Android 为什么消毒液可以';当检测到野生指针时,是否找不到确切的堆栈?
我在Android上使用AddressSanitizer,当它检测到一个野生指针错误时,它报告的堆栈只有一个或两个,没有代码调用逻辑,所以我找不到导致这个野生指针的原因。例如,如下所示,“这里由线程T123释放”只有一个无意义的堆栈Android 为什么消毒液可以';当检测到野生指针时,是否找不到确切的堆栈?,android,llvm-clang,address-sanitizer,Android,Llvm Clang,Address Sanitizer,我在Android上使用AddressSanitizer,当它检测到一个野生指针错误时,它报告的堆栈只有一个或两个,没有代码调用逻辑,所以我找不到导致这个野生指针的原因。例如,如下所示,“这里由线程T123释放”只有一个无意义的堆栈 05-05 16:39:01.958 658 1596 I : 05-05 16:39:01.958 658 1596 I : 05-05 16:39:01.958 658 1596 I : ==
05-05 16:39:01.958 658 1596 I :
05-05 16:39:01.958 658 1596 I :
05-05 16:39:01.958 658 1596 I : ==658==ERROR: AddressSanitizer: heap-use-after-free on address 0xb008fbf0 at pc 0xeb6b2fcc bp 0xb33f9738 sp 0xb33f9308
05-05 16:39:01.958 658 1596 I :
05-05 16:39:01.958 658 1596 I :
05-05 16:39:01.958 658 1596 I : READ of size 65496 at 0xb008fbf0 thread T16
05-05 16:39:01.987 658 1596 I : #0 0xeb6b2fcb (/system/lib/libclang_rt.asan-arm-android.so+0xaefcb)
05-05 16:39:01.987 658 1596 I :
05-05 16:39:01.987 658 1596 I : #1 0xc7e8209f (/vendor/lib/hw/camera.qcom.so+0x3ef09f)
05-05 16:39:01.987 658 1596 I :
05-05 16:39:01.988 658 1596 I : #2 0xc7e716c1 (/vendor/lib/hw/camera.qcom.so+0x3de6c1)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #3 0xc7e6e773 (/vendor/lib/hw/camera.qcom.so+0x3db773)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #4 0xc7e6dceb (/vendor/lib/hw/camera.qcom.so+0x3daceb)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #5 0xc7e6c7c1 (/vendor/lib/hw/camera.qcom.so+0x3d97c1)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #6 0xc81cb8c5 (/vendor/lib/hw/camera.qcom.so+0x7388c5)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #7 0xc8246a2f (/vendor/lib/hw/camera.qcom.so+0x7b3a2f)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #8 0xc8246377 (/vendor/lib/hw/camera.qcom.so+0x7b3377)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #9 0xc804b19f (/vendor/lib/hw/camera.qcom.so+0x5b819f)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #10 0xc80497e3 (/vendor/lib/hw/camera.qcom.so+0x5b67e3)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #11 0xc80495f1 (/vendor/lib/hw/camera.qcom.so+0x5b65f1)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #12 0xec12fe05 (/system/lib/libc.so+0x63e05)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : #13 0xec0ea0a5 (/system/lib/libc.so+0x1e0a5)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I chatty : uid=1047(cameraserver) provider@2.4-se identical 1 line
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.988 658 1596 I : 0xb008fbf0 is located 99312 bytes inside of 378963-byte region [0xb0077800,0xb00d4053)
05-05 16:39:01.988 658 1596 I :
05-05 16:39:01.989 658 1596 I : freed by thread T123 here:
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.989 658 1596 I : #0 0xeb6b3e03 (/system/lib/libclang_rt.asan-arm-android.so+0xafe03)
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.989 658 1596 I : #1 0xc71addab (/vendor/lib/libmegface.so+0xd1dab)
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.989 658 1596 I chatty : uid=1047(cameraserver) provider@2.4-se identical 1 line
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.989 658 1596 I : previously allocated by thread T123 here:
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.989 658 1596 I : #0 0xeb6b414b (/system/lib/libclang_rt.asan-arm-android.so+0xb014b)
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.989 658 1596 I : #1 0xc74b026b (/vendor/lib/libmegface.so+0x3d426b)
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.989 658 1596 I chatty : uid=1047(cameraserver) provider@2.4-se identical 1 line
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.989 658 1596 I : Thread T16 created by T0 here:
05-05 16:39:01.989 658 1596 I :
05-05 16:39:01.990 658 1596 I : #0 0xeb69ba7f (/system/lib/libclang_rt.asan-arm-android.so+0x97a7f)
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I : #1 0xc7f7e8d5 (/vendor/lib/hw/camera.qcom.so+0x4eb8d5)
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I chatty : uid=1047(cameraserver) provider@2.4-se identical 1 line
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I : Thread T123 created by T122 here:
