1715:
1705:
1695:
1685:
1675:
31:
980:
or to an invalid address once the storage they point to has been released. When the null pointer is dereferenced (in most languages) the program will immediately terminate—there is no potential for data corruption or unpredictable behavior. This makes the underlying programming mistake easier to find
122:
Wild pointers, also called uninitialized pointers, arise when a pointer is used prior to initialization to some known state, which is possible in some programming languages. They show the same erratic behavior as dangling pointers, though they are less likely to stay undetected because many compilers
534:
pointer being overwritten. Alternatively, if the pointer is used for writing to memory, some other data structure may be corrupted. Even if the memory is only read once the pointer becomes dangling, it can lead to information leaks (if interesting data is put in the next structure allocated there)
76:, when an object that has an incoming reference is deleted or deallocated, without modifying the value of the pointer, so that the pointer still points to the memory location of the deallocated memory. The system may reallocate the previously freed memory, and if the program then
952:
In languages like Java, dangling pointers cannot occur because there is no mechanism to explicitly deallocate memory. Rather, the garbage collector may deallocate memory, but only when the object is no longer reachable from any references.
227:
library calls: a pointer becomes dangling when the block of memory it points to is freed. As with the previous example one way to avoid this is to make sure to reset the pointer to null after freeing its reference—as demonstrated below.
539:(if the now-invalid memory is used in security checks). When a dangling pointer is used after it has been freed without allocating a new chunk of memory to it, this becomes known as a "use after free" vulnerability. For example,
1002:
depending on what has been freed). This usually prevents the data from being reused by making it useless and also very prominent (the pattern serves to show the programmer that the memory has already been freed).
432:
Wild pointers are created by omitting necessary initialization prior to first use. Thus, strictly speaking, every pointer in programming languages which do not enforce initialization begins as a wild pointer.
316:
An all too common misstep is returning addresses of a stack-allocated local variable: once a called function returns, the space for these variables gets deallocated and technically they have "garbage values".
216:, a solution to the above is to assign 0 (null) to dp immediately before the inner block is exited. Another solution would be to somehow guarantee dp is not used again without further initialization.
87:, as the memory may now contain completely different data. If the program writes to memory referenced by a dangling pointer, a silent corruption of unrelated data may result, leading to subtle
1235:
911:), creating something like a metalanguage or can be embedded into a tool library apart. In every case, programmers using this technique should use the safe versions in every instance where
99:(Windows). If the program has sufficient privileges to allow it to overwrite the bookkeeping data used by the kernel's memory allocator, the corruption can cause system instabilities. In
418:(1945–1996) has created a complete object management system which is free of dangling reference phenomenon. A similar approach was proposed by Fisher and LeBlanc under the name
915:
would be used; failing in doing so leads again to the problem. Also, this solution is limited to the scope of a single program or project, and should be properly documented.
107:, dangling references are prevented by only destroying objects that are unreachable, meaning they do not have any incoming pointers; this is ensured either by tracing or
567:(or alike) function which guarantees the reset of the pointer. However, this technique will not clear other pointer variables which may contain a copy of the pointer.
139:
on return does not alter associated pointers. The pointer still points to the same location in memory even though that location may now be used for other purposes.
1041:) instrument the source code to collect and track legitimate values for pointers ("metadata") and check each pointer access against the metadata for validity.
91:
that can be extremely difficult to find. If the memory has been reallocated to another process, then attempting to dereference the dangling pointer can cause
1655:
1316:
949:
with a garbage collector. This approach completely eliminates dangling pointer errors by disabling frees, and reclaiming objects by garbage collection.
1142:
1749:
1364:
965:
1708:
1512:
1336:
1205:
942:
104:
1698:
1065:
968:. Unless one disables the features of the language, dangling pointers will be caught at compile time and reported as programming errors.
1744:
1718:
1535:
1309:
436:
This most often occurs due to jumping over the initialization, not by omitting it. Most compilers are able to warn about this.
1660:
1118:
984:
Some debuggers will automatically overwrite and destroy data that has been freed, usually with a specific pattern, such as
1520:
1358:
66:
1497:
957:
1555:
1678:
1565:
1545:
1398:
1302:
552:
420:
1624:
526:
bugs, dangling/wild pointer bugs frequently become security holes. For example, if the pointer is used to make a
1484:
132:
100:
96:
1056:, and any call to a member function will crash the program and it will show the guilty code in the debugger.
