Home > Software engineering >  stack corruption detected when use memset in c from JNI Android
stack corruption detected when use memset in c from JNI Android

Time:11-16

I am developing an Android application using C native code.

I have C code (XTTEA Algorithm in C native) which perfectly runs online with C compiler and I can get the output, but when I try to use that class method using JNI cpp class, it give me the error below:

A/libc: stack corruption detected (-fstack-protector)
A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 13328 (example.ndkdemo), pid 13328 (example.ndkdemo)

Below is the JNI cpp code where I pass the data as input.

extern "C" JNIEXPORT jint JNICALLJava_com_example_ndkdemo_MainActivity_encryptDataInt(JNIEnv *env, jobject thiz /* this */){
//    return add(5,3);

    int len;

    unsigned char input[8] = { 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 };

    sg_xxtea_encrypt (input, 8);

    return 1;
}

Below is the method that I call from above JNI code. I debug the code and find out that the error occurs in the memset() function inside the first if conditon.

int
sg_xxtea_encrypt (unsigned char *data, int data_size)
{
    int i = 0;
    int block_size = ((data_size   2) / 4   1) * 4;
    memset (sg_data_buff, 0, ENCRYPT_INT_BUFF * 4);

    if (block_size > data_size)
    {
        memset (&data[data_size], 0, block_size - data_size); // We get error in this line
    }
    for (i = data_size   1; i >= 2; i--)
    {
        data[i] = data[i - 2];
    }
    data[0] = (data_size >> 8) & 0xff;
    data[1] = (data_size >> 0) & 0xff;
    for (i = 0; i < block_size / 4; i  )
    {
        sg_data_buff[i] = bytesTOint (&data[i * 4]);
    }
    TEA_EncryptCore (block_size, sg_data_buff, sg_key_buff);
    for (i = 0; i < block_size / 4; i  )
    {
        intTobyte (sg_data_buff[i], &data[i * 4]);
    }
    return block_size;
}

Can anyone please suggest what could be the issue.

CodePudding user response:

Your input array is 8 bytes. The data parameter is a pointer to input, and the data_size parameter is 8, so theblock_size variable is calculated as 12. Your memset() is writing 4 0x00 bytes to &data[data_size], aka &input[8], which is out of bounds of the input array. So, you have a buffer overflow that is corrupting stack memory surrounding the input array.

The subsequent for loop after the memset() is also accessing the input array's elements out of bounds, too.

input is a fixed sized array. Accessing elements outside of its bounds does not make it grow larger.

Page link:https//www.codepudding.com/Softwareengineering/193290.html

Prev:How to set invisible layout to visible permanently?
Next:Change Status bar's style on android auto
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding