Oh boy... You might remember me saying that there's still a runtime exception coming from the instrumentation when running Kakao. I've now had a closer look at it and it's a rather nasty problem.
The problematic code does something like this:
ArrayList<Foo> list = getListOfStuff();
Foo[] array = new Foo[list.size()];
list.toArray(array);
array[0].bar();
So what happens is that the instrumentation creates a new TaintArrayReference instance for array, which is initialized with taint objects for the elements of array, i.e. TaintImmutable objects for all the NULLs. Before toArray is called (external method), taint is propagated into the arguments, but the array won't accept any and, more importantly, won't convert the taint objects of the elements to the correct type. When bar is called (internal method), this is used with a TaintImmutable object even though it should be a TaintInternal object, and that throws an exception....
Oh boy... You might remember me saying that there's still a runtime exception coming from the instrumentation when running Kakao. I've now had a closer look at it and it's a rather nasty problem.
The problematic code does something like this:
So what happens is that the instrumentation creates a new
TaintArrayReferenceinstance forarray, which is initialized with taint objects for the elements ofarray, i.e.TaintImmutableobjects for all the NULLs. BeforetoArrayis called (external method), taint is propagated into the arguments, but the array won't accept any and, more importantly, won't convert the taint objects of the elements to the correct type. Whenbaris called (internal method),thisis used with aTaintImmutableobject even though it should be aTaintInternalobject, and that throws an exception....