1688:
1550:
1525:
1431:
1044:
Another strategy, when suspecting a small set of classes, is to temporarily make all their member functions
938:
927:
1502:
1739:
1454:
1352:
1530:
1236:"New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks"
853:
The alternative version can be used even to guarantee the validity of an empty pointer before calling
378:
Attempts to read from the pointer may still return the correct value (1234) for a while after calling
1049:
536:
408:
77:
46:
1100:
1408:
1213:
1011:
116:
123:
will raise a warning at compile time if declared variables are accessed before being initialized.
1650:
1634:
1560:
923:
918:
Among more structured solutions, a popular technique to avoid dangling pointers in C++ is to use
108:
92:
82:
73:
1263:
1426:
1325:
1179:
1164:
976:
To expose dangling pointer errors, one common programming technique is to set pointers to the
1598:
1441:
1019:
547:
is a use-after-free vulnerability in
Microsoft Internet Explorer 6 through 11 being used by
540:
527:
1593:
1492:
1191:
1075:
981:
and resolve. This technique does not help when there are multiple copies of the pointer.
548:
523:
396:
629:/* free(NULL) works properly, so no check is required besides the assert in debug mode */
53:
that do not point to a valid object of the appropriate type. These are special cases of
1608:
1575:
1570:
1416:
1375:
1045:
1038:
931:
530:
call, a different address (possibly pointing at exploit code) may be called due to the
413:
1733:
1585:
1388:
1383:
1286:
919:
54:
382:, but any functions called thereafter may overwrite the stack storage allocated for
977:
213:
88:
50:
1156:
386:
with other values and the pointer would no longer work correctly. If a pointer to
544:
17:
1629:
1274:
1080:
961:
136:
1034:
30:
1393:
1540:
1421:
1007:
112:
563:
In C, the simplest technique is to implement an alternative version of the
1030:
1474:
1469:
1459:
1449:
1070:
1048:: after the class instance has been destructed/freed, its pointer to the
1015:
219:
Another frequent source of dangling pointers is a jumbled combination of
1464:
1243:
986:
1287:
Efficiently
Detecting All Dangling Pointer Uses in Production Servers
531:
1294:
830:/* p2 is still a dangling pointer, so this is undefined behavior. */
946:
29:
212:
If the operating system is able to detect run-time references to
135:) deleting an object from memory explicitly or by destroying the
1155:
Dalci, Eric; anonymous author; CWE Content Team (May 11, 2012).
1023:
1298:
964:
has been extended to include also the variables lifetimes and
945:
that replaces standard memory allocation functions in C and
394:
must have scope beyond the function—it might be declared as
1234:
Chen, Xiaobo; Caselden, Dan; Scott, Mike (April 26, 2014).
1101:"Warning Options - Using the GNU Compiler Collection (GCC)"
809:/* this second call won't fail as p is reset to NULL */
907:
directives to construct useful macros (a common one being
1337:
Memory management as a function of an operating system
1026:
can also be used to detect uses of dangling pointers.
990:(Microsoft's Visual C/C++ debugger, for example, uses
926:
to reclaim objects. Some other techniques include the
1139:
The implementation of run-time diagnostics in Pascal
647:/* deallocate chunk, note that free(NULL) is valid */
1643:
1617:
1584:
1511:
1483:
1440:
1407:
1374:
1345:
1115:Programmed deallocation without dangling reference
115:may create new references to an object, requiring
877:/* i'm not sure if chunk has been released */
782:/* safety freeing; does not affect p2 variable */
909:#define XFREE(ptr) safefree((void **)&(ptr))
584:/* Alternative version for 'free()' */
404:Manual deallocation without dangling reference
1310:
27:Pointer that does not point to a valid object
8:
1656:International Symposium on Memory Management
69:that do not resolve to a valid destination.
