Open
Description
使用以下代码测试必现crash
for (int i = 0; i < 10; i++) {
new Thread(new Runnable() {
@Override
public void run() {
for (int j = 0; j < 100; j++) {
Method[] declaredMethods = View.class.getDeclaredMethods();
}
}
}).start();
}
Reflection.unseal(MainActivity.this);
crash堆栈
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0000000000002c82
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: x0 0000000000002a82 x1 00000000708b6c08 x2 000000796884d508 x3 00000079566fef70
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: x4 00000079566fed90 x5 0000007968b5a7c0 x6 00000079566fe700 x7 00000079566fe6f8
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: x8 0000000000002c72 x9 0000000000000000 x10 0000000000000000 x11 b400007a8a6825d0
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: x12 0000000000000420 x13 0000007a0a6ddbb0 x14 0000000000000000 x15 00000079566fef6c
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: x16 0000000000000001 x17 00000079692ce830 x18 0000007953576000 x19 00000079566fef30
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: x20 0000000000000008 x21 00000079566fef48 x22 00000000708b6c08 x23 0000000013400fc8
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: x24 000000796884d508 x25 000000000000003e x26 000000796884d50e x27 000000000000106e
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: x28 00000079566fee90 x29 00000079566fee00
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: lr 000000796970e914 sp 00000079566fec70 pc 0000007969712dac pst 0000000060001000
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: 21 total frames
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: backtrace:
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: #00 pc 0000000000512dac /apex/com.android.art/lib64/libart.so (void art::interpreter::ExecuteSwitchImplCpp<false>(art::interpreter::SwitchImplContext*)+37692) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: #01 pc 00000000003795d8 /apex/com.android.art/lib64/libart.so (ExecuteSwitchImplAsm+8) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: #02 pc 00000000000f84f4 /apex/com.android.art/javalib/core-oj.jar (java.lang.Class.getDeclaredMethods+0)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: #03 pc 000000000037cbfc /apex/com.android.art/lib64/libart.so (art::interpreter::Execute(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame&, art::JValue, bool, bool) (.__uniq.112435418011751916792819755956732575238.llvm.13156664521685854434)+356) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: #04 pc 0000000000490fb8 /apex/com.android.art/lib64/libart.so (bool art::interpreter::DoCall<false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, bool, art::JValue*)+4100) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: #05 pc 0000000000509d7c /apex/com.android.art/lib64/libart.so (void art::interpreter::ExecuteSwitchImplCpp<false>(art::interpreter::SwitchImplContext*)+780) (BuildId: b221ddf9493596dec8a84b0692083bef)
2023-10-19 21:32:56.271 25020-25020/? A/DEBUG: #06 pc 00000000003795d8 /apex/com.android.art/lib64/libart.so (ExecuteSwitchImplAsm+8) (BuildId: b221ddf9493596dec8a84b0692083bef)
**猜测原因 豁免后第二处num_methods 变大导致数组越界 **
Metadata
Assignees
Labels
No labels