diff --git a/loader/src/ptracer/ptracer.cpp b/loader/src/ptracer/ptracer.cpp index a92bb20..9182ddd 100644 --- a/loader/src/ptracer/ptracer.cpp +++ b/loader/src/ptracer/ptracer.cpp @@ -100,7 +100,12 @@ bool inject_on_main(int pid, const char *lib_path) { For arm32 compatibility, we set the last bit to the same as the entry address */ - uintptr_t break_addr = (-0x05ec1cff & ~1) | ((uintptr_t)entry_addr & 1); + /* INFO: (-0x0F & ~1) is a value below zero, while the one after "|" + is an unsigned (must be 0 or greater) value, so we must + cast the second value to signed long (intptr_t) to avoid + undefined behavior. + */ + uintptr_t break_addr = (uintptr_t)((intptr_t)(-0x0F & ~1) | (intptr_t)((uintptr_t)entry_addr & 1)); if (!write_proc(pid, (uintptr_t)addr_of_entry_addr, &break_addr, sizeof(break_addr))) return false; ptrace(PTRACE_CONT, pid, 0, 0); @@ -110,7 +115,7 @@ bool inject_on_main(int pid, const char *lib_path) { if (WIFSTOPPED(status) && WSTOPSIG(status) == SIGSEGV) { if (!get_regs(pid, regs)) return false; - if (static_cast(regs.REG_IP & ~1) != (break_addr & ~1)) { + if (((int)regs.REG_IP & ~1) != ((int)break_addr & ~1)) { LOGE("stopped at unknown addr %p", (void *) regs.REG_IP); return false; @@ -184,8 +189,14 @@ bool inject_on_main(int pid, const char *lib_path) { } /* NOTICE: C++ -> C */ - char *err = (char *)malloc(dlerror_len + 1); - read_proc(pid, (uintptr_t) dlerror_str_addr, err, dlerror_len); + char *err = (char *)malloc((dlerror_len + 1) * sizeof(char)); + if (err == NULL) { + LOGE("malloc err"); + + return false; + } + + read_proc(pid, dlerror_str_addr, err, dlerror_len + 1); LOGE("dlerror info %s", err); diff --git a/loader/src/ptracer/utils.cpp b/loader/src/ptracer/utils.cpp index 70d327d..1acc32c 100644 --- a/loader/src/ptracer/utils.cpp +++ b/loader/src/ptracer/utils.cpp @@ -313,7 +313,11 @@ void *find_func_addr(std::vector &local_info, std::vector &rem /* WARNING: C++ keyword */ void align_stack(struct user_regs_struct ®s, long preserve) { - regs.REG_SP = (regs.REG_SP - preserve) & ~0xf; + /* INFO: ~0xf is a negative value, and REG_SP is unsigned, + so we must cast REG_SP to signed type before subtracting + then cast back to unsigned type. + */ + regs.REG_SP = (uintptr_t)((intptr_t)(regs.REG_SP - preserve) & ~0xf); } /* WARNING: C++ keyword */ diff --git a/zygiskd/src/companion.c b/zygiskd/src/companion.c index 87e499f..ec77a2a 100644 --- a/zygiskd/src/companion.c +++ b/zygiskd/src/companion.c @@ -54,6 +54,7 @@ void *entry_thread(void *arg) { pthread_exit(NULL); } +/* WARNING: Dynamic memory based */ void entry(int fd) { LOGI("New companion entry.\n - Client fd: %d\n", fd); diff --git a/zygiskd/src/root_impl/kernelsu.c b/zygiskd/src/root_impl/kernelsu.c index f7f9ceb..e7de44a 100644 --- a/zygiskd/src/root_impl/kernelsu.c +++ b/zygiskd/src/root_impl/kernelsu.c @@ -9,7 +9,11 @@ #include "kernelsu.h" -#define KERNEL_SU_OPTION 0xdeadbeef +/* INFO: It would be presumed it is a unsigned int, + so we need to cast it to signed int to + avoid any potential UB. +*/ +#define KERNEL_SU_OPTION (signed int)0xdeadbeef #define CMD_GET_VERSION 2 #define CMD_UID_GRANTED_ROOT 12 diff --git a/zygiskd/src/zygiskd.c b/zygiskd/src/zygiskd.c index 6cf4796..0fde4f0 100644 --- a/zygiskd/src/zygiskd.c +++ b/zygiskd/src/zygiskd.c @@ -360,6 +360,7 @@ struct __attribute__((__packed__)) MsgHead { char data[0]; }; +/* WARNING: Dynamic memory based */ void zygiskd_start(char *restrict argv[]) { LOGI("Welcome to ReZygisk %s Zygiskd!\n", ZKSU_VERSION);