魅族杀毒crash

---

11-02 19:16:37.986 I/AEE/AED (14220): Build fingerprint: 'Meizu/mt6795/mt6795:5.1/LMY47I/1446454236:userdebug/test-keys'
11-02 19:16:37.986 I/AEE/AED (14220): Revision: '22352'
11-02 19:16:37.986 I/AEE/AED (14220): ABI: 'arm64'
11-02 19:16:37.986 I/AEE/AED (14220): pid: 13850, tid: 14219, name: Thread-458 >>> com.meizu.safe <<<
11-02 19:16:37.986 I/AEE/AED (14220): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x20
11-02 19:16:38.009 I/AEE/AED (14220): x0 0000000000000000 x1 0000007f957e1700 x2 0000007fa6cd5640 x3 0000007f91be86b2
11-02 19:16:38.009 I/AEE/AED (14220): x4 0000007f957e0e00 x5 0000007f9540ec12 x6 0000007f9540ec0e x7 6649656369767265
11-02 19:16:38.009 I/AEE/AED (14220): x8 5024627574532463 x9 0000007f957e1a40 x10 0000000000000003 x11 0000000000000001
11-02 19:16:38.009 I/AEE/AED (14220): x12 0000000000000001 x13 ffff000000000000 x14 0000007f92605320 x15 000000000001a2d8
11-02 19:16:38.009 I/AEE/AED (14220): x16 0000007f93b379f0 x17 0000007fb19ad62c x18 0000000000000000 x19 0000007f90c24a20
11-02 19:16:38.009 I/AEE/AED (14220): x20 0000007f90c24a38 x21 0000000000000000 x22 0000007fa6cd5640 x23 0000000000000000
11-02 19:16:38.009 I/AEE/AED (14220): x24 0000000000000001 x25 0000007f90c24af0 x26 0000000000000000 x27 0000007f90c25198
11-02 19:16:38.009 I/MzBlockService(14176): BlockMessageUtil : init
11-02 19:16:38.009 I/AEE/AED (14220): x28 0000000000000000 x29 0000007f90c248c0 x30 0000007f93abdaa4
11-02 19:16:38.009 I/AEE/AED (14220): sp 0000007f90c248c0 pc 0000007f93abb148 pstate 0000000060000000
11-02 19:16:38.010 I/AEE/AED (14220):
11-02 19:16:38.010 I/AEE/AED (14220): backtrace:
11-02 19:16:38.010 I/AEE/AED (14220): #00 pc 0000000000036148 /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so android-ndk-r10c/sources/cxx-stl/stlport/stlport/stl/_vector.h:192
11-02 19:16:38.010 I/AEE/AED (14220): #01 pc 0000000000038aa0 /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so ams/AMS_BlueShark/src/MalwareScanner.cpp:492
11-02 19:16:38.010 I/AEE/AED (14220): #02 pc 0000000000038dfc /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so ams/AMS_BlueShark/src/MalwareScanner.cpp:901
11-02 19:16:38.010 I/AEE/AED (14220): #03 pc 000000000001b65c /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so (Java_tmsdk_fg_module_qscanner_AmScannerStatic_scanApkBytes+824)
11-02 19:16:38.010 I/AEE/AED (14220): #04 pc 00000000007f6464 /data/dalvik-cache/arm64/data@app@com.meizu.safe-2@base.apk@classes.dex

后来用libams-1.1.6-64b-mfr.so改名libams-1.1.4-64b-mfr.so测试后依然报错,堆栈如下:

