From c2dd59c25da7532df4b4e75d853510a4a11724bf Mon Sep 17 00:00:00 2001
From: Danil Chapovalov <danilchap@webrtc.org>
Date: Tue, 6 Feb 2018 11:29:35 +0100
Subject: [PATCH] Skip oversized rtp header extension when parsing Rtp Packet.

Rtp Packets in webrtc expected to be less that 1500,
i.e. way less that 2^16 bytes for extensions block.
This CL explicitly discards longer extension.

Bug: chromium:809046
Change-Id: Ibed33b51bafc3fd4804ec135f66110c6d2796734
Reviewed-on: https://webrtc-review.googlesource.com/48061
Commit-Queue: Danil Chapovalov <danilchap@webrtc.org>
Reviewed-by: Alex Loiko <aleloi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21910}
---
 modules/rtp_rtcp/source/rtp_packet.cc |  14 +++++++++-----
 test/fuzzers/corpora/rtp-corpus/rtp-5 | Bin 0 -> 261774 bytes
 2 files changed, 9 insertions(+), 5 deletions(-)
 create mode 100644 test/fuzzers/corpora/rtp-corpus/rtp-5

diff --git a/modules/rtp_rtcp/source/rtp_packet.cc b/modules/rtp_rtcp/source/rtp_packet.cc
index f2a9709ca4..dec797d686 100644
--- a/modules/rtp_rtcp/source/rtp_packet.cc
+++ b/modules/rtp_rtcp/source/rtp_packet.cc
@@ -499,11 +499,15 @@ bool RtpPacket::ParseBuffer(const uint8_t* buffer, size_t size) {
               << "Duplicate rtp header extension id " << id << ". Overwriting.";
         }
 
-        extensions_size_ += kOneByteHeaderSize;
-        extension_entries_[idx].offset =
-            rtc::dchecked_cast<uint16_t>(extension_offset + extensions_size_);
-        extension_entries_[idx].length = rtc::dchecked_cast<uint16_t>(length);
-        extensions_size_ += length;
+        size_t offset =
+            extension_offset + extensions_size_ + kOneByteHeaderSize;
+        if (!rtc::IsValueInRangeForNumericType<uint16_t>(offset)) {
+          RTC_DLOG(LS_WARNING) << "Oversized rtp header extension.";
+          break;
+        }
+        extension_entries_[idx].offset = static_cast<uint16_t>(offset);
+        extension_entries_[idx].length = length;
+        extensions_size_ += kOneByteHeaderSize + length;
       }
     }
     payload_offset_ = extension_offset + extensions_capacity;
diff --git a/test/fuzzers/corpora/rtp-corpus/rtp-5 b/test/fuzzers/corpora/rtp-corpus/rtp-5
new file mode 100644
index 0000000000000000000000000000000000000000..7dd663200723a7a0f5ae26c976515321edc32a97
GIT binary patch
literal 261774
zcmeI5U1%Ifw#R#7D>&iCJ5GY*`!-`j#v_dGNVa6f!)``eSii~g(-Kg8^)c2}2-#6S
