From 06e22d7929f36d9dd9cc556560450fbdbbc821d0 Mon Sep 17 00:00:00 2001
From: asolana <110843012+ksolana@users.noreply.github.com>
Date: Fri, 6 Oct 2023 07:43:05 -0700
Subject: [PATCH] Add error message when elf_parser fails on long section names
 (#537)

Addresses: #532

Co-authored-by: Aditya K <1894981+hiraditya@users.noreply.github.com>
---
 src/elf.rs                      |  14 ++++++++++++++
 src/elf_parser/mod.rs           |  13 +++++++++++--
 src/elf_parser_glue.rs          |   1 +
 tests/elfs/long_section_name.so | Bin 0 -> 36352 bytes
 4 files changed, 26 insertions(+), 2 deletions(-)
 create mode 100755 tests/elfs/long_section_name.so

diff --git a/src/elf.rs b/src/elf.rs
index fd76235a..b9150f60 100644
--- a/src/elf.rs
+++ b/src/elf.rs
@@ -1188,6 +1188,7 @@ mod test {
             // FIXME consts::{ELFCLASS32, ELFDATA2MSB, ET_REL},
             consts::{ELFCLASS32, ELFDATA2MSB, ET_REL},
             types::{Elf64Ehdr, Elf64Shdr},
+            SECTION_NAME_LENGTH_MAXIMUM,
         },
         error::ProgramResult,
         fuzz::fuzz,
@@ -1966,4 +1967,17 @@ mod test {
         LittleEndian::write_i32(&mut elf_bytes[0x1064..0x1068], 5);
         ElfExecutable::load(&elf_bytes, loader()).expect("validation failed");
     }
+
+    #[test]
+    fn test_long_section_name() {
+        let elf_bytes = std::fs::read("tests/elfs/long_section_name.so").unwrap();
+        assert_error!(
+            NewParser::parse(&elf_bytes),
+            "FailedToParse(\"Section or symbol name `{}` is longer than `{}` bytes\")",
+            ".bss.__rust_no_alloc_shim_is_unstable"
+                .get(0..SECTION_NAME_LENGTH_MAXIMUM)
+                .unwrap(),
+            SECTION_NAME_LENGTH_MAXIMUM
+        );
+    }
 }
diff --git a/src/elf_parser/mod.rs b/src/elf_parser/mod.rs
index 7cafa4e3..bddcfeb4 100644
--- a/src/elf_parser/mod.rs
+++ b/src/elf_parser/mod.rs
@@ -8,7 +8,8 @@ use std::{fmt, mem, ops::Range, slice};
 use crate::{ArithmeticOverflow, ErrCheckedArithmetic};
 use {consts::*, types::*};
 
-const SECTION_NAME_LENGTH_MAXIMUM: usize = 16;
+/// Maximum length of section name allowed.
+pub const SECTION_NAME_LENGTH_MAXIMUM: usize = 16;
 const SYMBOL_NAME_LENGTH_MAXIMUM: usize = 64;
 
 /// Error definitions
@@ -26,6 +27,9 @@ pub enum ElfParserError {
     /// Section or symbol name is not UTF8 or too long
     #[error("invalid string")]
     InvalidString,
+    /// Section or symbol name is too long
+    #[error("Section or symbol name `{0}` is longer than `{1}` bytes")]
+    StringTooLong(String, usize),
     /// An index or memory range does exeed its boundaries
     #[error("value out of bounds")]
     OutOfBounds,
@@ -396,7 +400,12 @@ impl<'a> Elf64<'a> {
             .iter()
             .position(|byte| *byte == 0x00)
             .and_then(|string_length| unterminated_string_bytes.get(0..string_length))
-            .ok_or(ElfParserError::InvalidString)
+            .ok_or_else(|| {
+                ElfParserError::StringTooLong(
+                    String::from_utf8_lossy(unterminated_string_bytes).to_string(),
+                    maximum_length,
+                )
+            })
     }
 
     /// Returns the string corresponding to the given `sh_name`
diff --git a/src/elf_parser_glue.rs b/src/elf_parser_glue.rs
index 687402cd..e04fe736 100644
--- a/src/elf_parser_glue.rs
+++ b/src/elf_parser_glue.rs
@@ -527,6 +527,7 @@ impl From<ElfParserError> for ElfError {
         match err {
             ElfParserError::InvalidSectionHeader
             | ElfParserError::InvalidString
+            | ElfParserError::StringTooLong(_, _)
             | ElfParserError::InvalidSize
             | ElfParserError::Overlap
             | ElfParserError::SectionNotInOrder
diff --git a/tests/elfs/long_section_name.so b/tests/elfs/long_section_name.so
new file mode 100755
index 0000000000000000000000000000000000000000..76f4f14173c6999468bde4b3da50a4ba2afb5e90
GIT binary patch
literal 36352
zcmd6Q511TBb!Y8bqg@-5l_kbrWQ0bRWXXnIb@$A4_Xs<zB+C}Y#xnLILC!bond#YG
zr2RLu@~S<@A%U?)xZJ1M{1Fb9NV2gNCx9Hj4=E&M)(0H=az{|YeOUPpz7rg|Pe(`)
z7r2N&vF^Qk@AdYScA~NG`0g5OtLj&;UcGu%_3Bl1_3-|!_uSdt)urUQO8uk4l+Vx*
zXUzSkP$)H|e6<MvzE-_P)21LR!}MmTex1unxP;P3z8K5BmC|N7dKKXkszkX(kTtZ0
z^3CufGKEJ%Dc21cW*yv&xtE702v#p}*vnyb9YsC_^*;(SeT?zuQi?Q>QrH6xI&<mL
zC8YZnK+)0jmoO*YMFK^~&gygz2!c&X!T<2Vw1pv*hvJupyHHZ4PU^q&^+l@*h}K-x
ze4?$C?g2JfuJItHhf}1uXe+f~KA+N2j>~}(bvf4K@S?vbzBw)z=TkbRexURFiM?im
z(I`v&`ms~?QylU1RoKHyHMzbf*Ryh&hU4~~1o@G2U<=V>8lRJtRKqFeV-x;3sYex8
zQMw<}B%xAR@4!+NL@C7OLA)XTh02E~?#H#1mj3MLdJ)BP(*OO~jr-vrJcy@x&NQ#r
zkZJ}LuG~bS^xw%IZeKu*F^$hj9;d_D@$d+r$B{WaMVCU9r=@+t)jGqJvk?&ez=O<h
zE2TxQ<^z<*@wo+LXzrr4=%KOvi0)s}dt>=I>Th6|*+jJXx3PRKro);V%TMccV>ylQ
z<b1e*<8t|#c|IhXX4Y6v<2XrwMAKi;^hx|U;LT&Yn4T|lkj8dA0DT-CJ+A4aW2bb8
zIAmXvc40b#dL`ZTh);7phunYZ-q&g%+C<t;ccm%485qDb+)erEo|QU{`uDf!sQxp}
zcA_~=Sn~rEV*Q^4dD7~28c3<v>#*@K@s0I;J=L31#3<Utd_KtG428(=_cgz3G>}q#
zI!yOmtHW0!*JGLwbxKNGN9a$MtMM4ggYqGT*ee;o&HcK%dHTik^qA9Ny~cXyG}=4l
zCw$Z0RKMt92iG^;wO&^c1;n>`gHEaunNRDeTyq`aYhfPY%t!fj$n~JT`h(}6e;%nI
z=pLwZeUOh&vrgeUptB%40ysoregh+TqKXa_R)_gAZc$#8tg)QNYvXRR_bEk;r9G0L
z9M8B;G@l{9Js|9PNMpbLA%xLUnn%$wnm5DUC=K=t>A}=1+Bs^GCfmPa)i3otkaYz4
zehUaN1ooGrV>GWZ{rv>qT%*gY=uQe7%MTNu#r+yE+tYY2wf7{5rS<Te#J9PL%J&^$
zempOtW2C3(Y2w>hO?;zc#HX<u1cFE8YpkaB_AvkEX5!cP0SX(dGdj{(wqA!)Umr~~
z)!0IGGXBI4qrO_kLkW}skBsYq5)i<H`uSW^KcgB}>p&h0qBst*XBu}?KZ*TlJO5Z8
z%^LAR{?}uFJj3O=7iFF;WJf-mlxK?gNIx{LA^l5#nEllc@+R%oNouA#NyAGu-g`v%
zcS@0cYpx>xGVYs9*T?I(*xmZFTQy;H^n@;7Uv>+p$sX6af1;yvI=`_j!}+H<P2-^P
zBq#))Mi~^0A<xU;=r1%~dD)vZK7I5O*Rw&V#hx^7mGMRMrw8N(btxG?(NSujsfPg@
zsnEV1*L=<KD|WrHk@%*&vI+?YmP)z9x_p!Uh*)2&-#+#`qMNB*QCX8Kk?$nTf8-?o
z5~lHq)=}7CKVW!Kx2BVMEMe2E=N8gq^aPa`{a`=qdc@vxe>SMQ)G+vKn4ePrKzcCv
