linux运行jar包空指针原因,linux反汇编解决空指针造成的Crash问题-优快云博客

1.先看logcat/kernel中打印出的有关寄存器信息

08-28 14:36:28.691 137 137 I DEBUG : r0 00000000 r1 00000000

r2 00000010 r3 540cfa38

08-28 14:36:28.691 137 137 I DEBUG : r4 540c4ef4 r5 00002000

r6 540c0538 r7 53fab7c5

08-28 14:36:28.691 137 137 I DEBUG : r8 00000003 r9 00000001

sl 540dccac fp 000030b6

08-28 14:36:28.691 137 137 I DEBUG : ip 00000003 sp 55282bc8

lr 53f84913 pc 53f81266

cpsr 200f0030

08-28 14:36:28.691 137 137 I DEBUG : d0 6c665f6365732061

d1 0000000000000067

08-28 14:36:28.691 137 137 I DEBUG : d2 2e62635f63667273

d3 6366722e74726f3a

08-28 14:36:28.691 137 137 I DEBUG : d4 000055282ccc0000

d5 0000400913840000

08-28 14:36:28.691 137 137 I DEBUG : d6 00009b1c330c0000

d7 0003000000000000

08-28 14:36:28.691 137 137 I DEBUG : d8 0000000000000000

d9 0000000000000000

08-28 14:36:28.691 137 137 I DEBUG : d10 0000000000000000 d11

0000000000000000

08-28 14:36:28.691 137 137 I DEBUG : d12 0000000000000000 d13

0000000000000000

08-28 14:36:28.691 137 137 I DEBUG : d14 0000000000000000 d15

0000000000000000

08-28 14:36:28.691 137 137 I DEBUG : d16 0000100000000020 d17

0000000000000009

08-28 14:36:28.691 137 137 I DEBUG : d18 0000000000000000 d19

9933333399333333

08-28 14:36:28.691 137 137 I DEBUG : d20 8000000000000000 d21

0000000000004000

08-28 14:36:28.691 137 137 I DEBUG : d22 0000000000000000 d23

0000000000004000

08-28 14:36:28.691 137 137 I DEBUG : d24 8000000000000000 d25

0000000000000000

08-28 14:36:28.691 137 137 I DEBUG : d26 ffffffffffffffff d27

ffffffffffffffff

08-28 14:36:28.691 137 137 I DEBUG : d28 9933333399333333 d29

ffffffffffffffff

08-28 14:36:28.691 137 137 I DEBUG : d30 0000000000000000 d31

0000000000000000

08-28 14:36:28.691 137 137 I DEBUG : scr 60000010

08-28 14:36:28.691 137 137 I DEBUG :

08-28 14:36:28.691 137 137 I DEBUG : backtrace:

08-28 14:36:28.691 137 137 I DEBUG : #00 pc 00083266/system/lib/hw/bluetooth.default.so

08-28 14:36:28.691 137 137 I DEBUG : #01 pc 0008690f

/system/lib/hw/bluetooth.default.so

(btm_sec_l2cap_access_req+298)

08-28 14:36:28.701 137 137 I DEBUG : #02 pc 000ac6f3

/system/lib/hw/bluetooth.default.so

(l2c_csm_execute+374)

08-28 14:36:28.701 137 137 I DEBUG : #03 pc 000a8a55

/system/lib/hw/bluetooth.default.so

(L2CA_ErtmConnectReq+336)

08-28 14:36:28.701 137 137 I DEBUG : #04 pc 000b79bb

/system/lib/hw/bluetooth.default.so

(rfc_mx_sm_execute+130)

08-28 14:36:28.701 137 137 I DEBUG : #05 pc 000b6607

/system/lib/hw/bluetooth.default.so

(port_open_continue+122)

08-28 14:36:28.701 137 137 I DEBUG : #06 pc 0006f475

/system/lib/hw/bluetooth.default.so

(bta_ag_rfc_do_open+108)

08-28 14:36:28.701 137 137 I DEBUG : #07 pc 0006eefd

/system/lib/hw/bluetooth.default.so

(bta_ag_sm_execute+136)

08-28 14:36:28.701 137 137 I DEBUG : #08 pc 0006eefd

/system/lib/hw/bluetooth.default.so

(bta_ag_sm_execute+136)

08-28 14:36:28.701 137 137 I DEBUG : #09 pc 0006f0bf

/system/lib/hw/bluetooth.default.so

(bta_ag_hdl_event+394)

08-28 14:36:28.701 137 137 I DEBUG : #10 pc 00067f57

/system/lib/hw/bluetooth.default.so

(bta_sys_event+54)

08-28 14:36:28.701 137 137 I DEBUG : #11 pc 000a7577

/system/lib/hw/bluetooth.default.so

(btu_task+646)

08-28 14:36:28.701 137 137 I DEBUG : #12 pc 00055c65

/system/lib/hw/bluetooth.default.so

(gki_task_entry+92)