zE;nyi$%aLV1#aJUz)!Zo7h?9sZ4*dBz>&RAhCBrJCB*pSF%W|H;(#7Z(zmL6KB{|8
zb=PUv#N+s1K{Hk7oa(9movMFzkF2y`b(g2=6O*Ol%u;#q@=gD&EOWE7uXsvvMg5Xj
z4=k17Rr@mk^J8xH`U&ry%Qv03*Gu9p=Qz&5<Yd?*IDGi>zmC&vRYnes)L$H5oD(q@
z!nix12JZvn^~()eJ?(8hemCa~Ro(xdDosw*D|u1M^2Mu(;(4_R@#fSDg~DLLZx+#r
zmSW-9$oPQ+^CP1NM(4&V`zw|2<>$_g4(}VQ-;pC-oEuvlUi^=R1C{alWBd2LI6Shy
z`MLk4e(uHagPq`$<p4w(O8V$xK^)!la`WzT$T2v-BZo)Fj#Wp-$B&JRG3^?g8yg*s
zj$|<y$wD}ipik$;acWNEVAa`vBPe@r?A&(QxmlZ@K9xT|J6&9O$vfrFE$7zXniqX;
zZMu!zz^%=Oo4a>tqx`W*&XtYwmtl?^nXYZ}WMmP{Mip+gwa^isrB@S_9$1;X|1y97
zhlm_uThNkorw>bHq}dv_d4-g+jV02{_P~(H2;S5Nc%>qW1b|lrM`{B?k!3?k#hM-f
zVNGYGMu3+}BfV~$7lZ;rk%a)SPx`!0jj%oOaYd1eJQ4t*;7xh(0<SCtczq&EG+V>A
zuwvr#QV3q)m4yJWPd06c^ny_EkoP7!l9Fr<+lj=bG%pX}#p4w&Bwimf8WW$yqBVk-
z77ghDFA|H^Xqy*=BFi<0Ha+GJ+lj;uY0h3of)|e$gaSg5g#fP)Z%&fY5LOb4)@Yj-
zgn~Ea!3(^y5a9LEE`M_ego1~>H__(#(ni`&Brc`3s7VKSkyy0Ga3N{k<_=7Jb5=4E
zyueGli}BEq(YEIoghHFG1P7TKp3!z9u|x9sgBOn%gd#x?v@RZFG8#fbV$mAGON)kd
z*yaVH(5gX#gG>$2XgiVEA$k14i^mH>k)Q`!7mqO+4WS^hXpP{dMMFAl^MX)l)gZw^
zriN#<ok;AEJpSFhc>R@Vq*8%lPz5goNJ>bb@+u_=WOkQw-dU@*d4(sFbu>yp+XL&?
zu<YEe_f*b1YZbhB<iP8}@`6xgQ4wCw$Y@M_5{uRdURpGy!!|Dn1%x6C0bU<+D)WrC
zCqAxNdHf+1yeSV};FW~{uMckxlhL+?6%(JALhu5wEChIc$feISLMV91dlSve85wOm
zk+_s5F>8(BrA0$J!i7Y-ct%Wo@Y1R>4-FZO`9)&U8g27}P-tg&f<v1gbBFCjVuv(m
zFC)Q=#|uJ{pa)tPk1-hyp&+qnjo_t4Lpp5pf>3DHAi+VVhG(>$NbHb2{@}&q1))gL
z1Feh4n2d%{kXW=v@Y13o9kzKvD70#j;2=}OGulohc1Rw7@Z#};P$cMq*2QB?Mnfn_
zELtOYY0;1l+q@tYS~W;;kg4GrZ6^{tB#%FM@pwTf67)dp;xQ(pyM@AEc9*B>6O*Ol
z%u;#q@=a$Ysa)()S=p2HsSmA>PUZcd&cEEpA>O@@zAK#*BBvM6*gY9}{o~P4;W&}x
zHh3lTiF?DzAGc;`W8(9mffsmncAi*`hlY%{J-;9nu^bsS$<*+SwiAgRlE)vsc)TDK
zM#>Ni;xQ(pArvGQtr5JmXh?@`UJ#0y1{gKT)bNb96Nw#?#~-|SydV@t$`A|UF(#uS
z6eJd{5xlf$NQZ4+eI^v8_DMtW+bE1G;AMoV9Ryx&6h@Uk6N=85k;o1UlNxxLQ0l~h
zSBHg34MGvSt1xPskWGoPeQAh^p8`DQ2Co>9lqQ72NEu>5DNs$^5DF7Yofz=yurR4v
z<pq_934l@4BuyzXR<kHR3)^D~@R%FCVn9-w5DFt@hy|rUHE}~IOel3?z^lW;q-L8J
zgd(N^Mop7UrNr1yBzDLY;4wFN#ek$VArwZ+5DQ9yYT|}am{97(fLDiwNzFDd2t`Z-
zjG88yN{O+ZNRu5hWk`hE<ful(dJ#m7mus?}h43`FqafmK4-APUASal>D*+DS0xtqe
zf+?#|yw-J0C`A{NL<4vw;^}gNR~M2*gKb_}m7;5qwg(2u??Rkt0Ix(mT~6@oLXv2J
zP=o|{uZc*_oDfzsPOT{LYLPH|x6KPe!IKE^0<SCtczw*YATbI;!9(7g=)@G6Ic+Br
zm(ph3TT#DqUbd%KxQ<%z?&IC|z<%X<oC7c3WCO1U%L_u0<&uM!Gcp<zpTwdyf|nKz
z>9EZULII)3LV(wYoXR|-?TL>oRvv!{1#ilO7kFhM!0W?X!(_B=Va3Gfr4YQpD+>W$
zA9CsQj1USQ^4>)Aaz;kmP9!d+Nz7U!cxlm)j&LE7E}jt+AH1}x%tJ#)V}6lXv_{*!
