From dbd88084324d2716517197e76d1feb4b224e1773 Mon Sep 17 00:00:00 2001
From: Dominik Stadler <centic@apache.org>
Date: Mon, 11 Sep 2023 18:25:01 +0000
Subject: [PATCH] Bug 66425: Avoid a NullPointerException found via oss-fuzz

We try to avoid throwing NullPointerException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62216

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1912250 13f79535-47bb-0310-9956-ffa450edef68
---
 .../poi/hslf/dev/BaseTestPPTIterating.java    |   9 ++++++++-
 .../apache/poi/hslf/dev/TestPPTXMLDump.java   |   6 ++++++
 .../crypt/cryptoapi/CryptoAPIDecryptor.java   |   3 +++
 ...e-minimized-POIFuzzer-5429732352851968.ppt | Bin 0 -> 8548 bytes
 test-data/spreadsheet/stress.xls              | Bin 51200 -> 51712 bytes
 5 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt

diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
index 0af50391dbb..61f190a9c58 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
@@ -18,8 +18,10 @@ Licensed to the Apache Software Foundation (ASF) under one or more
 
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.File;
+import java.io.FileNotFoundException;
 import java.io.PrintStream;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -61,6 +63,7 @@ public abstract class BaseTestPPTIterating {
     static {
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt", Exception.class);
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt", RuntimeException.class);
+        EXCLUDED.put("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt", FileNotFoundException.class);
     }
 
     public static Stream<Arguments> files() {
@@ -95,7 +98,11 @@ void tearDownBase() {
     }
 
     private static void findFile(List<Arguments> list, String dir) {
-        String[] files = new File(dir).list((arg0, arg1) -> arg1.toLowerCase(Locale.ROOT).endsWith(".ppt"));
+        File dirFile = new File(dir);
+        assertTrue(dirFile.exists(), "Directory does not exist: " + dirFile.getAbsolutePath());
+        assertTrue(dirFile.isDirectory(), "Not a directory: " + dirFile.getAbsolutePath());
+
+        String[] files = dirFile.list((arg0, arg1) -> arg1.toLowerCase(Locale.ROOT).endsWith(".ppt"));
 
         assertNotNull(files, "Did not find any ppt files in directory " + dir);
 
diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
index efdf770b267..90965f727d2 100644
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/TestPPTXMLDump.java
@@ -21,6 +21,7 @@ Licensed to the Apache Software Foundation (ASF) under one or more
 import org.junit.jupiter.api.Test;
 
 import java.io.File;
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.util.Collections;
 import java.util.HashSet;
@@ -56,6 +57,11 @@ void runOneFile(File pFile) throws Exception {
                 throw e;
             }
         }
+
+        // work around one file which works here but not in other tests
+        if (pFile.getName().equals("clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt")) {
+            throw new FileNotFoundException();
+        }
     }
 
     @Override
diff --git a/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java b/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java
index 4f229e9a180..3698c57b7ef 100644
--- a/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java
+++ b/poi/src/main/java/org/apache/poi/poifs/crypt/cryptoapi/CryptoAPIDecryptor.java
@@ -130,6 +130,9 @@ protected static Cipher initCipherForBlock(Cipher cipher, int block,
     }
 
