glasses007 / smali

Automatically exported from code.google.com/p/smali
0 stars 0 forks source link

ArrayIndexOutOfBoundsException - Dexlib2 - Iterating Instructions #221

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What seems to be the problem?

When parsing file (sha256) 
0d039636fb4ebf251770c70698eb663bf9360b81d4b7b5de9b51a0807bf0c211. The crash 
occurs at the start of an iterator loop. On the method 
(Landroid/support/v4/app/z;.performReallyStop()V), using for(Instruction insn: 
method.getImplementation().getInstructions()) - actual code below.

What is the exact smali/baksmali command that you ran?

Crash occurs on the for(Instruction ...) line.

private static List<BasicBlockInstruction> getFlatMethod(Method method) {
        List<BasicBlockInstruction> flatMethod = new ArrayList<BasicBlockInstruction>();
        MethodImplementation impl = method.getImplementation();

        if(impl != null) {
            int address = 0;
            for(Instruction instruction: impl.getInstructions()) {
                BasicBlockInstruction bbinsn = new BasicBlockInstruction(address, instruction);
                //System.out.print("\t" + address + "\t" + instruction.getOpcode() + "\t" + bbinsn.branch);
                address += instruction.getCodeUnits();
                flatMethod.add(bbinsn);
            }
            //tryBlocks = impl.getTryBlocks();
        }

        return flatMethod;
    }

What version of smali/baksmali are you using? What rom are you working
from?

    <dependency>
        <groupId>org.smali</groupId>
        <artifactId>dexlib2</artifactId>
        <version>2.0.3</version>
    </dependency>

What is the airspeed velocity of an unladen swallow?

The air isn't moving too fast when you aren't swallowing.

Please provide any additional information below: error messages, symptoms,
etc.

Full crash:

DEBUG_METHOD: Landroid/support/v4/app/z;.performReallyStop()V
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1997571278
    at org.jf.dexlib2.dexbacked.BaseDexBuffer.readUbyte(BaseDexBuffer.java:76)
    at org.jf.dexlib2.dexbacked.BaseDexReader.peekUbyte(BaseDexReader.java:239)
    at org.jf.dexlib2.dexbacked.instruction.DexBackedInstruction.readFrom(DexBackedInstruction.java:61)
    at org.jf.dexlib2.dexbacked.DexBackedMethodImplementation$1$1.readNextItem(DexBackedMethodImplementation.java:80)
    at org.jf.dexlib2.dexbacked.DexBackedMethodImplementation$1$1.readNextItem(DexBackedMethodImplementation.java:74)
    at org.jf.dexlib2.dexbacked.util.VariableSizeLookaheadIterator.next(VariableSizeLookaheadIterator.java:71)
    at org.talos.CFGScanDroid.ControlFlowGraph.getFlatMethod(ControlFlowGraph.java:126)
    at org.talos.CFGScanDroid.ControlFlowGraph.<init>(ControlFlowGraph.java:139)
    at org.talos.CFGScanDroid.CFGScanDroid.dumpSigs(CFGScanDroid.java:256)
    at org.talos.CFGScanDroid.CFGScanDroid.main(CFGScanDroid.java:91)

Original issue reported on code.google.com by Douglas....@gmail.com on 3 Oct 2014 at 4:31

GoogleCodeExporter commented 9 years ago

Original comment by jesusfreke@jesusfreke.com on 3 Oct 2014 at 4:43

GoogleCodeExporter commented 9 years ago
I've "improved" this, to detect this condition and throw an 
ExceptionWithContext. Still not ideal, but marginally better at least. I want 
to go through and do a big push at some point, to improve reporting error 
conditions - to improve how things like this are handled.

The fix is at 
https://code.google.com/p/smali/source/detail?r=686cf35c8e9d7eedc5af598967191771
9dfe320a

Original comment by jesusfreke@jesusfreke.com on 7 Nov 2014 at 7:14