zAQal!o#4=>$J}8%k=P;4*~>`q;_-q|B<O+G#bZoHLnufrS|fOA(U1<?ydV@>HArxf
zso@!IClWg(k3V?vctI!<^g!$4F(#uS6eJd{5xlf$NQZ4+5DKjtBsj>_@Qk(-i5-&1
zAG~<HAQTCDpmp&WlhF_g5{uRdURpGy!!|Dng;os`9As*EM%#(R4$0#WUOZk9iUd8-
zx_FGqXb1&~MQa2vEgI5cn-_#as|E=UGBrG-?L=aS<naeD9xn(*f*xpHJjP@+go4DP
zHG-EG4e7AW3qqk)g9Hbe8lKU1BC$jA_=6XZ7la}~540{GV=@{-L1NJw!ApyVblBzv
zq0p*9f`d#A&uBZ5*dclR!HdTWLXn^cS{IKo84aNzv1pCprA0$JZ1aLpXw@LWL8gXh
zw4F%okUak2#p4B`NYDeVi^rIZhER}Lv_|mKq9Gl&c|j<&YLMU{Q^PabP9%0n9)IxS
z@q$n!=z-S7V@yUvC`c@d(Id-e-g(mAGFCjdRTb|e!}|~HAKy2&|3F~;o8me@bT%xL
z&G)lsPqb@Y71dQexxBren=Jj?j4#SkdGPX0XG`Vow6pS+o6B!0l$4WbRsXeB`SrZt
zU0?ZM-Ptrbf2Q!(RkI~jyEH?G?!%(9qY{LLlj48WF4f2+8dkzCs$pI^(h3{BJ7-K{
z-E_-tf1s0i|BK4Z3TIDSl{yNfN>9fc)Kpg%Rm#q-k9&UE^RYcrdv}V`nz;#`3{24D
z){4%ud~s2sn^)N`Dxk-`kWT2anMVGSQMz>lJ%%1fGyvDf5gfmU2K4xsR9dsoO48%j
z_f#!qGJa3Jqzpb4-&Z_Li@GoM*Z?3z$4m%*$*3gJ>G&!^6<?C#n|^YcHz!IDcM*I^
zN`k*XBlP%}R9bu%2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xBoKJgDI|E|0s#;R
z2^jri1b-)JgsB|_UTqXc74R~`)DB`S-F6?c@<{z{21$Tt1TXN?UODj4kkPj17lcBa
ztpo>|8YAQ2Wp{b1K5@15j1&H)bFtvB{CQ<%<*8lg&iTIM-|?I6f_Zs93_V2msJ>q)
zd`G)f>zQ2G+N~O=>djWMkaL{Qzhd*eBZo)Fj#Wp-$B!MD9~s>>Ha9jpx^Jw0M}#?x
zb7PCci;D{fD&zAD`}e&#JhETyD(a3?a~cP$&h{I!e7onywTgSfsWu)j`OXVF4~oA4
z-x29?TeL34e%8H@f|#A#E;~1C)6=K&=Vzyj;a?QX*Du7+!b{#M_tl`|CGYdO<=pyP
z^P+WY({1DiZf!Q)+`U5^<&WQ9FJ0Lve<|MH5g#pow$*APP84ze!!07B;f)+E)Yd|0
zEhwH0l%F^3z3PcXz9)V%6!}?XNjz3~B4X^~6n>K9ej;{^N~|3;i_K$tp1<mric`yz
z^_huqI_8|B;~33keh{^whJt@pJ+WK(=)eB&`WQLEGL~DL-kZ65e+UyUX>AEpC|;*)
