Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memory safety bugs #2209

Open
Gunkkk opened this issue Mar 19, 2024 · 0 comments
Open

memory safety bugs #2209

Gunkkk opened this issue Mar 19, 2024 · 0 comments
Assignees
@kevingpqi123

Comments

@Gunkkk
Copy link

Gunkkk commented Mar 19, 2024
edited

【版本信息】

4.2.88

【平台信息】

Android 原生 | iOS 原生 | Web 浏览器 | 微信小程序 | Linux | Flutter | 其他
Android

【预期的表现】

【实际的情况】

大概率是个UAF
堆栈

backtrace:
      #00 pc 0000000000110850  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::SubtractFromTimeRanges(std::__ndk1::vector<pag::TimeRange, std::__ndk1::allocator<pag::TimeRange> >*, long, long)+488) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604)
      #01 pc 0000000000125080  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::AnimatableProperty<pag::Point>::excludeVaryingRanges(std::__ndk1::vector<pag::TimeRange, std::__ndk1::allocator<pag::TimeRange> >*) const+68) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604)
      #02 pc 0000000000111230  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::Transform2D::excludeVaryingRanges(std::__ndk1::vector<pag::TimeRange, std::__ndk1::allocator<pag::TimeRange> >*) const+100) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604)
      #03 pc 000000000010ceb8  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::Layer::excludeVaryingRanges(std::__ndk1::vector<pag::TimeRange, std::__ndk1::allocator<pag::TimeRange> >*)+28) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604)
      #04 pc 00000000001114b8  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::VectorComposition::updateStaticTimeRanges()+236) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604)
      #05 pc 000000000011ae70  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::Codec::Decode(void const*, unsigned int, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&)+532) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604)
      #06 pc 000000000010a330  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::File::Load(void const*, unsigned long, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&)+788) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604)
      #07 pc 0000000000162958  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (pag::PAGFile::Load(void const*, unsigned long, std::__ndk1::basic_string<char, std::__ndk1::char_traits<char>, std::__ndk1::allocator<char> > const&)+40) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604)
      #08 pc 00000000001fe80c  /data/app/~~RlpocZIo_Gc5ph1VlumzcQ==/com.tencent.weishi-Bys82pYypu1ike2mwLPNmA==/lib/arm64/liblibpag.so (Java_org_libpag_PAGFile_LoadFromAssets+168) (BuildId: d371ad0a05a4de51f8549eca95910f76964a4604

来自memory tagging extension的检测结果

【Demo及附件】
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kevingpqi123 kevingpqi123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevingpqi123 @Gunkkk