Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix null dereference in frida-server at startup #542

Merged
merged 1 commit into from
Aug 20, 2024
Merged

Fix null dereference in frida-server at startup #542

merged 1 commit into from
Aug 20, 2024

Conversation

mrmacete
Copy link
Contributor

@mrmacete mrmacete commented Aug 20, 2024
edited
Loading

This happened on older iOS versions (happened to me on iPhone X on 16.1)

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000

Triggered by Thread:  5


Thread 5 name:  gdbus
Thread 5 Crashed:
0   CoreFoundation                	       0x1968119d0 CFArrayGetCount + 8
1   frida-server                  	       0x104376164 frida_cf_array_iterator_construct + 92
2   frida-server                  	       0x1043779c4 frida_tunnel_interface_observer_handle_interface_changes + 92
3   frida-server                  	       0x104377868 frida_tunnel_interface_observer_real_start + 276
4   frida-server                  	       0x104372030 frida_web_service_do_start_co + 616
5   frida-server                  	       0x1043a9af8 g_task_return_now + 48
6   frida-server                  	       0x1043a9b38 complete_in_idle_cb + 20
7   frida-server                  	       0x104414cdc g_main_context_dispatch + 228
8   frida-server                  	       0x104414e9c g_main_context_iterate + 304
9   frida-server                  	       0x10441504c g_main_loop_run + 168
10  frida-server                  	       0x1043cd440 gdbus_shared_thread_func + 32
11  frida-server                  	       0x10442652c g_thread_proxy + 92
12  libsystem_pthread.dylib       	       0x1e2f48060 _pthread_start + 116
13  libsystem_pthread.dylib       	       0x1e2f46688 thread_start + 8

and prevented frida-server from starting up

@mrmacete mrmacete requested a review from oleavr August 20, 2024 13:08
@oleavr oleavr force-pushed the fix/null-deref-server-older-ios branch from f4f4248 to 987dd39 Compare August 20, 2024 17:45
@mrmacete @oleavr
tunnel-interface-observer: Fix start() crash on i/tvOS
2711328 
When SCDynamicStoreCopyKeyList() fails.
@oleavr oleavr force-pushed the fix/null-deref-server-older-ios branch from 987dd39 to 2711328 Compare August 20, 2024 17:47
@mrmacete
Copy link
Contributor Author

this could be related to frida-server running in the System xpc domain rather than an iOS version issue, could it be a bigger problem?

@mrmacete
Copy link
Contributor Author

i don't know the iceberg of this tip, but i can tell that the segfault is only reproducible in that scenario even on the same 16.1 device i have and doesn't happen if i run frida-server manually from the user domain

@oleavr
Copy link
Member

oleavr commented Aug 20, 2024

this could be related to frida-server running in the System xpc domain rather than an iOS version issue, could it be a bigger problem?

Ooh yes, that's probably the root cause. We only need this functionality for iOS >= 17, so I wonder now if we still have the same issue there.

@oleavr oleavr merged commit 120dc49 into main Aug 20, 2024
22 of 29 checks passed
@oleavr oleavr deleted the fix/null-deref-server-older-ios branch August 20, 2024 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleavr oleavr Awaiting requested review from oleavr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mrmacete @oleavr