SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Format C (#1602)

Browse Source
This commit is contained in:
Dongjia "toka" Zhang 2023-10-03 13:40:19 +02:00 committed by GitHub
parent a9014a9419
commit fc16b70a65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 172 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fuzzers/baby_fuzzer_swap_differential/common.c
View File

@ -3,9 +3,7 @@
bool both_require(const uint8_t *bytes, size_t len) { bool both_require(const uint8_t *bytes, size_t len) {
if (len >= 1 && bytes[0] == 'a') { if (len >= 1 && bytes[0] == 'a') {
if (len >= 2 && bytes[1] == 'b') { if (len >= 2 && bytes[1] == 'b') {
if (len >= 3 && bytes[2] == 'c') { if (len >= 3 && bytes[2] == 'c') { return ACCEPT; }
return ACCEPT;
}
} }
} }
return REJECT; return REJECT;

4
fuzzers/baby_fuzzer_swap_differential/first.c
View File

@ -2,9 +2,7 @@
bool inspect_first(const uint8_t *bytes, size_t len) { bool inspect_first(const uint8_t *bytes, size_t len) {
if (both_require(bytes, len)) { if (both_require(bytes, len)) {
if (len >= 4 && bytes[3] == 'd') { if (len >= 4 && bytes[3] == 'd') { return ACCEPT; }
return ACCEPT;
}
} }
return REJECT; return REJECT;
} }

4
fuzzers/baby_fuzzer_swap_differential/second.c
View File

@ -2,9 +2,7 @@
bool inspect_second(const uint8_t *bytes, size_t len) { bool inspect_second(const uint8_t *bytes, size_t len) {
if (both_require(bytes, len)) { if (both_require(bytes, len)) {
if (len >= 5 && bytes[4] == 'e') { if (len >= 5 && bytes[4] == 'e') { return ACCEPT; }
return ACCEPT;
}
} }
return REJECT; return REJECT;
} }

4
fuzzers/fuzzbench/fuzz.c
View File

@ -6,9 +6,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size >= 8 && *(uint32_t *)Data == 0xaabbccdd) { abort(); } if (Size >= 8 && *(uint32_t *)Data == 0xaabbccdd) { abort(); }
char buf[8] = {'a', 'b', 'c', 'd'}; char buf[8] = {'a', 'b', 'c', 'd'};
if (memcmp(Data, buf, 4) == 0) { if (memcmp(Data, buf, 4) == 0) { abort(); }
abort();
}
return 0; return 0;
} }

24
fuzzers/fuzzbench/stub_rt.c
View File

@ -1,26 +1,34 @@
#include <stdint.h> #include <stdint.h>
__attribute__ ((weak)) void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { __attribute__((weak)) void __sanitizer_cov_trace_pc_guard_init(uint32_t *start,
uint32_t *stop) {
} }
__attribute__ ((weak)) void __sanitizer_cov_trace_pc_guard(uint32_t *guard) { __attribute__((weak)) void __sanitizer_cov_trace_pc_guard(uint32_t *guard) {
} }
__attribute__ ((weak)) void __cmplog_rtn_hook(uint8_t *ptr1, uint8_t *ptr2) { __attribute__((weak)) void __cmplog_rtn_hook(uint8_t *ptr1, uint8_t *ptr2) {
} }
__attribute__ ((weak)) void __cmplog_rtn_gcc_stdstring_cstring(uint8_t *stdstring, uint8_t *cstring) { __attribute__((weak)) void __cmplog_rtn_gcc_stdstring_cstring(
uint8_t *stdstring, uint8_t *cstring) {
} }
__attribute__ ((weak)) void __cmplog_rtn_gcc_stdstring_stdstring(uint8_t *stdstring1, uint8_t *stdstring2) { __attribute__((weak)) void __cmplog_rtn_gcc_stdstring_stdstring(
uint8_t *stdstring1, uint8_t *stdstring2) {
} }
__attribute__ ((weak)) void __cmplog_rtn_llvm_stdstring_cstring(uint8_t *stdstring, uint8_t *cstring) { __attribute__((weak)) void __cmplog_rtn_llvm_stdstring_cstring(
uint8_t *stdstring, uint8_t *cstring) {
} }
__attribute__ ((weak)) void __cmplog_rtn_llvm_stdstring_stdstring(uint8_t *stdstring1, uint8_t *stdstring2) { __attribute__((weak)) void __cmplog_rtn_llvm_stdstring_stdstring(
uint8_t *stdstring1, uint8_t *stdstring2) {
} }
extern void libafl_main(void); extern void libafl_main(void);
int main(int argc, char **argv) { libafl_main(); return 0; } int main(int argc, char **argv) {
libafl_main();
return 0;
}