zPOqYVZY(D~O|PPYjpfwu)2r6&3LDF*-=kF-PE)@}tGJ)pUl9Me`A$uyWF9=Ul=vm>
z<vExq*j_I&U!o)Dw47pBQm`r_r^c-`u9}Y#-#)fy(*ZR&mN%dVioDb8pNW4n&FeVM
zqYSXZ`GP%&a{S)Q;HT?VhSo8}F(2tLzW`;Vf8u$#g!%>3@Skcdq4CflIQAc58B^OZ
z{~FSBV+rXk8ru%2Qss}+07=TX9`K}m9|8HAw0x;yTwpLC_==oJkMgYnOyrdL+vNEj
z+XtY5|CIRY(oZ;E@DYDKdYbyZv5wmb`ap`9j?@kP!{g%^jSCr<!{)f$Ncqi@u15QP
zD0kyl8XrC2KVy3uH{f3kb)cFDDD2xrA?kCd&gb#>iHy$ZJIwh|ya<eUKzI?xmpT6<
za@XShTy%`a*F#H5!R9z^yod5puiu4!h(1ke(VL7{)4s}hHtlTv0kN;7w|V<Y`Vsru
zc#_&B{n%K>?X6RPh`nwsV|}q5N~s-s-k_gkvCdF4DE~U>GZ`NkV##D0XH+r`>TB`4
zF>U6XX<RS=#appPdT`tgLKNwK%H?q%ku3MKL|WE&31z>A^lt**vJZ>%Wt==q_2D?u
z{#d~EqaL{a--W$s;}Pn=WIvyV`q7Wrme5y|^@;V~26<9nlkK<cHzKY-ihvNFXqx(C
z<!|exx;=nO;fdFOw&O|u*FgS!c}=eRxV-E;lJp+}mVIMH*Z2h0YwAVzpW+Ah@xEQ`
z)xc&@COl%#c0dx5;jYyhZ|kSuMdg}zX)=X=I<^@7EeypUdJc33YP~cIAr6Q5+=TU-
z^t+Lx_|=V#=k@q~wSKqw|JZMMMD?rizpKDk#;^Fdn8q!g;G+L{y=MKk-ydB;@9S9a
z>!1>N{(sgx?qGivdiQ{@=r^hNtqD9n58(Z2x|`=^d=BtNpa%Kka{$`V$UMM#gqlwG
ztU)r>*8dlO0>(Geqg)^VCs=P7Ps3>{J}Gsh4rL!M^)&c=0Ml4r&JpCCK-SS_;+)`_
z7XDZY%h7p3l0W7M|CIVQO(*rvw~y@9D{0>&E%pCc&(p^Bq~FFB&I_cSa;}8+?%SkA
z(|_b#N#u;}!E&+(NPj4?uE=>-(vG9uM>~En!58~wBb1eKgCQj2wD?D|em5PG3F-a_
z+AHPcTten`R3rVRyWgw}L^2-O-xt2PFF?x3C%%2#C`24JhxP&OWb;wNhr55S^%~V^
zy-#;@|1n<~7wD&9d0bzyJp&)Yzm&!>x{l@Jb4@IV&-kOuby(zf?%?vn-8X1_1d1Ui
z87I;o>E5)?4|}_{yr`G2g508?w&Uo4E*8s)^frzo#)lQIeo!A&iuKBRhjf3Q;E(%Y
ze4=UA3%4t!{)g6=DKF{;AMsCRpCEpCa@^o~r0f%#$Eh6dGtn;)Ib~f#Jz7A5@_iKg
zB*|wE=r8jlK1lqKJ_`*TR^(?!N7=vT`4jtjY!_nxj_p|Ne>~0dfgI@HqTauhm>1aY
zERf*&{gF*Xi+}rJyv!xiC=aR-Ltt~s9N%KcMt~**<!3oW{`(<4u$1~i^jyA`&Z%@7
zbT_aROU?T|3-Q4opWk<{ZlT`+^<lH_f^a{C_2n<?eipe<9y}q%{Bt^=>YoMmf(xj2
zK&Z<@xF7SuctN236i^-5&Gnd6Q3(`)A)iY=v=nne?m!1xKZ`*>^K^vwt)j5b^Iq2Z
z#?8bpr3N&C$a{HvNFI^*E|7B$O4J`=Jwh6Xa7xhzu00<*KaqUYi*7%Jo#^kMlWQr|
zk9vgv6v}tOkPn8Kibh-YxAFjh@Z3HP0}dY1qs;51fA$BspNh+CawX?}$@c@l#PM0D
zd>pT9q2j)Mlx{pm^~?N_{Xz;xHBtzU^YX6yuk{go>A7wHwy_EZDLjaO@$;20VEik8
zJn_p0_p6j^(lA%i%^4(ta~vKwGn66iLq4|*X%hVh?F5d`--3Urr;}HceH&Ky==|sa
zl}~r^`vX3o#rZsSyC%_p<a{P+XAXlt8kfD_q4TmN-4RVk=PD<GFOH|=`rErXS<e}*
zuf|if-Zr16JY1)e`zf)5*bkosl3_&)N&KGU!&ELhK>Ce%-<p)`Aok}IM2Gsp8Heqz
z{OAP@9=QHb|0z0lNXzp%9E9*-{)>$_ejVeVI(_WL=;?!$Pt!x)w;FTs-0dbEMh9qI
z$a_GXpLmqqxRv(V*k31Z)1>;3oHNOKkt~Ot<eUP_9Z&Ypt;b1kucAM&-3|6{lKpaa
zQ$j9&-_}Wgj6ks_j5B<ihbWYB+<5A+mJ{`OHYq=!|0Vn9S2@099=wuqhBIbZ{f(AC
zrM|-YrtyyLS-+Xuihso~M7(z>iJ#Twa2~*au%28bKDY9CKT5Pcka-ryCywv$B>cZd
z+kU2bgY|7|k>f;M9}F3gi`RQTFHP$EoSvtAK9-P!=I?wv&nCyK$j{>^$&dUQn)gZk
z1kO8}u6kX2iQ5UmrN*r^J{rppkzVfRalP?K+z!-``03c*(f<qWMLt6<<B|F$DYvPI
zmif0p`wwAz_<eVhk8b}vsh_cbPbS)r=kz!q>vvQAn9g8(?<V~>c$^5|lej2i{v&5d
zUyo4#MSh0xjnv=6y>HOz$Yp!Kc$CuY|3&?1UFP3wjKJcJ>xG<C_P~5bOBy|iRA}FD
zb%!+HM~PlXe4{5w?&v7>yR19IYB$jz;QSBjq)M)@bD#&Y!^0}n1U=9`=o<aL1tml|
zbO_a70Q&Ue`!roj{ZO|*D$u%^zM9rI^q*0(bx_WSQ2gD9{aHEhmG>uY+f{1UuI;-1
znD0{3W59O5%<plhd7YK{9vr|`0M6Z)|Agc|ppz<kl<G+@!chQYg93$V)I&<I=7dw4
z_AThwVt>WwY{Xv4eI4C9E07~S5Al5-<d1x0zb}4EeE)*a%cBD{{-Q_8PW``^?<|e?
