vaginessa / smali

Automatically exported from code.google.com/p/smali
0 stars 0 forks source link

smali can create dex files with two encoded_methods sharing the same method_idx #119

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What seems to be the problem?

When a smali file contains two methods with the same name and signature but 
different access flags, it creates a single method_id for them, but includes 
both in the encoded_methods. However, the second one is logically unreachable 
dead code.

This may also be an issue for duplicate fields, but I did not test this.

What is the exact smali/baksmali command that you ran?

java -jar smali-1.3.2.jar A.smali (A.smali included below)

What version of smali/baksmali are you using? 

smali 1.3.2

What is the airspeed velocity of an unladen swallow?

What do you mean? An African or European swallow?

Please provide any additional information below: error messages, symptoms,
etc.

From here on down is the A.smali input. I'll add baksmali output in another 
comment (I would attach but "Issue attachment storage quota exceeded.") 

.class LA;
.super Ljava/lang/Object;
.source "A.java"

# direct methods
.method constructor <init>()V
    .registers 1

    .prologue
    .line 1
    invoke-direct {p0}, Ljava/lang/Object;-><init>()V

    return-void
.end method

# virtual methods
.method protected a()V
    .registers 1

    .prologue
    .line 2
    return-void
.end method

.method public a()V
    .registers 1

    .prologue
    .line 3
    return-void
.end method

Original issue reported on code.google.com by b...@google.com on 11 May 2012 at 11:27

GoogleCodeExporter commented 9 years ago
Here is the baksmali -D output for the dex file created from A.smali

                           |-----------------------------
                           |header item
                           |-----------------------------
                           |
                           |[0] header_item
000000: 6465 780a 3033 3500|  magic: dex\n035\u0000
000008: 0000 0000          |  checksum
00000c: 0000 0000 0000 0000|  signature
000014: 0000 0000 0000 0000|
00001c: 0000 0000          |
000020: f001 0000          |  file_size: 0x1f0 (496 bytes)
000024: 7000 0000          |  header_size: 0x70
000028: 7856 3412          |  endian_tag: 0x12345678
00002c: 0000 0000          |  link_size: 0
000030: 0000 0000          |  link_off: 0
000034: 6801 0000          |  map_off: 0x168
000038: 0600 0000          |  string_ids_size: 6
00003c: 7000 0000          |  string_ids_off: 0x70
000040: 0300 0000          |  type_ids_size: 3
000044: 8800 0000          |  type_ids_off: 0x88
000048: 0100 0000          |  proto_ids_size: 1
00004c: 9400 0000          |  proto_ids_off: 0x94
000050: 0000 0000          |  field_ids_size: 0
000054: 0000 0000          |  field_ids_off: 0x0
000058: 0300 0000          |  method_ids_size: 3
00005c: a000 0000          |  method_ids_off: 0xa0
000060: 0100 0000          |  class_defs_size: 1
000064: b800 0000          |  class_defs_off: 0xb8
000068: 1801 0000          |  data_size: 0x118 (280 bytes)
00006c: d800 0000          |  data_off: 0xd8
                           |
                           |
                           |-----------------------------
                           |string_id_item section
                           |-----------------------------
                           |
                           |[0] string_id_item
000070: 3a01 0000          |  string_data_item: "<init>"
                           |
                           |[1] string_id_item
000074: 2f01 0000          |  string_data_item: "A.java"
                           |
                           |[2] string_id_item
000078: 1601 0000          |  string_data_item: "LA;"
                           |
                           |[3] string_id_item
00007c: 1b01 0000          |  string_data_item: "Ljava/lang/Object;"
                           |
                           |[4] string_id_item
000080: 3701 0000          |  string_data_item: "V"
                           |
                           |[5] string_id_item
000084: 4201 0000          |  string_data_item: "a"
                           |
                           |
                           |-----------------------------
                           |type_id_item section
                           |-----------------------------
                           |
                           |[0] type_id_item
000088: 0200 0000          |  string_id_item: LA;
                           |