10
fuzzers/libfuzzer_stb_image/harness.c
View File

@ -12,16 +12,16 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
int x, y, channels; int x, y, channels;
if (!stbi_info_from_memory(data, size, &x, &y, &channels)) {return 0;} if (!stbi_info_from_memory(data, size, &x, &y, &channels)) { return 0; }
/* exit if the image is larger than ~80MB */ /* exit if the image is larger than ~80MB */
if (y && x > (80000000 / 4) / y){ return 0;} if (y && x > (80000000 / 4) / y) { return 0; }
unsigned char *img = stbi_load_from_memory(data, size, &x, &y, &channels, 4); unsigned char *img = stbi_load_from_memory(data, size, &x, &y, &channels, 4);
free(img); free(img);
// if (x > 10000) free(img); // free crash // if (x > 10000) free(img); // free crash
// if (x > 10000) {free(img);} // free crash // if (x > 10000) {free(img);} // free crash

43
fuzzers/qemu_systemmode/example/main.c
View File

@ -1,37 +1,30 @@
int BREAKPOINT() { int BREAKPOINT() {
for (;;) for (;;) {}
{
}
} }
int LLVMFuzzerTestOneInput(unsigned int* Data, unsigned int Size) { int LLVMFuzzerTestOneInput(unsigned int *Data, unsigned int Size) {
//if (Data[3] == 0) {while(1){}} // cause a timeout // if (Data[3] == 0) {while(1){}} // cause a timeout
for (int i=0; i<Size; i++) { for (int i = 0; i < Size; i++) {
//if (Data[i] > 0xFFd0 && Data[i] < 0xFFFF) {return 1;} // cause qemu to crash // if (Data[i] > 0xFFd0 && Data[i] < 0xFFFF) {return 1;} // cause qemu to
for (int j=i+1; j<Size; j++) { // crash
if (Data[j] == 0) {continue;} for (int j = i + 1; j < Size; j++) {
if (Data[j]>Data[i]) { if (Data[j] == 0) { continue; }
if (Data[j] > Data[i]) {
int tmp = Data[i]; int tmp = Data[i];
Data[i]=Data[j]; Data[i] = Data[j];
Data[j]=tmp; Data[j] = tmp;
if (Data[i] <= 100) {j--;} if (Data[i] <= 100) { j--; }
} }
} }
} }
return BREAKPOINT(); return BREAKPOINT();
} }
unsigned int FUZZ_INPUT[] = { unsigned int FUZZ_INPUT[] = {
101,201,700,230,860, 101, 201, 700, 230, 860, 234, 980, 200, 340, 678, 230, 134, 900,
234,980,200,340,678, 236, 900, 123, 800, 123, 658, 607, 246, 804, 567, 568, 207, 407,
230,134,900,236,900, 246, 678, 457, 892, 834, 456, 878, 246, 699, 854, 234, 844, 290,
123,800,123,658,607, 125, 324, 560, 852, 928, 910, 790, 853, 345, 234, 586,
246,804,567,568,207, };
407,246,678,457,892,
834,456,878,246,699,
854,234,844,290,125,
324,560,852,928,910,
790,853,345,234,586,
};
int main() { int main() {
LLVMFuzzerTestOneInput(FUZZ_INPUT, 50); LLVMFuzzerTestOneInput(FUZZ_INPUT, 50);