11-06 11:16:01.940  8082  8082 I AEE/AED : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x20
11-06 11:16:01.949  8082  8082 I AEE/AED :     x0   0000000000000000  x1   0000007f704d66f0  x2   0000007f865b55c0  x3   0000000000000010
11-06 11:16:01.950  8082  8082 I AEE/AED :     x4   0000007f704bb000  x5   0000000000000074  x6   0000007f705195ea  x7   34762e74726f7070
11-06 11:16:01.950  8082  8082 I AEE/AED :     x8   7a642e776569762e  x9   726f706b6361622e  x10  752e6176616a2e74  x11  0000000000000001
11-06 11:16:01.950  8082  8082 I AEE/AED :     x12  0000000000000001  x13  6e65727275636e6f  x14  70614d6873614874  x15  00000000003e1198
11-06 11:16:01.950  8082  8082 I AEE/AED :     x16  0000007f73f418b8  x17  0000007f91063200  x18  0000000000000000  x19  0000007f74408a20
11-06 11:16:01.950  8082  8082 I AEE/AED :     x20  0000007f74408a38  x21  0000000000000000  x22  0000007f865b55c0  x23  0000000000000000
11-06 11:16:01.950  8082  8082 I AEE/AED :     x24  0000000000000001  x25  0000007f74408af0  x26  0000000000000000  x27  0000007f74409198
11-06 11:16:01.950  8082  8082 I AEE/AED :     x28  0000000000000000  x29  0000007f744088c0  x30  0000007f73ec7a18
11-06 11:16:01.950  8082  8082 I AEE/AED :     sp   0000007f744088c0  pc   0000007f73ec50bc  pstate 0000000060000000
11-06 11:16:01.950  8082  8082 I AEE/AED : 
11-06 11:16:01.950  8082  8082 I AEE/AED : backtrace:
11-06 11:16:01.950  8082  8082 I AEE/AED :     #00 pc 00000000000360bc  /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so android-ndk-r10c/sources/cxx-stl/stlport/stlport/stl/_vector.h:192
11-06 11:16:01.950  8082  8082 I AEE/AED :     #01 pc 0000000000038a14  /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so ams/AMS_BlueShark/src/MalwareScanner.cpp:492
11-06 11:16:01.950  8082  8082 I AEE/AED :     #02 pc 0000000000038d70  /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so ams/AMS_BlueShark/src/MalwareScanner.cpp:901
11-06 11:16:01.950  8082  8082 I AEE/AED :     #03 pc 000000000001b66c  /data/app/com.meizu.safe-2/lib/arm64/libams-1.1.4-64b-mfr.so (Java_tmsdk_fg_module_qscanner_AmScannerStatic_scanApkBytes+824)
11-06 11:16:01.950  8082  8082 I AEE/AED :     #04 pc 00000000006725e4  /data/dalvik-cache/arm64/data@app@com.meizu.safe-2@base.apk@classes.dex

两个堆栈完全相同

android-ndk-r10c/sources/cxx-stl/stlport/stlport/stl/_vector.h

<?prettify linenums=190?>

class vector : protected STLPPRIV Vectorbase<_Tp, Alloc>
.....
  sizetype size() const        { return sizetype(this->Mfinish - this->M_start); }

理论上这一行是绝对不会出指针问题的,从报错的地址0x20看这是个偏移地址,而在size中,任何一个变量是空指针都不会导致报错.继续看下下层的堆栈

MalwareScanner.cpp

<?prettify linenums=477?>

AmsError MalwareScanner::CheckClasses(ApkInfo* apkInfo, ApkInfoCache* apkInfoCache) {
    AmsError err = _AmsErrGeneral;
 
    vector<string> classList;
    vector<string> reverseClassList;
    do {
        if ((err = apkInfo->ParseClassList(classList)) != _AmsErrNone) {
            LOGE("ParseClassList error\n");
            break;
        }
        reverseClassList = classList;
 
        sort(classList.begin(), classList.end());
        sort(reverseClassList.begin(), reverseClassList.end(), ClassSuffixCompare);
 
        PrefixMatch(classList, apkInfoCache);
        SuffixMatch(reverseClassList, apkInfoCache);

<?prettify linenums=405?>

void MalwareScanner::PrefixMatch(const vector& classList, ApkInfoCache* apkInfoCache) {
    int classSize = classList.size();
    int prefixSize = mClassPrefixList.size();

---