                           |-----------------------------
                           |header item
                           |-----------------------------
                           |
                           |[0] header_item
000000: 6465 780a 3033 3500|  magic: dex\n035\u0000
000008: 0000 0000          |  checksum
00000c: 0000 0000 0000 0000|  signature
000014: 0000 0000 0000 0000|
00001c: 0000 0000          |
000020: f001 0000          |  file_size: 0x1f0 (496 bytes)
000024: 7000 0000          |  header_size: 0x70
000028: 7856 3412          |  endian_tag: 0x12345678
00002c: 0000 0000          |  link_size: 0
000030: 0000 0000          |  link_off: 0
000034: 6801 0000          |  map_off: 0x168
000038: 0600 0000          |  string_ids_size: 6
00003c: 7000 0000          |  string_ids_off: 0x70
000040: 0300 0000          |  type_ids_size: 3
000044: 8800 0000          |  type_ids_off: 0x88
000048: 0100 0000          |  proto_ids_size: 1
00004c: 9400 0000          |  proto_ids_off: 0x94
000050: 0000 0000          |  field_ids_size: 0
000054: 0000 0000          |  field_ids_off: 0x0
000058: 0300 0000          |  method_ids_size: 3
00005c: a000 0000          |  method_ids_off: 0xa0
000060: 0100 0000          |  class_defs_size: 1
000064: b800 0000          |  class_defs_off: 0xb8
000068: 1801 0000          |  data_size: 0x118 (280 bytes)
00006c: d800 0000          |  data_off: 0xd8
                           |
                           |
                           |-----------------------------
                           |string_id_item section
                           |-----------------------------
                           |
                           |[0] string_id_item
000070: 3a01 0000          |  string_data_item: "<init>"
                           |
                           |[1] string_id_item
000074: 2f01 0000          |  string_data_item: "A.java"
                           |
                           |[2] string_id_item
000078: 1601 0000          |  string_data_item: "LA;"
                           |
                           |[3] string_id_item
00007c: 1b01 0000          |  string_data_item: "Ljava/lang/Object;"
                           |
                           |[4] string_id_item
000080: 3701 0000          |  string_data_item: "V"
                           |
                           |[5] string_id_item
000084: 4201 0000          |  string_data_item: "a"
                           |
                           |
                           |-----------------------------
                           |type_id_item section
                           |-----------------------------
                           |
                           |[0] type_id_item
000088: 0200 0000          |  string_id_item: LA;
                           |

                           |[1] type_id_item
00008c: 0300 0000          |  string_id_item: Ljava/lang/Object;
                           |
                           |[2] type_id_item
000090: 0400 0000          |  string_id_item: V
                           |
                           |
                           |-----------------------------
                           |proto_id_item section
                           |-----------------------------
                           |
                           |[0] proto_id_item
000094: 0400 0000          |  shorty_descriptor: V
000098: 0200 0000          |  return_type: V
00009c: 0000 0000          |  parameters:
                           |
                           |
                           |-----------------------------
                           |method_id_item section
                           |-----------------------------
                           |
                           |[0] method_id_item
0000a0: 0000               |  class_type: LA;
0000a2: 0000               |  method_prototype: ()V
0000a4: 0000 0000          |  method_name: <init>
                           |
                           |[1] method_id_item
0000a8: 0000               |  class_type: LA;
0000aa: 0000               |  method_prototype: ()V
0000ac: 0500 0000          |  method_name: a
                           |
                           |[2] method_id_item
0000b0: 0100               |  class_type: Ljava/lang/Object;
0000b2: 0000               |  method_prototype: ()V
0000b4: 0000 0000          |  method_name: <init>
                           |
                           |
                           |-----------------------------
                           |class_def_item section
                           |-----------------------------
                           |
                           |[0] class_def_item
0000b8: 0000 0000          |  class_type: LA;
0000bc: 0000 0000          |  access_flags:
0000c0: 0100 0000          |  superclass_type: Ljava/lang/Object;
0000c4: 0000 0000          |  interfaces:
0000c8: 0100 0000          |  source_file: A.java
0000cc: 0000 0000          |  annotations_off:
0000d0: 4501 0000          |  class_data_off:0x145
0000d4: 0000 0000          |  static_values_off:
                           |
                           |
                           |-----------------------------
                           |code_item section
                           |-----------------------------
                           |
                           |[0] code_item
                           |  LA;-><init>()V
0000d8: 0100               |  registers_size: 0x1 (1)
0000da: 0100               |  ins_size: 0x1 (1)

