search

talsec / Free-RASP-Flutter

Flutter library for improving app security and threat monitoring on Android and iOS mobile devices.
https://github.com/talsec/Free-RASP-Community
MIT License
194 stars 20 forks source link

Runtime crashes java.util.ConcurrentModificationException and java.lang.NullPointerException #140

Closed quangduy-luong closed 1 month ago

quangduy-luong commented 1 month ago

Describe the bug After updating to 6.7.1 from 6.6.0, we have seen a large spike of ANRs already mentioned in https://github.com/talsec/Free-RASP-Flutter/issues/138 . But we also see some crashes in Crashlytics regarding these exceptions:

java.util.ConcurrentModificationException

java.util.HashMap$HashIterator.nextNode (HashMap.java:1441)
java.util.HashMap$EntryIterator.next (HashMap.java:1473)
com.aheaditec.talsec.security.d0.a (SourceFile:2)
com.aheaditec.talsec.security.k2.c (SourceFile:8)
com.aheaditec.talsec.security.a2.c (SourceFile:1)
com.aheaditec.talsec.security.u1$b.b (SourceFile:8)
com.aheaditec.talsec.security.u1$b.a (SourceFile:1)
com.aheaditec.talsec.security.u1.a (SourceFile:2)
com.aheaditec.talsec_security.security.runner.a.b (SourceFile:18)
com.aheaditec.talsec_security.security.runner.a.b (SourceFile:149)
com.aheaditec.talsec_security.security.runner.a.a (SourceFile:44)
com.aheaditec.talsec_security.security.runner.a.a (SourceFile:37)
com.aheaditec.talsec.security.j.a (SourceFile:24)
com.aheaditec.talsec.security.q1.b (SourceFile:42)
com.aheaditec.talsec.security.q1.a (SourceFile:82)
com.aheaditec.talsec_security.security.runner.f.b (SourceFile:8)
java.lang.Thread.run (Thread.java:1012)

java.lang.NullPointerException Attempt to invoke interface method 'void Z2.E.a(org.json.JSONObject)' on a null object reference

com.aheaditec.talsec.security.a2.d (SourceFile:6)
com.aheaditec.talsec.security.a2.c (SourceFile:6)
com.aheaditec.talsec.security.u1$b.b (SourceFile:8)
com.aheaditec.talsec.security.u1$b.a (SourceFile:1)
com.aheaditec.talsec.security.u1.a (SourceFile:2)
com.aheaditec.talsec_security.security.runner.a.b (SourceFile:18)
com.aheaditec.talsec_security.security.runner.a.b (SourceFile:149)
com.aheaditec.talsec_security.security.runner.a.a (SourceFile:53)
com.aheaditec.talsec_security.security.runner.a.a (SourceFile:37)
com.aheaditec.talsec.security.t1.a (SourceFile:13)
com.aheaditec.talsec.security.t1.a (SourceFile:6)
com.aheaditec.talsec_security.security.runner.TalsecMonitoringReceiver.onReceive (SourceFile:11)
android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0 (LoadedApk.java:1911)

To Reproduce This only happens to some production devices, we cannot replicate it locally.

Please complete the following information:

Additional context It seems to be an issue introduced in 6.7.0 or later, but we also upgraded Gradle in the same release. Not sure if there were any expected modifications to proguard or any other configuration (I didn't see any listed) for migrating from 7.x to 8.7 gradle

tompsota commented 1 month ago

Hi @quangduy-luong,

the issue seems indirectly related to #138. We are currently investigating it and keep you updated.

Thanks for your patience, Tomas from Talsec

msikyna commented 1 month ago

Hello, the issue has been solved in the new version: 6.7.2.

Kind regards, Talsec team