Hi,
the dexdump tool, bundled with Android SDK was identified to
perform suspicious write accesses in the dexDecodeDebugInfo function,
as defined in dalvik/libdex/DexFile.c.
The structural parser in dexdump failed to properly parse debug info
such as code position info, with indications of code execution. This
could potentially be misused by remote attackers, tricking users into
opening apk/dex-files from untrusted sources (such as for disassembling
or decompiling via undx).
The crash dump looks as follows:
exception=EXC_BAD_ACCESS:signal=Segmentation
fault:is_exploitable=yes:instruction_disassembly=movl
%edx,(%eax,%esi):instruction_address=0x00000000000087e0:access_type=write:access_address=0x00000000c00feeb0:
Crash accessing invalid address. Consider running it again with
libgmalloc(3) to see if the log changes.
Process: dexdump [75749]
Path:
/Users/marc/android-sdk-mac_86/platforms/android-8/tools/dexdump
Identifier: dexdump
Version: ??? (???)
Code Type: X86 (Native)
Parent Process: exc_handler_snowleopard [75748]
Date/Time: 2010-05-26 08:30:16.960 +0200
OS Version: Mac OS X 10.6.3 (10D573)
Report Version: 6
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000c00feeb0
Crashed Thread: 0
Read more: FullDisclosure list