     protected static SecretKey generateSecretKey(String password, EncryptionVerifier ver) {
+        if (password == null) {
+            throw new IllegalArgumentException("Did not receive a password");
+        }
         if (password.length() > 255) {
             password = password.substring(0, 255);
         }
diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIFuzzer-5429732352851968.ppt
new file mode 100644
index 0000000000000000000000000000000000000000..5c9421f6280083a77f65415d2c82e6e169942170
GIT binary patch
literal 8548
zcmeHKc|6tW_y5?F<yuOvEEiF>%e4~{m5M>!a4n7PTC>ZN%TQF7$WoSMj}}4{*&<!U
zaCJ$tG>Yg(#=fNZJs(rOnrgmN^ZVyJ^PO{@&$FG+bIx<ld7tN_lf*uhUCQ$e`iwLn
z8fbNm5u*QOo(l9~UMDsPq6Qs!yt=lw_S+-`f$qQbH}b$cU@PtW7}9|jjyD`nm^Xkv
zBjAmInE*2bW&z9!7y%fh0K^WM128AxO@KE8<^sG0FgIX$pMUAU*8@h72l)9yC}=O_
z4q9(05Jc_Ui3_6pi20AT;g4QVcGH=<-%3RT)-~Y=AXuy2x>ir1-5J>84jlmO0D9j-
z{1El}esC><z5Ffjz%oPc1%Iy}57|S8kPWcN6+9gw{ClZCZiGM;{4~0sN&4V@eVyGM
zeb51JM?WqxfZi3M--h(i9-zq=urcJht{D&ce3bn24mYU4AN0fc{Tg|u=&bwQv)F9C
z{Zs~y8SFba957blJ>V9$5pH4r6#ww}U;5{GfCi5KHVBFV@dnL0u{uByZ72kRzx5h!
z-Q%#1)*k>qVXS(94D|pA{ZKWWK;FVAhS7t9j6f#u1}!`Xk9Px%8-rH+Bg#Dhvb@2%
zC*-ugBMM*+-qjC`?7=SHKrei^s470ZczvHEl13_6-GD_&Iha}&!x+^#aqIQfZ6WvH
zV&VH{(%w~lG%tqKn_Hgo<_d=w)h{`xY;!jEzjZkHOZn(C6Cm;*Ne!%ic`h`t7Oq4v
zE}cOO+l2lqQmMfEANW5i`h!LIj)mWMdf&ogD8PSKmt=vAF|ZHzn>+C5@8y51qhD4Q
z@X}{wvVJxna7uWe?<Y1;e?LXTx9k9aZ|J=j{L;oB)-&T<_JL)1fPQ#C_`3zR1D^Xc
zf@MA53w^2odu|^H;)STz&kx5Du9;sW8Mg!Lb$5tI_lx@b|Ba#iU+_O{tLA${Kjh!H
z<P#QT8;ok7_1oDSaszw7w;G(ka6E&cec-185HAN>8Ss>X6d*;AoBKdd9`rElb6NmN
zd%z03x*N=60NOBMMg~%XWY^__A$_plx8m|^x&Jj=Kj0K@;aKh7YmCCkDzDcXFofVd
z`d_0j{q)`W|MB|+{$Js1r0J)>p7$kvCf}X^U)uM34f5~t2V)=pPWc*r&<{x+{z5<f
z`rYFUa@huC_xFAK!n!#A0{&n>b$-pzzc>e<{R4gP7K!h_L(eBL*p3=Uniqu2(MAya
zk_>W8O-GPIZ?|mynJWb)^;DSuLG?m3ruVU0oqgRw)((^MEP7t#My8-uwM>hGVxlz8
zRJ?LV*a5Yj{$j0qo!7tPzn4F16mqAU<ESo<*<<HU64)Ibx3k?j(_Z<iEMkMxj^3v5
z*u&A@RD1Qp%#;-Aibfwvsv&YlI5Zz%JAUcQCzs)jMt2-Jl<<yF(-y&7b_^nxJQsJv