1317:
1303:
1295:
1210:Common Vulnerabilities and Exposures (CVE)
516:Security holes involving dangling pointers
504:* Using this feature may be considered bad
142:A straightforward example is shown below:
1143:IEEE Transactions on Software Engineering
1133:
1131:
614:/* in debug mode, abort if pp is NULL */
1092:
498:* at start and retain their values from
495:* static variables are initialized to 0
290:/* dp now becomes a dangling pointer */
1187:
1177:
966:resource acquisition is initialization
7:
1066:Common Vulnerabilities and Exposures
1365:Input–output memory management unit
1264:Visual C++ 6.0 memory-fill patterns
204:/* dp is now a dangling pointer */
25:
922:. A smart pointer typically uses
903:These uses can be masked through
119:to prevent a dangling reference.
1714:
1713:
1704:
1703:
1694:
1693:
1684:
1683:
1674:
1673:
559:Avoiding dangling pointer errors
1750:Pointers (computer programming)
1536:Concurrent mark sweep collector
1113:Gianna Cioni, Antoni Kreczmar,
937:Another approach is to use the
72:Dangling pointers arise during
1661:Region-based memory management
1119:Information Processing Letters
305:/* dp is no longer dangling */
1:
1137:C. N. Fisher, R. J. Leblanc,
492:/* scp is not a wild pointer:
131:In many languages (e.g., the
1709:Memory management algorithms
1521:Automatic Reference Counting
1359:Translation lookaside buffer
1212:. 2014-01-29. Archived from
665:/* reset original pointer */
80:the (now) dangling pointer,
57:violations. More generally,
1699:Automatic memory management
1498:C dynamic memory allocation
1161:Common Weakness Enumeration
507:* style if not commented */
501:* the last call afterwards.
1766:
1745:Computer security exploits
1719:Memory management software
1566:Tracing garbage collection
1399:Virtual memory compression
1285:Dhurjati, D. and Adve, V.
972:Dangling pointer detection
553:advanced persistent threat
474:/* dp is a wild pointer */
201:/* c falls out of scope */
127:Cause of dangling pointers
1669:
1332:
1275:Mudflap Pointer Debugging
1157:"CWE-416: Use After Free"
101:object-oriented languages
97:general protection faults
1493:Static memory allocation
1485:Manual memory management
859:
755:/* use the chunk here */
569:
438:
319:
230:
144:
1551:Garbage-first collector
1526:Boehm garbage collector
1432:x86 memory segmentation
939:Boehm garbage collector
1556:Mark–compact algorithm
1353:Memory management unit
752:/* copy the pointer */
428:Cause of wild pointers
133:C programming language
83:unpredictable behavior
35:
1145:, 6(4):313–319, 1980.
33:
1503:new and delete (C++)
1050:Virtual Method Table
1022:, or tools based on
537:privilege escalation
47:computer programming
1409:Memory segmentation
117:object resurrection
93:segmentation faults
59:dangling references
1651:Automatic variable
1635:Unreachable memory
1561:Reference counting
1531:Cheney's algorithm
1513:Garbage collection
1190:has generic name (
924:reference counting
898:/* allocate now */
390:must be returned,
109:reference counting
105:garbage collection
74:object destruction
36:
1727:
1726:
1679:Memory management
1427:Virtual 8086 mode
1326:Memory management