zjWq6MofkdC@5feAdn11D+kU*!zB4)AaJ=C7ka36mu=LfaE$oLsrhb$8!~5KUX~}<$
zrW=9rtLITnr(xB{{(8jc<`MfBm(8ck<`G(P=zn4Za!`G;@04}6xs3>#G#pj*?%oTC
zq`T+$xeD%t$oWRllhXyne@A~DIX6G9VK_I%*$?#sh;K}#TuNIj!Uqy~%#X{X9+6*k
zzjoiDJlO|%FPW@YkK+#kF+Az6RXW6aGZ1TBBmGYEWZ-`G?`=({nmaj6*w+atn}R!q
z_%!dQe9@oy)$zTIqr_MC2`N4o=(DICuFLRWd|oo#O?I$v7v)FKaCw4NliLv;A-Pk$
z@1ExQIRcHvarQM1Wj=<BetfA3<4xv&O8tn&JNw0W_XwZiE^@S@Ub1`9;*7>+KOpUh
zo~HSW>&*e6z;y#z3@f6K&;72ZejXU33gp}l_g|QkMg_o=Qna3|9MefP-HWY&{^9pj
zjk{?b3VUr`Pva??r|I4;nhyIDA6dtnhbf)XyG0l$ub@36P;|aMr1<F3e$7zyAm_Bv
z(`3J7U6S{i*gh1gIYn~FJPNv~<3&!C8<Fx7!l%2q-RxJ19Q7%}qppl*DC0Kjrhbz5
z4)Ob&ME~3iC5F}C>HZe|;<|_OVF<$l>=5-+^g-eu@wmlv50q?v9sR!MlY&zkfK|Hp
z*LXkw4V@M}N%?kq8dm>>=#SGlmi4aQ&+R-){afxQy`UcONvZ#=%Sr#vg4ogy3}?Ar
zGCpv<MtolHBzLr!^cG#6f!z82MtZG}UhelY<u`v@lfk_oDnGA}f3M{ceMo;v`_o;2
z2Km=1DKGDdW&T9Zuz$txUvWO+$}tRH9M%|Bc-+PHlbtii-LQH=(~F*><D@@1=UcH4
z8ixF?&>mT@(%iq8Mtz7qmG%wvKiyJaN*&ed=DTz?O5US2Z{ajGLp9m1;<}oFtXU4p
zUS6l7k0J{5=70{A`1SGp0(yL8eUkfQVt?hHs?4|OqpUySSEKUs-ck6b)XzwMmNUYR
zfG3i2Y+vttkjkeQWpzaE^T_+Xbc*az^c>koIp2}{V|}Zsyqqt}d`T~&^J}?p8<&rW
zenr98k>)2TE&Vjj4Q*~G9Bmg;evQKr)+yb8iE=QdmC)mP`#DGtq-eY+`GYH`?@e6L
z`B)0dCHUaFD(mpdCv>*zWBm?P$S$t%R_TmsKIf8q*5*1D!o4As6W8x^P-1}G2NfM5
zKGCzJPkHY(km=EUWj$NL_g+){ekwYU(fQG%JkRf-j+OPGS<%_5Zw-aQXZj9GoARNa
z=0Lvjtuz2-{K$Q%W`@c&u3>*x?v=ZYznA16mV5RGs6g}qmTwKoC-*L7ey0>opy+X$
zzv8z<&$3>ApZE?0pg4F;JA=b`C*Uash7lf_C+WqcKa*bGyS4XE$nUv*>N?GDC9#R`
ziBBKE(Wg|{b%VCMjYr5{rMqZ-pI@g5Z$7NaK|X5#mHn6>8h#Aj_mBJA(5IZoNq@<F
zztTF5_vUfLr?j^XdSy9hVVd9wkoh+Y?Z>pVQ|3ePVM{kGIzas^>vME4qj9mLNRQ)Q
z`a{-@Xc^JPc97@S{JKN^pHlxA+hLSL`ZL{y>onL?UdLrWE&R-JCVClG-ywcv4pj6U
z_tUf%Tdf$OaTN2tf}Em{G|MUN6+cSOT}2-QOTQks2Ww2J|ESY)uNw7^Lv9EB!S_V+
z9(g6(=YcgJ)`H4C$CX=kQtx|l1`Rww4s?UhL*#pd9boK`uh?bTN36I3QPAu4I#4Tl
z9Ed!!fA0Gz<;%Dj?!8)%i|7dX3w>lZ;G83^3FSWF4j5#*9WYPv>C5OKmLtXY@u#N<
zAAta8*w;A3_lL+@&L2ZaH9;?!#wXVQ;=d)mk{JQL()-1}64OC|eDGWxieDPO3Je}R
zvk>4q(6?D9RX^4T52i3osk?N>G^t77H`ek&8be&qkT~r5pEPfIT&3W&1q-HAH({Wn
zcj-ViM<|?y@<{p|{6Tqe-eDE@vHpvX5nbQS6h`l)hROTBxIE}rmxoZ7=k=-h0WM$S
z^6#P!c=h#@{d%?a<M&S)5appX&A%qE>m#gx@tgYYCwZG&DO|~PJD|U@pPH->ygz&i
z{)Z2SMb_Ia=m9lVWIag#<99=JvzEdQtQVw5OV$S=KIyAzV8!dmRkvwe>;d|9D2LcP
