Android NDK Segmentation Error

Question

In my application when I try to print my logs into file at that Time facing Segmentation Error .

I am facing Fatal Signal 11 .

My log function is into Native part , I called it from Java .

Logcat:

01-01 00:09:38.968: A/libc(3905): Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1)
01-01 00:09:38.976: D/Random(2185): Trip In List :false
01-01 00:09:38.976: D/Random(2185): Odometer :0
01-01 00:09:38.976: D/abc(3905): PreCheck conditions satisfied for WIFI Searching Timer
01-01 00:09:39.601: I/DEBUG(1285): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-01 00:09:39.601: I/DEBUG(1285): Build fingerprint: 'android:android:4.0.4/IMM76I/eng.example.20120608.074924:eng/test-keys'
01-01 00:09:39.601: I/DEBUG(1285): pid: 3905, tid: 3908  >>> com.demo.abc <<<
01-01 00:09:39.601: I/DEBUG(1285): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr deadbaad
01-01 00:09:39.601: I/DEBUG(1285):  r0 00000000  r1 00000027  r2 00000048  r3 00000000
01-01 00:09:39.601: I/DEBUG(1285):  r4 00000000  r5 100ffadc  r6 00000000  r7 00000000
01-01 00:09:39.601: I/DEBUG(1285):  r8 016b5760  r9 00000048  10 100ffc98  fp 00006b8b
01-01 00:09:39.601: I/DEBUG(1285):  ip fffc25c4  sp 100ffad8  lr deadbaad  pc 4008ffd8  cpsr 60000130
01-01 00:09:39.601: I/DEBUG(1285):  d0  0000000000000000  d1  0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d2  0000000000000000  d3  0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d4  0000000000000000  d5  0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d6  0000000000000000  d7  0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d8  0000000000000000  d9  0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d10 0000000000000000  d11 0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d12 0000000000000000  d13 0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d14 0000000000000000  d15 0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d16 0000000000000000  d17 0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d18 0000000000000000  d19 0000000421d12176
01-01 00:09:39.601: I/DEBUG(1285):  d20 0000008000000080  d21 0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d22 3fb0f4a31edab38b  d23 3fede16b9c24a98f
01-01 00:09:39.601: I/DEBUG(1285):  d24 3e66376972bea4d0  d25 00000000ffffffff
01-01 00:09:39.601: I/DEBUG(1285):  d26 0000000000000000  d27 3fc554e7eb0eb47c
01-01 00:09:39.601: I/DEBUG(1285):  d28 0000000000000000  d29 0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  d30 0000000000000000  d31 0000000000000000
01-01 00:09:39.601: I/DEBUG(1285):  scr 80000012
01-01 00:09:39.882: I/DEBUG(1285):          #00  pc 00017fd8  /system/lib/libc.so
01-01 00:09:39.882: I/DEBUG(1285):          #01  pc 000096c2  /system/lib/libcutils.so (mspace_merge_objects)
01-01 00:09:39.882: I/DEBUG(1285): code around pc:
01-01 00:09:39.882: I/DEBUG(1285): 4008ffb8 b13cb942 b1196821 6809460c d1fb2900  B.<.!h...F.h.)..
01-01 00:09:39.882: I/DEBUG(1285): 4008ffc8 b31b6963 2eadf64b f6cd2127 24006ead  ci..K...'!...n.$
01-01 00:09:39.882: I/DEBUG(1285): 4008ffd8 1000f88e e812f7f4 f7f52106 a902e8b0  .........!......
01-01 00:09:39.882: I/DEBUG(1285): 4008ffe8 5380f04f 2006460a 94029304 f7f49403  O..S.F. ........
01-01 00:09:39.882: I/DEBUG(1285): 4008fff8 4622ec6c 20024629 ec74f7f4 effef7f3  l."F)F. ..t.....
01-01 00:09:39.882: I/DEBUG(1285): code around lr:
01-01 00:09:39.882: I/DEBUG(1285): deadba8c ffffffff ffffffff ffffffff ffffffff  ................
01-01 00:09:39.882: I/DEBUG(1285): deadba9c ffffffff ffffffff ffffffff ffffffff  ................
01-01 00:09:39.882: I/DEBUG(1285): deadbaac ffffffff ffffffff ffffffff ffffffff  ................