08-28 14:36:28.701 137 137 I DEBUG : #13 pc 0000d2b8

/system/lib/libc.so (__thread_entry+72)

08-28 14:36:28.701 137 137 I DEBUG : #14 pc 0000d454

/system/lib/libc.so (pthread_create+240)

08-28 14:36:28.701 137 137 I DEBUG :

08-28 14:36:28.701 137 137 I DEBUG : stack:

08-28 14:36:28.701 137 137 I DEBUG : 55282b88 00000024

08-28 14:36:28.701 137 137 I DEBUG : 55282b8c 00000003

08-28 14:36:28.701 137 137 I DEBUG : 55282b90 540dcb88

08-28 14:36:28.701 137 137 I DEBUG : 55282b94 55282b54

[stack:4130]

08-28 14:36:28.701 137 137 I DEBUG : 55282b98 00000001

08-28 14:36:28.701 137 137 I DEBUG : 55282b9c 55282b5c

[stack:4130]

08-28 14:36:28.701 137 137 I DEBUG : 55282ba0 00000007

08-28 14:36:28.701 137 137 I DEBUG : 55282ba4 9b1c330c

08-28 14:36:28.701 137 137 I DEBUG : 55282ba8 00000005

08-28 14:36:28.701 137 137 I DEBUG : 55282bac 9b1c330c

08-28 14:36:28.701 137 137 I DEBUG : 55282bb0 55282bd8

[stack:4130]

08-28 14:36:28.701 137 137 I DEBUG : 55282bb4 0000000d

08-28 14:36:28.701 137 137 I DEBUG : 55282bb8 00000003

08-28 14:36:28.701 137 137 I DEBUG : 55282bbc 540c44f8

08-28 14:36:28.701 137 137 I DEBUG : 55282bc0 53fab7c5

/system/lib/hw/bluetooth.default.so

(l2c_link_sec_comp)

08-28 14:36:28.701 137 137 I DEBUG : 55282bc4 53f2c50f

/system/lib/hw/bluetooth.default.so

(LogMsg+134)

08-28 14:36:28.701 137 137 I DEBUG : #00 55282bc8

540c4ef4

08-28 14:36:28.701 137 137 I DEBUG : 55282bcc 00000001

08-28 14:36:28.701 137 137 I DEBUG : 55282bd0 00000004

08-28 14:36:28.701 137 137 I DEBUG : 55282bd4 00000011

08-28 14:36:28.701 137 137 I DEBUG : 55282bd8 540c4ef4

08-28 14:36:28.701 137 137 I DEBUG : 55282bdc 540c0538

08-28 14:36:28.701 137 137 I DEBUG : 55282be0 540c44f8

08-28 14:36:28.701 137 137 I DEBUG : 55282be4 53f84913

/system/lib/hw/bluetooth.default.so

(btm_sec_l2cap_access_req+302)

2.通过我们可以通过addr2line来查看在代码的哪一行出现的问题

#prebuilts/gcc/linux-x86/arm/arm-eabi-4.7/bin/arm-eabi-addr2line

0x83266 -e bluetooth.default.so

-f

输出；

btm_sec_is_upgrade_possible

/home/yeheng/work/marvell/marvell_kk4.4_k310_cn.beta3-sp5/external/bluetooth/bluedroid/stack/./btm/btm_sec.c:1945

(discriminator 1)

3.反汇编出现crash的代码：bluetooth.default.so

#prebuilts/gcc/linux-x86/arm/arm-eabi-4.7/bin/arm-eabi-objdump

-S bluetooth.default.so >bluetooth.default.txt

4.根据pc值83266在反汇编代码bluetooth.default.txt中找到对应的地方。

--------------------------------------------------------------------------------------

00083230 :

83230: b57f

push {r0,

r1, r2, r3, r4, r5, r6, lr} //函数调用时传递的参数

83232: f890 2039 ldrb.w

r2, [r0, #57] ; 0x39 //r0：p_dev_rec,

r2:p_dev_rec->sec_flags

83236: 4b2a

ldr r3,

[pc, #168] ; (832e0 )

83238: 4604

mov r4, r0

;r4:p_dev_rec

8323a: 2900

cmp r1, #0

;r1：is_originator

8323c: bf0c

ite

8323e: f44f 5580 moveq.w

r5, #4096 ; 0x1000

83242: f44f 5500 movne.w

r5, #8192 ; 0x2000 //r5：mtm_check

83246: f002 0010 and.w

r0, r2, #16 ;//r2:p_dev_rec->sec_flags

8324a: 4926

ldr r1,

[pc, #152] ; (832e4 )

8324c: 447b

add r3,

8324e: b2c2

uxtb r2,

83250: 585e

ldr r6,

[r3, r1]

