Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

g_object_new crash #2830

Closed
CCint3 opened this issue Apr 22, 2024 · 2 comments
Closed

g_object_new crash #2830

CCint3 opened this issue Apr 22, 2024 · 2 comments

Comments

@CCint3
Copy link

CCint3 commented Apr 22, 2024

I created an executable mytest using the frida/glib and frida/libsoup libraries.

A crash occurred when I ran mytest on my Android device.

mytest.c

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>

#include <glib.h>
#include <glib-object.h>
#include <libsoup/soup.h>
#include <libsoup/soup-server.h>

#include <android/log.h>

int main() {
    __android_log_print(ANDROID_LOG_INFO, "main", "Hello,mytest!\n");
    printf("Hello,mytest!\n");

    void* soup = g_object_new(SOUP_TYPE_SERVER, NULL);
    __android_log_print(ANDROID_LOG_INFO, "main", "soup: %p\n", soup);
    printf("soup: %p\n", soup);
    return 0;
}

crash log:


04-22 11:48:44.261 shell 22679 22679 I main    : Hello,mytest!
04-22 11:48:44.261 shell 22679 22679 F libc    : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x38 in tid 22679 (mytest-1.0), pid 22679 (mytest-1.0)
04-22 11:48:44.272 shell 22682 22682 I crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstoneProto
04-22 11:48:44.272  1058   763   763 I tombstoned: received crash request for pid 22679
04-22 11:48:44.273 shell 22682 22682 I crash_dump64: performing dump of process 22679 (target tid = 22679)
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : Build fingerprint: 'google/redfin/redfin:12/SQ3A.220705.003.A1/8672226:user/release-keys'
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : Revision: 'MP1.0'
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : ABI: 'arm64'
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : Timestamp: 2024-04-22 11:48:44.273987164+0800
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : Process uptime: 0s
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : Cmdline: ./mytest-1.0
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : pid: 22679, tid: 22679, name: mytest-1.0  >>> ./mytest-1.0 <<<
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : uid: 2000
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x38
04-22 11:48:44.299 shell 22682 22682 F DEBUG   : Cause: null pointer dereference
04-22 11:48:44.299 shell 22682 22682 F DEBUG   :     x0  0000000000000000  x1  00000063b86b26ed  x2  0000007fc88b01bc  x3  0000000000000010
04-22 11:48:44.299 shell 22682 22682 F DEBUG   :     x4  020000796eb2e100  x5  00000063b88a6010  x6  0000000000000000  x7  0000000000000000
04-22 11:48:44.299 shell 22682 22682 F DEBUG   :     x8  0000000000000000  x9  0000000000000000  x10 0000000000000001  x11 0000000000000000
04-22 11:48:44.299 shell 22682 22682 F DEBUG   :     x12 0000ffff00000eff  x13 000000003377eba0  x14 0000000000000401  x15 0000000000000000
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :     x16 00000063b8a0cbf0  x17 0000007b6ebd345c  x18 0000007b72736000  x19 0000000000000000
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :     x20 0000000000000000  x21 00000063b8a10480  x22 0000000000000050  x23 0000000000000000
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :     x24 0000000000000000  x25 0000000000000000  x26 0000000000000000  x27 0000000000000000
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :     x28 0000000000000000  x29 0000007fc88b0150
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :     lr  00000063b8972e50  sp  0000007fc88b0150  pc  00000063b8972eac  pst 0000000060001000
04-22 11:48:44.300 shell 22682 22682 F DEBUG   : backtrace:
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #00 pc 0000000000329eac  /data/local/tmp/mytest-1.0 (g_hash_table_lookup_node+28)
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #01 pc 0000000000329e4c  /data/local/tmp/mytest-1.0 (g_hash_table_lookup+16)
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #02 pc 000000000030bef0  /data/local/tmp/mytest-1.0 (g_type_from_name+48)
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #03 pc 000000000030b32c  /data/local/tmp/mytest-1.0 (g_type_register_static+36)
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #04 pc 000000000030b2f8  /data/local/tmp/mytest-1.0 (g_type_register_static_simple+48)
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #05 pc 000000000025cc54  /data/local/tmp/mytest-1.0 (soup_server_get_type_once+60)
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #06 pc 000000000025cbf4  /data/local/tmp/mytest-1.0 (soup_server_get_type+40)
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #07 pc 000000000025cb80  /data/local/tmp/mytest-1.0 (main+56)
04-22 11:48:44.300 shell 22682 22682 F DEBUG   :       #08 pc 00000000000487dc  /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+96) (BuildId: cd7952cb40d1a2deca6420c2da7910be)
@NSEcho
Copy link
Member

NSEcho commented May 31, 2024

Try calling frida_init in the beginning of main function, that should solve it.

@CCint3
Copy link
Author

CCint3 commented Jun 1, 2024

Try calling frida_init in the beginning of main function, that should solve it.

thanks you. i calling gum_init_embedded, glib_init, gobject_init, gio_init

@CCint3 CCint3 closed this as completed Jun 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CCint3 @NSEcho