canyie/pine

Floating point parameter parsing error on arm64

canyie opened this issue · 2 comments

Floating point parameters are stored in floating point registers (d0-d7), but when we try to fix it (07efc15), a crash occurs after the bridge method returns:

2021-02-05 14:19:12.206 26052-26052/? D/Pine: Hooking static void top.canyie.pine.examples.MainActivity$Seven.seven(long,int,float,double,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,float,double) callback top.canyie.pine.examples.MainActivity$1@ebc4020
2021-02-05 14:19:12.209 26052-26052/? D/Pine: Mapped new memory 0x7d5b857000 (size 4096)
2021-02-05 14:19:12.209 26052-26052/? D/Pine: InstallReplacementTrampoline: origin 0x7d5c951198 origin_entry 0x7cd9d67410 bridge_jump 0x7d5b857000
2021-02-05 14:19:12.209 26052-26052/? I/PineExample: Start invoke
2021-02-05 14:19:12.210 26052-26052/? I/Pine: handleBridge: artMethod=0x7d5c951198 extras=0x7cd21cf380 sp=0x7fed416300
2021-02-05 14:19:12.210 26052-26052/? D/Pine: handleCall for method static void top.canyie.pine.examples.MainActivity$Seven.seven(long,int,float,double,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,java.lang.Object,float,double)
2021-02-05 14:19:12.210 26052-26052/? I/PineExample: Before: [1145141919810, 735778922, 3.1415, 8119.983, null, java.lang.Object@a713dd9, null, java.lang.Object@a713dd9, null, 233.3, 666.666]
2021-02-05 14:19:12.211 26052-26052/? I/PineExample: Seven: 1145141919810 735778922 3.1415 8119.983 null java.lang.Object@a713dd9 null java.lang.Object@a713dd9 null 233.3 666.666
2021-02-05 14:19:12.211 26052-26052/? I/PineExample: After: null
2021-02-05 14:19:12.299 26091-26091/? E/xcrash_dumper: UTIL: ptrace error, addr:40490e30, errno:5
2021-02-05 14:19:12.299 26091-26091/? E/xcrash_dumper: UTIL: ptrace error, addr:43694ca8, errno:5
2021-02-05 14:19:13.097 26052-26084/? E/PineExample: XCrash triggered: logPath /data/user/0/top.canyie.pine.examples/files/tombstones/tombstone_00001612505952093065_1.0__top.canyie.pine.examples.native.xcrash emergency null
2021-02-05 14:19:13.099 26052-26052/? A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x40bfb7fba5e353f8 in tid 26052 (e.pine.examples), pid 26052 (e.pine.examples)
2021-02-05 14:19:13.135 26112-26112/? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
2021-02-05 14:19:13.135 1145-1145/? I//system/bin/tombstoned: received crash request for pid 26052
2021-02-05 14:19:13.137 26112-26112/? I/crash_dump64: performing dump of process 26052 (target tid = 26052)
2021-02-05 14:19:13.141 26112-26112/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-02-05 14:19:13.142 26112-26112/? A/DEBUG: Build fingerprint: 'google/blueline/blueline:10/QQ3A.200605.001/6392402:user/release-keys'
2021-02-05 14:19:13.142 26112-26112/? A/DEBUG: Revision: 'MP1.0'
2021-02-05 14:19:13.142 26112-26112/? A/DEBUG: ABI: 'arm64'
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: Timestamp: 2021-02-05 14:19:13+0800
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: pid: 26052, tid: 26052, name: e.pine.examples  >>> top.canyie.pine.examples <<<
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: uid: 10333
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x40bfb7fba5e353f8
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     x0  0000000000000000  x1  0000007d5c951198  x2  0000007cd21cf380  x3  0000007fed416300
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     x4  0000000040490e56  x5  40bfb7fba5e353f8  x6  0000000013344788  x7  0000000000000000
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     x8  9e37d9c003bf6cd8  x9  9e37d9c003bf6cd8  x10 0000000000000007  x11 0000000000000000
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     x12 ffffffffffffffff  x13 0000000000000001  x14 0000000000000006  x15 000000000000000d
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     x16 0000000000000000  x17 0000000000000085  x18 0000007d5ff18000  x19 0000000043694ccd
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     x20 4084d553f7ced917  x21 0000007d5ef87c00  x22 0000007fed4165b8  x23 0000007ccdcfd584
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     x24 0000000000000038  x25 0000007d5f276020  x26 0000007d5ef87cb0  x27 0000000000000002
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     x28 00000000701030d0  x29 0000000000000000
2021-02-05 14:19:13.143 26112-26112/? A/DEBUG:     sp  0000007fed416370  lr  4000000000000000  pc  0000007cd9d5e5cc
2021-02-05 14:19:13.144 26112-26112/? A/DEBUG: backtrace:
2021-02-05 14:19:13.144 26112-26112/? A/DEBUG:       #00 pc 00000000001365cc  /apex/com.android.runtime/lib64/libart.so (art_quick_invoke_static_stub+588) (BuildId: f9ff276075287a1d376fcd141f6042aa)
2021-02-05 14:19:13.144 26112-26112/? A/DEBUG:       #01 pc 4000000000000000  <unknown>

We notice the fault addr, 0x40bfb7fba5e353f8, convert it to double as 8119.983, which is equal to an argument.
Don't know why, just revert this commit and wait for more information.

It seems that a stack overflow has caused the stack to be written by mistake

Temporarily resolved, close with #10.