zYK4}aQy3!69XsFX)G=rDGIg`FHSLKLWx6KrDRb(E4@!3k9t|-g*qX1Uss38sQzGAt
z+I#$|XtJ?hr%#rOor8kkOLiV}mJtS3MqeqjUdEFC!*ZAC%5S*&;<2;ZKkCrG5F6N8
zfv4#Xd59i;`10LyyW<X)zPN_@dXFecQE}&Umwm*hV<~bDXF1QFV3AT?jKE6s<*aeF
zP=|_kAq~vhPx}OIZWHodOA@T`-|w>3r<lT$TXC6?o2F4xi#}uhMzOWWk|&Fad`3)c
zbDX4B@I)-%<b{Q<C`&FEW({Zdb8cdSd){4EqxM(uR2Hz99G@)JhC~LrZY*x=pkRd>
zj|!@fZO%VKp)@`?hVAaX5+GgZcmW~MOqcG49A$TEE$4{dS~I0!H(axwJZgm#8QqxA
z^ZLRYm(_@hv#7=7;EAdEozDi+t%aB51Qi19RqB6z3t8PvQ94MN4fz*ee=mG}9<O%4
zB4>rAD&Zr7Xtu7rn^EqJ6$DY&rYM|z#5*RH+~>3jgzmWdrc0zvA~R>hr#Dv1c1lJ)
z4i2y9ioT2A%(~*-G`)INdQ3CBMJG*7OI2Xrd1I|cXb|(cVm9k*rY=;;3YMpP^L(G2
zyKA&spSX5wJI$@I;+CNn4Yj^#^LeJIjW<{t(_fAw)ZEZg5tDbh>3SJ;$xI`1dpMI0
z%h_t~YLYlqySDR())k=zJzV}RZd)}^Kih)R*(Qq+Gb(A#vkqBIxI?e;)Tz1T24XMA
z@ot(+K3k}M@_L+FXpw5rw>@Rs6+hJ~!$WS~c^5s~?fG-l(jZ%jn+kSDiR3m^b7)@N
zQH4p|#g(?Je#u=XqgN$u$en6^`CQu!Ra@<^>w9_OB2-Y7i9Tjty&^qNYFv{f$Ox|i
z%BC<Kb9o(?M5oXF`A;7!EVbTD6{WRp+BQ2DNt(eB7mjM53Yk19m`6RtKCyxqsxTfB
zF(){pE^0+J?nSCviFT~KS*b7%%|*qwo%{8Ksw9dwIjIjRP}AKagos>5@ewsw*n&s6
z_pgoLJJjJgHocLDg1GhiLX?cjju<EJD^>y<Q))?Dww*%H>cq#+Ju>8Xk<PBfy3&$k
zlOB~2@@xbsHcRRCwphf13>EjWWb$0%Wt+T39dyp1Vu|0G?Urw?1yIVO#vb;PgPIx1
zBGqYf4w^A6{Ksoz7&7`VER#1a3~X8v_b--l#fd~U->!*wp^oTEofivdB@oRCj2UfE
z5PHNw0<YJX9Z$m~v=j4&KB?I9j+nl0LDA@&z}6>3tN7bo(;0__I`YjQiBC)5*S0oT
zs91U|Bq4oM83M7H%EmpylV{0Adf2*iYWztX?>y9VlAXdG*^O;@&S}Le_ok?`gDuSY
z_^L-l3UcMd09_VM=9Y}m=Q`Lyu~TzwvvcF|VMgpx&D&XCjS0$c*z%V3nICcvuY2@X
zUKUaAdQaI7n}O5R#JB!>`}W(LiqwlrpP^>BqjO(Cla;;Z-f$5w&u|v!QiUyLJY95a
zoA*5ZL&dW#<+UTy$n2Fl%1pCL?|j3(13DY1806v^o+OYOg{p5&Y7aLf^<5u0Wey~6
zX2NHiG4jnzL<THK-i4}FX4+R$=zAg$2tLqs<M!(??Jdqj#3#h%^EA;SY*Mll=7u}{
zcbX@5&D1p;@R^hPM}{!{)@sN6kt~H1l4V3)Y@!#Z#J%AK9);G^^vn;k_sNL*#+1}-
z&0&0N$P&2EVf_A$Xc4d2(GG(_&8ng&iTEhJfb8~$gPV3O%0EYT3mpv{w;*-RG<rB9
zG7k(irPi;m#007^@=)cg1hk<sF#>bpUG<eIcfyDeJMXJ{aVcrCPq#pYfK=tLj;I_9
zI_$KoRY;%^LhXvn6XlYMzSD^P$g9;o8l{61f{ZE3?WY$lv<Vs!anW2h;+xHA_Z<nI