zCo>+D>J}_v%8_QvJi>ged=Y71$UBjCK0g?1CpC8j&fg@2e65tUQ;hp7CAV>XU}K~F
z^6@`@Ba<>98qM<i;Jv(YBHpPN?bGQ8^?&Dfrr%C6*2mkrvoKvb<w}9^);B%xpV4Dw
zTc*)ttgilLRg@t|ytD=(4XdlZFJG_9^>aMh$E4M@z_J>u#(zm617{6Oa8QRlwBx&O
z_ssVFV27PtS{j@wmqm_pZ%i(g^ZD+`eE!+ioQ_WJw8iu6({#U<Rej&1Hrn;)M6G?0
zwlzA6wppokj`sHrPuP`{qB;ljP8GZe$K7fR*;6pLs~z5Llc+or**h~ki?yd_y)zej
zy7p9EG)};e>Ok{9<U3;x9g0o}gVLf@Lp@gVfx<|QiiXaZmVVezS0eqmo%@cve7HU#
zwyalPUzPtWtlacuc}83vSKY?c!j*rNilwFUYtlY@VzS=7!5i$}KVNrGJT_l-?lp=B
zZ_0bEd~jFrfp<jQ$H+UG@E%IOU%b2i?q36M=jB3Bm9Jskr(VPRZPiKtlNE6a%QMA^
z($r*qscdxFcUpW%{C_f5+7$b{Q`u8qY2HESTxZ=$yi0n7oDcu}s9}Ee*L=+l$nO{A
zEr*bbnzy&31Vk+qhp3~Y3?~&wMby7<wm(tq@#;v#aH`!}Z`ZmjO^rBNx;E4NTEi88
z>D%ZI3@lQ{<d-*^66m6TTi#wZOJS>DYJDdZz6*x{R4Dj`LMX|aW3^7kK&6S0?fK5V
z^3mX4dF#O1T29<OJ8Pmi&gs*0-O3(}zjFuLOyu6?_gk8QrkGvDUs39&Rb46)`gd=2
zlx2uA+O-jh;hJoJi;rKA@-h%k2wopD8i^#aXpP{dMMFBki^QTe+U5nJ$g+28(_`+i
zok;AE=Imu8c=32aC?FJB2=Myw<|G*nVI{F>jkb9~D0ovIyud390bU>N@;7%tD0s+w
z6K$R^ZKUl);!;|Rnsk5{iA8G+7n0U(?!d%1XC))S3%s<u7!M5@ZF_z}D74v1aFD6t
z8Eq#LJ0y=kc=32aC=&EQ>*6scqahR|7OfGyv}j0&ZC(%xtr{da$kgzRwiAgRlE=SC
zyfzYM4a3Dd7c$!R1Pez`eiYAWdtg1vBqLi1p*%EXbT4_ye@fa{g(Sc;_L5g$v66$~
zp&_Gf^9mV}AH_4;9vFmz#~-}FOC?}?Jwhl#0=!o>BN^+q6A7W<B?7#7ydV@ji2yI~
ziV@%~I5HZ$28l&$1TQTb(qWqyR4}FiMols`JfrPI;&O?{AG~<HAQVQ*5DVflCZiz~
zBo?g^ytHUYhizUEikJo%HObWQjJ6Yr9g@c%ym-7I6h_Jr3*s>*qahR|7OfGyv}j0&
zZC>{w6tTsFCJ2B42!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*=9KwlAf(kb-S
zcrX|c=uZN{?`8Y$@76<B<nN4mM%%w(#y{QR@kb)FEPEbfG8z+~#G)}iB(yfNOs4KW
z8VDS-ZD8RbIU~@-+8!7LUjtfWR(bW^Wrb$U95dz@hnD^SCp3hjThG%iyquBInD`_X
