Does anyone know the appropriate thing to do for the official NBA app? It's constantly crashing for me with hardened_malloc errors. I guess the app is a leaky POS, but what are my options here? Is hardened_malloc protecting me from some potential vulnerabilities that may be caused by this app or should I disable hardened_malloc specifically for this app?

You can work around memory corruption bugs in the app by disabling hardened_malloc for that app in particular.

The crashes should be reported to their developers as they can present potential security issues.

  • eggy replied to this.

    The log:

    osVersion: google/shiba/shiba:14/AP1A.240305.019.A1/2024031100:user/release-keys
uid: 10189 (u:r:untrusted_app:s0:c189,c256,c512,c768)
cmdline: com.nbaimd.gametime.nba2011
processUptime: 16s

abortMessage: hardened_malloc: fatal allocator error: detected write after free

signal: 6 (SIGABRT), code -1 (SI_QUEUE)
threadName: NR_AppStateMon-
MTE: not enabled

backtrace:
    /apex/com.android.runtime/lib64/bionic/libc.so (abort+168, pc 680f8)
    /apex/com.android.runtime/lib64/bionic/libc.so (fatal_error+48, pc 4fdfc)
    /apex/com.android.runtime/lib64/bionic/libc.so (allocate+3092, pc 4cbd4)
    /apex/com.android.runtime/lib64/bionic/libc.so (malloc+40, pc 47e48)
    /apex/com.android.os.statsd/lib64/libstatssocket.so (operator new(unsigned long)+36, pc 20924)
    /apex/com.android.art/lib64/libart.so (art::JNI<false>::GetStringChars(_JNIEnv*, _jstring*, unsigned char*)+248, pc 8c4ce8)
    /apex/com.android.i18n/lib64/libicu_jni.so (MatcherState::updateInput(_JNIEnv*, _jstring*)+112, pc 8000)
    /apex/com.android.i18n/lib64/libicu_jni.so (MatcherNative_setInputImpl(_JNIEnv*, _jclass*, long, _jstring*, int, int)+44, pc 1003c)
    /system/framework/arm64/boot-core-icu4j.oat (art_jni_trampoline+136, pc 2e5e8)
    /system/framework/arm64/boot.oat (java.util.regex.Matcher.reset+420, pc 1a6014)
    /system/framework/arm64/boot.oat (java.util.Scanner.readInput+388, pc 21e564)
    /system/framework/arm64/boot.oat (java.util.Scanner.next+108, pc 21e95c)
    /data/app/~~1xs71K-edw1_WpfpN6R1SQ==/com.nbaimd.gametime.nba2011-i1B1Vp9PJPROBPue064Gsg==/oat/arm64/base.odex (com.newrelic.agent.android.ndk.AgentNDK.isRooted+1248, pc 452d000)
    /data/app/~~1xs71K-edw1_WpfpN6R1SQ==/com.nbaimd.gametime.nba2011-i1B1Vp9PJPROBPue064Gsg==/oat/arm64/base.odex (com.newrelic.agent.android.ndk.NativeReporting.start+2600, pc 4f7cf48)
    /data/app/~~1xs71K-edw1_WpfpN6R1SQ==/com.nbaimd.gametime.nba2011-i1B1Vp9PJPROBPue064Gsg==/oat/arm64/base.odex (com.newrelic.agent.android.AndroidAgentImpl.start+488, pc 4b3fdc8)
    /data/app/~~1xs71K-edw1_WpfpN6R1SQ==/com.nbaimd.gametime.nba2011-i1B1Vp9PJPROBPue064Gsg==/oat/arm64/base.odex (com.newrelic.agent.android.AndroidAgentImpl.applicationForegrounded+144, pc 4b3cbc0)
    /data/app/~~1xs71K-edw1_WpfpN6R1SQ==/com.nbaimd.gametime.nba2011-i1B1Vp9PJPROBPue064Gsg==/oat/arm64/base.odex (com.newrelic.agent.android.background.ApplicationStateMonitor.notifyApplicationInForeground+408, pc 44f1ae8)
    /data/app/~~1xs71K-edw1_WpfpN6R1SQ==/com.nbaimd.gametime.nba2011-i1B1Vp9PJPROBPue064Gsg==/oat/arm64/base.odex (q.u.run+856, pc 1f46068)
    /system/framework/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor.runWorker+680, pc 27ad98)
    /system/framework/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor$Worker.run+56, pc 278868)
    /system/framework/arm64/boot.oat (java.lang.Thread.run+64, pc 14b310)
    /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612, pc 3e6774)
    /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+228, pc 3c7fb4)
    /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1660, pc 4da9ac)
    /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallbackWithUffdGc(void*)+12, pc 4da31c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204, pc d5e6c)
    /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+68, pc 69a64)