zwD)t69@w;6)8V|rbV{w#X<0X$>{rSCg7hLfJeBgzw`p?V0}SE8@jVBj*t;D7{}OSQ
zQ|eE5eM>7r{Pq#Z*Lq?<RNi+=xn>@iz>|Wn959UA*^Q?ZN?mz<;`xV_z|(FWO?OlK
zQ*e6_=|q2WZyo&&e0G4okQMqP7~;8da{fiwIq)>0|M0<ig3;&TpC0!R>T$mdBJdPx
zn5(|+l*ajv<Dm!mYdggCrWcW(<(@Uxn;cJa|Fg*Nsb+zP9#_Jj<<jzM3&7)w^N}7&
z#NP2RRyaP^0gmlo0+E4q22zj)9G_;ILJ#D@e6h>xpwT+Lo$^=iqEPg*1M>0BsRv;N
zvSgmG1La_P<rLFDM<LqrzXk>N-9_mUD2EzB`*-gUVfeRil;UHLQMh|#wT_IyU!>mw
z|L_ez&aakokj7_hmk!kKp0zrH{ebU<*QUOA>C(BMrZBw@a@KZTqskDXUhu?iAdTE{
zoYKAl>9D_>pVqKKd!psv%4r}+eb-rkDMg33qR$;buk`~V>O=MiSU09uQgsUFH%4*3
z>2^W9rCmz^fCuG)*Wj0u?<urAn<#&b0<{~N!6WBrDfQp<e2{wZen$&`mj8<Uhl%fQ
zv6n|F-2?R{<!CIY^Fy>V*w&Ssh_11m&NoG$Vt?`eaqke(;9nV+=x6^1yjS}eXEkXU
zsNgyR(7r$w`u)_?pcj))&dHN>znh?oR%JA!=%)1)@_qr|+ooA&%)osNs4RXzFZDz`
zPv!np><_XX6#p-#U&Hm>ltH#i%E$M~Hfvb7=kqXNrJTGkFwddozB=k@84Qfe=vhzy
zT)AtL<*ujtWj{F!;|-dwq@H!4?4N=D`nY{-yZZHwLhNUJa2~-_Rs(rHzec6O)7+&4
z)yLyl*7Lp_2#?Tk!PA(c5XTep!TE-)2OcDU{Czf}zz-)6Jo3Gl_@#Ym!l#ERtn>PZ
z{E*N1GV&Wmo>*T2(W4%rd6!a(zB}45IyoM0sEh}@gWBZ78)heKyElxC&1|So?g=J>
z4fV?I4O6wrky<dmp<XL*2q$K0(bVMF#LQr=zO`1HtZmGUhvSpAC==}2Gg%I1#wI5+
z)nIH-Sb1}1a_>xLvdRQh|DLf@EvQ8sG___~3ucQChh^Yb4yJ<g*i4j}d^oIC_e{<P
znd)S1JeZjon;6N=)Pk{@%-HzUo^Tw*pqgso%--5WSjhwvnGnUfoPTv3WgVNSg!@FG
z(&XNWN_}HyW;D#~2`4gR^~}bpU}CJi8#&En)~$PUCQ}08k$_4fNyf4)+j6X|m9z4e
zYk8J$6>Q74ZO6{qIXiE=wrBfx!Lc0Mah$A^bMlVsc#iKBvR2m4I@xSCm(6G0te5q(
zg`AbMb51Us%jNPpH|OR2Tp@4e?YxuE=5zUc-pzY?KVNVy*LEE@>*n0N>$;xny9Lkk
zY|rtsUe3#VuIG8aSMV+0_8mX#=ls0y`kwFmg#w6Jfa(jtx&Xxr0O^jS{=mPPx6a2U
zeH%jo3@W;@3w{%f9U7hUA(HLlIe3Q0{sj*I5cqPI=7#rG-@tsY1^dHON1bMR%)&7o
zKjg}(3s8={WTo))#S9Z9?I}X*hg!><>AaEeLK^43JWFV4)5)Y9{fuLM86k$S0O_TP
zv?<TqAs@um58bk+cW?-ZUV87KeBop9`p#xozw<+ipI^E(iQy*v0}qqMzY{^HEAx61
z-JaP(^w&_JavZW5<kTw<P(Mqdw|c>T;&YY)eY+ZQpA~qK@z+C`=w?Qhx~UDmz74L*
zd+Rfk<3&AP)x0@UV6cjNCP#`YC{5O8bP^0xc`7REx-u-MjNefs?X$up|BR8|4*Ldt
zB>%jTzQ78W{9bOXr1u+Xp9g^CZ)dwMX^T5Z(#MVTStG3v{}b}<;|U|>_hSbn@-G<a
zUUCQH_VpX-eKH4#jhZvk>v@1ned|{ep`>>i={X~v$+XfRG}0H0bnmKG`h7<FtdSnY
zfd-GrbHYfUGt!6Fw$fWSx26wnY)#J@>BDbn&A(`*53+$3dHQc}rO#|?P0P1yLNDKD
zNqUz-KWe0>jPyPuE#C+TzavKeDI+~+q|X}Z^G5ojk(RrbQeXe(*7nLBHpw3{^5t%s
z<nJ`{<t~=w?=$ju@_fW;+Xes5usy&ut_j-``ItW61ApMbd`-%XC7oe=An6lknhmt%
zpEA-rU#r>A^QX@o;&dh<57uuP=^-P%%SewJ=_w<<&qyCP(x;5{C@)abp8ZDp-0ND~