161
fuzzers/qemu_systemmode/example/startup.c
View File

@ -2,22 +2,23 @@
* FreeRTOS V202112.00 * FreeRTOS V202112.00
* Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. * Copyright (C) 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy of * Permission is hereby granted, free of charge, to any person obtaining a copy
* this software and associated documentation files (the "Software"), to deal in * of this software and associated documentation files (the "Software"), to deal
* the Software without restriction, including without limitation the rights to * in the Software without restriction, including without limitation the rights
* use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* the Software, and to permit persons to whom the Software is furnished to do so, * copies of the Software, and to permit persons to whom the Software is
* subject to the following conditions: * furnished to do so, subject to the following conditions:
* *
* The above copyright notice and this permission notice shall be included in all * The above copyright notice and this permission notice shall be included in
* copies or substantial portions of the Software. * all copies or substantial portions of the Software.
* *
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
* *
* https://www.FreeRTOS.org * https://www.FreeRTOS.org
* https://github.com/FreeRTOS * https://github.com/FreeRTOS
@ -31,84 +32,76 @@ extern int main();
extern uint32_t _estack, _sidata, _sdata, _edata, _sbss, _ebss; extern uint32_t _estack, _sidata, _sdata, _edata, _sbss, _ebss;
/* Prevent optimization so gcc does not replace code with memcpy */ /* Prevent optimization so gcc does not replace code with memcpy */
__attribute__( ( optimize( "O0" ) ) ) __attribute__((optimize("O0"))) __attribute__((naked)) void Reset_Handler(
__attribute__( ( naked ) ) void) {
void Reset_Handler( void ) /* set stack pointer */
{ __asm volatile("ldr r0, =_estack");
/* set stack pointer */ __asm volatile("mov sp, r0");
__asm volatile ( "ldr r0, =_estack" );
__asm volatile ( "mov sp, r0" );
/* copy .data section from flash to RAM */ /* copy .data section from flash to RAM */
// Not needed for this example, see linker script // Not needed for this example, see linker script
// for( uint32_t * src = &_sidata, * dest = &_sdata; dest < &_edata; ) // for( uint32_t * src = &_sidata, * dest = &_sdata; dest < &_edata; )
// { // {
// *dest++ = *src++; // *dest++ = *src++;
// } // }
/* zero out .bss section */ /* zero out .bss section */
for( uint32_t * dest = &_sbss; dest < &_ebss; ) for (uint32_t *dest = &_sbss; dest < &_ebss;) {
{ *dest++ = 0;
*dest++ = 0; }
}
/* jump to board initialisation */ /* jump to board initialisation */
void _start( void ); void _start(void);
_start(); _start();
} }
const uint32_t * isr_vector[] __attribute__( ( section( ".isr_vector" ) ) ) = const uint32_t *isr_vector[] __attribute__((section(".isr_vector"))) = {
{ (uint32_t *)&_estack,
( uint32_t * ) &_estack, (uint32_t *)&Reset_Handler, /* Reset -15 */
( uint32_t * ) &Reset_Handler, /* Reset -15 */ 0, /* NMI_Handler -14 */
0, /* NMI_Handler -14 */ 0, /* HardFault_Handler -13 */
0, /* HardFault_Handler -13 */ 0, /* MemManage_Handler -12 */
0, /* MemManage_Handler -12 */ 0, /* BusFault_Handler -11 */
0, /* BusFault_Handler -11 */ 0, /* UsageFault_Handler -10 */
0, /* UsageFault_Handler -10 */ 0, /* reserved */
0, /* reserved */ 0, /* reserved */
0, /* reserved */ 0, /* reserved */
0, /* reserved */ 0, /* reserved -6 */
0, /* reserved -6 */ 0, /* SVC_Handler -5 */
0, /* SVC_Handler -5 */ 0, /* DebugMon_Handler -4 */
0, /* DebugMon_Handler -4 */ 0, /* reserved */
0, /* reserved */ 0, /* PendSV handler -2 */
0, /* PendSV handler -2 */ 0, /* SysTick_Handler -1 */
0, /* SysTick_Handler -1 */ 0, /* uart0 receive 0 */
0, /* uart0 receive 0 */ 0, /* uart0 transmit */
0, /* uart0 transmit */ 0, /* uart1 receive */
0, /* uart1 receive */ 0, /* uart1 transmit */
0, /* uart1 transmit */ 0, /* uart 2 receive */
0, /* uart 2 receive */ 0, /* uart 2 transmit */
0, /* uart 2 transmit */ 0, /* GPIO 0 combined interrupt */
0, /* GPIO 0 combined interrupt */ 0, /* GPIO 2 combined interrupt */
0, /* GPIO 2 combined interrupt */ 0, /* Timer 0 */
0, /* Timer 0 */ 0, /* Timer 1 */
0, /* Timer 1 */ 0, /* Dial Timer */
0, /* Dial Timer */ 0, /* SPI0 SPI1 */
0, /* SPI0 SPI1 */ 0, /* uart overflow 1, 2,3 */
0, /* uart overflow 1, 2,3 */ 0, /* Ethernet 13 */
0, /* Ethernet 13 */
}; };
__attribute__( ( naked ) ) void exit(__attribute__((unused)) int status ) __attribute__((naked)) void exit(__attribute__((unused)) int status) {
{ /* Force qemu to exit using ARM Semihosting */
/* Force qemu to exit using ARM Semihosting */ __asm volatile(
__asm volatile ( "mov r1, r0\n"
"mov r1, r0\n" "cmp r1, #0\n"
"cmp r1, #0\n" "bne .notclean\n"
"bne .notclean\n" "ldr r1, =0x20026\n" /* ADP_Stopped_ApplicationExit, a clean exit */
"ldr r1, =0x20026\n" /* ADP_Stopped_ApplicationExit, a clean exit */ ".notclean:\n"
".notclean:\n" "movs r0, #0x18\n" /* SYS_EXIT */
"movs r0, #0x18\n" /* SYS_EXIT */ "bkpt 0xab\n"
"bkpt 0xab\n" "end: b end\n");
"end: b end\n"
);
} }
void _start( void ) void _start(void) {
{ main();
main( ); exit(0);
exit( 0 );
} }