0000dc: 0100               |  outs_size: 0x1 (1)
0000de: 0000               |  tries_size: 0x0 (0)
0000e0: 5701 0000          |  debug_info_off: 0x157
0000e4: 0400 0000          |  insns_size: 0x4 (4)
0000e8: 7010 0200 0000     |  [0x0] invoke-direct instruction
0000ee: 0e00               |  [0x3] return-void instruction
                           |
                           |[1] code_item
                           |  LA;->a()V
0000f0: 0100               |  registers_size: 0x1 (1)
0000f2: 0100               |  ins_size: 0x1 (1)
0000f4: 0000               |  outs_size: 0x0 (0)
0000f6: 0000               |  tries_size: 0x0 (0)
0000f8: 5c01 0000          |  debug_info_off: 0x15c
0000fc: 0100 0000          |  insns_size: 0x1 (1)
000100: 0e00               |  [0x0] return-void instruction
                           |
000102: 0000               |
                           |[2] code_item
                           |  LA;->a()V
000104: 0100               |  registers_size: 0x1 (1)
000106: 0100               |  ins_size: 0x1 (1)
000108: 0000               |  outs_size: 0x0 (0)
00010a: 0000               |  tries_size: 0x0 (0)
00010c: 6101 0000          |  debug_info_off: 0x161
000110: 0100 0000          |  insns_size: 0x1 (1)
000114: 0e00               |  [0x0] return-void instruction
                           |
                           |
                           |-----------------------------
                           |string_data_item section
                           |-----------------------------
                           |
                           |[0] string_data_item
000116: 03                 |  string_size: 0x3 (3)
000117: 4c41 3b00          |  string_data: "LA;"
                           |
                           |[1] string_data_item
00011b: 12                 |  string_size: 0x12 (18)
00011c: 4c6a 6176 612f 6c61|  string_data: "Ljava/lang/Object;"
000124: 6e67 2f4f 626a 6563|
00012c: 743b 00            |
                           |
                           |[2] string_data_item
00012f: 06                 |  string_size: 0x6 (6)
000130: 412e 6a61 7661 00  |  string_data: "A.java"
                           |
                           |[3] string_data_item
000137: 01                 |  string_size: 0x1 (1)
000138: 5600               |  string_data: "V"
                           |
                           |[4] string_data_item
00013a: 06                 |  string_size: 0x6 (6)
00013b: 3c69 6e69 743e 00  |  string_data: "<init>"
                           |
                           |[5] string_data_item
000142: 01                 |  string_size: 0x1 (1)
000143: 6100               |  string_data: "a"
                           |
                           |

                           |-----------------------------
                           |class_data_item section
                           |-----------------------------
                           |
                           |[0] class_data_item
000145: 00                 |  static_fields_size: 0x0 (0)
000146: 00                 |  instance_fields_size: 0x0 (0)
000147: 01                 |  direct_methods_size: 0x1 (1)
000148: 02                 |  virtual_methods_size: 0x2 (2)
                           |  [0] direct_method
000149: 00                 |    method: LA;-><init>()V
00014a: 8080 04            |    access_flags: constructor
00014d: d801               |    code_off: 0xd8
                           |  [0] virtual_method
00014f: 01                 |    method: LA;->a()V
000150: 04                 |    access_flags: protected
000151: f001               |    code_off: 0xf0
                           |  [1] virtual_method
000153: 00                 |    method: LA;->a()V
000154: 01                 |    access_flags: public
000155: 8402               |    code_off: 0x104
                           |
                           |
                           |-----------------------------
                           |debug_info_item section
                           |-----------------------------
                           |
                           |[0] debug_info_item
                           |  LA;-><init>()V
000157: 01                 |  line_start: 0x1 (1)
000158: 00                 |  parameters_size: 0x0 (0)
000159: 07                 |  DBG_SET_PROLOGUE_END
00015a: 0e                 |  DBG_SPECIAL_OPCODE: 
line_diff=0x0(0),addressDiff=0x0(0)
00015b: 00                 |  DBG_END_SEQUENCE
                           |
                           |[1] debug_info_item
                           |  LA;->a()V
00015c: 02                 |  line_start: 0x2 (2)
00015d: 00                 |  parameters_size: 0x0 (0)
00015e: 07                 |  DBG_SET_PROLOGUE_END
00015f: 0e                 |  DBG_SPECIAL_OPCODE: 
line_diff=0x0(0),addressDiff=0x0(0)
000160: 00                 |  DBG_END_SEQUENCE
                           |
                           |[2] debug_info_item
                           |  LA;->a()V
000161: 03                 |  line_start: 0x3 (3)
000162: 00                 |  parameters_size: 0x0 (0)
000163: 07                 |  DBG_SET_PROLOGUE_END
000164: 0e                 |  DBG_SPECIAL_OPCODE: 
line_diff=0x0(0),addressDiff=0x0(0)
000165: 00                 |  DBG_END_SEQUENCE
                           |
000166: 0000               |
                           |
                           |-----------------------------
                           |map item
                           |-----------------------------
                           |
                           |[0] map_list
000168: 0b00 0000          |  map_size: 0xb (11)
                           |  [0]
00016c: 0000               |    item_type: TYPE_HEADER_ITEM
00016e: 0000               |    unused

