Open Gunkkk opened 1 month ago
4.2.88
Android 原生 | iOS 原生 | Web 浏览器 | 微信小程序 | Linux | Flutter | 其他 Android
大概率是个UAF 堆栈
backtrace: #00 pc 0000000000110850 /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::SubtractFromTimeRanges(std::__ndk1::vector<pag::TimeRange, std::__ndk1::allocator<pag::TimeRange> >*, long, long)+488) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604) #01 pc 0000000000125080 /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::AnimatableProperty<pag::Point>::excludeVaryingRanges(std::__ndk1::vector<pag::TimeRange, std::__ndk1::allocator<pag::TimeRange> >*) const+68) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604) #02 pc 0000000000111230 /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::Transform2D::excludeVaryingRanges(std::__ndk1::vector<pag::TimeRange, std::__ndk1::allocator<pag::TimeRange> >*) const+100) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604) #03 pc 000000000010ceb8 /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::Layer::excludeVaryingRanges(std::__ndk1::vector<pag::TimeRange, std::__ndk1::allocator<pag::TimeRange> >*)+28) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604) #04 pc 00000000001114b8 /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::VectorComposition::updateStaticTimeRanges()+236) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604) #05 pc 000000000011ae70 /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::Codec::Decode(void const*, unsigned int, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&)+532) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604) #06 pc 000000000010a330 /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::File::Load(void const*, unsigned long, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&)+788) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604) #07 pc 0000000000162958 /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::PAGFile::Load(void const*, unsigned long, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&)+40) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604) #08 pc 00000000001fe80c /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (Java_org_libpag_PAGFile_LoadFromAssets+168) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604
来自memory tagging extension的检测结果
【版本信息】
4.2.88
【平台信息】
Android 原生 | iOS 原生 | Web 浏览器 | 微信小程序 | Linux | Flutter | 其他 Android
【预期的表现】
【实际的情况】
大概率是个UAF 堆栈
来自memory tagging extension的检测结果
【Demo及附件】