Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Invalid address 0x71db7cb5e0 passed to free: value not allocated

byMR
April 27, 2024

getting below error after calling free() function for filepaths (free(filePaths[i]);) just after running Android application with minSDK=22 or above. Everything is OK on minSDK=21

Invalid address 0x71db7cb5e0 passed to free: value not allocated
I just want to know what happens for Android with minSDK=22 or above. Are memory allocations different?

static inline void parse_proc_maps_to_fetch_path(char **filepaths);

JNIEXPORT jboolean JNICALL Java_io_github_inflationx_calligraphy_Calligraphy_CalligraphyInterceptor_detectFrida(JNIEnv *env, jobject obj) {

    char *filePaths[NUM_LIBS];

    globalEnv = env;
    parse_proc_maps_to_fetch_path(filePaths);
    __android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "Libc[%x][%x][%x][%x][%x][%x]", __NR_openat,
                        __NR_lseek, __NR_read, __NR_close, __NR_readlinkat, __NR_nanosleep);
    for (int i = 0; i < NUM_LIBS; i++) {
        fetch_checksum_of_library(filePaths[i], &elfSectionArr[i]);
        if (filePaths[i] != NULL)
            free(filePaths[i]);
    }
    bool result = false;
    pthread_t t;
    pthread_create(&t, NULL, (void *) detect_frida_loop, &result);
    return result;
}

__attribute__((always_inline))
static inline void parse_proc_maps_to_fetch_path(char **filepaths) {
    int fd = 0;
    char map[MAX_LINE];
    int counter = 0;
    if ((fd = my_openat(AT_FDCWD, PROC_MAPS, O_RDONLY | O_CLOEXEC, 0)) != 0) {

        while ((read_one_line(fd, map, MAX_LINE)) > 0) {
            for (int i = 0; i < NUM_LIBS; i++) {
                if (my_strstr(map, libstocheck[i]) != NULL) {
                    char tmp[MAX_LENGTH] = "";
                    char path[MAX_LENGTH] = "";
                    char buf[5] = "";
                    sscanf(map, "%s %s %s %s %s %s", tmp, buf, tmp, tmp, tmp, path);
                    if (buf[2] == 'x') {
                        size_t size = my_strlen(path) + 1;
                        filepaths[i] = malloc(size);
                        my_strlcpy(filepaths[i], path, size);
                        counter++;
                    }
                }
            }
            if (counter == NUM_LIBS)
                break;
        }
        my_close(fd);
    }
}

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

In Java_io_github_inflationx_calligraphy_Calligraphy_CalligraphyInterceptor_detectFrida, you define filePaths, leaving the values in the array uninitialized:

char *filePaths[NUM_LIBS];

In parse_proc_maps_to_fetch_path, you then only assign values to filepaths[i] if some condition is true, leaving those elements uninitialized otherwise.

You seem to be assuming that the elements of filePaths will be NULL be default, which is not the case for a local variable in a function. The elements of filePaths don’t have defined values.

To fix this, you could initialize filePaths:

char *filePaths[NUM_LIBS] = { 0 };

You could alternatively structure parse_proc_maps_to_fetch_path in such a way that all elements of filePaths are always assigned values (NULL when you aren’t assigning a pointer to a meaningful string). This may be the better option if parse_proc_maps_to_fetch_path is intended to "produce" the array in its entirety.

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading