Issue
I want to do some work with ndk for security problem.
my ndk code:
jbyte * buff;
jbyte * result;
jint buff_size = 0;
jint result_size = 0;
jbyte * key = (jbyte *)"HashCode";
jint key_size = 9;
jbyte* ramz(jbyte* s ,jint size_s, jbyte* k, jint size_k)
{
return s;
}
jbyte* dramz(jbyte* s ,jint size_s, jbyte* k, jint size_k)
{
return s;
}
JNIEXPORT void JNICALL Java_com_shabaviz_Server_Server_clear(JNIEnv * env, jclass obj) {
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "start of clear\n");
if (buff_size > 0)
{
delete[] buff;
}
buff = new jbyte[0];
buff_size = 0;
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "end of clear\n");
}
JNIEXPORT void JNICALL Java_com_shabaviz_Server_Server_addChar(JNIEnv * env, jclass obj, jbyte c_int) {
jbyte *temp = new jbyte[buff_size+1];
for (int i = 0; i < buff_size; ++i)
{
temp[i] = buff[i];
}
temp[buff_size] = c_int;
jbyte * oldbuf = buff;
buff = temp;
delete[] oldbuf;
++buff_size;
}
JNIEXPORT void JNICALL Java_com_shabaviz_Server_Server_ramz(JNIEnv * env, jclass obj) {
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "start of ramz\n");
if (result_size > 0)
{
delete[] result;
}
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "ramzOOOO\n");
result = ramz(buff, buff_size , key , key_size);
result_size = buff_size;// + 7;
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "end of ramz\n");
}
JNIEXPORT void JNICALL Java_com_shabaviz_Server_Server_dramz(JNIEnv * env, jclass obj) {
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "start of dramz\n");
if (result_size > 0)
{
delete[] result;
}
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "dramzOOOO\n");
result = dramz(buff, buff_size , key , key_size);
result_size = buff_size;// - 7;
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "end of dramz\n");
}
JNIEXPORT jint JNICALL Java_com_shabaviz_Server_Server_sizeOf(JNIEnv * env, jclass obj) {
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "start/end of sizeOf\n");
return result_size;
}
JNIEXPORT jbyte JNICALL Java_com_shabaviz_Server_Server_getChar(JNIEnv * env, jclass obj, jint c_int) {
return result[c_int];
}
my java code structure
com.shabaviz.Server.Server.java
public class Server {
static{
System.loadLibrary("hellondk");
}
public synchronized static String sendPost(String url , String json) throws Exception {
.
.
.
byte [] data = newramz(json.getBytes());
.
.
.
return new String(newdramz(responseFromServer));
}
public native static void ramz();
public native static void dramz();
public native static void clear();
public native static void addChar(byte c);
public native static int sizeOf();
public native static byte getChar(int index);
public synchronized static byte[] newramz(byte[] s)
{
clear();
for (int i = 0; i < s.length; ++i)
{
addChar(s[i]);
}
ramz();
byte[] enc = new byte[sizeOf()];
for (int i = 0; i < enc.length; ++i)
{
enc[i] = getChar(i);
}
return enc;
}
public synchronized static byte[] newdramz(byte[] s)
{
clear();
for (int i = 0; i < s.length; ++i)
{
addChar(s[i]);
}
dramz();
byte[] dec = new byte[sizeOf()];
for (int i = 0; i < dec.length; ++i)
{
dec[i] = getChar(i);
}
return dec;
}
MainActivity.java
public class MainActivity extends Activity{
.
.
.
public class Login extends AsyncTask<URL, Integer, Long> {
.
.
.
protected Long doInBackground(URL... urls) {
response = Server.sendPost(url1 , jsonString1);
.
.
.
response2 = Server.sendPost(url2 , jsonString2);
}
}
.
.
.
}
And my problem:
when i android Application I see force close with below logcat.
08-30 14:46:33.604 15394-15470/com.shabaviz.telegram V/telegramNDK: start of clear
08-30 14:46:33.604 15394-15470/com.shabaviz.telegram V/telegramNDK: end of clear
08-30 14:46:33.604 15394-15470/com.shabaviz.telegram V/telegramNDK: start of ramz
08-30 14:46:33.604 15394-15470/com.shabaviz.telegram V/telegramNDK: ramzOOOO
08-30 14:46:33.604 15394-15470/com.shabaviz.telegram V/telegramNDK: end of ramz
08-30 14:46:33.604 15394-15470/com.shabaviz.telegram V/telegramNDK: start/end of sizeOf
08-30 14:46:33.693 15394-15394/com.shabaviz.telegram D/mehdi: oncreatMainActivity
08-30 14:46:33.751 15394-15470/com.shabaviz.telegram V/telegramNDK: start of clear
08-30 14:46:33.751 15394-15470/com.shabaviz.telegram V/telegramNDK: end of clear
08-30 14:46:33.852 15394-15470/com.shabaviz.telegram V/telegramNDK: start of dramz
08-30 14:46:33.857 15394-15470/com.shabaviz.telegram V/telegramNDK: dramzOOOO
08-30 14:46:33.857 15394-15470/com.shabaviz.telegram V/telegramNDK: end of dramz
08-30 14:46:33.857 15394-15470/com.shabaviz.telegram V/telegramNDK: start/end of sizeOf
08-30 14:46:33.868 15394-15470/com.shabaviz.telegram V/telegramNDK: start of clear
08-30 14:46:33.868 15394-15470/com.shabaviz.telegram V/telegramNDK: end of clear
08-30 14:46:33.869 15394-15470/com.shabaviz.telegram V/telegramNDK: start of ramz
08-30 14:25:31.700 24282-24486/com.shabaviz.telegram A/libc: invalid address or address of corrupt block 0xb9436fa8 passed to dlfree
08-30 14:25:31.701 24282-24486/com.shabaviz.telegram A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0xdeadbaad in tid 24486 (AsyncTask #3)
How can i fix it?
Solution
Consider what will happen when you call ramz/dramz, add some characters, followed by clear, followed by ramz/dramz again:
Upon the first call to ramz/dramz you set result = buff, i.e. result points to the same chunk of memory as buff. And you set result_size to a value greater than zero.
When you call clear, buff_size will be >0 so you'll delete[] buff (which is the same memory that result points to).
Then you call ramz/dramz again, which will attempt to do delete[] result, but that memory has already been freed => OOPS.
As a side note, that addChar method is really inefficient. You're doing a new allocation for every character and copying the old contents to the new buffer, instead of e.g. doubling the size of the buffer when it becomes full. And of course, instead of passing the characters one-by-one in a loop you could pass the entire byte[] at once.
Answered By - Michael
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.