zbJ0lmvtKOb*Bj~WMtX|vnb4mx(iYn*$=|-JwSMa+BfYvcz2vR)X*B)!j7{tg!MVNX
zo;xzOJ7^8&DZkxc97Br~eFK!F8Gr<S*`7fHcvx&Tt5aR-FylH2fBrS&#|`{LjPEz_
zf5Z3%1Amh7(QX}y|2)O`VFN$P_z43)&iF+G{~Y7naB?J`FX(ue+GpTjV*HSSe}!>=
zT@rKpPmG^4=)Vbg7tBzxk31~ZcQxL9nJ@bzSm(OCyOhQ9pWzyQ$+$Rxy{x|<LH<Jh
zNX5F;IkpqbM*SSd9r71k<ar}F&0XE8_%|uy?t#cc{MQ1G<KzPK-^T@Z>JaqF{)p6z
zemQF5w1K~u@xumAKMMnT5XX@j{VS$lV&IQ4K4jpB7|$5^Q;hF4@Mi$Wc8xNAMAIqt
zW2Qf3(EptAb8K&=z3`fs+H26imhrO&em&#*5L1{yxRUXm2LD?aA2skS<8uanJL9Je
z{4T~X82J5+pO*!RWqJ?e+YP+T_!3@6qzQW%UvJ=h89!y<?`Qn5fgfai&cL5we2Hu*
zxZ+PS-j4=0@jNSh44mvpmpXH8f*7J-WcqCe|F1AEezTPN3&sx{^k=1B1OFc5Ck*_D
zjPtcsVXyud<Nb!5WEZ;BE?$?Vz%|+)!M=yrXTe{`_%;K7BjZyBzMk>J2JSGvuTMBr
zcpKno_rwpBb>tq6&)YrOx7XM%_42sNaQG0=FJylnX@ehbgTL4Y|4tkH7j5w6VDA=^
z$8Ce(-v*y(gMXwA{w&~Vm&DH#yZu*y;~RYW&4xklhVSrt;WMGor@_vn{Xb#g-(_6<
zOzE!&V4sBa;(rOB#~EL5@Ogo8**{t=&&zGvwF>P1Li*g?1}_4RdYI#S#SDFl@zVzW
zea6o)o?&@z1N)17eD=dm>v;v|k&Itp`YERWGT=C#w{0T8V*KxzUe1(`GmgLMhb89Z
z;DqtF1CI6f@&U?zUSB@V^u8RdF#Ts3-^Kna!|Dr+PZ{)o#`t~%{|}6xG4Q`&{G5Tm
z1USm6c%LtR-!)p{U24dXhpuCTJ`Ma0Oh0AdYXL|82N@Utfj-NI@oCUM!hFuMUoLw1
zAmir^`j0Sv(ZHW%e4D}NcNpJk;Lk9A%D_Lv_z4650^{cmyvg`s)~Cq-HOBk-d_?eX
zFg|C{zr^^ILH}PFzi80Y`VD$E=zk3KIG*?Mc;?}*ZiMv}?FpWJCZDYuzbgJVU+lxA
zUXQ!fSpm4vEaQiHUnIQV&-gZj{vhMM27ZX~jDeGX(4{UK_)(@GGVtexKc6FsJfCM=
z&YuMTQ^wC3^j`%W^&{VGXSu)yjb9aivz=l5M({IG&vUG25$jHkcPl(|#z)M=l=e%&
z?*)6DeD*PZ$iVkAKF4-U${b|;tU-T>@hLgj<^qQq-(}DrW&EN+|2*TT4E&D(PmUkS
z{x;)yHja<z;fuWP@8ofEj_vSPkOSA94C69BT{y=>{4kH_gTzjKo7WwS>DM#f1Af&)
z>&t4uwSD7rLE--|wI2rdnQ>;LLZ+89cRk%8^D}^BdwYk3lERmmUe4lu&Rzk28`dk|
zz{xr?0yvJ7vph}&e^TS!@wdt1_BC|`<jl0zdz$h6ppWG9mw;ov@@=xnb0heRSg)LK
zWw_8?+K&YOE0bK5+Rk{t5OVgr0Z0DwZL08pn)%E5m=ya4<8m%0_%E1`d{ZcT*aChh
z$|>h$LO-eTZuRydr5_$X>US8wm+{k-t-c00a@x0s0S?YEe*WfG{I3~5ySf$s9^?H6
zpTA{%YF#V+PZ>X9(7(+11q1KZ{xtaWYg_p&WqiuO-@y2sf#1xyGTLP^zQn*cGQP{e
z?_j*wXxBT0-oSS<zR$o*j9)PD-Hi9k#N}qsFwUQ~#L9Rd<2!GOAsu;~@xun6LyTWA
z@TVBh7<`^#{ER{WS;kKp^rryV^Ll{fnPagoG5v{K8Q|b*ZE(8Oegj{|_!)!$3dV;F
zdir_4E_L3Zx0(L5LH`!U55K8Zo~?}gZ*Il!V?1N<c{k%b4L)VYj~n<n<4X+wvy6`#
z_yOT#;2&Y!XFZFwA7lKWf&U)knL(kX@Hpd^fxjU94g8BjZ?*FIGUKNW{OgRL+R#e>
z65|&Q{^uA!Y|#He=necQj32UE`M=Egb_4I#4hF272ELT>ZB8qn8yP=t(642D&cHV?