z;!~?mbVV8QE-ufuOqsNd1w3D7G>fkDF3h@1cpHhS<HmHjVtQn|4pVi86m0M_v`sj^
z3Fjht@hZ8>jVqf`o;4tjy67s~`K}|sMj1_q3VOE@R_I8hdXhVhkk?~3T$?(#8Y4~$
zIH)L+sk8h<FT0es-iO;XIOo{oi0)05+_Gu5Hwr1SyX?o7+h5+=HOBvAcpMwcJ3^^B
z74GN}y2&Bj)k3A{n+56(Mh5r0BPG|yp7HExY+tzWbY(4+`6!OQTi^+e83B2-Vi!qT
z|Gp*lRQUDuzPa80I&+lTD(T%EKHEF#JD8UZMNRAu?WN54@8(}JJUGO*BXwM_wK=rI
zeeJ1S%)UZ&J&rqOG84&jQ1hwlaqXMRH<i?NpF9*d6-nUlcVp6-XCu8voX@wf-g%x{
zN=U0T_uenTLH#Gwly>n(UVhsC<`E*^(6+9-&aT0T*S=Y2r@GnY$0k#e()w#YiKnD%
zM_(*G+m*h!m)5GFpY@81@G~mfJ}Nn(X$Q<wq;y)@TA~tdQ~2Q)qoC|^9Ld_Werib@
zQ>T{NtaPw3^s!c_x5SY2Vg`C`ka#0ja#%F5?fQbJ@Z=d{e1y>q|6cqms|ZCxL;aq;
zrFs*~3S}$7AZ70CKtDMOmw-ZYJ`7MyxrDykl3+D_)VI#Spi_|5D%@AtKk~_Nl1qpS
zRZWrpKfShpe!kVLQ+Crby66{Y&&2NWbU<@SiwUG?ri?nvbg<TxSaRKAzSfYM%G)X3
zBYaS&?7;1x7Nst@>u+!8OKu{^6}ql6g*67V)LxXh&(5RVwIWg}$54Qn<ofwtQ2mc0
z=$}Xl2kc%QxmLF6*!e}r+jTx{6nl9#e5I?7tf0i60gMuVUF~9U%0PK&V$IWYEEc;Z
zGx!aJAH^m`bX3jA2x`8X)1EaMf5nVjWj=yp?{jJ84kVa3-Z-FCF^0NLC_3>|+T%Rr
zN<;8ox2N+9zQ#!b1$~vVTG8s`tZrfoL865=_i%{Ra#BS*dXtt@&cxkWHP@TE9TzB+
z#D2xrmijowPK~FgYPQ~{Kj0Vd4RW4WTwxkl2vcdxZKd~4@I4;Pu1E<swdD3Jm7PI3
zUb@br<R0N`s=lvkYem*pbPUhnC3l(QA(l3$l$kZMNAh(&Q1j0E`61>VxA7Kb5s5XH
zq8m#HV@>2K2qOL5#eQg)wsz3d>3ziLJBZ_AJ${*4c5URcJjH?KHPPILJE{8oEjB$F
z8(yAd)SWPOHWJH<On$xkD56Y;<#3<EiJAk*Oe>D!p#-fOQ85X&xBKI7w_P5lWK0wh
z3#*CMrFXEMJ1hFmV>y=8vwxJhw9>b^b}Als(WHF$rSy?(<54rk0^Q8UhGWh8y`<S?
z8}9NK$v+n6+(=LzByx<qNzm7Y1qOIr7D3>(&c=&U3n&rgAf^lDH*nrcr|@$O!iAEL
z?h9egAS683G9qh;+hi3Kavu*hODCyV+1dOes<kZ--TyPMcnd3*Z^P6*&R16rnQSx!
z+m{RPb}8x^c~p(4&@<NATTheh&{L-cZL4N8kLB*SD!6jJUJ2vlT6cfSeA+NDcoge^
zqVJo~l;L|ljxpjF>aOaw$ZzLVRnI}aI?!;P=rg<&wW}jNSokoBcq;uxTZnj(bMcn*
zhSuYJgV>Q#PBBq;A@5bOV%1oBKL5DWUOCE@{m)CZBA8=(UW@4Y$ztS{<dx+V732e#
zs!m~fD093wlZbL*t`6~9x92W)#-*JMe$}XQ1yLqHwv+m0K{pE1!SRYP@kmFCd52-_
zyOz&mqabg6*NZh&YpE^rp`^9aNHVWNSa5}fwmDgA*AUs%L-++va%mtge>Kd!`qo|N
z^i&Hncg-GlCV!=1W&ysqK_|LA&qBG@a8-em3@2T#QH`a$w8c9y>E_5^ae3WmdR+P7
oB^vzI6aHJxgEUDtBHKe>Q?6NN`V2NpmR_E|#g3;|{v6N$2QUnryZ`_I

