This is an issue related to #9 that keeps us from executing Google Keep. Since the code comes from the Android Support library (intermediate layer that allows apps for Android 3+ to run on older devices), we should pay attention to it.
Scenerio is as follows: Class A is external and defines method foo which is called from its constructor. B is internal, extends A and overrides foo. B's instrumented constructor calls super() and then creates rhe corresponding Taint object. The order is given by the fact that the this reference (necessary to cache the Taint object) is "undefined" before the parent's constructor is called. Problem arises when foo is called from inside the parent's constructor (this is not undefined any more) but no Taint object can be found for it in the global cache when the method is entered.
Any ideas? I thought about the bug I found in Dalvik - by casting the this argument at the beginning of the constructor, it loses the "undefined" flag (and could therefore be used to create and cache the Taint object), but then the parent's constructor cannot be called on it any more (fails verification), so that won't work.
This is an issue related to #9 that keeps us from executing Google Keep. Since the code comes from the Android Support library (intermediate layer that allows apps for Android 3+ to run on older devices), we should pay attention to it.
Scenerio is as follows: Class A is external and defines method foo which is called from its constructor. B is internal, extends A and overrides foo. B's instrumented constructor calls
super()and then creates rhe corresponding Taint object. The order is given by the fact that thethisreference (necessary to cache the Taint object) is "undefined" before the parent's constructor is called. Problem arises whenfoois called from inside the parent's constructor (thisis not undefined any more) but no Taint object can be found for it in the global cache when the method is entered.Any ideas? I thought about the bug I found in Dalvik - by casting the
thisargument at the beginning of the constructor, it loses the "undefined" flag (and could therefore be used to create and cache the Taint object), but then the parent's constructor cannot be called on it any more (fails verification), so that won't work.