Floating point parameter parsing error on arm64
canyie opened this issue · 2 comments
canyie commented
Floating point parameters are stored in floating point registers (d0-d7), but when we try to fix it (07efc15), a crash occurs after the bridge method returns:
2021-02-05 14:19:12.206 26052-26052/? D/Pine: Hooking static void top.canyie.pine.examples.MainActivity$Seven.seven(long,int,float,double,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,float,double) callback top.canyie.pine.examples.MainActivity$1@ebc4020
2021-02-05 14:19:12.209 26052-26052/? D/Pine: Mapped new memory 0x7d5b857000 (size 4096)
2021-02-05 14:19:12.209 26052-26052/? D/Pine: InstallReplacementTrampoline: origin 0x7d5c951198 origin_entry 0x7cd9d67410 bridge_jump 0x7d5b857000
2021-02-05 14:19:12.209 26052-26052/? I/PineExample: Start invoke
2021-02-05 14:19:12.210 26052-26052/? I/Pine: handleBridge: artMethod=0x7d5c951198 extras=0x7cd21cf380 sp=0x7fed416300
2021-02-05 14:19:12.210 26052-26052/? D/Pine: handleCall for method static void top.canyie.pine.examples.MainActivity$Seven.seven(long,int,float,double,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,float,double)
2021-02-05 14:19:12.210 26052-26052/? I/PineExample: Before: [1145141919810, 735778922, 3.1415, 8119.983, null, java.lang.Object@a713dd9, null, java.lang.Object@a713dd9, null, 233.3, 666.666]
2021-02-05 14:19:12.211 26052-26052/? I/PineExample: Seven: 1145141919810 735778922 3.1415 8119.983 null java.lang.Object@a713dd9 null java.lang.Object@a713dd9 null 233.3 666.666
2021-02-05 14:19:12.211 26052-26052/? I/PineExample: After: null
2021-02-05 14:19:12.299 26091-26091/? E/xcrash_dumper: UTIL: ptrace error, addr:40490e30, errno:5
2021-02-05 14:19:12.299 26091-26091/? E/xcrash_dumper: UTIL: ptrace error, addr:43694ca8, errno:5
2021-02-05 14:19:13.097 26052-26084/? E/PineExample: XCrash triggered: logPath /data/user/0/top.canyie.pine.examples/files/tombstones/tombstone_00001612505952093065_1.0__top.canyie.pine.examples.native.xcrash emergency null
2021-02-05 14:19:13.099 26052-26052/? A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x40bfb7fba5e353f8 in tid 26052 (e.pine.examples), pid 26052 (e.pine.examples)
2021-02-05 14:19:13.135 26112-26112/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
2021-02-05 14:19:13.135 1145-1145/? I//system/bin/tombstoned: received crash request for pid 26052
2021-02-05 14:19:13.137 26112-26112/? I/crash_dump64: performing dump of process 26052 (target tid = 26052)
2021-02-05 14:19:13.141 26112-26112/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-02-05 14:19:13.142 26112-26112/? A/DEBUG: Build fingerprint: 'google/blueline/blueline:10/QQ3A.200605.001/6392402:user/release-keys'
2021-02-05 14:19:13.142 26112-26112/? A/DEBUG: Revision: 'MP1.0'
2021-02-05 14:19:13.142 26112-26112/? A/DEBUG: ABI: 'arm64'
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: Timestamp: 2021-02-05 14:19:13+0800
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: pid: 26052, tid: 26052, name: e.pine.examples >>> top.canyie.pine.examples <<<
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: uid: 10333
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x40bfb7fba5e353f8
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: x0 0000000000000000 x1 0000007d5c951198 x2 0000007cd21cf380 x3 0000007fed416300
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: x4 0000000040490e56 x5 40bfb7fba5e353f8 x6 0000000013344788 x7 0000000000000000
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: x8 9e37d9c003bf6cd8 x9 9e37d9c003bf6cd8 x10 0000000000000007 x11 0000000000000000
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: x12 ffffffffffffffff x13 0000000000000001 x14 0000000000000006 x15 000000000000000d
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: x16 0000000000000000 x17 0000000000000085 x18 0000007d5ff18000 x19 0000000043694ccd
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: x20 4084d553f7ced917 x21 0000007d5ef87c00 x22 0000007fed4165b8 x23 0000007ccdcfd584
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: x24 0000000000000038 x25 0000007d5f276020 x26 0000007d5ef87cb0 x27 0000000000000002
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: x28 00000000701030d0 x29 0000000000000000
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: sp 0000007fed416370 lr 4000000000000000 pc 0000007cd9d5e5cc
2021-02-05 14:19:13.144 26112-26112/? A/DEBUG: backtrace:
2021-02-05 14:19:13.144 26112-26112/? A/DEBUG: #00 pc 00000000001365cc /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+588) (BuildId: f9ff276075287a1d376fcd141f6042aa)
2021-02-05 14:19:13.144 26112-26112/? A/DEBUG: #01 pc 4000000000000000 <unknown>
We notice the fault addr, 0x40bfb7fba5e353f8, convert it to double as 8119.983, which is equal to an argument.
Don't know why, just revert this commit and wait for more information.
canyie commented
It seems that a stack overflow has caused the stack to be written by mistake