1165:Mitre Corporation
943:garbage collector
941:, a conservative
737:/* get a chunk */
95:(UNIX, Linux) or
39:Dangling pointers
18:Dangling pointers
16:(Redirected from
1757:
1717:
1716:
1707:
1706:
1697:
1696:
1687:
1686:
1677:
1676:
1604:Dangling pointer
1599:Buffer over-read
1571:Strong reference
1442:Memory allocator
1319:
1312:
1305:
1296:
1289:
1283:
1277:
1272:
1266:
1261:
1255:
1254:
1252:
1250:
1231:
1225:
1224:
1222:
1221:
1202:
1196:
1195:
1189:
1185:
1183:
1175:
1173:
1171:
1152:
1146:
1135:
1126:
1111:
1105:
1104:
1097:
1055:
1020:AddressSanitizer
1001:
997:
993:
989:
956:In the language
914:
910:
906:
899:
896:
893:
890:
887:
884:
881:
878:
875:
872:
869:
866:
863:
856:
849:
846:
843:
840:
837:
834:
831:
828:
825:
822:
819:
816:
813:
810:
807:
804:
801:
798:
795:
792:
789:
786:
783:
780:
777:
774:
771:
768:
765:
762:
759:
756:
753:
750:
747:
744:
741:
738:
735:
732:
729:
726:
723:
720:
717:
714:
711:
708:
705:
702:
699:
696:
693:
690:
687:
684:
681:
678:
675:
672:
669:
666:
663:
660:
657:
654:
651:
648:
645:
642:
639:
636:
633:
630:
627:
624:
621:
618:
615:
612:
609:
606:
603:
600:
597:
594:
591:
588:
585:
582:
581:<stdlib.h>
579:
576:
575:<assert.h>
573:
566:
549:zero-day attacks
528:virtual function
511:
508:
505:
502:
499:
496:
493:
490:
487:
484:
481:
478:
475:
472:
469:
466:
463:
460:
457:
454:
451:
448:
445:
442:
417:
399:
393:
389:
385:
381:
374:
371:
368:
365:
362:
359:
356:
353:
350:
347:
344:
341:
338:
335:
332:
329:
326:
323:
312:
309:
306:
303:
300:
297:
294:
291:
288:
285:
282:
279:
276:
273:
270:
267:
264:
261:
258:
255:
252:
249:
246:
243:
240:
237:
236:<stdlib.h>
234:
226:
222:
208:
205:
202:
199:
196:
193:
190:
187:
184:
181:
178:
175:
172:
169:
166:
163:
160:
157:
154:
151:
148:
34:Dangling pointer
21:
1765:
1764:
1760:
1759:
1758:
1756:
1755:
1754:
1730:
1729:
1728:
1723:
1665:
1639:
1613:
1594:Buffer overflow
1580:
1507:
1479:
1436:
1403:
1370:
1341:
1328:
1323:
1293:
1292:
1284:
1280:
1273:
1269:
1262:
1258:
1248:
1246:
1233:
1232:
1228:
1219:
1217:
1206:"CVE-2014-1776"
1204:
1203:
1199:
1186:
1176:
1169:
1167:
1154:
1153:
1149:
1136:
1129:
1112:
1108:
1099:
1098:
1094:
1089:
1076:Memory debugger
1062:
1053:
999:
995:
991:
985:
974:
930:method and the
912:
908:
904:
901:
900:
897:
894:
891:
888:
885:
882:
879:
876:
873:
870:
867:
864:
861:
854:
851:
850:
847:
844:
841:
838:
835:
832:
829:
826:
823:
820:
817:
814:
811:
808:
805:
802:
799:
796:
793:
790:
787:
784:
781:
778:
775:
772:
769:
766:
763:
760:
757:
754:
751:
748:
745:
742:
739:
736:
733:
730:
727:
724:
721:
718:
715:
712:
709:
706:
703:
700:
697:
694:
691:
688:
685:
682:
679:
676:
673:
670:
667:
664:
661:
658:
655:
652:
649:
646:
643:
640:
637:
634:
631:
628:
625:
622:
619:
616:
613:
610:
607:
604:
601:
598:
595:
592:
589:
586:
583:
580:
577:
574:
571:
564:
561:
524:buffer-overflow
518:
513:
512:
509:
506:
503:
500:
497:
494:
491:
488:
485:
482:
479:
476:
473:
470:
467:
464:
461:
458:
455:
452:
449:
446:
443:
440:
430:
411:
409:Antoni Kreczmar
406:
395:
391:
387:
383:
379:
376:
375:
372:
369:
366:
363:
360:
357:
354:
351:
348:
345:
342:
339:
336:
333:
330:
327:
324:
321:
314:
313:
310:
