soot icon indicating copy to clipboard operation
soot copied to clipboard
verified publisher icon soot-oss

Fixed when soot.jimple.StaticFieldRef.getField() is null

Open kitty-1998 opened this issue 2 years ago • 0 comments

When soot.jimple.StaticFieldRef.getField() is null, trying to getType by soot.jimple.StaticFieldRef.getField().getType().

apk file: WildBlackJack_v1.3_13_1234567892.zip

gradle:

    implementation 'org.soot-oss:soot:4.4.1'
    implementation 'de.upb.cs.swt:heros:1.1.0'
    implementation 'org.slf4j:slf4j-simple:2.0.7'
    implementation 'org.slf4j:slf4j-api:2.0.7'

java code:

        G.reset();
        Options.v().set_prepend_classpath(true);
        Options.v().set_allow_phantom_refs(true);
        Options.v().set_output_format(Options.output_format_jimple);
        Options.v().set_process_dir(Collections.singletonList("WildBlackJack_v1.3_13_1234567892.apk"));
        Options.v().set_whole_program(true);
        Options.v().set_src_prec(Options.src_prec_apk);
        Options.v().set_app(true);
        Options.v().set_process_multiple_dex(true);
        Options.v().set_android_jars("F:\\android-platforms-master\\platforms");

        Options.v().setPhaseOption("cg", "enabled:true");
        Options.v().setPhaseOption("cg.spark", "enabled:true");

        Scene.v().loadNecessaryClasses();

        List<SootMethod> entryPoints = new ArrayList<>();

        for (SootClass sc : Scene.v().getApplicationClasses()) {
            entryPoints.addAll(sc.getMethods());
        }
        Scene.v().setEntryPoints(entryPoints);

        PackManager.v().runPacks();

debug information:

Exception in thread "main" java.lang.RuntimeException: An error occurred while processing com.google.android.gms.tagmanager.cr$d: com.google.android.gms.tagmanager.cr$d a(com.google.android.gms.tagmanager.cr$a)> in callgraph
	at soot.jimple.spark.solver.OnFlyCallGraph.processReachables(OnFlyCallGraph.java:122)
	at soot.jimple.spark.solver.OnFlyCallGraph.build(OnFlyCallGraph.java:106)
	at soot.jimple.spark.builder.ContextInsensitiveBuilder.build(ContextInsensitiveBuilder.java:94)
	at soot.jimple.spark.SparkTransformer.internalTransform(SparkTransformer.java:101)
	at soot.SceneTransformer.transform(SceneTransformer.java:36)
	at soot.Transform.apply(Transform.java:105)
	at soot.RadioScenePack.internalApply(RadioScenePack.java:64)
	at soot.jimple.toolkits.callgraph.CallGraphPack.internalApply(CallGraphPack.java:61)
	at soot.Pack.apply(Pack.java:118)
	at soot.PackManager.runWholeProgramPacks(PackManager.java:619)
	at soot.PackManager.runPacksNormally(PackManager.java:500)
	at soot.PackManager.runPacks(PackManager.java:425)
	at org.example.Main.main(Main.java:36)
Caused by: java.lang.NullPointerException: Cannot invoke "soot.SootField.getType()" because the return value of "soot.jimple.StaticFieldRef.getField()" is null
	at soot.jimple.spark.builder.MethodNodeFactory.caseStaticFieldRef(MethodNodeFactory.java:401)
	at soot.jimple.StaticFieldRef.apply(StaticFieldRef.java:83)
	at soot.jimple.spark.builder.MethodNodeFactory$1.caseAssignStmt(MethodNodeFactory.java:162)
	at soot.jimple.internal.JAssignStmt.apply(JAssignStmt.java:217)
	at soot.jimple.spark.builder.MethodNodeFactory.handleStmt(MethodNodeFactory.java:150)
	at soot.jimple.spark.pag.MethodPAG.buildNormal(MethodPAG.java:224)
	at soot.jimple.spark.pag.MethodPAG.build(MethodPAG.java:186)
	at soot.jimple.spark.solver.OnFlyCallGraph.processReachables(OnFlyCallGraph.java:116)
	... 12 more

In soot.jimple.spark.builder.MethodNodeFactory.caseStaticFieldRef, I added an if statement, if getField() is null then trying to getFieldRef().

kitty-1998 avatar Dec 21 '23 07:12 kitty-1998