000170: 0100 0000          |    section_size: 0x1 (1)
000174: 0000 0000          |    section_off: 0x0
                           |  [1]
000178: 0100               |    item_type: TYPE_STRING_ID_ITEM
00017a: 0000               |    unused
00017c: 0600 0000          |    section_size: 0x6 (6)
000180: 7000 0000          |    section_off: 0x70
                           |  [2]
000184: 0200               |    item_type: TYPE_TYPE_ID_ITEM
000186: 0000               |    unused
000188: 0300 0000          |    section_size: 0x3 (3)
00018c: 8800 0000          |    section_off: 0x88
                           |  [3]
000190: 0300               |    item_type: TYPE_PROTO_ID_ITEM
000192: 0000               |    unused
000194: 0100 0000          |    section_size: 0x1 (1)
000198: 9400 0000          |    section_off: 0x94
                           |  [4]
00019c: 0500               |    item_type: TYPE_METHOD_ID_ITEM
00019e: 0000               |    unused
0001a0: 0300 0000          |    section_size: 0x3 (3)
0001a4: a000 0000          |    section_off: 0xa0
                           |  [5]
0001a8: 0600               |    item_type: TYPE_CLASS_DEF_ITEM
0001aa: 0000               |    unused
0001ac: 0100 0000          |    section_size: 0x1 (1)
0001b0: b800 0000          |    section_off: 0xb8
                           |  [6]
0001b4: 0120               |    item_type: TYPE_CODE_ITEM
0001b6: 0000               |    unused
0001b8: 0300 0000          |    section_size: 0x3 (3)
0001bc: d800 0000          |    section_off: 0xd8
                           |  [7]
0001c0: 0220               |    item_type: TYPE_STRING_DATA_ITEM
0001c2: 0000               |    unused
0001c4: 0600 0000          |    section_size: 0x6 (6)
0001c8: 1601 0000          |    section_off: 0x116
                           |  [8]
0001cc: 0020               |    item_type: TYPE_CLASS_DATA_ITEM
0001ce: 0000               |    unused
0001d0: 0100 0000          |    section_size: 0x1 (1)
0001d4: 4501 0000          |    section_off: 0x145
                           |  [9]
0001d8: 0320               |    item_type: TYPE_DEBUG_INFO_ITEM
0001da: 0000               |    unused
0001dc: 0300 0000          |    section_size: 0x3 (3)
0001e0: 5701 0000          |    section_off: 0x157
                           |  [10]
0001e4: 0010               |    item_type: TYPE_MAP_LIST
0001e6: 0000               |    unused
0001e8: 0100 0000          |    section_size: 0x1 (1)
0001ec: 6801 0000          |    section_off: 0x168

Original comment by b...@google.com on 11 May 2012 at 11:29

GoogleCodeExporter commented 9 years ago

The below excerpt highlights the problem in the
encoded_methods. Note the 00 method_idx_delta at 000153.

                           |  [0] virtual_method
00014f: 01                 |    method: LA;->a()V                               

000150: 04                 |    access_flags: protected
000151: f001               |    code_off: 0xf0
                           |  [1] virtual_method
000153: 00                 |    method: LA;->a()V                               

000154: 01                 |    access_flags: public
000155: 8402               |    code_off: 0x104

Original comment by b...@google.com on 11 May 2012 at 11:31

GoogleCodeExporter commented 9 years ago
I just noticed that the duplicate methods don't even need to have different 
access flags

Original comment by jesusfreke@jesusfreke.com on 13 May 2012 at 7:41

GoogleCodeExporter commented 9 years ago
This is fixed in 1.3.3

If baksmali encounters a dex file that has duplicate methods or fields, it will 
comment out the ones that dalvik doesn't use. 

smali will ignore any duplicate methods/fields with a warning, when it is safe 
to do so. If there is a duplicate non-static direct and virtual method, it is 
not safe to ignore one of them, so it errors out.

Original comment by jesusfreke@jesusfreke.com on 21 Jun 2012 at 5:39