zuIyGm1;)1-_!h<w8Th@7pEvLwj87Rj-8%w5!H|Eq&>Q$(#*Z8L`x)P9;2&muzkxr=
z_z?sDcZ{Dk@aGuMh{MQgdO`Rb_@4+L1OF=H`(%M-KHp&cRIXM3XBk)dR{Xn+A2H~E
zAp8ybp9sByzs$IA;5|#RzAm-Xz^`Nctk){fje;BWYZ<@bw$g84e1D-8FED=2(9agZ
z4f=Z-=g;wCW;+-^Xz&RbKV{&%g^$61FW|T?oM&9l8J=Z&^_I9w9iiV#0l#ZwD}IXU
zcN+9BGTv+8f6jQuz`x1(1q1&!<3qQ#*84Yrqkk)R@8CE^Ki4fIeEkrm;iN!6w=<p}
zqO{;+jJu4(@tS@<#(05oEe7PghW7>A*$>BaJ$&AGBj^+S|MMB0R8thF&ob`c!~j?P
z8rXm!z5MouEaww#@NY6Mzbzy5lf3WPxr+Fo<7%E~+-LuA+ak*NOUBjhlpbRGHM~z5
zW&1DhJyw99jdJd1zi9npD)27G<s!^^?tm9TZwu{feh4`BOfT=VxLWlOjGy>*K`8t=
z<D&-NrOz*5e{JBsjGr>_&vSn*VSEYeAMXP$B<IF9c-RI%)CT{PHu!&UgI||kSf1P3
z;3IADC)(g&YJ;C|gD-=9>_Yna^)~oe8~mefaJ)CZ5dR;v!PBsRUWk6E4Zgb#{_!^W
zi*4{9w!v@cUs#^aZSe6n_~ADAm)qcf-v)pE>lc>ijyCvY8~mv@_$P6{-MuLO|3#A7
z`c<G`=>FPYG4AtxyT}E84D)e`6i$S11v|MA{##J*Lbw{73HQyY!P;acm<iM%{vE7^
zdjNn$G!cxCmDOOWULPzLYjD-AI5An&cV&z9(XsL3SiQJ+qCOLp_Jo?e9*t8tQv;sB
z23V-U^5i&PkyV3`4YUxB)@N!IqY&@M!TsK1y;PNICZ`4+FJJOYmB6mT1=B*cFi;-Z
zJ7}rmd)|@D71!MJ;F>k>ymQTiYxX+UnxL+O@?<R>9K<WOgLjP8r}hNVn!6rclLf%`
zMnkv;3-@2k$jWvtXREqr^Jcr~QQ%PEQjo*IfnVX&0jG4HQ}hwcQC_a7^K$V2AEZIs
zqOhO_?<s<AK!IVUXt$&sWm{wQiLzG@>$Sq3(w<3aK3{Df41;pPtypk*wh)xV>U_KN
zTK68`QMT>s*u+?Uv^Y|moP`Fu<#IK!gS_LoUbXDF)WCd}M71G8ZG{Lm6Cwqa7qe_T
zj_EdNjFf`8Sya1Gec_$K?7PA;_QZp0wyfENy0+a~SPyFthefz6U7Xrm9|ggx)spLl
zg;L<;>}tg=uwVrdtWdOBvO+OWViZKyf`|x2EF#2MFo?zUw(bc#518&D$9IcaWQGyy
zNQh{1M0AB1p)SLi)`f<2MLI@Zk7O|m(1mc-YSeUbEIZF77Q@jR)pT*L6Z3Q8I-Iyf
zHZGBk>9R3hcD^>hb!d6{mb7iV1qByS>!X8S&Z^pQuiFpZYM8S;9#o}0!R|0S=!BJA
z$*p9wdCRGWS)X%xT2^b5kAxG&pfon<!O-+_p<m6HtD&7O3!8f09}MCCx#i?5<*FTo
z*-Do4c8BG1uzRqatpsjpSFNyA4J)pU>eARmd9o4?x^5-R!?pAv8w6GuNa6Zu;0#vs
z1*e>Iv!!x1pUYPB%oy(14pzz~H(w4*ZcqyIWhdsU+w6v6;1ujE+*kJ<D|Dq*VGSw_
z@?oJ`3QPHHHS54#b;+Em4Cdheyz7=>Dg};H_Cn5r8IY~dRI>G`o&`(g@f}|n;C`i=
z_i|3jwgNANQd^-Hf{DqA!II^doQjooO0JVDh1IO*1_d|o6e@7r-t&UNyj4*8@-S!@
zE((Jh!m4HG3SQ{ubDkwOZ#1ZnmSC1o41!37yr1)YD{$d{evW0+hG8)4fnh7ajr&U0
z@t_~(1<#>r%udbJ9Jf-NoGOk@6u~@}L!7*O>tm0Edh&Xsg}@JC4h41@rfb<NZPn&h
z3TM5`3MWjizQ@me;2Q(qx4{U7CC|$`Wz8pV#b$ea?~JzCJKC7<9ksC;lF6FIXt6vR
z)Iif^kSZ7W&@FlB^c=}YcFBcB1-{I1AJ9RLZBIE@^2=^ED3z*#lP^_XwIBtOgVqus
zzI!OacMcYGY6Wx^cX+PshA>=n7L3M%o+<E=M!~bKtXnNqs`j9*4e6^;1lJFZ1U0}n
z7?$l+yr62sCm4ZG7S#tk*O{62*h)KgWwIz1JD8{xN8!(&5Nfd8z;?^Is#|ulW%!na
zY7mnh8(uNkVz0$q1A$(tscYJ;SdQb{L7`f9t7WeeRAJuWY6NAqiN%Pvei(5(Y}tYf
zP>{=(9lu=2m-B&bRdc!?$Kqwd;#C9yS{^K39V}iFfPm~VM9BC<gzPdz$Qawqj2#Nc
zrZpBqGWoXffC%~n+B{rww74BpW;>?TE1z2+&jmu=5D2M75D@|`IA#by3os&jp~8q(