70
fuzzers/tutorial/target.c
View File

@ -15,57 +15,53 @@ typedef enum _packet_type {
#pragma pack(1) #pragma pack(1)
typedef struct _packet_data { typedef struct _packet_data {
packet_type type; packet_type type;
uint64_t offset; uint64_t offset;
uint64_t length; uint64_t length;
char data[0]; char data[0];
} packet_data; } packet_data;
int LLVMFuzzerTestOneInput(const uint8_t *packet_buffer, size_t packet_length) { int LLVMFuzzerTestOneInput(const uint8_t *packet_buffer, size_t packet_length) {
ssize_t saved_data_length = 0; ssize_t saved_data_length = 0;
char* saved_data = NULL; char *saved_data = NULL;
int err = 0; int err = 0;
packet_data* datagram = NULL; packet_data *datagram = NULL;
if (packet_length < sizeof(packet_data) || packet_length > MAX_PACKET_SIZE) { if (packet_length < sizeof(packet_data) || packet_length > MAX_PACKET_SIZE) {
return 1; return 1;
} }
datagram = (packet_data*)packet_buffer; datagram = (packet_data *)packet_buffer;
switch (datagram->type) { switch (datagram->type) {
case data_read: case data_read:
if (saved_data != NULL && datagram->offset + datagram->length <= saved_data_length) { if (saved_data != NULL &&
write(0, packet_buffer + datagram->offset, datagram->length); datagram->offset + datagram->length <= saved_data_length) {
} write(0, packet_buffer + datagram->offset, datagram->length);
break; }
break;
case data_write: case data_write:
// NOTE: Who cares about checking the offset? Nobody would ever provide bad data // NOTE: Who cares about checking the offset? Nobody would ever provide
if (saved_data != NULL && datagram->length <= saved_data_length) { // bad data
memcpy(saved_data + datagram->offset, datagram->data, datagram->length); if (saved_data != NULL && datagram->length <= saved_data_length) {
} memcpy(saved_data + datagram->offset, datagram->data, datagram->length);
break; }
break;
case data_reset: case data_reset:
if (datagram->length > packet_length - sizeof(*datagram)) { if (datagram->length > packet_length - sizeof(*datagram)) { return 1; }
if (saved_data != NULL) { free(saved_data); }
saved_data = malloc(datagram->length);
saved_data_length = datagram->length;
memcpy(saved_data, datagram->data, datagram->length);
break;
default:
return 1; return 1;
}
if (saved_data != NULL) {
free(saved_data);
}
saved_data = malloc(datagram->length);
saved_data_length = datagram->length;
memcpy(saved_data, datagram->data, datagram->length);
break;
default:
return 1;
} }
return 0; return 0;
} }

16
libafl_targets/src/cmplog.c
View File

@ -165,13 +165,14 @@ void __cmplog_rtn_hook_str(const uint8_t *ptr1, uint8_t *ptr2) {
if (!libafl_cmplog_enabled) { return; } if (!libafl_cmplog_enabled) { return; }
if (unlikely(!ptr1 || !ptr2)) return; if (unlikely(!ptr1 || !ptr2)) return;
// these strnlen could indeed fail. but if it fails here it will sigsegv in the following hooked function call anyways // these strnlen could indeed fail. but if it fails here it will sigsegv in
// the following hooked function call anyways
int len1 = strnlen(ptr1, 30) + 1; int len1 = strnlen(ptr1, 30) + 1;
int len2 = strnlen(ptr2, 30) + 1; int len2 = strnlen(ptr2, 30) + 1;
int l = MAX(len1, len2); int l = MAX(len1, len2);
l = MIN(l, area_is_valid(ptr1, l + 1)); // can we really access it? check l = MIN(l, area_is_valid(ptr1, l + 1)); // can we really access it? check
l = MIN(l, area_is_valid(ptr2, l + 1)); // can we really access it? check l = MIN(l, area_is_valid(ptr2, l + 1)); // can we really access it? check
if (l < 2) return; if (l < 2) return;
@ -188,14 +189,15 @@ void __cmplog_rtn_hook_strn(uint8_t *ptr1, uint8_t *ptr2, uint64_t len) {
if (!libafl_cmplog_enabled) { return; } if (!libafl_cmplog_enabled) { return; }
if (unlikely(!ptr1 || !ptr2)) return; if (unlikely(!ptr1 || !ptr2)) return;
int len0 = MIN(len, 31); // cap by 31 int len0 = MIN(len, 31); // cap by 31
// these strnlen could indeed fail. but if it fails here it will sigsegv in the following hooked function call anyways // these strnlen could indeed fail. but if it fails here it will sigsegv in
// the following hooked function call anyways
int len1 = strnlen(ptr1, len0); int len1 = strnlen(ptr1, len0);
int len2 = strnlen(ptr2, len0); int len2 = strnlen(ptr2, len0);
int l = MAX(len1, len2); int l = MAX(len1, len2);
l = MIN(l, area_is_valid(ptr1, l + 1)); // can we really access it? check l = MIN(l, area_is_valid(ptr1, l + 1)); // can we really access it? check
l = MIN(l, area_is_valid(ptr2, l + 1)); // can we really access it? check l = MIN(l, area_is_valid(ptr2, l + 1)); // can we really access it? check
if (l < 2) return; if (l < 2) return;

