I've encountered a crash in dalvik in Android 4.3-r2.2 in
dvmInterpFindInterfaceMethod(). If I look at the assembly, I think the
crash occurs when deferencing absMethod, which is provided by
dvmDexGetResolvedMethod(). The process was android.process.acore, which
appears to be the UserDictionaryProvider app. I think frame #03 indicates
we're trying to call an interface method, and looking at the dalvik
instructions for UserDictonaryProvider.apk, it looks like the only
invoke-interface commands were for java.util.List and
android.database.Cursor.
Can anyone provide any details on what sort of situation would cause a
SIGSEGV here? I'd like to understand what happened.
I/DEBUG ( 2760): pid: 4370, tid: 4370, name: d.process.acore >>>
android.process.acore <<<
I/DEBUG ( 2760): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr
0e261645
I/DEBUG ( 2760): r0 0e261645 r1 00002a94 r2 b376a718 r3 b314f4a8
I/DEBUG ( 2760): r4 00000003 r5 b44dacd0 r6 b4ae5e00 r7 00002072
I/DEBUG ( 2760): r8 b66b6dc0 r9 b4c85ea0 sl b3168380 fp be80a9c0
I/DEBUG ( 2760): ip b350fe50 sp be80a848 lr b66b8a6c pc b66c3b6c cpsr
20000010
I/DEBUG ( 2760): d0 4040000000000003 d1 0000006342c618e0
I/DEBUG ( 2760): d2 42746265a9915000 d3 7e37e43c8800759c
I/DEBUG ( 2760): d4 8000000000000000 d5 3f00000004ef6d80
I/DEBUG ( 2760): d6 3fc999999999999a d7 4000000040000000
I/DEBUG ( 2760): d8 0000000000000000 d9 0000000000000000
I/DEBUG ( 2760): d10 0000000000000000 d11 0000000000000000
I/DEBUG ( 2760): d12 0000000000000000 d13 0000000000000000
I/DEBUG ( 2760): d14 0000000000000000 d15 0000000000000000
I/DEBUG ( 2760): scr 80000010
I/DEBUG ( 2760):
I/DEBUG ( 2760): backtrace:
I/DEBUG ( 2760): #00 pc 0002ab6c /system/lib/libdvm.so
(dvmInterpFindInterfaceMethod(ClassObject*, unsigned int, Method const*,
DvmDex*)+40)
I/DEBUG ( 2760): #01 pc 0001fa68 /system/lib/libdvm.so
I/DEBUG ( 2760): #02 pc 0002b5ec /system/lib/libdvm.so
(dvmInterpret(Thread*, Method const*, JValue*)+184)
I/DEBUG ( 2760): #03 pc 0005ff35 /system/lib/libdvm.so
(dvmCallMethodV(Thread*, Method const*, Object*, bool, JValue*,
std::__va_list)+292)
I/DEBUG ( 2760): #04 pc 00049b87 /system/lib/libdvm.so
I/DEBUG ( 2760): #05 pc 0003cc3d /system/lib/libdvm.so
I/DEBUG ( 2760): #06 pc 0004b68f /system/lib/libandroid_runtime.so
I/DEBUG ( 2760): #07 pc 0004c30f /system/lib/libandroid_runtime.so
(android::AndroidRuntime::start(char const*, char const*)+378)
I/DEBUG ( 2760): #08 pc 0000105b /system/bin/app_process
I/DEBUG ( 2760): #09 pc 0000db4f /system/lib/libc.so
(__libc_init+50)
I/DEBUG ( 2760): #10 pc 00000d7c /system/bin/app_process
I/DEBUG ( 2760): memory map around fault addr 0e261645:
I/DEBUG ( 2760): (no map below)
I/DEBUG ( 2760): (no map for address)
I/DEBUG ( 2760): af13c000-af23a000 r-- /dev/binder
(gdb) list *0x2ab6c
0x2ab6c is in dvmInterpFindInterfaceMethod(ClassObject*, unsigned int,
Method const*, DvmDex*) (dalvik/vm/interp/Interp.cpp:1253).
1248 * The verifier does not guarantee that objects stored into
1249 * interface references actually implement the interface, so
this
1250 * check cannot be eliminated.
1251 */
1252 for (i = 0; i < thisClass->iftableCount; i++) {
1253 if (thisClass->iftable[i].clazz == absMethod->clazz)
1254 break;
1255 }
1256 if (i == thisClass->iftableCount) {
1257 /* impossible in verified DEX, need to check for it in
unverified */
--
--
unsubscribe: [email protected]
website: http://groups.google.com/group/android-porting
---
You received this message because you are subscribed to the Google Groups
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