literal 0
HcmV?d00001

diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 3711182c2999acb23a05fe8e11559bb7a3249221..d1b01472d316f509f037976e9cec613599012f6d 100644
GIT binary patch
delta 3449
zcmZvfYfMvT7{}k!LM_+BWzZ=(v$%<36`@>8Jt7wcK>-18TokNr)rwNCUglhx&TTp!
zEbkVV7_v>bh@uXtCL&5SIG`A_EPh&+?Ssp*4~z5560;@FJ@4D6t>;7tZ~Feu^ZfqL
zd3)M~-hOTGXWIVEn4JWF;t1I>QXp%SS^)g_;>C-=pPlVLt?e2O+pB+lu$+}glF~zV
zXM4BH-PU!2#F3US>9Oe3;h%>Q((g@-xhM;3X=-r>-BzOa<e06NY;$(5IX^ecnwOu^
z-rhZrkToucvCZ9W>~z|lt^-b^&Dd`1>N@D|bR-Z`vd?XAHD=}Uie2uWHityWUfTg%
zhRdB%=Gy11c6XOC9GoJCkT$omtH-{_=xpomJRCs?t25Tvy!Xo=YhzcE`2um;L2q7N
zmqq(4-=GgGPtY$alj;7d=7a<?Lz3qZ5)JqE>oP)yb>82r8U>G|E{WYPISN+<_<a-~
z+G~i0Jc|tNwM0uCFYUuf7;&V9u7{IwQhYc$=+hA$xt0>T4)MY@y?;+Mv8+x*9(eC=
zh^X<*AqxctiUg79HF0DLUaQ&kE7;5{nC}&AR>hvfJA4<Ifh0lhb8qxl<ATS)&XBN6
z-@{QD_+j~X8ra1{xuDU(H7)G?JPckf1@7O4lLf>G27i?ftJtlC%v0Q)gFRDl0tS-n
zH+$f&1L`R_TLVeOai-v87mx+0o`Q4r55P_&q@Lz#J*uZ)R+H(Vd77I~2CJC)6d%B&
zgR+2{9jt-8i37|i&SQqFi+Ga`9<0F7Gh7`wj~PDnTR8Mg(9GVRklDx0UBI4u;NX3V
zseM7UkE?gHGG4`|W={+|YF|*z-sO;bR&gG)+*|+^tY<c8p5^8=a2c3-mQTG1)w4`Z
z`_DINza?7w*ZFy|KDZ7F2!&VS-sB7QLh3Uq^pFdnb3}#qP%T{Z_I-0fBQ6Fhi(u^r
zl1_^+rVC4G>qV1bqGw@UN+)4mMxVl(K~n}z*5%lt;~nfVVf{LOCz)_<g736s9{h&!
zYw#HZcNX;wrU;qz++d2;j1IlRp;tKca2g>8e6@fhn?B`^s7oo<9CSn~9FYn~q{0!!
z9l5mS5}V@)IP%cJzGwW8JiC`@g(F(wfUi8Lw9p^8<4<tpqa#+~h*daZ6%LU*thDel
zo1^J+igg7#;uMZJg(FVkU>|$~k?D8b@c<kv(UG8VBq$sS3P&P$6wvuYYz`ULRdnl+
zMJS|wLnfh!j>B3^|A4iGCSEZKt7##uYiR2gi%?20z*<Is2C|mUxoQ&1X*R4C-j=IF
z8etuc8a4^*sRh<bY9F=;RrDOJ)%4M@Mcja+F65)u(77X$T#GEt&tNwJZ$ui5&mMxn
zqqK;RT!*!bu)kwO5;r1SjBEhdCS>Wze2}vl*%C$05><|g=WM}R6R+J$Q%5DS9@$c4
zRil#7KwC#mLL)spY7(39`f|Mf<7m3L4Ou3#2(Kh>N0#Mhuw(a|rJBRc=V-=SGxpoO
zlGuVQ8`&9PJCNld8-pAhvRprd9m~m8<>c|4omiWP{qff&(T>c5tN@q;Sw1q?bxC$2
zvnq0|s+<)(XBXD4!2WyS+>J~|_5|1-WGj))y&=giWCe<x0#(i`p0gKgS7Cq04M}W8
zR_JHmfg1xFaUa4WEUdUG$@`HND}stuK_xt>4QorV|LdEQ=tj00*+XFM$krhH2XZ=)
zl`3*dRXJrmrxR<-u)lUp61$MCMRpWeH?neMm&PQy2U&$8r$Uvpj^`Y}+I843+>*qD
z$kroU2J8^BN@NYUB>6D1Dn(9}DyN#~yp6Th*gpc!Bgi%&`vurL$ZC*9j7#!SWVMQ%
zT2)RR&v_SX>#*N8E{Psw8<Cv>){ATtvN6bc57}lvgB|+-ZC2%M;W@{!b_@2$-<HJV
z$hIOY0QNqzdStHKl6(SLgCeIvmD9*`KET>W?7s)j50Nz?djjkuWZRI<y(7sdk!@Gx
zY**zp^PE#y+l>7kcO>y+WG%=B?(7#&Bij+knULf&$ZU!nn<|I>BV-_-VC~L8&V(fP
zA+!6LcVNOQjNZ-H##o@G2>yDL68a)(?PMaYpN!T&p1d42_1jMZO$~dE_D=pS*l5rF
O<C=HJz5m|VY5xbkn`_Jf