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I : #0 0xeb69ba7f (/system/lib/libclang_rt.asan-arm-android.so+0x97a7f)
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I : #1 0xc71c803d (/vendor/lib/libmegface.so+0xec03d)
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I chatty : uid=1047(cameraserver) provider@2.4-se identical 1 line
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I : Thread T122 created by T43 (HwBinder:658_3) here:
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I : #0 0xeb69ba7f (/system/lib/libclang_rt.asan-arm-android.so+0x97a7f)
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I : #1 0xc7e49bdd (/vendor/lib/hw/camera.qcom.so+0x3b6bdd)
05-05 16:39:01.990 658 1596 I :
05-05 16:39:01.990 658 1596 I chatty : uid=1047(cameraserver) provider@2.4-se identical 1 line
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I : Thread T43 (HwBinder:658_3) created by T41 (HwBinder:658_1) here:
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I : #0 0xeb69ba7f (/system/lib/libclang_rt.asan-arm-android.so+0x97a7f)
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I : #1 0xec00fc0b (/system/lib/vndk-sp-28/libutils.so+0xbc0b)
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I chatty : uid=1047(cameraserver) provider@2.4-se identical 1 line
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I : Thread T41 (HwBinder:658_1) created by T0 here:
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I : #0 0xeb69ba7f (/system/lib/libclang_rt.asan-arm-android.so+0x97a7f)
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I : #1 0xec00fc0b (/system/lib/vndk-sp-28/libutils.so+0xbc0b)
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I chatty : uid=1047(cameraserver) provider@2.4-se identical 1 line
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.991 658 1596 I : SUMMARY: AddressSanitizer: heap-use-after-free (/system/lib/libclang_rt.asan-arm-android.so+0xaefcb)
05-05 16:39:01.991 658 1596 I :
05-05 16:39:01.992 658 1596 I : Shadow bytes around the buggy address:
05-05 16:39:01.992 658 1596 I : 0xe15d1f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : 0xe15d1f30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : 0xe15d1f40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : 0xe15d1f50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : 0xe15d1f60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : =>0xe15d1f70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[00]00
05-05 16:39:01.992 658 1596 I : 0xe15d1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : 0xe15d1f90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : 0xe15d1fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : 0xe15d1fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : 0xe15d1fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
05-05 16:39:01.992 658 1596 I : Shadow byte legend (one shadow byte represents 8 application bytes):
05-05 16:39:01.992 658 1596 I : Addressable: 00
05-05 16:39:01.992 658 1596 I : Partially addressable: 01 02 03 04 05 06 07
05-05 16:39:01.992 658 1596 I : Heap left redzone: fa
05-05 16:39:01.992 658 1596 I : Freed heap region: fd
05-05 16:39:01.992 658 1596 I : Stack left redzone: f1
05-05 16:39:01.992 658 1596 I : Stack mid redzone: f2
05-05 16:39:01.992 658 1596 I : Stack right redzone: f3
05-05 16:39:01.992 658 1596 I : Stack after return: f5
05-05 16:39:01.992 658 1596 I : Stack use after scope: f8
05-05 16:39:01.992 658 1596 I : Global redzone: f9
05-05 16:39:01.992 658 1596 I : Global init order: f6
05-05 16:39:01.992 658 1596 I : Poisoned by user: f7
05-05 16:39:01.992 658 1596 I : Container overflow: fc
05-05 16:39:01.992 658 1596 I : Array cookie: ac
05-05 16:39:01.992 658 1596 I : Intra object redzone: bb
05-05 16:39:01.992 658 1596 I : ASan internal: fe
05-05 16:39:01.992 658 1596 I : Left alloca redzone: ca
05-05 16:39:01.992 658 1596 I : Right alloca redzone: cb
05-05 16:39:01.992 658 1596 I :
05-05 16:39:01.992 658 1596 I : ==658==ABORTING
如何获取更多信息以找到野生指针的确切原因?默认情况下,Asan使用帧指针来展开堆栈,这是快速但不精确的,除非您的代码和所有LIB都是使用
-fn构建的,否则不会忽略帧指针。通过导出ASAN_OPTIONS=malloc_context_size=20,您可以要求它使用普通展开器。默认情况下,ASAN使用帧指针展开堆栈,这是快速但不精确的,除非您的代码和所有库都是使用-fno省略帧指针构建的。您可以通过导出ASAN\u OPTIONS=malloc\u context\u size=20来要求它使用普通退绕机