在测试调用native的rw_i93.cc文件的rw_i93_sm_format函数时,出现程序crash,报错信息如下
12-18 11:19:39.056 1453 2114 I WifiStateMachine: checkScoreBasedQuality - mPreviousScore[0]:81 mPreviousScore[1]:81 mPreviousScore[2]:81 s2Score:80mPrevoiusScoreAverage:81
12-18 11:19:39.113 18417 18417 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
12-18 11:19:39.115 1066 1066 I /system/bin/tombstoned: received crash request for pid 18414
12-18 11:19:39.118 18417 18417 I crash_dump64: performing dump of process 18414 (target tid = 18414)
12-18 11:19:39.138 18417 18417 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
12-18 11:19:39.139 18417 18417 F DEBUG : Build fingerprint: 'samsung/dreamqltezc/dreamqltechn:9/PPR1.180610.011/G9500ZCS6DTJ1:user/release-keys'
12-18 11:19:39.139 18417 18417 F DEBUG : Revision: '12'
12-18 11:19:39.139 18417 18417 F DEBUG : ABI: 'arm64'
12-18 11:19:39.139 18417 18417 F DEBUG : pid: 18414, tid: 18414, name: ServiceHandlerB >>> com.weiqing.wheeljack:CaseHandlerService <<<
12-18 11:19:39.139 18417 18417 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
12-18 11:19:39.139 18417 18417 F DEBUG : Abort message: 'stack corruption detected (-fstack-protector)'
12-18 11:19:39.139 18417 18417 F DEBUG : x0 0000000000000000 x1 00000000000047ee x2 0000000000000006 x3 0000000000000008
12-18 11:19:39.139 18417 18417 F DEBUG : x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 0000000000000030
12-18 11:19:39.139 18417 18417 F DEBUG : x8 0000000000000083 x9 6b3556791e691e70 x10 0000000000000000 x11 fffffffc7ffffbdf
12-18 11:19:39.139 18417 18417 F DEBUG : x12 0000000000000001 x13 000000005fdc1fca x14 0039d2de21f52580 x15 0000591ef0ff6dfc
12-18 11:19:39.139 18417 18417 F DEBUG : x16 0000007418a192a0 x17 0000007418939f24 x18 6b3556791e691e70 x19 00000000000047ee
12-18 11:19:39.139 18417 18417 F DEBUG : x20 00000000000047ee x21 0000000000000000 x22 0000007379f08984 x23 0000007379dd1f33
12-18 11:19:39.139 18417 18417 F DEBUG : x24 0000007379f37a30 x25 000000737b9f3588 x26 0000007379f35a68 x27 6b3556791e691e70
12-18 11:19:39.139 18417 18417 F DEBUG : x28 000000737b9f16f0 x29 000000737b9f1570
12-18 11:19:39.139 18417 18417 F DEBUG : sp 000000737b9f1530 lr 000000741892c304 pc 000000741892c32c
12-18 11:19:39.161 1453 2113 D WifiPermissionsUtil: canAccessScanResults: pkgName = android, uid = 1000
12-18 11:19:39.162 2194 2194 D SecStatusBarWifiView: updateState: WifiIconState(resId=2131232630, visible=true, activityId=2131232635)
最后发现是因为编译器开启了GCC “stack smashing detected”机制(堆栈保护程序。堆栈保护程序是由编译器生成并放入程序中的代码),用来访者“栈溢出”。如果使用-fstack protector进行编译,那么在堆栈上分配的空间会多一点,在进入和返回函数时,代码会设置检查,然后在函数中实际检查是否覆盖了堆栈。这将对你的申请产生影响。如果启用,它将迅速阻止堆栈溢出攻击。只有在代码中没有函数调用的情况下,程序才会不受影响(由于通常编写main(),而这是一个由启动代码调用的函数,它将对程序产生影响)。但是,堆栈溢出攻击并不是唯一可以使用的攻击,因此它不是万能的。但它是一种有用的保护措施,成本有限。
常见的栈溢出情况如下:
#include <string.h>
#include <stdio.h>
int main(void)
{
char array[10] = {0};
strcpy(array, "stackoverflow");
return 0;
}
解决上面的问题是在调用rw_i93_sm_format函数的代码的android.mk文件的LOCAL_CFLAGS编译器标记加上-fno-stack-protector这个编译选项,把“stack smashing detected”机制关闭即可。