search

Guardsquare / proguard

ProGuard, Java optimizer and obfuscator
https://www.guardsquare.com/en/products/proguard
GNU General Public License v2.0
2.79k stars 401 forks source link

Exception in thread "main" java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "proguard.retrace.FrameInfo.getSourceFile()" is null #351

Open liamsharp opened 1 year ago

liamsharp commented 1 year ago

When trying to retrace the following:

Exception in thread "main" java.lang.NullPointerException: Cannot invoke "com.github.screamingfrog.b.a()" because the return value of "com.github.screamingfrog.a.a()" is null
    at com.github.screamingfrog.App.a(Unknown Source)
    at com.github.screamingfrog.App.main(Unknown Source)

I'm getting:

Exception in thread "main" java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because the return value of "proguard.retrace.FrameInfo.getSourceFile()" is null
    at proguard.retrace.FrameRemapper.transformMethodInfo(FrameRemapper.java:189)
    at proguard.retrace.FrameRemapper.transform(FrameRemapper.java:63)
    at proguard.retrace.ReTrace.handle(ReTrace.java:198)
    at proguard.retrace.ReTrace.retrace(ReTrace.java:178)
    at proguard.retrace.ReTrace.main(ReTrace.java:406)

Using the command:

proguard-7.3.2/bin/retrace.sh target/proguard_map.txt output.txt

Here's the proguard_map.txt and output.txt to reproduce.

I also have a sample maven project here hello-world-cli.tar.gz with the code that is obfuscated by Proguard.

Steps to build and reproduce:

Extract the code:

tar xfvz hello-world-cli.tar.gz
cd hello-world-cli

Build:

mvn clean package

Reproduce the crash & store the output in a file:

java -jar target/hello-world-cli-1.0-SNAPSHOT.jar 2>&1 | tee output.txt

Retrace:

proguard-7.3.2/bin/retrace.sh target/proguard_map.txt output.txt

Bentaii commented 11 months ago

I also had this with my stacktraces when trying to deobfuscate them. I have a fix in my fork that would solve the issue :) https://github.com/Bentaii/proguard Cheers!

Bentaii commented 11 months ago

The issue comes from using the %m parameter and not having a %s parameter for the source file name. During the FrameRemapper's transformMethodInfo (it should also happen with the transformFieldInfo so with %f in your regex), the check for the source file returns null and it can't equal it to "Unknown Source". image

The proper way it should have been implemented should've been is something like this where you aren't vulnerable to the null value. image

Cheers!

Bentaii commented 6 months ago

It should be fixed in the next release now that the pr has been merged

liamsharp commented 4 months ago

Any idea when the next release is planned?