ztr5JmXh?@`UJ#0OS?G=+Q^PabPNaH8(LLY?Y~i6HqaR&f4>))Dcn|;q5C8!X009sH
z0doTQ1-m&bM1sKm5g_jyc}ClJnc)fX#z02f9vHqZATeu=;H5=FI>3v>qBTM&vS_~+
zr@7-77S_k+-u(B)|NPU!TmNTPzAx+J-hA~>Z-)o-4B?q$(MJBlybMpQM`2nD<__Du
z!ZS7hd~KxdfkE-Ls7Z%iUY7q62{~e(5%cT8@`6xg*%Wv=Bcn0#Ni13;cxlm)4%@sS
z6cCCm1bBVOsmwFlp7?gJz<4-Pqj_k^XxqHPF_Ry~Guj>)63OEaUf`t?u)Q836sht~
z1gIIwSht->2n8<@;Kkzwp&)c1)x={=Mnfn_ELtOYY0;1l+q@tYsj5H(kf|{;4qkSb
zr|J_|OV2n<<-yB0onpaX`SZ%k%2T_}o%4OizvDOC1@rQJ7<!2AQGLHq_>Oj|)-$=V
zwOch#)tjwiLHr`bQ_7LUqhrUaBje-84$O~??i!mL8y(#@R=*>EU$Qtiwm7`FxNx8{
zKEJSk-;2W|`<0%u>Nqv0aj@!azah)Fdv08-xF?)y<MER3ys-12;Ibpq<F;sBiv6s6
z9|bWxw_SE_)~2UV<<HMf7cT}j`TB+US$N4i<-RH^m&AXc&n@TH-<lV#TbphpH*jmS
z;pXlg+9-eg_Il~cM)^ze_Kx^y`LnH76LF%5^B-;z5e;wTXrZ<iI%`4kWT5=KVeeH>
zB=SA+lcC7ZB1_`2!V?i=7pL%(9QPBkV^m`8pjm7l)ARgQw^W>3o~+MIgwrwS6dlKC
zCi8=ch2#uXPcCn-PwW;xUzBhVTPk;_ot3ZLTz*TT>to~u%UEu0dT-|L{UJ=aq_rhX
zp?ICHoy>Sps#~yxDMy+u^9b{?@<pV5A@4-m`TSt4oz&bBIDeB6^0iXZPBHGUl-$Pk
zfsKvw%g6utjZDgbXf(_3gZJ{riFl`8v`?oW)c>8^nSMLPSRZfe&cbx%lq&_sTi^7&
ze@2g$ZJ9=ovAX(~RZ)f<@zNTEG_0=rzI?qZ*U#~2ACp$s0?TTsp5>HT!x9|RA&>0%
zuG>AceLvV?CzqB6XUb)fqud*lOXYmNJ2Ibtwl$}tlRItkJo_}=uVq!=_o$6_{W(!<
zAEa%Kj-qW=DxIVKeZv!W<)o<2!MsxiFT!!R+Cuge%<XE2ciSW?k3{y)%+6x%safyL
zg`TcGRTqsD@S{4={15rgSVM=R6T+ahDAiDpm3*KuQlp}wGp3~<_S2O}KW^u~<1Qbr
zPlzq+mDgA04PtJ3vOFWMj;n5CYT?R1O2yJr`88>uJuzAD-rx;(@1L)`Cmx%xI`<mI
zgE!^9RzA2Z_`o|N?qlSgOn46^-!I->fA_C}xASr#sLIzc?o+Sf{kH0S)``&6#3?M#
z6emhkll7&t(PiIhaiqT~M>{`s_H1cW?C(xxPkE(z2c2`BbtmyI=@D{1{PUxR`O#nV
zH8&u?Uy!#PLMm$BUS&OYS3_}#+B?c{QgKv7{rhJ76U82{jzkQn+O73=t-I3Hh?Avj
