问题分析


堆栈

// Build fingerprint: 'Lenovo/passion/passion:5.1.1/LMY47V/VIBEUI_V2.6_1524_5.423.1_ST_P1c72:user/release-keys'
// Revision: '0'
// ABI: 'arm64'
// pid: 13850, tid: 20260, name: Thread-2446  >>> com.lenovo.security <<<
// signal 11), code 1 (SEGV_MAPERR), fault addr 0x98
//     x0   00000055bcbcb950  x1   0000007f7e40a690  x2   00000055bcbcb8e0  x3   00000000744fe670
//     x4   0000000000000000  x5   00000055bbd66b9c  x6   0000000000000000  x7   00000055bbd66b98
//     x8   0000000000000000  x9   0000000000430000  x10  0000000000000000  x11  0000000000000000
//     x12  0000000000000000  x13  0000000000430000  x14  0000000000550000  x15  0000000000430000
//     x16  0000000000000000  x17  0000007f94649000  x18  0000007f9464b470  x19  00000055bcbcb950
//     x20  0000007f7d2f36f4  x21  00000055bcbcb950  x22  0000000000000090  x23  0000000013357040
//     x24  0000000005589b47  x25  0000007f82927d9c  x26  0000007f7e40ab0c  x27  0000000000000040
//     x28  0000005500000000  x29  0000007f7e40a5f0  x30  0000007f7d310d14
//     sp   0000007f7e40a5f0  pc   0000007f7d307768  pstate 0000000060000000
// 
// backtrace:
//     #00 pc 0000000000021768  /data/app/com.lenovo.security-1/lib/arm64/libams-1.1.4-64b-mfr.so   AmfFile.cpp:50行  delete mData;
//     #01 pc 000000000002ad10  /data/app/com.lenovo.security-1/lib/arm64/libams-1.1.4-64b-mfr.so   MalwareScanner.cpp:61行 delete mAmfFile;
//     #02 pc 000000000000d70c  /data/app/com.lenovo.security-1/lib/arm64/libams-1.1.4-64b-mfr.so (Java_tmsdk_fg_module_qscanner_AmScannerStatic_deleteObject+24)
//     #03 pc 00000000004de00c  /data/dalvik-cache/arm64/data@app@com.lenovo.security-1@base.apk@classes.dex
// 
** System appears to have crashed at event 76773 of 300000 using seed 18
//NativeMalwareStruct.h
struct MalwareData : public taf::JceStructBase
//唯一的成员变量 vector<AMF::MalwareInfo> malwarelist;
//所有mData的操作,无一是改变指针值的操作,唯一可疑的*mData = packet.get<AMF::MalwareData>(LABEL_AMF);只是赋值,不会改变指针的值
    Line 51:    mData = new AMF::MalwareData();
    Line 55:    delete mData;
    Line 105:           *mData = packet.get<AMF::MalwareData>(LABEL_AMF);
    Line 301:               for (; curId < mData->malwarelist.size(); curId++) {
    Line 302:                   if (mData->malwarelist[curId].id == virusInfoList[i].id) {
    Line 304:                       mData->malwarelist[curId] = malwareInfo;
    Line 308:               if (curId == mData->malwarelist.size()) {
    Line 310:                   mData->malwarelist.push_back(malwareInfo);
    Line 315:           for (; curId < mData->malwarelist.size(); curId++) {
    Line 316:               if (mData->malwarelist[curId].id == virusInfoList[i].id) {
    Line 320:           if (curId < mData->malwarelist.size()) {
    Line 321:               mData->malwarelist.erase(mData->malwarelist.begin() + curId);
    Line 321:               mData->malwarelist.erase(mData->malwarelist.begin() + curId);
    Line 326:   sort(mData->malwarelist.begin(), mData->malwarelist.end(), MalwareInfoCompare);
    Line 326:   sort(mData->malwarelist.begin(), mData->malwarelist.end(), MalwareInfoCompare);
    Line 361:           packet.put(LABEL_AMF, *mData);

Copyright © FengGuangtu 2017