11-02 19:16:37.986 I/AEE/AED (14220): Build fingerprint: 'Meizu/mt6795/mt6795:5.1/LMY47I/1446454236:userdebug/test-keys'
11-02 19:16:37.986 I/AEE/AED (14220): Revision: '22352'
11-02 19:16:37.986 I/AEE/AED (14220): ABI: 'arm64'
11-02 19:16:37.986 I/AEE/AED (14220): pid: 13850, tid: 14219, name: Thread-458 >>> com.meizu.safe <<<
11-02 19:16:37.986 I/AEE/AED (14220): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x20
11-02 19:16:38.009 I/AEE/AED (14220): x0 0000000000000000 x1 0000007f957e1700 x2 0000007fa6cd5640 x3 0000007f91be86b2
11-02 19:16:38.009 I/AEE/AED (14220): x4 0000007f957e0e00 x5 0000007f9540ec12 x6 0000007f9540ec0e x7 6649656369767265
11-02 19:16:38.009 I/AEE/AED (14220): x8 5024627574532463 x9 0000007f957e1a40 x10 0000000000000003 x11 0000000000000001
11-02 19:16:38.009 I/AEE/AED (14220): x12 0000000000000001 x13 ffff000000000000 x14 0000007f92605320 x15 000000000001a2d8
11-02 19:16:38.009 I/AEE/AED (14220): x16 0000007f93b379f0 x17 0000007fb19ad62c x18 0000000000000000 x19 0000007f90c24a20
11-02 19:16:38.009 I/AEE/AED (14220): x20 0000007f90c24a38 x21 0000000000000000 x22 0000007fa6cd5640 x23 0000000000000000
11-02 19:16:38.009 I/AEE/AED (14220): x24 0000000000000001 x25 0000007f90c24af0 x26 0000000000000000 x27 0000007f90c25198
11-02 19:16:38.009 I/MzBlockService(14176): BlockMessageUtil : init
11-02 19:16:38.009 I/AEE/AED (14220): x28 0000000000000000 x29 0000007f90c248c0 x30 0000007f93abdaa4
11-02 19:16:38.009 I/AEE/AED (14220): sp 0000007f90c248c0 pc 0000007f93abb148 pstate 0000000060000000
11-02 19:16:38.010 I/AEE/AED (14220):
11-02 19:16:38.010 I/AEE/AED (14220): backtrace:
11-02 19:16:38.010 I/AEE/AED (14220): #00 pc 0000000000036148 /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so android-ndk-r10c/sources/cxx-stl/stlport/stlport/stl/_vector.h:192
11-02 19:16:38.010 I/AEE/AED (14220): #01 pc 0000000000038aa0 /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so ams/AMS_BlueShark/src/MalwareScanner.cpp:492
11-02 19:16:38.010 I/AEE/AED (14220): #02 pc 0000000000038dfc /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so ams/AMS_BlueShark/src/MalwareScanner.cpp:901
11-02 19:16:38.010 I/AEE/AED (14220): #03 pc 000000000001b65c /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so (Java_tmsdk_fg_module_qscanner_AmScannerStatic_scanApkBytes+824)
11-02 19:16:38.010 I/AEE/AED (14220): #04 pc 00000000007f6464 /data/dalvik-cache/arm64/data@app@com.meizu.safe-2@base.apk@classes.dex
后来用libams-1.1.6-64b-mfr.so改名libams-1.1.4-64b-mfr.so测试后依然报错,堆栈如下:
11-06 11:16:01.940 8082 8082 I AEE/AED : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x20
11-06 11:16:01.949 8082 8082 I AEE/AED : x0 0000000000000000 x1 0000007f704d66f0 x2 0000007f865b55c0 x3 0000000000000010
11-06 11:16:01.950 8082 8082 I AEE/AED : x4 0000007f704bb000 x5 0000000000000074 x6 0000007f705195ea x7 34762e74726f7070
11-06 11:16:01.950 8082 8082 I AEE/AED : x8 7a642e776569762e x9 726f706b6361622e x10 752e6176616a2e74 x11 0000000000000001
11-06 11:16:01.950 8082 8082 I AEE/AED : x12 0000000000000001 x13 6e65727275636e6f x14 70614d6873614874 x15 00000000003e1198
11-06 11:16:01.950 8082 8082 I AEE/AED : x16 0000007f73f418b8 x17 0000007f91063200 x18 0000000000000000 x19 0000007f74408a20
11-06 11:16:01.950 8082 8082 I AEE/AED : x20 0000007f74408a38 x21 0000000000000000 x22 0000007f865b55c0 x23 0000000000000000
11-06 11:16:01.950 8082 8082 I AEE/AED : x24 0000000000000001 x25 0000007f74408af0 x26 0000000000000000 x27 0000007f74409198
11-06 11:16:01.950 8082 8082 I AEE/AED : x28 0000000000000000 x29 0000007f744088c0 x30 0000007f73ec7a18
11-06 11:16:01.950 8082 8082 I AEE/AED : sp 0000007f744088c0 pc 0000007f73ec50bc pstate 0000000060000000
11-06 11:16:01.950 8082 8082 I AEE/AED :
11-06 11:16:01.950 8082 8082 I AEE/AED : backtrace:
11-06 11:16:01.950 8082 8082 I AEE/AED : #00 pc 00000000000360bc /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so android-ndk-r10c/sources/cxx-stl/stlport/stlport/stl/_vector.h:192
11-06 11:16:01.950 8082 8082 I AEE/AED : #01 pc 0000000000038a14 /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so ams/AMS_BlueShark/src/MalwareScanner.cpp:492
11-06 11:16:01.950 8082 8082 I AEE/AED : #02 pc 0000000000038d70 /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so ams/AMS_BlueShark/src/MalwareScanner.cpp:901
11-06 11:16:01.950 8082 8082 I AEE/AED : #03 pc 000000000001b66c /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so (Java_tmsdk_fg_module_qscanner_AmScannerStatic_scanApkBytes+824)
11-06 11:16:01.950 8082 8082 I AEE/AED : #04 pc 00000000006725e4 /data/dalvik-cache/arm64/data@app@com.meizu.safe-2@base.apk@classes.dex
两个堆栈完全相同
android-ndk-r10c/sources/cxx-stl/stlport/stlport/stl/_vector.h
<?prettify linenums=190?>
class vector : protected STLPPRIV Vectorbase<_Tp, Alloc> ..... sizetype size() const { return sizetype(this->Mfinish - this->M_start); }
理论上这一行是绝对不会出指针问题的,从报错的地址0x20
看这是个偏移地址,而在size
中,任何一个变量是空指针都不会导致报错.继续看下下层的堆栈
MalwareScanner.cpp
<?prettify linenums=477?>
AmsError MalwareScanner::CheckClasses(ApkInfo* apkInfo, ApkInfoCache* apkInfoCache) { AmsError err = _AmsErrGeneral; vector<string> classList; vector<string> reverseClassList; do { if ((err = apkInfo->ParseClassList(classList)) != _AmsErrNone) { LOGE("ParseClassList error\n"); break; } reverseClassList = classList; sort(classList.begin(), classList.end()); sort(reverseClassList.begin(), reverseClassList.end(), ClassSuffixCompare); PrefixMatch(classList, apkInfoCache); SuffixMatch(reverseClassList, apkInfoCache);
<?prettify linenums=405?>
void MalwareScanner::PrefixMatch(const vector& classList, ApkInfoCache* apkInfoCache) { int classSize = classList.size(); int prefixSize = mClassPrefixList.size();