search

Tencent / MMKV

An efficient, small mobile key-value storage framework developed by WeChat. Works on Android, iOS, macOS, Windows, and POSIX.
Other
17.39k stars 1.91k forks source link

A SIGSEGV (SEGV_MAPERR) crash occurs when decode data #1202

Closed fzzwork closed 11 months ago

fzzwork commented 11 months ago

The language of MMKV

Java

The version of MMKV

v1.2.12

The platform of MMKV

Android

The installation of MMKV

Maven

What's the issue?

A SIGSEGV (SEGV_MAPERR) null pointer exception occurs when the trim() method is called.

CRASHSTACK

` //堆栈1:decodeInt 0

00 pc 000000000002889c partialLoadFromFile (/data/orange-ci/workspace/Core/MMKV_IO.cpp:390 [Inline: memcpy]) [arm64-v8a]

1

01 pc 0000000000028e38 checkLoadData (/data/orange-ci/workspace/Core/MMKV_IO.cpp:293) [arm64-v8a]

2

02 pc 0000000000029e24 getDataForKey (/data/orange-ci/workspace/Core/MMKV_IO.cpp:466) [arm64-v8a]

3

03 pc 000000000001f538 getInt32 (/data/orange-ci/workspace/Core/MMKV.cpp:634) [arm64-v8a]

4

04 pc 0000000000018748 decodeInt (../../../../src/main/cpp/native-bridge.cpp:393) [arm64-v8a]

`

` //堆栈2:containsKey 0

00 pc 000000000002889c partialLoadFromFile (/data/orange-ci/workspace/Core/MMKV_IO.cpp:390 [Inline: memcpy]) []

1

01 pc 0000000000028e38 checkLoadData (/data/orange-ci/workspace/Core/MMKV_IO.cpp:293) []

2

02 pc 00000000000201f4 containsKey (/data/orange-ci/workspace/Core/MMKV.cpp:790) []

3

03 pc 0000000000019a64 containsKey (../../../../src/main/cpp/native-bridge.cpp:532) []

4

04 pc 000000000052a040 art_jni_trampoline+160

`

` //堆栈3:decodeString 0

00 pc 000000000002889c partialLoadFromFile (/data/orange-ci/workspace/Core/MMKV_IO.cpp:390 [Inline: memcpy]) [arm64-v8a]

1

01 pc 0000000000028e38 checkLoadData (/data/orange-ci/workspace/Core/MMKV_IO.cpp:293) [arm64-v8a]

2

02 pc 0000000000029e24 getDataForKey (/data/orange-ci/workspace/Core/MMKV_IO.cpp:466) [arm64-v8a]

3

03 pc 000000000001ecc0 getString (/data/orange-ci/workspace/Core/MMKV.cpp:545) [arm64-v8a]

4

04 pc 0000000000019054 decodeString (../../../../src/main/cpp/native-bridge.cpp:472) [arm64-v8a]

`

//tomb.txt(对应堆栈3) Build fingerprint: HUAWEI/LNA-AL00/HWLNA:12/HUAWEILNA-AL00/104.0.0.118C00:user/release-keys Revision: 0 ABI: arm64 time: 2023-11-29 14:34:41 pid: 22461, tid: 24337, name: thread_sp_norma >>> com.xxx.app:MSF <<< signal: 11 (SIGSEGV), code: 1 (SEGV_MAPERR) fault addr: 0x0 si_errno:0, si_errnoMsg:Success, sending pid:0, sending uid:0 r0: 0xb4000074a555a680 r1: 0x00000074b80c8fb0 r2: 0x0000000000000001 r3: 0x0000000000000000 r4: 0x0000000000000000 r5: 0xb4000074481f8957 r6: 0x0000000000000000 r7: 0x0000000000000000 r8: 0xb40000744f3bdaa0 r9: 0xb4000074470815e0 r10: 0x0000000000000000 r11: 0x0000000000000003 r12: 0x0000000000000000 r13: 0x00000000000dd968 r14: 0x0000000000080100 r15: 0x00000000ebad6a89 r16: 0x000000755b7cdf48 r17: 0x000000755b75aedc r18: 0x00000074b4c4e000 r19: 0xb4000074a555a680 r20: 0x0000000000000000 r21: 0xb4000074a5701ce0 r22: 0xb4000074a5701ce0 r23: 0x00000074b80ca000 r24: 0x00000074b80c9160 r25: 0x00000074b80c9360 r26: 0x00000074b80c9374 r27: 0x00000074b80c9360 r28: 0x00000074b80c9250 r29: 0x00000074b80c9030 r30: 0x0000007434eede3c sp: 0x00000074b80c8fe0 pc: 0x0000007434eed89c pstate: 0x0000000060001000