307:
304:
301:
298:
295:
292:
289:
286:
283:
280:
277:
274:
271:
268:
265:
262:
259:
256:
253:
250:
247:
244:
241:
238:
235:
232:
224:
220:
210:
209:
206:
203:
200:
197:
194:
191:
188:
185:
182:
179:
176:
173:
170:
167:
164:
161:
158:
155:
152:
149:
146:
129:
63:wild references
28:
23:
22:
15:
12:
11:
5:
1763:
1761:
1753:
1752:
1747:
1742:
1732:
1731:
1725:
1724:
1722:
1721:
1711:
1701:
1691:
1689:Virtual memory
1681:
1670:
1667:
1666:
1664:
1663:
1658:
1653:
1647:
1645:
1641:
1640:
1638:
1637:
1632:
1627:
1621:
1619:
1615:
1614:
1612:
1611:
1609:Stack overflow
1606:
1601:
1596:
1590:
1588:
1582:
1581:
1579:
1578:
1576:Weak reference
1573:
1568:
1563:
1558:
1553:
1548:
1543:
1538:
1533:
1528:
1523:
1517:
1515:
1509:
1508:
1506:
1505:
1500:
1495:
1489:
1487:
1481:
1480:
1478:
1477:
1472:
1467:
1462:
1457:
1452:
1446:
1444:
1438:
1437:
1435:
1434:
1429:
1424:
1419:
1417:Protected mode
1413:
1411:
1405:
1404:
1402:
1401:
1396:
1391:
1386:
1380:
1378:
1376:Virtual memory
1372:
1371:
1369:
1368:
1362:
1356:
1349:
1347:
1343:
1342:
1340:
1339:
1333:
1330:
1329:
1324:
1322:
1321:
1314:
1307:
1299:
1291:
1290:
1278:
1267:
1256:
1226:
1197:
1188:|author2=
1147:
1127:
1106:
1091:
1090:
1088:
1085:
1084:
1083:
1078:
1073:
1068:
1061:
1058:
1006:Tools such as
973:
970:
932:locks-and-keys
920:smart pointers
860:
570:
560:
557:
517:
514:
439:
429:
426:
421:Locks-and-keys
405:
402:
320:
231:
145:
128:
125:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1762:
1751:
1748:
1746:
1743:
1741:
1740:Software bugs
1738:
1737:
1735:
1720:
1712:
1710:
1702:
1700:
1692:
1690:
1682:
1680:
1672:
1671:
1668:
1662:
1659:
1657:
1654:
1652:
1649:
1648:
1646:
1642:
1636:
1633:
1631:
1628:
1626:
1625:Fragmentation
1623:
1622:
1620:
1616:
1610:
1607:
1605:
1602:
1600:
1597:
1595:
1592:
1591:
1589:
1587:
1586:Memory safety
1583:
1577:
1574:
1572:
1569:
1567:
1564:
1562:
1559:
1557:
1554:
1552:
1549:
1547:
1544:
1542:
1539:
1537:
1534:
1532:
1529:
1527:
1524:
1522:
1519:
1518:
1516:
1514:
1510:
1504:
1501:
1499:
1496:
1494:
1491:
1490:
1488:
1486:
1482:
1476:
1473:
1471:
1468:
1466:
1463:
1461:
1458:
1456:
1453:
1451:
1448:
1447:
1445:
1443:
1439:
1433:
1430:
1428:
1425:
1423:
1420:
1418:
1415:
1414:
1412:
1410:
1406:
1400:
1397:
1395:
1392:
1390:
1389:Memory paging
1387:
1385:
1384:Demand paging
1382:
1381:
1379:
1377:
1373:
1366:
1363:
1360:
1357:
1354:
1351:
1350:
1348:
1344:
1338:
1335:
1334:
1331:
1327:
1320:
1315:
1313:
1308:
1306:
1301:
1300:
1297:
1288:
1282:
1279:
1276:
1271:
1268:
1265:
1260:
1257:
1245:
1241:
1237:
1230:
1227:
1216:on 2017-04-30
1215:
1211:
1207:
1201:
1198:
1193:
1181:
1166:
1162:
1158:
1151:
1148:
1144:
1140:
1134:
1132:
1128:
1125:, pp. 179–185
1124:
1120:
1116:
1110:
1107:
1102:
1096:
1093:
1086:
1082:
1079:
1077:
1074:
1072:
1069:
1067:
1064:
1063:
1059:
1057:
1051:
1047:
1042:
1040:
1036:
1032:
1029:Other tools (
1027:
1025:
1021:
1017:
1013:
1009:
1004:
988:
982:
979:
971:
969:
967:
963:
959:
954:
950:
948:
944:
940:
935:
933:
929:
925:
921:
916:
858:
568:
558:
556:
554:
550:
546:
542:
538:
533:
529:
525:
520:
515:
437:
434:
427:
425:
423:
422:
415:
410:
403:
401:
398:
318:
229:
