在调试中遇到:
崩溃信息:
--------- beginning of crash
F libc : FORTIFY: memcpy: prevented 4294967295-byte write into 4112-byte buffer
10-07 09:02:05.841 1705 1705 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
10-07 09:02:05.841 1705 1705 F DEBUG : Revision: '0'
10-07 09:02:05.841 1705 1705 F DEBUG : ABI: 'arm64'
10-07 09:02:05.843 1705 1705 F DEBUG : Timestamp: 2021-10-07 09:02:05+0000
10-07 09:02:05.843 1705 1705 F DEBUG : pid: 1614, tid: 1646, name: Thread-2 >>> com.phdtaui.mainactivity <<<
10-07 09:02:05.843 1705 1705 F DEBUG : uid: 1027
10-07 09:02:05.843 1705 1705 F DEBUG : signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr --------
10-07 09:02:05.843 1705 1705 F DEBUG : Abort message: 'FORTIFY: memcpy: prevented 4294967295-byte write into 4112-byte buffer'
10-07 09:02:05.843 1705 1705 F DEBUG : x0 0000000000000000 x1 000000000000066e x2 0000000000000006 x3 0000007b29cc48a0
10-07 09:02:05.844 1705 1705 F DEBUG : x4 0000000000008080 x5 0000000000008080 x6 0000000000008080 x7 0000000000000038
10-07 09:02:05.844 1705 1705 F DEBUG : x8 00000000000000f0 x9 0000007c14d1b4e0 x10 0000000000000000 x11 0000000000000001
10-07 09:02:05.844 1705 1705 F DEBUG : x12 0000000000000030 x13 00000000615eb78d x14 00292fd2d2b00ec0 x15 000014b22d557fb8
10-07 09:02:05.844 1705 1705 F DEBUG : x16 0000007c14de78c0 x17 0000007c14dc5020 x18 0000007b29458000 x19 00000000000000ac
10-07 09:02:05.844 1705 1705 F DEBUG : x20 000000000000064e x21 00000000000000b2 x22 000000000000066e x23 00000000ffffffff
10-07 09:02:05.844 1705 1705 F DEBUG : x24 0000007b2c2058c8 x25 0000007b2c2131d8 x26 0000000000001010 x27 0000007b2c20785e
10-07 09:02:05.844 1705 1705 F DEBUG : x28 0000007b2c205067 x29 0000007b29cc4950
10-07 09:02:05.844 1705 1705 F DEBUG : sp 0000007b29cc4880 lr 0000007c14d79170 pc 0000007c14d791a0
10-07 09:02:05.850 1705 1705 F DEBUG :
10-07 09:02:05.850 1705 1705 F DEBUG : backtrace:
10-07 09:02:05.850 1705 1705 F DEBUG : #00 pc 00000000000821a0 /apex/com.android.runtime/lib64/bionic/libc.so (abort+176) (BuildId: 99d256d401014e290f38edaacced78da)
10-07 09:02:05.850 1705 1705 F DEBUG : #01 pc 00000000000a7f8c /apex/com.android.runtime/lib64/bionic/libc.so (__fortify_fatal(char const*, ...)+116) (BuildId: 99d256d401014e290f38edaacced78da)
10-07 09:02:05.850 1705 1705 F DEBUG : #02 pc 00000000000a7fb8 /apex/com.android.runtime/lib64/bionic/libc.so (__check_buffer_access(char const*, char const*, unsigned long, unsigned long)+40) (BuildId: 99d256d401014e290f38edaacced78da)
10-07 09:02:05.850 1705 1705 F DEBUG : #03 pc 00000000000a8144 /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy_chk_fail+68) (BuildId: 99d256d401014e290f38edaacced78da)
10-07 09:02:05.850 1705 1705 F DEBUG : #04 pc 00000000000a8e80 /apex/com.android.runtime/lib64/bionic/libc.so (__memcpy_chk+16) (BuildId: 99d256d401014e290f38edaacced78da)
10-07 09:02:05.850 1705 1705 F DEBUG : #05 pc 000000000000df9c /system/lib64/libdta.so (phDtaLibi_T4TOperations_DynamicExecution.cfi+644) (BuildId: 99216fd73a110db21f0e03987719921f)
问题是内存越界导致,通过分析phDtaLibi_T4TOperations_DynamicExecution中的代码
问题是由于:
memcpy(loopBakBuffer,resultBuffer,dwSizeOfResultBuff-2);异常
dwSizeOfResultBuff-2得到一个负数,从而导致长度异常
加入长度判断逻辑,问题解决:
if(dwSizeOfResultBuff <= 2 || dwSizeOfResultBuff>PHMWIF_MAX_LOOPBACK_DATABUF_SIZE) {
phOsal_LogError((const uint8_t*)"DTALib> T4T:Error Failed : data Length error !! \n");
dwMwIfStatus = DTASTATUS_FAILED;
break;
}
memcpy(loopBakBuffer,resultBuffer,dwSizeOfResultBuff-2);