00 pc 000000000002889c /data/app/~~e59sdqQ-X9HLkOm8B7xjCg==/com.xxx.app-Oryk7nRdrG9nJQza7heSYA==/lib/arm64/libmmkv.so [arm64-v8a::b18c4565b236796eefe43cb651009b06]

01 pc 0000000000028e38 /data/app/~~e59sdqQ-X9HLkOm8B7xjCg==/com.xxx.app-Oryk7nRdrG9nJQza7heSYA==/lib/arm64/libmmkv.so [arm64-v8a::b18c4565b236796eefe43cb651009b06]

02 pc 0000000000029e24 /data/app/~~e59sdqQ-X9HLkOm8B7xjCg==/com.xxx.app-Oryk7nRdrG9nJQza7heSYA==/lib/arm64/libmmkv.so [arm64-v8a::b18c4565b236796eefe43cb651009b06]

03 pc 000000000001ecc0 /data/app/~~e59sdqQ-X9HLkOm8B7xjCg==/com.xxx.app-Oryk7nRdrG9nJQza7heSYA==/lib/arm64/libmmkv.so [arm64-v8a::b18c4565b236796eefe43cb651009b06]

04 pc 0000000000019054 /data/app/~~e59sdqQ-X9HLkOm8B7xjCg==/com.xxx.app-Oryk7nRdrG9nJQza7heSYA==/lib/arm64/libmmkv.so [arm64-v8a::b18c4565b236796eefe43cb651009b06]

05 pc 0000000000222244 /apex/com.android.art/lib64/libart.so (art_quick_generic_jni_trampoline+148) [arm64-v8a::5c55b02a7c405b33a3865d31aafbf3f9]

06 pc 0000000000212b80 /apex/com.android.art/lib64/libart.so (nterp_helper+5648) [arm64-v8a::5c55b02a7c405b33a3865d31aafbf3f9]

07 pc 00000000002124c4 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) [arm64-v8a::5c55b02a7c405b33a3865d31aafbf3f9]

08 pc 00000000002124c4 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) [arm64-v8a::5c55b02a7c405b33a3865d31aafbf3f9]

09 pc 00000000002124c4 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) [arm64-v8a::5c55b02a7c405b33a3865d31aafbf3f9]

10 pc 00000000002124c4 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) [arm64-v8a::5c55b02a7c405b33a3865d31aafbf3f9]

11 pc 00000000002132e4 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) [arm64-v8a::5c55b02a7c405b33a3865d31aafbf3f9]

12 pc 000000000040175c /apex/com.android.art/javalib/arm64/boot.oat [arm64-v8a::41586ef256c8b26d2287aaa827b271c9]

堆栈较多,基本都是读取数据时异常,不一一列举

原因分析

根本原因与issue相同:#1190 ,crash发生的地方在:decodeData/containsKey——getDataForKey——checkLoadData——partialLoadFromFile——readActualSize访问文件映射内存地址时,内存地址为0空指针异常。

fzzwork commented 11 months ago

Closed as #1190 has fixed this issue.