217:
215:
214:null pointers
143:
140:
138:
134:
126:
124:
120:
118:
114:
111:. However, a
110:
106:
102:
98:
94:
90:
86:
84:
79:
75:
70:
68:
64:
60:
56:
55:memory safety
52:
48:
44:
43:wild pointers
40:
32:
19:
1603:
1281:
1270:
1259:
1247:. Retrieved
1240:FireEye Blog
1239:
1229:
1218:. Retrieved
1214:the original
1209:
1200:
1168:. Retrieved
1160:
1150:
1138:
1122:
1114:
1109:
1095:
1043:
1039:CheckPointer
1028:
1005:
983:
978:null pointer
975:
955:
951:
936:
917:
902:
852:
562:
521:
519:
435:
431:
419:
407:
377:
315:
218:
211:
141:
130:
121:
81:
78:dereferences
71:
62:
58:
42:
38:
37:
1630:Memory leak
1081:Wild branch
1018:, Mudflap,
962:type system
412: [
137:stack frame
1734:Categories
1394:Page table
1220:2017-05-16
1087:References
1052:is set to
987:0xDEADBEEF
928:tombstones
85:may result
67:references
1541:Finalizer
1422:Real mode
1249:April 28,
1170:April 28,
1121:, v. 18,
1031:SoftBound
1012:TotalView
1008:Polyspace
545:2014-1776
358:/* ... */
308:/* ... */
275:/* ... */
168:/* ... */
113:finalizer
1475:ptmalloc
1470:mimalloc
1460:jemalloc
1450:dlmalloc
1346:Hardware
1180:cite web
1071:Link rot
1060:See also
1035:Insure++
1016:Valgrind
934:method.
862:safefree
855:malloc()
785:safefree
758:safefree
593:safefree
578:#include
572:#include
233:#include
221:malloc()
51:pointers
1546:Garbage
1465:libumem
1367:(IOMMU)
1244:FireEye
1046:virtual
905:#define
269:A_CONST
1618:Issues
1037:, and
960:, the
913:free()
886:malloc
833:return
725:malloc
617:assert
587:static
565:free()
551:by an
535:or to
532:vtable
477:static
397:static
361:return
263:malloc
225:free()
1644:Other
1455:Hoard
1361:(TLB)
1355:(MMU)
868:&
800:&
773:&
522:Like
416:]
364:&
189:&
103:with
1251:2014
1192:help
1172:2014
1123:1984
1054:NULL
1024:LLVM
1000:0xDD
996:0xCD
992:0xCC
958:Rust
892:1000
812:char
791:void
764:void
731:1000
704:NULL
692:char
659:NULL
632:free
599:void
590:void
480:char
462:char
380:func
352:1234
334:void
328:func
299:NULL
278:free
251:char
242:func
239:void
223:and
174:char
162:NULL
150:char
89:bugs
65:are
61:and
49:are
41:and
998:or
947:C++
680:int
671:int
541:CVE
486:scp
450:int
441:int
392:num
388:num
384:num
367:num
346:num
343:int
322:int
45:in
1736::
1242:.
1238:.
1208:.
1184::
1182:}}
1178:{{
1163:.
1159:.
1141:,
1130:^
1117:,
1033:,
1014:,
1010:,
994:,
895:);
874:);
857::
824:p2
806:);
794:**
788:((
779:);
767:**
761:((
740:p2
734:);
713:p2
653:pp
644:);
641:pp
626:);
623:pp
605:pp
602:**
555:.
468:dp
424:.
414:pl
400:.
293:dp
287:);
284:dp
272:);
257:dp
245:()
183:dp
156:dp
1318:e
1311:t
1304:v
1253:.
1223:.
1194:)
1174:.
1103:.
889:(
883:=
880:p
871:p
865:(
848:}
845:;
842:c
839:+
836:i
827:;
821:*
818:=
815:c
803:p
797:)
776:p
770:)
749:;
746:p
743:=
728:(
722:=
719:p
716:;
710:*
707:,
701:=
698:p
695:*
689:{
686:)
683:i
677:(
674:f
668:}
662:;
656:=
650:*
638:*
635:(
620:(
611:{
608:)
596:(
543:-
510:}
489:;
483:*
471:;
465:*
459:{
456:)
453:i
447:(
444:f
373:}
370:;
355:;
349:=
340:{
337:)
331:(
325:*
311:}
302:;
296:=
281:(
266:(
260:=
254:*
248:{
207:}
198:}
195:;
192:c
186:=
180:;
177:c
171:{
165:;
159:=
153:*
147:{
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.