delta 2753
zcmZ9MTTB&K6o%J67es}QRN++3j@1?vMk^=?IG{%b0Tl#AMFjybShR>%ty-(1R$H_t
zm|dTYsZDK-7tnH0f)~&lI8B<qG_i?k`p_nQvVCjP)JEx=eSSF1FqswBxBs>NHG9vT
zme0K{ZQi!@_<F+MIHKBb^DS?}tHHs+p?fngzB*rVpwqV__6=XLEgeIJ2e)k7y|1x(
z*WOb!j<PPP6LFvUPy2|@hQ`NVwL%Rge|lAVnO{|xUiIhEULxf!+c#+v^;6O)qBw4H
za~9Fj7^1!+q9zKpmTeHn8dfFR{pkoR1Yb`RqPd4W^kPgj_mY<yM&v&7QA0{}-A{fh
zIFvNpFNR|1_T=a~k0EZyMso7JX6rokeQ0a>=<?JUN)|Q<3WH)j<7j~YceAj~LO)%8
zDvl-66qdi_ed*_+6ZPXoG7o17ER1A6&Snm0eoCS@QD+-OyA0?qnNSY!T#1x5oY`Hb
z4%cy)Wi$<`JyWzzShtBqVc5|o%)1q!*5NfjO`|h>O82g8G&`6E`6fD{<7L*y^TSCp
z$ooViK~MN13I)He5>sEu=(Y;`7{*3(zrD?&o^QVL7;j-pChYyT+IcNiB&!S8Op&4<
zbDXaJ;y6Q1yl#qARmd?-?YTZ#nCcwInd;j0$<pK=y*$e(KK)62`SjM>&lsRt>Nl-^
z$?+XE@kUfV+Myn!)w5N_4ZC*}$8^;?LOs@@w%^qNWvItm{VT^g>faISc!%14j{-DT
zW!$uTmvYQhjW?r{@D7fcn?E>KXQ?l>`XR@8>e&c&f<yhfR%fe(cDwg1jybBNJ=%M`
zLp?#ObJg+oY%yQ;w41_Ge{jrG2_2@$SNR+ls78(p)rF315mY~NT%`QBOtDyHa9pBl
zI2MFjZ{6^SLY38NilwTaW05-7nJtP{KgSaFvNPLShNDf^N4s1fQXD1oD`y|l&@rXx
zkyb#P649#WkTgocrh{E%Rt7c$EF6;7O0ZOiPpZo&P5YEXn}+%+UDBukGc{YKmNQ!o
zHWTbXmlT!iLYFDlsK;HVu@>vIvHo9Is<jR*J;FHa<*z>7HAjY?qYBy#)YsmT#(J<h
zU}u?a0GkWeeMedw!7?2_nJypuw;@2)&}O0DxGRksuz6q>vrS;xVB7CXs}?NB;gjR?
z$<;n}(B`7Pk9*dG%?EqVY%`bz7U-7N7O=bs<ILW-JeN<t_Sp(;KI)shrLhfc0oX-m
z4PXl+EEMj(<gvB`1|3F0m(e0^^e(iE(DaLY(r5%*4E6)F9bikq{<$ZuonQqHp8}Up
zq4s$X+CtQ?yf2L=u%%#!ne75A0=s%&TFqd^4xeI|Pl@)~4Q&bP2f61Suw`K818KYu
zwj6BT18MCATjB6o;qocfKKr08Mg1-AxgV?y>=$MqfUN`@^-x*|z{(vy<u0EJ?Q;;?
z3e?v=l*S>jRbXeCeF(N1tebrfgH<|wDqTKnw9iM-u0g%gD~%&yYr!mLN5R&CZSR%V
zF|aC!PnFAOz4mE=c0KC*xaV=O4PeiiodDYi7U+}KNwDe&<IMhms$D)c+UH|vYf#_Z
zCyi5Jo4_tII}KI~7Vc}ZJ^`z9_|&<4>b1|O(AE$6Jd#E$*ybT0W@o^*L|7>NC|9U9
zUs~sPIo>$?H!R3^OYlmED(|15s`}$%&-Wz#yz}>GLQVBeP%Zs`i#oM`;H0OrC-h<<
G#``~Rg9VQO