[android-security-discuss] NDK EXE with PIE when for both Android < 4.1 and Android >= 4.1?

Jeffrey Walton Sun, 23 Jun 2013 15:46:51 -0700

Hi All,

What is the expected behavior when running an executable built with
the NDK and compiled with Position Independent Code (PIE) on a device
running Android < 4.1?


I've experienced a crash on 3 different test devices from
/system/bin/linker. Below is from Android 4.0.3 (ASUS TF-101A). Its
nearly identical to the crash on my other 4.0.3 device (HTC EVO 4G).

Is there a way to build a single executable with PIE for both Android
4.0.3 (and below) and Android 4.1 (and above)?

Jeff

130|shell@android:/data/local/tmp $ ./fips_hmac.exe -v *
[1] + Stopped (signal)     ./fips_hmac.exe -v *
shell@android:/data/local/tmp $
[1] + Segmentation fault   ./fips_hmac.exe -v *
shell@android:/data/local/tmp $ logcat
...
F/libc    ( 4520): Fatal signal 11 (SIGSEGV) at 0x0010d9d8 (code=1)
I/DEBUG   (   87): *** *** *** *** *** *** *** *** *** *** *** *** ***
*** *** ***
I/DEBUG   (   87): Build fingerprint:
'asus/US_epad/TF101:4.0.3/IML74K/US_epad-9.2.1.24-20120503:user/release-keys'
I/DEBUG   (   87): pid: 4520, tid: 4520  >>> ./fips_hmac.exe <<<
I/DEBUG   (   87): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault
addr 0010d9d8
I/DEBUG   (   87):  r0 70000001  r1 b00094fc  r2 00000000  r3 0010d9d8
I/DEBUG   (   87):  r4 b0009f60  r5 ffffffff  r6 0010d9d8  r7 beef2b78
I/DEBUG   (   87):  r8 b0009910  r9 00000000  10 00000000  fp b0006f1f
I/DEBUG   (   87):  ip 0010000b  sp beef2b38  lr 000ffbec  pc b00043c8
 cpsr 00000030
I/DEBUG   (   87):  d0  0000000000000000  d1  0000000000000000
I/DEBUG   (   87):  d2  0000000000000000  d3  0000000000000000
I/DEBUG   (   87):  d4  0000000000000000  d5  0000000000000000
I/DEBUG   (   87):  d6  0000000000000000  d7  0000000000000000
I/DEBUG   (   87):  d8  0000000000000000  d9  0000000000000000
I/DEBUG   (   87):  d10 0000000000000000  d11 0000000000000000
I/DEBUG   (   87):  d12 0000000000000000  d13 0000000000000000
I/DEBUG   (   87):  d14 0000000000000000  d15 0000000000000000
I/DEBUG   (   87):  scr 00000000
I/DEBUG   (   87):
I/DEBUG   (   87):          #00  pc b00043c8  /system/bin/linker
I/DEBUG   (   87):          #01  lr 000ffbec  <unknown>
I/DEBUG   (   87):
I/DEBUG   (   87): code around pc:
I/DEBUG   (   87): b00043a8 6858e00a 208cf8d4 f8c41885 e00350d8
..Xh... .....P..
I/DEBUG   (   87): b00043b8 0895685a 50dcf8c4 e0013308 44794924
Zh.....P.3..$IyD
I/DEBUG   (   87): b00043c8 2d00681d af49f47f 30acf8d4 f8d4b113
.h.-..I....0....
I/DEBUG   (   87): b00043d8 b96110b0 7174f240 9100481e 44784a1e
..a...@.tq.h...jxd
I/DEBUG   (   87): b00043e8 491f4b1e 447b447a 68094479 f8d4e7b1
.K.IzD{DyD.h....
I/DEBUG   (   87):
I/DEBUG   (   87): code around lr:
I/DEBUG   (   87): 000ffbcc ffffffff ffffffff ffffffff ffffffff
................
I/DEBUG   (   87): 000ffbdc ffffffff ffffffff ffffffff ffffffff
................
I/DEBUG   (   87): 000ffbec ffffffff ffffffff ffffffff ffffffff
................
I/DEBUG   (   87): 000ffbfc ffffffff ffffffff ffffffff ffffffff
................
I/DEBUG   (   87): 000ffc0c ffffffff ffffffff ffffffff ffffffff
................
I/DEBUG   (   87):
I/DEBUG   (   87): memory map around addr 0010d9d8:
I/DEBUG   (   87): (no map below)
I/DEBUG   (   87): (no map for address)
I/DEBUG   (   87): 40032000-40132000 /data/local/tmp/fips_hmac.exe
I/DEBUG   (   87):
I/DEBUG   (   87): stack:
I/DEBUG   (   87):     beef2af8  00000000
I/DEBUG   (   87):     beef2afc  00000000
I/DEBUG   (   87):     beef2b00  00000000
I/DEBUG   (   87):     beef2b04  00000000
I/DEBUG   (   87):     beef2b08  00000000
I/DEBUG   (   87):     beef2b0c  00000000
I/DEBUG   (   87):     beef2b10  00000000
I/DEBUG   (   87):     beef2b14  00000000
I/DEBUG   (   87):     beef2b18  00000000
I/DEBUG   (   87):     beef2b1c  00000000
I/DEBUG   (   87):     beef2b20  00000000
I/DEBUG   (   87):     beef2b24  00000000
I/DEBUG   (   87):     beef2b28  00000000
I/DEBUG   (   87):     beef2b2c  00000000
I/DEBUG   (   87):     beef2b30  df0027ad
I/DEBUG   (   87):     beef2b34  00000000
I/DEBUG   (   87): #00 beef2b38  00000000
I/DEBUG   (   87):     beef2b3c  00000000
I/DEBUG   (   87):     beef2b40  b0009f60  /system/bin/linker
I/DEBUG   (   87):     beef2b44  b0009f60  /system/bin/linker
I/DEBUG   (   87):     beef2b48  beef2cce  [stack]
I/DEBUG   (   87):     beef2b4c  00000118
I/DEBUG   (   87):     beef2b50  b0009f60  /system/bin/linker
I/DEBUG   (   87):     beef2b54  b0009f60  /system/bin/linker
I/DEBUG   (   87):     beef2b58  b00094f0  /system/bin/linker
I/DEBUG   (   87):     beef2b5c  00000002
I/DEBUG   (   87):     beef2b60  beef2b78  [stack]
I/DEBUG   (   87):     beef2b64  b0009910  /system/bin/linker
I/DEBUG   (   87):     beef2b68  00000000
I/DEBUG   (   87):     beef2b6c  00000000
I/DEBUG   (   87):     beef2b70  b0006f1f  /system/bin/linker
I/DEBUG   (   87):     beef2b74  b00049f5  /system/bin/linker
I/DEBUG   (   87):     beef2b78  00000000
I/DEBUG   (   87):     beef2b7c  00000000

-- 
You received this message because you are subscribed to the Google Groups 
"Android Security Discussions" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to android-security-discuss+unsubscr...@googlegroups.com.
To post to this group, send email to android-security-discuss@googlegroups.com.
Visit this group at http://groups.google.com/group/android-security-discuss.
For more options, visit https://groups.google.com/groups/opt_out.

[android-security-discuss] NDK EXE with PIE when for both Android < 4.1 and Android >= 4.1?

Reply via email to