01-01 00:09:39.882: I/DEBUG(1285): deadbabc ffffffff ffffffff ffffffff ffffffff  ................
01-01 00:09:39.882: I/DEBUG(1285): deadbacc ffffffff ffffffff ffffffff ffffffff  ................
01-01 00:09:39.882: I/DEBUG(1285): memory map around addr deadbaad:
01-01 00:09:39.882: I/DEBUG(1285): be9ba000-be9db000 [stack]
01-01 00:09:39.882: I/DEBUG(1285): (no map for address)
01-01 00:09:39.882: I/DEBUG(1285): ffff0000-ffff1000 [vectors]
01-01 00:09:39.882: I/DEBUG(1285): stack:
01-01 00:09:39.882: I/DEBUG(1285):     100ffa98  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffa9c  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffaa0  00000048  
01-01 00:09:39.882: I/DEBUG(1285):     100ffaa4  018b1d10  [heap]
01-01 00:09:39.882: I/DEBUG(1285):     100ffaa8  00000048  
01-01 00:09:39.882: I/DEBUG(1285):     100ffaac  40092bcd  /system/lib/libc.so
01-01 00:09:39.882: I/DEBUG(1285):     100ffab0  400d18b4  
01-01 00:09:39.882: I/DEBUG(1285):     100ffab4  0000000d  
01-01 00:09:39.882: I/DEBUG(1285):     100ffab8  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffabc  40094167  /system/lib/libc.so
01-01 00:09:39.882: I/DEBUG(1285):     100ffac0  40131000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffac4  100ffadc  
01-01 00:09:39.882: I/DEBUG(1285):     100ffac8  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffacc  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffad0  df0027ad  
01-01 00:09:39.882: I/DEBUG(1285):     100ffad4  00000000  
01-01 00:09:39.882: I/DEBUG(1285): #00 100ffad8  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffadc  fffffbdf  
01-01 00:09:39.882: I/DEBUG(1285):     100ffae0  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffae4  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffae8  00000000  
01-01 00:09:39.882: I/DEBUG(1285):     100ffaec  00000000  
01-01 00:09:39.890: I/DEBUG(1285):     100ffaf0  00000000  
01-01 00:09:39.890: I/DEBUG(1285):     100ffaf4  411d0010  /dev/ashmem/dalvik-heap (deleted)
01-01 00:09:39.890: I/DEBUG(1285):     100ffaf8  41227b88  /dev/ashmem/dalvik-heap (deleted)
01-01 00:09:39.890: I/DEBUG(1285):     100ffafc  400e46c5  /system/lib/libcutils.so
01-01 00:09:39.890: I/DEBUG(1285): #01 100ffb00  00000000  
01-01 00:09:39.890: I/DEBUG(1285):     100ffb04  400e46c5  /system/lib/libcutils.so
01-01 00:09:39.890: I/DEBUG(1285):     100ffb08  40000110  
01-01 00:09:39.890: I/DEBUG(1285):     100ffb0c  00000b4c  
01-01 00:09:39.890: I/DEBUG(1285):     100ffb10  411d0018  /dev/ashmem/dalvik-heap (deleted)
01-01 00:09:39.890: I/DEBUG(1285):     100ffb14  00000001  
01-01 00:09:39.890: I/DEBUG(1285):     100ffb18  409cec68  /system/lib/libdvm.so
01-01 00:09:39.890: I/DEBUG(1285):     100ffb1c  40986c37  /system/lib/libdvm.so
01-01 00:09:39.890: I/DEBUG(1285):     100ffb20  00000061  
01-01 00:09:39.890: I/DEBUG(1285):     100ffb24  41226d08  /dev/ashmem/dalvik-heap (deleted)
01-01 00:09:39.890: I/DEBUG(1285):     100ffb28  016b5748  [heap]
01-01 00:09:39.890: I/DEBUG(1285):     100ffb2c  41227a08  /dev/ashmem/dalvik-heap (deleted)
01-01 00:09:39.890: I/DEBUG(1285):     100ffb30  00000000  
01-01 00:09:39.890: I/DEBUG(1285):     100ffb34  100ffdd4  
01-01 00:09:39.890: I/DEBUG(1285):     100ffb38  00000061  
01-01 00:09:39.890: I/DEBUG(1285):     100ffb3c  5109be98  /dev/ashmem/dalvik-bitmap-2 (deleted)
01-01 00:09:39.890: I/DEBUG(1285):     100ffb40  50c4fe98  /dev/ashmem/dalvik-bitmap-1 (deleted)
01-01 00:09:39.890: I/DEBUG(1285):     100ffb44  000074f6  
01-01 00:09:42.085: I/BootReceiver(1427): Copying /data/tombstones/tombstone_01 to DropBox (SYSTEM_TOMBSTONE)