zGtI9x+`H>5jqbp}B4tc|d7~+TF8a6S?NzfBw)&;kcS7O2a0oz!f?p_vlB_va>tqa6
znh4pR@7yaN4eph<4y>)^#ND&ACW_;nK0Vj1?7{ducc9Hg?rna*r5R|7*;V`%rEXf)
zr6Qq!_f|()hA5+58<7~U$@aJS`1L3+1L1_=^&z8?ND_<I2wqw=qyxN2ELx*&UJ!~b
zd#5%%<__D5#13iBUPgi!j~9djLXm|4uMcldlF<-W5{uSon-_$FH|4<#ys{AB_0cYW
za|eWihrBn@=K0b_+D;@crM0L@2Y8WKw8n5DY2D@yOnh@zG7`MNOS_Bl(2&u#=NE)R
zo2>)~nHrwab|SGu^7w-nj~9d@K@YSp9%C{ZLP28D8o^78hIH8G1)<QYL4t!!4bNyh
zk=P-5{CmV}BVpDsT)cB3qis*HaP;Iy@r<?y)}u@^vXv0ZLqkUQl9&9aq<vLL0z6|c
zdG!@5IT#)qGTJt;kP-P&JfrP_K`40q!3(@p0=Cy9gd!xsdsQ=%v2Ht&5DH!*z>CKV
zLcx;=@B*(a1bBUTYnY6-y%AyJ^HK<2;FW~{uMfHOc}55Y4|#8*c{wAaZ6^|!(j;cB
z5xlf$NJqGkNEgqDi4R^{Rpy}~qcOioELx*&UiTps+Gzm?2!H?xfB*=900@8p2!H?x
zfB*=900@8p2!H?xfB*=900@A<qeb9Jr|@W<FwPbPG7-@J8d!DU-^Qpk((B-r&Pa^_
zFO^1mJzVMOaj6lu|E&iSnTk9T0A3LssSWT-MHC5uP-M9%iXdb)1}_H>Xueu{ruhKJ
zVj*~5`pQ$g&Ykmp$G_t@+tFvNCAOXqy@%+a>idPlceG2jp2>x+-Kue_-fR^M;{SJ{
zKA`N#;nA^U)sgY>V+ZC(Mt6<Pjg5}(8>`=u|67d3xv|CJ#l?jKmGSw7{rg@V9@(#U
z6?Mm{IgNu=XZsCVzTI=<TE#u#R2z?%eCLIo^0AydB0X-4)}`3by7y5Kvvb>J=Vtp+
z<l$pE<?9#XXW=F9lq(-@cS-#BxqL$TTl1n7J`nEKX2Z?hJ0za(_x5^8Jm&99@g|?a
zE`PSwnvaMR=Re#c;uQ+s$k9S=Ep*m`;>p0)Q}o2c3*XE307G#Qx+EU1^JKfX*ME}Z
zej;{|N~|3;i_K$tp1<mric`yz^_hw0vjUx>mH#sawJ4~SHdH;iyuCiLTlnPj1;asX
zsob4*R=#p``7MR61IY=NvE179-pr{_1m6;-P`pmpPG&qP)h$@Ulq1cSd4%d?i)B6b
z<l%mL@NkTQ(X()4eR|S7oqp7Qd}i|Ms_(Cga#gOM<LT!RkLX%pSq;_Tf!(Gr>XW{c
z>c&q2Z><2|4|dqerKQ1{a#=`X?hWxg>Bw`xTcLT)!@JWK&$Carj*#{Q@qE|A$itq`
ziMRGaS_jK>j@Hx1u%{+5DPyV+*=r|PR65U-e+aU7W_A|YdjQ$Xw0wS42b%vunQ5Wp