6
libafl_targets/src/common.c
View File

@ -3,7 +3,7 @@
#ifdef DEFAULT_SANITIZERS_OPTIONS #ifdef DEFAULT_SANITIZERS_OPTIONS
// TODO MSan and LSan. however they don't support abort_on_error // TODO MSan and LSan. however they don't support abort_on_error
const char* __asan_default_options() { const char *__asan_default_options() {
return "abort_on_error=1:detect_leaks=0:" return "abort_on_error=1:detect_leaks=0:"
"malloc_context_size=0:symbolize=0:" "malloc_context_size=0:symbolize=0:"
"allocator_may_return_null=1:" "allocator_may_return_null=1:"
@ -12,7 +12,7 @@ const char* __asan_default_options() {
"handle_sigfpe=0:handle_sigill=0"; "handle_sigfpe=0:handle_sigill=0";
} }
const char* __ubsan_default_options() { const char *__ubsan_default_options() {
return "abort_on_error=1:" return "abort_on_error=1:"
"allocator_release_to_os_interval_ms=500:" "allocator_release_to_os_interval_ms=500:"
"handle_abort=0:handle_segv=0:" "handle_abort=0:handle_segv=0:"
@ -20,4 +20,4 @@ const char* __ubsan_default_options() {
"handle_sigill=0:print_stacktrace=0:" "handle_sigill=0:print_stacktrace=0:"
"symbolize=0:symbolize_inline_frames=0"; "symbolize=0:symbolize_inline_frames=0";
} }
#endif // DEFAULT_SANITIZERS_OPTIONS #endif // DEFAULT_SANITIZERS_OPTIONS

6
libafl_targets/src/libfuzzer.c
View File

@ -33,11 +33,11 @@ EXT_FUNC_IMPL(main, int, (int argc, char **argv), false) {
libafl_main(); libafl_main();
return 0; return 0;
} }
#ifdef FUZZER_DEFINE_RUN_DRIVER #ifdef FUZZER_DEFINE_RUN_DRIVER
return LLVMFuzzerRunDriver(&argc, &argv, &LLVMFuzzerTestOneInput); return LLVMFuzzerRunDriver(&argc, &argv, &LLVMFuzzerTestOneInput);
#else #else
return 0; return 0;
#endif #endif
} }
#if defined(_WIN32) #if defined(_WIN32)

6
libafl_targets/src/sancov_cmp.c
View File

@ -143,7 +143,8 @@ void __sanitizer_weak_hook_strncmp(void *called_pc, const char *s1,
if (s1[actual_len] == 0 || s2[actual_len] == 0) { break; } if (s1[actual_len] == 0 || s2[actual_len] == 0) { break; }
} }
__libafl_targets_cmplog_routines_len(k, (const uint8_t *) s1, (const uint8_t *) s2, actual_len); __libafl_targets_cmplog_routines_len(k, (const uint8_t *)s1,
(const uint8_t *)s2, actual_len);
} }
} }
@ -164,7 +165,8 @@ void __sanitizer_weak_hook_strcmp(void *called_pc, const char *s1,
if (s1[actual_len] == 0 || s2[actual_len] == 0) { break; } if (s1[actual_len] == 0 || s2[actual_len] == 0) { break; }
} }
__libafl_targets_cmplog_routines_len(k, (const uint8_t *) s1, (const uint8_t *) s2, actual_len); __libafl_targets_cmplog_routines_len(k, (const uint8_t *)s1,
(const uint8_t *)s2, actual_len);
} }
} }