Native Part Code :

void printDebugLog(char *moduleName, char *log, ...)
{
    char logMessage[PATHLENGTH];
    char tempString[PATHLENGTH];

    printf("\nprintDebugLog : 1");
    //fp is null, file is not open.
    va_list arglist;
    printf("\nprintDebugLog : 2");
    va_start(arglist, log);
    printf("\nprintDebugLog : 3");
    vsnprintf(tempString, 1048, log, arglist);
    printf("\nprintDebugLog : 4");
    strcpy(logMessage, APPNAME);
    printf("\nprintDebugLog : 5");
    strcat(logMessage, DEBUG);
    printf("\nprintDebugLog : 6");
    strcat(logMessage, "[");
    printf("\nprintDebugLog : 7");
    strcat(logMessage, timestamp());
    printf("\nprintDebugLog : 8");
    strcat(logMessage, "][");
    printf("\nprintDebugLog : 9");
    strcat(logMessage, moduleName);
    printf("\nprintDebugLog : 10");
    strcat(logMessage, "] ");
    printf("\nprintDebugLog : 11");
    strcat(logMessage, tempString);

    va_end(arglist);


#if defined(CONSOLE_LOG)

    printf("\t%s\n", logMessage);
#endif

    if (g_logFileDesc != NULL)
    {

        if (g_debug)
        {

            //Check File Size.
            /*if (getFileSize(g_logFileDesc) >= MAX_LOG_FILE_SIZE)
            {

                closeLogFile();
                openLogFile();

            }
            if (fprintf(g_logFileDesc, "%s\n", logMessage) != (strlen(logMessage) + 1))
            {

                printf("\nFile Delete start from Queue \n");
                removeUploadQueue();

            }*/

        }

    }
}

Please let me know if you want more code regarding this.

waiting for your answer....

Answer 1

The segmentation fault signal points to some type of memory problem and, taking into account that you set logMessage and tmpString to the same length and you're filling logMessage with several arguments plus the content in tmpString, as Peter states, is very possible that you're running into a buffer overflow.

Initially, logMessage's length should be: MAX_APPNAME_LEN + MAX_DEBUG_LEN + 4 + MAX_TIMESTAMP_LEN + MAX_MODULENAME_LEN + PATHLENGTH.

Answer 2

char logMessage[5];
char tempString[5];

strcpy(logMessage, "1234");
strcpy(tempString, "1234");

strcat(logMessage, tempString);

may (!) cause the trouble?

Answer 3

On side note, if you are using library it is hard to find out where in your library it caused exception seeing Logs from Logcat.

1. Get latest version of Android-NDK.
2. Save your logcat logs some where on your drive or feed directly to ndk-stack, for example suppose you save it on C:\Error.txt
3. If you are using Windows, open command prompt navigate to directory where you have downloaded latest Android-NDK and then run following command

ndk-stack -sym C:\Project\libs -dump C:\Error.txt

You can find documentation in android_ndk_path/docs/NDK-STACK.html