search

soot-oss / soot

Soot - A Java optimization framework
GNU Lesser General Public License v2.1
2.87k stars 708 forks source link

Fixed when soot.jimple.StaticFieldRef.getField() is null #2032

Closed kitty-1998 closed 1 month ago

kitty-1998 commented 10 months ago

When soot.jimple.StaticFieldRef.getField() is null, trying to getType by soot.jimple.StaticFieldRef.getField().getType().

apk file: WildBlackJack_v1.3_13_1234567892.zip

gradle:

     implementation 'org.soot-oss:soot:4.4.1'
     implementation 'de.upb.cs.swt:heros:1.1.0'
     implementation 'org.slf4j:slf4j-simple:2.0.7'
     implementation 'org.slf4j:slf4j-api:2.0.7'

java code:

         G.reset();
         Options.v().set_prepend_classpath(true);
         Options.v().set_allow_phantom_refs(true);
         Options.v().set_output_format(Options.output_format_jimple);
         Options.v().set_process_dir(Collections.singletonList("WildBlackJack_v1.3_13_1234567892.apk"));
         Options.v().set_whole_program(true);
         Options.v().set_src_prec(Options.src_prec_apk);
         Options.v().set_app(true);
         Options.v().set_process_multiple_dex(true);
         Options.v().set_android_jars("F:\\android-platforms-master\\platforms");

         Options.v().setPhaseOption("cg", "enabled:true");
         Options.v().setPhaseOption("cg.spark", "enabled:true");

         Scene.v().loadNecessaryClasses();

         List<SootMethod> entryPoints = new ArrayList<>();

         for (SootClass sc : Scene.v().getApplicationClasses()) {
             entryPoints.addAll(sc.getMethods());
         }
         Scene.v().setEntryPoints(entryPoints);

         PackManager.v().runPacks();

debug information:

 Exception in thread "main" java.lang.RuntimeException: An error occurred while processing com.google.android.gms.tagmanager.cr$d: com.google.android.gms.tagmanager.cr$d a(com.google.android.gms.tagmanager.cr$a)> in callgraph
    at soot.jimple.spark.solver.OnFlyCallGraph.processReachables(OnFlyCallGraph.java:122)
    at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:106)
    at soot.jimple.spark.builder.ContextInsensitiveBuilder.build(ContextInsensitiveBuilder.java:94)
    at soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:101)
    at soot.SceneTransformer.transform(SceneTransformer.java:36)
    at soot.Transform.apply(Transform.java:105)
    at soot.RadioScenePack.internalApply(RadioScenePack.java:64)
    at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:61)
    at soot.Pack.apply(Pack.java:118)
    at soot.PackManager.runWholeProgramPacks(PackManager.java:619)
    at soot.PackManager.runPacksNormally(PackManager.java:500)
    at soot.PackManager.runPacks(PackManager.java:425)
    at org.example.Main.main(Main.java:36)
 Caused by: java.lang.NullPointerException: Cannot invoke "soot.SootField.getType()" because the return value of "soot.jimple.StaticFieldRef.getField()" is null
    at soot.jimple.spark.builder.MethodNodeFactory.caseStaticFieldRef(MethodNodeFactory.java:401)
    at soot.jimple.StaticFieldRef.apply(StaticFieldRef.java:83)
    at soot.jimple.spark.builder.MethodNodeFactory$1.caseAssignStmt(MethodNodeFactory.java:162)
    at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:217)
    at soot.jimple.spark.builder.MethodNodeFactory.handleStmt(MethodNodeFactory.java:150)
    at soot.jimple.spark.pag.MethodPAG.buildNormal(MethodPAG.java:224)
    at soot.jimple.spark.pag.MethodPAG.build(MethodPAG.java:186)
    at soot.jimple.spark.solver.OnFlyCallGraph.processReachables(OnFlyCallGraph.java:116)
    ... 12 more

In soot.jimple.spark.builder.MethodNodeFactory.caseStaticFieldRef, I added an if statement, if getField() is null then trying to getFieldRef().