Skip to content
This repository was archived by the owner on Feb 12, 2026. It is now read-only.

Commit 660ac74

Browse files
ThePedrooThePedroo
committed
fix: use of Java string after freed
This commit fixes the use of a Java string in LSPosed Dex2Oat service after being freed, resulting in it not containing the app name sometimes since it was reutilized.
1 parent 7b097b5 commit 660ac74

File tree

1 file changed

+21
-26
lines changed

1 file changed

+21
-26
lines changed

daemon/src/main/jni/dex2oat.cpp

Lines changed: 21 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -229,11 +229,8 @@ static bool magisk_get_existence() {
229229
break;
230230
}
231231

232-
if (path_to_magisk[0] == '\0') {
233-
LOGD("No Magisk binary found, skipping Magisk root implementation detection");
234-
232+
if (path_to_magisk[0] == '\0')
235233
return false;
236-
}
237234

238235
const char *argv[] = { "magisk", "-V", NULL };
239236

@@ -292,9 +289,6 @@ bool magisk_is_in_denylist(const char *const process) {
292289
bool apatch_get_existence() {
293290
struct stat s;
294291
if (stat("/data/adb/apd", &s) != 0) {
295-
if (errno != ENOENT) {
296-
LOGE("Failed to stat APatch apd binary: %s\n", strerror(errno));
297-
}
298292
errno = 0;
299293

300294
return false;
@@ -305,6 +299,7 @@ bool apatch_get_existence() {
305299

306300
if (!exec_command(apatch_version, sizeof(apatch_version), "/data/adb/apd", argv)) {
307301
LOGE("Failed to execute apd binary: %s\n", strerror(errno));
302+
308303
errno = 0;
309304

310305
return false;
@@ -436,59 +431,59 @@ Java_org_lsposed_lspd_service_Dex2OatService_isInDenylist(JNIEnv *env, jobject,
436431
char app_data_dir[PATH_MAX];
437432
snprintf(app_data_dir, sizeof(app_data_dir), "/data/data/%s", app_name);
438433

439-
env->ReleaseStringUTFChars(appName, app_name);
440-
441434
struct stat st;
442435
if (stat(app_data_dir, &st) == -1) {
443436
PLOGE("Failed to stat %s", app_data_dir);
444437

445-
return JNI_FALSE;
446-
}
447-
448-
uid_t app_uid = st.st_uid;
449-
if (app_uid == 0) {
450-
LOGE("App %s is running as root, skipping", app_name);
451-
452-
return JNI_FALSE;
438+
goto app_not_in_denylist;
453439
}
454440

455441
if (root_impl == -1 && !ksu_get_existence() && !magisk_get_existence() && !apatch_get_existence()) {
456442
LOGE("No supported root implementation found, skipping denylist check");
457443

458-
return JNI_FALSE;
444+
goto app_not_in_denylist;
459445
}
460446

461447
if (root_impl == 1) {
462-
if (ksu_is_in_denylist(app_uid)) {
448+
if (ksu_is_in_denylist(st.st_uid)) {
463449
LOGI("App %s is in KernelSU denylist", app_name);
464450

465-
return JNI_TRUE;
451+
goto app_in_denylist;
466452
}
467453

468-
return JNI_FALSE;
454+
goto app_not_in_denylist;
469455
}
470456

471457
if (root_impl == 2) {
472458
if (magisk_is_in_denylist(app_name)) {
473459
LOGI("App %s is in Magisk denylist", app_name);
474460

475-
return JNI_TRUE;
461+
goto app_in_denylist;
476462
}
477463

478-
return JNI_FALSE;
464+
goto app_not_in_denylist;
479465
}
480466

481467
if (root_impl == 3) {
482468
if (apatch_uid_should_umount(app_name)) {
483469
LOGI("App %s is in APatch denylist", app_name);
484470

485-
return JNI_TRUE;
471+
goto app_in_denylist;
486472
}
487473

488-
return JNI_FALSE;
474+
goto app_not_in_denylist;
489475
}
490476

477+
env->ReleaseStringUTFChars(appName, app_name);
478+
491479
LOGE("No supported root implementation found, skipping denylist check");
492480

493-
return JNI_FALSE;
481+
app_in_denylist:
482+
env->ReleaseStringUTFChars(appName, app_name);
483+
484+
return JNI_TRUE;
485+
app_not_in_denylist:
486+
env->ReleaseStringUTFChars(appName, app_name);
487+
488+
return JNI_FALSE;
494489
}

0 commit comments

Comments
 (0)