z7(`%+>$FW-T%$T`J}h({lj2I)8CNZ{&z%dQ?otT#`U;`s>yCvqH5(&ZRS@aCu3X1b
zWj&>BDNMQwIDcT@;7cywtC%)?a;olE_fC}Y(>C|ciTftXVWAA>zc>jon7HssSEb~Z
ztCgx(actYuV;y9Fm4@8ShOjV$IfLcOD(AqEvzp=KGOLu!fguW=AXo6qPUr_!m}ixI
zHS{a_L2Zk&t~U7#c<I4JG&s0vLVM`mOf(f1$0{Jcm#YF_uxk|$oQwdR*jMZC=fDfL
zs^BufG7q1c<zIp1d9U+U=Ji~FkJ{LEg@|^RU)3JPf^Y4-vSWuiKPXo%>lMiCl6MT%
z>v4<%X`A_~<S2ugw1Y||=fIbL6|eeA<ZwFIo$Kk|bz-+*fpJ2+xv;c%1YHZ>%i*$D
z$a&e4WqGjvzLLI$qwJ1Hupdv~D~|RoJM?*%^zT4~_81VMMFS$_;6sFL3KG%sfe<Y|
z7@H@f#RD*h_9PgieE`Pd5>8wduS>`!u9db%FtT`!f(V!NL|CslPsFtY#2g?->mL*p
z{t%<#rF}!_q{5x_aco$#ovEM#9_CC4AL{P09deweYGHM3AI$JvCCFz3uaftw*)Z#p
z?}EbRxM2{Rub3MK)y<2=N`dCg$7ngmCdN$@m3c+plwlpLMxcvpbGQoti|fe767Xg#
zkIohD`yj%3z9^5^PzUy&QoAgth%tMBxN=!HG1KNIK#VKbi>a=uAT<HRl|zi>h8XJx
zVlflmBm(1XT$!{5mi$<hY+P9`=A4f?=eWC}M9f9{1TfYx#NvAMnhShl%>EF@bS6eL
zUySHVHBk(aP7u?w=}fI(9n&>oj9RT@F&%A<5u@$0j>Tn3V~COeqGPd0pdDOSWbkGu
z_Ks)aV{Q)ya&fPlgJD|9mOKmWaHU!(1Qzaupif+z%_~N9lQE(t!iW|ZBf6m&(OrZQ
zJQ33F$rUY$4~C#qS_k@~W7>S@GB|GR&s|Yo$92JT8J~iW>}$o+-myLKeSCcoe3()Q
zTh)A6_WW|5_uh08!mbv3TI_(a(`|t^JLG1ARqB{D-zlkOWjiIc!E$se08F?}Nui%Q
zCG|SifMs<qtC#Ck0QdodPDyRAa{>I$xx#YZsj__Zusa&3w%>Ud6zq<<7MxB=oz8p9
z>AVXZSYkTVfCGzX$D|!k7zdWDPPu}0@0hf60bujlG1rdAs{`v`hg{*<rc+Y*v5wA3
zJ8xFL^Jc*|sKaLAdeQEu5cGSaQaA!fj(aC&;rB}vzf00*mXfH2oP5taysX|2(8;1c
z9332_Gt#k%>g3?ycKmIWw?VYc+2Q4{e&DxCs+F=^vcrm>E!l9G1&hC(<Ku09?P6Q=
zzu#cn6?}~`7VLqeQS@1D{8^N8)i0F`*|G}^=+_*OPhJa-8xxm)AI5el1Q&P$ykTz?
ze8y}D8{;e-o>y}@ID_P)<D#@)vncAHjNv1=8fJ|YCnv{+rv0lo`i+TL6cWhx=`4@m
z*J<9^60hQhUg(vAJiJ}Y!VXjXpn}%%Za6}vSP@zT1>mKPRjNRvp$V`dhoep@fUkP?
z?wPT((5<y#sz|@H14XP{70!R1ieE0n&%0oIp-A%RJg=()O1ltL3h>&>FNcm_tq|p9
zURj<ti1=eW?OyZYOF+=N&IbQ2u~jSpf3E;<2`unLJS#gdKX#coetCMM*l`tdWX}81
zyzc~X;%nz}u<!PAaKI=^YN_NEwj=8#+7X7i0*pVe1i$qYgm{JtRZv&Q$E%+FW>Hao
zvj}w@=Bj}kz^OExwdPB(mlxUQd))SEg3(VA!C`w?-VH_J6ejOE<-p6qSvH(2%@@UH
z<@Lr6$SST?_S}4>P^dUo;J}U!MN7_NpdK8g_XBNS*BTrATnPqeF3h{|MiY)glJ6ma
z*Zf{H3tLT)0N!@Mj?ykwoqUijlt?+r5ohQ0B+<Ll+63%MVU${BKOg4pLcy<kb{J}@
zv5W@>p&Zuhd0hl3eXs^W7{U)H*%hl|Q~QvT)bDEx2Qw9!R-K>#r_3(A@Truu$@dfO
zr=?$;p}7wXO7IIxHaKfe;Ms66o|tZ^^7)1vn{4PS&(D|2p`VAJfy#wdI1-U=21#rA
zGW^KYjGcqyejU^AQ|j0@@X$+zyko;JF~O@R7#(Pv<hN>ycf9)@o9=zvmc$i<|Dz~g
zW59oW{VDz(f(+kp(Eq2vi5hwnag6rBKO~iVWb#{464LkDNJ)=b9<OU-dAXmK*+g^_
zj*1)v$G^|QN&S0KD7%zDxS4V!Ji&x0Cq7cY+`Yi-`-n+-pEWC?QN5NG`N;Ejh`a{=
z$#)P#TwcOMOelJi`r*2Zejb3oShtjy-(!+6M`ZC|Q=Z>|oU0S%<@cf_l<)baf2DqD
ze+9}SPYeDfAOCJj>Fa8V45?qjamW+d6J%;TmmkUydMyMGKq0AL+P@cY(LGVp-$U=E
d@bM%Faj93}_d{f%@;B@zieq@cC-Io&|2ONnNZ0@X

literal 0
HcmV?d00001