zLgWHKX{AX{XUb9s3T+w{4V^J9{V*~R88R5g8NKcZqLRk^wNm0cU01sww{zcdmk-w`
z#Fq8S>#Kuu`<k9C&xotzs@s@axbpBn;(h{;xKF&LyFcf{KR;@iANMx}Z1>I$i0?)|
zmbcwPjcVRr>Klc&?LxcOseIP1o^01VuOjN-H`|{m_IPz9VmQ@qt+#94mC~lT2XHDU
zOV?(aUu(E`*H;?dfq|v<<&DPufp^5a=--yNSItt`>X%yI35D;%ApjK$exVTVGMZzx
zPA1zu*7khKZCoGN*eJhz{OC9G>z=IxYil`San?j}oYSZ0PCPbWb?!Ba2XD%6(eh#(
z!T3906g3mMxB2~+W}qo%SMgVrx@lFHiiG}MyEkbVBCS@9*>V@@h2N@0aHKYD^9tuf
z>c^%B*d7>ueU;8!jQ}r|MtU8*(iy1{5Q;2Yr%Etm9m2{32VM`B7lZ;rk%a)S4{wf>
z(GUs}i`HnH7leX0<-rTQvJl|)(Jp^;2ZVx$yf@M2`O-$(P9*NRwWvu4c#&AN#&98N
z-R2HVd~;SZ61>1myNmJAkkPj17lcBatpo>|8lKU1BC$jA_=6XZ7la}~540{GV=@{-
zL1NJw!ApyVblBzvq0p*9f`d#A&uBZ5*dclRd&FxaVb(BQymKL=ZBMXp^yEkJjJ5~X
zqf9cgl@Q89Lq_+Km;9%seN{*TJYz3;^%W~Q7#<oj+BUC{5&2O(qwRq~D0uwA3%pbU
zw$~$sA|$|jRWp*YZaa|>3SJ_>i^mH>!IKE^0<SCtczt+ln2ff)5n<x<QV3q)m4yJW
z54rStMhFEDd2gb5IU}QOClZ&^BxbD<ytHUYN4Stk7te@^4_;bT=Aj{@F~3MGTBB`V
z_aPM8X#ocafB*=900@8p2!H?xfB*=900@8p2!H?xfB*=900@8p2!KEz5O~rl^uZ`F
z1P}lL5C8!X009u_PXf4B>d(AjR3HEXAOHd&00JNY0w7?Y0IvS+GsO{qjRdrR#iBa!
zr+q4o^g4K@Gg2eKOQn%s4}~Z_E;YjTpQ<5|smLP%;1$7<+5oRqM3DdpMV4!}2trn4
z@Upu+RiC(8dd68Q4_?0M6bt^!pI25^p4xTpobNmS9lzNwn3w0n&_i^O>idPlceG2j
zp2>x+-Kue_-fR^M;(yocDdouF(XnIIk@4|k2j)jcca6=BjgIactKX6TSKr0CvBlxV
z#f1Zv@%e@Q`(7L#*{}4JRmZ70je}KZ`wdyX-E-qw#XaFv8;_TK=Y^dI1(zL>9=Ap7
zQtW5l`zVOnx$UxZvo<|_Dt~@<x_B|L$=5H$&%#UIDfd-Txg`Gkd~P|n{?@!`-P&{;
zxq(}o4L5i1&_?;=x7SNoHp*X$w|B%x%b#tvnurrcod0l(h-i2tM+>#J&{+$LCj;f@
z4STP8B9ZTjpA1EQ7FiOH6`qI~yEuiP<hY-R9itL!2hC#hn4agax~1aO@??ExBAkvn
zr)cGW>`N^QYNZWTPcCn-PwW;xUzBhVTPk;_ot3ZLTz*TT>p*gXWh}Qgy*G3B{tzZy
z(%KTHP`pmpPG&qP)h$@Ulq1cSd4%~``6AN3kar^Oe10(2PHOH5oWDs3`C2Jyrx^EF
zN^ax&z{W=T<>P<+MkZxIG@9l2!Fze*M7&ck+NaYG>i^E|OuwCCtdF;KXJNW>%9R4+
zt#5kXKcmOWwoIePSY7?gswhK_cxeqn8dg_*U%p<I>*sj1k4dX*fn_yR&vMGFVF`}u
zkVkfW*X^F!z8~zclS@m3Gv%_#QSOb&rE)&s9huKR+nUqS$(^=%o_(6`*Rrbbd(=j|
z{+y__57M?qN6|JbmCn)rzTpYGa#B?1VBV>M7vZ>DZ6SLK=61EiyKNGcM<RP?W@oYX
z)U0>rLQmJ8s*A=6_)#5b{)c>Ltf52E31LuLlxnEQN<L5+sZr6;8Pn1a`{_!gAGdSg
zahDI*C&ZTZ%ImB01~E51S)LJB$5pp6wQ%JhrDAER{F=1So|vq6Z}0}Y_s`ee6OYYT
zoqLVq!JG14D<9kyeBd1s_c8KLCcKA|?-%c`zx&s~+j+SVROM?J_o>(Lep_`u>qKa3
z;uMx=iW8-&$@)^+=(6v$IMUygqn#f*d$zPG_IIbUr@Yd<gU-3mx|4X9^awd0{`pbE
z{OGUwnj4VcFUVUCAr&=mud*JytD!hV?Hy$}sW>X4{(ZCkiDHjeM<Rw(?bdp`)?I08
z#L3dNnda9T?%nm3Mt5LfkuoN~ywQ|E7yaAv_NrM5Tm4e&JE8DhI0T?V!7mg-N!A>z
zbutDjO@wUEckY#s2KUNa2iDed;_lg56UA{(pPuVh_F(*-JJ4n#_cp)Z(hM}k>?;0>
zQa7#YQjyTVd#j@?LzL03jYtgFgx{+1h}q^9P6*x@$Y|RG!>_MM%vvLOY0;1l@FKBj
zjSz|~d#4tsxdXy#&Pqmt*MsE+p@2|iA;9ayo8x3Ogo4DPHQMF{q2Nt<@B*(a1bBV4
z%ir7qq2M9!O|*Hww2`(GiF<A>YSIB-Bo?hPTu55CxdRj5oRy3OFYwatVmvftwC(u?
zq0nY4!9k{mXSAJ2?2tVE;Kkzwp-9jJt&7K)jD}E<ShPm)(xM?9ws}D)v}%yxAXCFL
z+D;^PNFM(l@!Ck3H4GQ;T*zqK6D%A(`B6Nh?Sb_ulZ<R7g!0gk(Y@p)|0!u-6_NnY
z*h^l0#Yzr_hlY%{%`0R?eiYAWdteX>9)IuxFO`7p^$4K|3GiOkjAX3aP9%hamk99U
z@q$qBBm%s^D+>W$AKn@!qit_QnE1RDf){vYA;9ZHE`6R6Lcv4cn`mCn$Y|S%#HBQe
zS!)C@EgI4hE+o>$Gh*U{msXW|Xvk>HFA|H^Xq(r42!(c9zySgv00JNY0w4eaAOHd&
z00JNY0w4eaAOHd&00JNY0w4eaAkYT{o^%R*FbWI-1V8`;KmY_l00jDz0Irq#GcOnw
z2!H?xfB*=900@8p2!H?xfB*=900@8p2!H?xfB*>e3jzEtp<gnAaex2_fB*=900{IW
P0bDEfV^%Px{v+`JG+v*3

literal 0
HcmV?d00001