Using ASan on Android with LD_PRELOAD #1154
Comments
|
See https://developer.android.com/ndk/guides/asan for the recommended way of using ASan with Android apps. |
|
On Sun, Oct 20, 2019 at 7:56 PM gamebaker ***@***.***> wrote:
Hi, I'm using ASan as a shared library on a rooted Android phone, with the
LD_PRELOAD method, by these following steps:
1. Copy "system/bin/app_process64" to "app_process64.real";
2. Replace the original "app_process64" file with a bash script:
#!/system/bin/sh
export
ASAN_OPTIONS=start_deactivated=1,alloc_dealloc_mismatch=0,malloc_context_size=0,allow_user_segv_handler=1,halt_on_error=1
export LD_PRELOAD=/data/libclang_rt.asan-aarch64-android.so
exec /system/bin/app_process64.real $@
1. Launch target app with command line:
am start -n com.test.librarytest/.MainActivity
The system works, but it always ends up with an error:
***@***.***:/ # am start -n com.test.librarytest/.MainActivity
WARNING: linker: /data/libclang_rt.asan-aarch64-android.so: unused DT
entry: type 0x6ffffef5 arg 0x10d30
WARNING: linker: /data/libclang_rt.asan-aarch64-android.so: unused DT
entry: type 0x6ffffffe arg 0x163c4
WARNING: linker: /data/libclang_rt.asan-aarch64-android.so: unused DT
entry: type 0x6fffffff arg 0x3
=================================================================
==27966==ERROR: AddressSanitizer: attempting free on address which was not
malloc()-ed: 0x0055bc37a9b0 in thread T0
#0 0x7f99b752db (/data/libclang_rt.asan-aarch64-android.so+0x682db)
#1 <#1> 0x7f98689eef
(/system/lib64/libselinux.so+0x5eef)
#2 <#2> 0x7f98689403
(/system/lib64/libselinux.so+0x5403)
#3 <#3> 0x7f99a3ce5f
(/system/lib64/libandroid_runtime.so+0xd3e5f)
#4 <#4> 0x7f999fa17f
(/system/lib64/libandroid_runtime.so+0x9117f)
#5 <#5> 0x7f999fa32b
(/system/lib64/libandroid_runtime.so+0x9132b)
#6 <#6> 0x5589e96eaf
(/system/bin/app_process64.real+0x1eaf)
#7 <#7> 0x7f99877507
(/system/lib64/libc.so+0x13507)
#8 <#8> 0x5589e9727b
(/system/bin/app_process64.real+0x227b)
AddressSanitizer can not describe address in more detail (wild memory
access suspected).
SUMMARY: AddressSanitizer: bad-free (/data/
libclang_rt.asan-aarch64-android.so+0x682db)
==27966==ABORTING
***@***.***:/ #
I assume Android alloc some memory before ASan loaded and then free them
in Asan, which causes this problem, but I don't know how to fix it. I've
been stuck here for a while, so any suggestions?
This is a reasonable assumption. I also don't know how this could happen.
Try symbolizing the stack trace, and if possible understanding where the
corresponding memory allocation is done. Try adding verbosity=2,debug=1 to
ASAN_OPTIONS.
What Android version is this? There was a reallocarray() function added to
bionic at some point; without a corresponding change in compiler-rt you'd
get exactly this type of crash.
… —
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#1154?email_source=notifications&email_token=AADG4SQG5GLCWYGGG4OYJD3QPUK47A5CNFSM4JCXPPBKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HTBOTJQ>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADG4SS6OOYJ2O6TS5A5OZLQPUK47ANCNFSM4JCXPPBA>
.
|
|
@DanAlbert The wrap.sh way is only available for API level 27 and above, but the device for testing is Android 5.1.1, so doesn't work here, sigh. Thanks for replying. |
|
@eugenis The Android version is 5.1.1, by "corresponding change in compiler-rt" do you mean compile of ASan, or compile of Android? |
|
On Mon, Oct 21, 2019 at 6:31 PM gamebaker ***@***.***> wrote:
This is a reasonable assumption. I also don't know how this could happen.
Try symbolizing the stack trace, and if possible understanding where the
corresponding memory allocation is done. Try adding verbosity=2,debug=1 to
ASAN_OPTIONS. What Android version is this? There was a reallocarray()
function added to bionic at some point; without a corresponding change in
compiler-rt you'd get exactly this type of crash.
The Android version is 5.1.1, by "corresponding change in compiler-rt" do
you mean compile of ASan, or compile of Android?
I've tried adding verbosity=2,debug=1 to ASAN_OPTIONS, but it gives the
same log, nothing changed.
I'm kind of a newbie to this, so I gonna try symbolizing the stack trace
to make some progress, hope I can figure this out.
Thanks for replying, it helps.
5.1.1. is L-MR1, should be good enough for ASan (but barely!).
Nothing really comes to mind. Your best bet would be to figure out which
malloc call this memory comes from, and then - why have it not been
intercepted.
I presume you've seen this old documentation:
https://github.com/google/sanitizers/wiki/AddressSanitizerOnAndroid/01f8df1ac1a447a8475cdfcb03e8b13140042dbd
You can try the script, but it does almost exactly what you are doing:
https://github.com/llvm/llvm-project/blob/master/compiler-rt/lib/asan/scripts/asan_device_setup
… —
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1154?email_source=notifications&email_token=AADG4SQU2ZWKABZBTBP2VTTQPZJX5A5CNFSM4JCXPPBKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEB4JKRY#issuecomment-544773447>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADG4SVT42LAQNPYSMSO2TLQPZJX5ANCNFSM4JCXPPBA>
.
|
|
Hi, I encountered a similar issue: |
|
Hi, I encountered a similar issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I'm using ASan as a shared library on a rooted Android phone, with the LD_PRELOAD method, by these following steps:
am start -n com.test.librarytest/.MainActivityThe system works, but it always ends up with an error:
I assume Android alloc some memory before ASan loaded and then free them in Asan, which causes this problem, but I don't know how to fix it. I've been stuck here for a while, so any suggestions?
The text was updated successfully, but these errors were encountered: