我想和ndk做一些安全问题。
my ndk code:
jbyte * buff;
jbyte * result;
jint buff_size = 0;
jint result_size = 0;
jbyte * key = (jbyte *)"HashCode";
jint key_size = 9;
jbyte* ramz(jbyte* s ,jint size_s, jbyte* k, jint size_k)
{
return s;
}
jbyte* dramz(jbyte* s ,jint size_s, jbyte* k, jint size_k)
{
return s;
}
JNIEXPORT void JNICALL Java_com_shabaviz_Server_Server_clear(JNIEnv * env, jclass obj) {
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "start of clear\n");
if (buff_size > 0)
{
delete[] buff;
}
buff = new jbyte[0];
buff_size = 0;
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "end of clear\n");
}
JNIEXPORT void JNICALL Java_com_shabaviz_Server_Server_addChar(JNIEnv * env, jclass obj, jbyte c_int) {
jbyte *temp = new jbyte[buff_size+1];
for (int i = 0; i < buff_size; ++i)
{
temp[i] = buff[i];
}
temp[buff_size] = c_int;
jbyte * oldbuf = buff;
buff = temp;
delete[] oldbuf;
++buff_size;
}
JNIEXPORT void JNICALL Java_com_shabaviz_Server_Server_ramz(JNIEnv * env, jclass obj) {
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "start of ramz\n");
if (result_size > 0)
{
delete[] result;
}
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "ramzOOOO\n");
result = ramz(buff, buff_size , key , key_size);
result_size = buff_size;// + 7;
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "end of ramz\n");
}
JNIEXPORT void JNICALL Java_com_shabaviz_Server_Server_dramz(JNIEnv * env, jclass obj) {
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "start of dramz\n");
if (result_size > 0)
{
delete[] result;
}
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "dramzOOOO\n");
result = dramz(buff, buff_size , key , key_size);
result_size = buff_size;// - 7;
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "end of dramz\n");
}
JNIEXPORT jint JNICALL Java_com_shabaviz_Server_Server_sizeOf(JNIEnv * env, jclass obj) {
__android_log_print(ANDROID_LOG_VERBOSE, APPNAME, "start/end of sizeOf\n");
return result_size;
}
JNIEXPORT jbyte JNICALL Java_com_shabaviz_Server_Server_getChar(JNIEnv * env, jclass obj, jint c_int) {
return result[c_int];
}
my java code structure
com.shabaviz.Server.Server.java
public class Server {
static{
System.loadLibrary("hellondk");
}
public synchronized static String sendPost(String url , String json) throws Exception {
.
.
.
byte [] data = newramz(json.getBytes());
.
.
.
return new String(newdramz(responseFromServer));
}
public native static void ramz();
public native static void dramz();
public native static void clear();
public native static void addChar(byte c);
public native static int sizeOf();
public native static byte getChar(int index);
public synchronized static byte[] newramz(byte[] s)
{
clear();
for (int i = 0; i < s.length; ++i)
{
addChar(s[i]);
}
ramz();
byte[] enc = new byte[sizeOf()];
for (int i = 0; i < enc.length; ++i)
{
enc[i] = getChar(i);
}
return enc;
}
public synchronized static byte[] newdramz(byte[] s)
{
clear();
for (int i = 0; i < s.length; ++i)
{
addChar(s[i]);
}
dramz();
byte[] dec = new byte[sizeOf()];
for (int i = 0; i < dec.length; ++i)
{
dec[i] = getChar(i);
}
return dec;
}
MainActivity.java
public class MainActivity extends Activity{
.
.
.
public class Login extends AsyncTask<URL, Integer, Long> {
.
.
.
protected Long doInBackground(URL... urls) {
response = Server.sendPost(url1 , jsonString1);
.
.
.
response2 = Server.sendPost(url2 , jsonString2);
}
}
.
.
.
}
And my problem:
当我使用android应用程序时,我看到以下logcat强制关闭。
08-30 14:46:33.604 15394-15470 / com.shabaviz.telegram V / telegramNDK:清除开始
08-30 14:46:33.604 15394-15470 / com.shabaviz.telegram V / telegramNDK:清除结束
08- 30:14:46:33.604 15394-15470 / com.shabaviz.telegram V / telegramNDK:ramz开始
08-30 14:46:33.604 15394-15470 / com.shabaviz.telegram V / telegramNDK:ramzOOOO
08-30 14:46 :33.604 15394-15470 / com.shabaviz.telegram V / telegramNDK:ramz结束
08-30 14:46:33.604 15394-15470 / com.shabaviz.telegram V / telegramNDK:大小的开始/结束
08-30 14:46 :33.693 15394-15394 / com.shabaviz.telegram D /方法:oncreatMainActivity
08-30 14:46:33.751 15394-15470 / com.shabaviz.telegram V / telegramNDK:清除开始
08-30 14:46:33.751 15394- 15470 / com.shabaviz.telegram V / telegramNDK:清除结束
08-30 14:46:33.852 15394-15470 / com.shabaviz.telegram V / telegramNDK:开始dramz
08-30 14:46:33.857 15394-15470 / com.shabaviz.telegram V / telegramNDK:dramzOOOO
08-30 14 :46:33.857 15394-15470 / com.shabaviz.telegram V / telegramNDK:结束dramz
08-30 14:46:33.857 15394-15470 / com.shabaviz.telegram V / telegramNDK:大小的开始/结束时间
08-30 14 :46:33.868 15394-15470 / com.shabaviz.telegram V / telegramNDK:清除开始
08-30 14:46:33.868 15394-15470 / com.shabaviz.telegram V / telegramNDK:清除结束
08-30 14:46 :33.869 15394-15470 / com.shabaviz.telegram V / telegramNDK:ramz开始
08-30 14:25:31.700 24282-24486 / com.shabaviz.telegram A / libc:无效的地址或损坏的块0xb9436fa8的地址传递给dlfree
08-30 14:25:31.701 24282-24486 / com.shabaviz.telegram A / libc:致命信号11(SIGSEGV),代码1,故障加法器0xdeadbaad in tid 24486(AsyncTask#3)
我该如何解决?
考虑当您调用ramz
/时dramz
,会出现什么情况,先添加一些字符,然后再输入clear
,然后再输入ramz
/ dramz
:
在首次调用ramz
/dramz
设置时result = buff
,即result
指向与相同的内存块buff
。并且您将其设置result_size
为大于零的值。
当您调用时clear
,buff_size
它将大于0,所以您将delete[] buff
(result
指向的内存与该内存相同)。
然后,再次调用ramz
/ dramz
,它将尝试这样做delete[] result
,但是该内存已被释放=> OOPS。
附带说明一下,该addChar
方法实际上效率很低。您正在为每个字符进行新分配,并将旧内容复制到新缓冲区中,而不是例如在缓冲区变满时将其大小加倍。当然,与其byte[]
一次又一次地传递字符,不如一次传递整个字符。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句