mars icon indicating copy to clipboard operation
mars copied to clipboard
verified publisher icon Tencent

memory safety bug

Open Gunkkk opened this issue 1 year ago • 0 comments

类似于

backtrace:
      #00 pc 00000000000937cc  /apex/com.android.runtime/lib64/bionic/libc.so (__strlen_aarch64_mte+12) (BuildId: b510d7352f00140d4f4f204001570d13)
      #01 pc 0000000000016dbc  /data/app/~~-gpkdhLNyeL_eZFpdqq7TA==/cn.jump.together-JimOCwODq5tIQRhOnomCdw==/lib/arm64/libmarsxlog.so (detail::RunnableFunctor<mars_boost::_bi::bind_t<void, void (*)(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&), mars_boost::_bi::list1<mars_boost::_bi::value<char const*> > > >::run()+68) (BuildId: 4a35c57a5eb3f8827f17255abb55b5c063f1d52a)
      #02 pc 0000000000018220  /data/app/~~-gpkdhLNyeL_eZFpdqq7TA==/cn.jump.together-JimOCwODq5tIQRhOnomCdw==/lib/arm64/libmarsxlog.so (Thread::start_routine_after(void*)+912) (BuildId: 4a35c57a5eb3f8827f17255abb55b5c063f1d52a)


backtrace:
      #00 pc 0000000000020bfc  /data/app/~~ktrxGzBSyOwtHXf4ofFaBA==/com.dui.dui-4Jy8mQ28GH2jO6ng-eZdTw==/lib/arm64/libtuya-outpoint.so (XloggerAppender::__DelTimeoutFile(std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&)+412) (BuildId: da78044b8df56b7689bd05f4b590a9cbd851789c)
      #01 pc 0000000000015610  /data/app/~~ktrxGzBSyOwtHXf4ofFaBA==/com.dui.dui-4Jy8mQ28GH2jO6ng-eZdTw==/lib/arm64/libtuya-outpoint.so (detail::RunnableFunctor<mars_boost::_bi::bind_t<void, mars_boost::_mfi::mf1<void, XloggerAppender, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&>, mars_boost::_bi::list2<mars_boost::_bi::value<XloggerAppender*>, mars_boost::_bi::value<std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > > > > >::run()+68) (BuildId: da78044b8df56b7689bd05f4b590a9cbd851789c)

大概率是个UAF

来自于memory tagging extension检测结果

Gunkkk avatar Mar 19 '24 08:03 Gunkkk