30 30 31 3C 62 000001<b 000009D8 72 20 2F 3E 3F 3C 62 72 r />?<br 000009E0 20 2F 3E 30 30 30 30 30 />00000 000009E8 30 30 31 3C 62 72 20 2F 001<br / 000009F0 3E 3F 3C 62 72 20 2F 3E >?<br /> 000009F8 30 30 30 30 30 30 30 31 00000001 00000A00 3C 62 72 20 2F 3E 4F 3C <br />O< 00000A08 62 72 20 2F 3E 30 30 30 br />000 00000A10 30 30 30 30 31 3C 62 72 00001<br 00000A18 20 2F 3E 4E 3C 62 72 20 />N<br 00000A20 2F 3E 30 30 30 30 30 30 />000000 00000A28 30 31 3C 62 72 20 2F 3E 01<br /> 00000A30 2C 3C 62 72 20 2F 3E 30 ,<br />0 00000A38 30 30 30 30 30 30 31 3C 0000001< 00000A40 62 72 20 2F 3E 3F 3C 62 br />?<b 00000A48 72 20 2F 3E 30 30 31 3C r />001< 00000A50 62 72 20 2F 3E 3F 3C 62 br />?<b 00000A58 72 20 2F 3E 34 65 3C 62 r />4e<b 00000A60 72 20 2F 3E 3F 53 3F 52 r />?S?R 00000A68 3F 3F 52 00 3F 13 4B 3F ??R.?.K? 00000A70 4C 63 03 3D 23 73 23 4B Lc.=#s#K 00000A78 23 03 4B 1D 3F 60 5E 3A #.K.?`^: 00000A80 50 50 3F 3F 5C 3F 3F 3F PP??\??? 00000A88 3F 3F 3F 3F 3F 00 0C 3F ?????..? 00000A90 3F 14 6A 3F 3F 4A 3F 3F ?.j??J?? 00000A98 3F 45 3F 3F 40 35 3F 16 ?E??@5?. 00000AA0 06 16 7A 06 5C 3F 5C 00 ..z.\?\. 00000AA8 3F 26 71 75 6F 74 3B 3F ?"? 00000AB0 3F 5C 00 00 00 3C 62 72 ?\...<br 00000AB8 20 2F 3E 30 3C 62 72 20 />0<br 00000AC0 2F 3E 3C 62 72 20 2F 3E /><br /> 00000AC8 3C 2F 73 70 61 6E 3E 3C </span>< 00000AD0 2F 42 4F 44 59 3E 3C 2F /BODY></ 00000AD8 48 54 4D 4C 3E 00 HTML>.