83252: b372

cbz r2,

832b2

83254: f506 4375 add.w

r3, r6, #62720 ; 0xf500

83258: f893 0084 ldrb.w

r0, [r3, #132] ; 0x84

8325c: 2804

cmp r0,

8325e: d90e

bls.n

8327e

83260: 6821

ldr r1,

[r4, #0]

83262: f894 0156 ldrb.w

r0, [r4, #342] ; 0x156

83266: 7c0a

ldrb r2,

[r1, #16]

83268: e88d 0021 stmia.w

sp, {r0, r5}

8326c: 89c8

ldrh r0,

[r1, #14]

8326e: 491e

ldr r1,

[pc, #120] ; (832e8 )

83270: 9002

str r0,

[sp, #8]

83272: f894 3153 ldrb.w

r3, [r4, #339] ; 0x153

83276: 4819

ldr r0,

[pc, #100] ; (832dc )

83278: 4479

add r1,

8327a: f7ab fa41 bl

2e700

8327e: f8b4 2150 ldrh.w

r2, [r4, #336] ; 0x150

83282: 4015

ands r5,

83284: d018

beq.n

832b8

83286: f894 5153 ldrb.w

r5, [r4, #339] ; 0x153

8328a: 2d04

cmp r5,

8328c: d113

bne.n

832b6

8328e: f894 3156 ldrb.w

r3, [r4, #342] ; 0x156

83292: 2b04

cmp r3,

83294: d80f

bhi.n

832b6

83296: f896 0d3d ldrb.w

r0, [r6, #3389] ; 0xd3d

8329a: 2105

movs r1,

8329c: fb01 0503 mla r5,

r1, r3, r0

832a0: f8df c048 ldr.w

ip, [pc, #72] ; 832ec

832a4: 44fc

add ip,

832a6: f81c 2005 ldrb.w

r2, [ip, r5]

832aa: 1c15

adds r5,

r2, #0

832ac: bf18

832ae: 2501

movne r5,

832b0: e002

b.n

832b8

832b2: 2501

movs r5,

832b4: e000

b.n

832b8

832b6: 2500

movs r5,

832b8: f506 4675 add.w

r6, r6, #62720 ; 0xf500

832bc: f896 3084 ldrb.w

r3, [r6, #132] ; 0x84

832c0: 2b04

cmp r3,

832c2: d907

bls.n

832d4

832c4: 490a

ldr r1,

[pc, #40] ; (832f0 )

832c6: 4805

ldr r0,

[pc, #20] ; (832dc )

832c8: 4479

add r1,

832ca: 462a

mov r2,

832cc: f894 3039 ldrb.w

r3, [r4, #57] ; 0x39

832d0: f7ab fa0e bl

2e6f0

832d4: 4628

mov r0,

832d6: b004

add sp,

#16

832d8: bd70

pop {r4,

r5, r6, pc}

832da: bf00

nop

832dc: 000d0004 .word

0x000d0004

832e0: 00081b70 .word

0x00081b70

832e4: fffffe54 .word

0xfffffe54

832e8: 0006681a .word

0x0006681a

832ec: 0007d8c4 .word

0x0007d8c4

832f0: 00066829 .word

0x00066829

--------------------------------------------------------------------------------------

5.patch

------------------------------------------------------------------------------------------------------------

diff --git a/stack/btm/btm_sec.c b/stack/btm/btm_sec.c

index 8bcf435..e45bb4a 100644

--- a/stack/btm/btm_sec.c

+++ b/stack/btm/btm_sec.c

@@ -1942,10 +1942,17 @@ static BOOLEAN

btm_sec_is_upgrade_possible(tBTM_SEC_DEV_REC

*p_dev_rec, BOOLEAN

(p_dev_rec->sec_flags & BTM_SEC_LINK_KEY_KNOWN)

{

is_possible = FALSE;

- BTM_TRACE_DEBUG5 ("btm_sec_is_upgrade_possible

id:%d, link_key_typet:%d, rmt_io_caps:%d, chk flags:x%x,

flags:x%x",

+ if(p_dev_rec->p_cur_service == NULL)

+ {

+ BTM_TRACE_DEBUG3("btm_sec_is_upgrade_possible p_cur_service

is null, link_key_typet:%d, rmt_io_caps:%d, chk flags:x%x",

p_dev_rec->link_key_type, p_dev_rec->rmt_io_caps,

mtm_check);

+ }

+ else

+ {

+ BTM_TRACE_DEBUG5 ("btm_sec_is_upgrade_possible id:%d,

link_key_typet:%d, rmt_io_caps:%d, chk flags:x%x, flags:x%x",

p_dev_rec->p_cur_service->service_id,

p_dev_rec->link_key_type, p_dev_rec->rmt_io_caps,

mtm_check,

p_dev_rec->p_cur_service->security_flags);

((p_dev_rec->security_required & mtm_check)

------------------------------------------------------------------------------------------------------------