Skip to content

Instantly share code, notes, and snippets.

@marcinguy

marcinguy/viber-cve-2019-11932.md

Created November 23, 2019 09:21
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save marcinguy/c4ed223b27f0bd354b43ff23de875ffe to your computer and use it in GitHub Desktop.
Save marcinguy/c4ed223b27f0bd354b43ff23de875ffe to your computer and use it in GitHub Desktop.
Download ZIP
Viber 11.6.0.15 - CVE-2019-11932
Raw
viber-cve-2019-11932.md

Viber Version 11.6.0.15 - Sep 27th 2019

11-23 10:14:33.102 10721 10721 I crash_dump64: performing dump of process 10359 (target tid = 10700)
11-23 10:14:33.116 10721 10721 F DEBUG   : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
11-23 10:14:33.117 10721 10721 F DEBUG   : Build fingerprint: 'HUAWEI/VOG-L29EEA/HWVOG:9/HUAWEIVOG-L29/9.1.0.224C431:user/release-keys'
11-23 10:14:33.117 10721 10721 F DEBUG   : Revision: '0'
11-23 10:14:33.117 10721 10721 F DEBUG   : ABI: 'arm64'
11-23 10:14:33.117 10721 10721 F DEBUG   : Happend: 'Sat Nov 23 10:14:33 2019
11-23 10:14:33.117 10721 10721 F DEBUG   : '
11-23 10:14:33.117 10721 10721 F DEBUG   : SYSVMTYPE: Art
11-23 10:14:33.117 10721 10721 F DEBUG   : APPVMTYPE: Art
11-23 10:14:33.117 10721 10721 F DEBUG   : pid: 10359, tid: 10700, name: pool-21-thread-  >>> com.viber.voip <<<
11-23 10:14:33.117 10721 10721 F DEBUG   : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
11-23 10:14:33.117 10721 10721 F DEBUG   : Abort message: 'Invalid address 0x75233cd7c0 passed to free: value not allocated'
11-23 10:14:33.117 10721 10721 F DEBUG   :     x0  0000000000000000  x1  00000000000029cc  x2  0000000000000006  x3  0000000000000008
11-23 10:14:33.117 10721 10721 F DEBUG   :     x4  8080808080808080  x5  8080808080808080  x6  8080808080808080  x7  0000000000000008
11-23 10:14:33.117 10721 10721 F DEBUG   :     x8  0000000000000083  x9  d4acce4bd49db5c8  x10 0000000000000000  x11 fffffffc7ffffbdf
11-23 10:14:33.117 10721 10721 F DEBUG   :     x12 0000000000000001  x13 000000005dd8f878  x14 00072b8efa7a9908  x15 000005f6e56aa6c2
11-23 10:14:33.117 10721 10721 F DEBUG   :     x16 00000075c78332c0  x17 00000075c7771e34  x18 00000074e83a4ad8  x19 0000000000002877
11-23 10:14:33.117 10721 10721 F DEBUG   :     x20 00000000000029cc  x21 00000074e815c708  x22 0000000000000001  x23 00000075c783fc20
11-23 10:14:33.117 10721 10721 F DEBUG   :     x24 0000000000000000  x25 00000074e6b10588  x26 00000074e6b10588  x27 0000000000000001
11-23 10:14:33.117 10721 10721 F DEBUG   :     x28 0000000000000030  x29 00000074e6b0eeb0
11-23 10:14:33.117 10721 10721 F DEBUG   :     sp  00000074e6b0ee70  lr  00000075c7766960  pc  00000075c7766988
11-23 10:14:33.121    53    53 W migration/7: type=1400 audit(0.0:852012): avc: granted { setsched } for scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=process
11-23 10:14:33.121    47    47 W migration/6: type=1400 audit(0.0:852013): avc: granted { setsched } for scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=process
11-23 10:14:33.145    47    47 W migration/6: type=1400 audit(0.0:852014): avc: granted { setsched } for scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=process
11-23 10:14:33.145    53    53 W migration/7: type=1400 audit(0.0:852015): avc: granted { setsched } for scontext=u:r:kernel:s0 tcontext=u:r:kernel:s0 tclass=process
11-23 10:14:33.172 10721 10721 F DEBUG   : 
11-23 10:14:33.172 10721 10721 F DEBUG   : backtrace:
11-23 10:14:33.172 10721 10721 F DEBUG   :     #00 pc 0000000000022988  /system/lib64/libc.so (abort+116)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #01 pc 00000000000a0db0  /system/lib64/libc.so (ifree+1204)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #02 pc 000000000009f924  /system/lib64/libc.so (je_realloc+416)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #03 pc 0000000000002ebc  /data/app/com.viber.voip-vq6KvINuXLpOq8H18SFGkg==/lib/arm64/libpl_droidsonroids_gif.so
11-23 10:14:33.172 10721 10721 F DEBUG   :     #04 pc 00000000000026fc  /data/app/com.viber.voip-vq6KvINuXLpOq8H18SFGkg==/lib/arm64/libpl_droidsonroids_gif.so (Java_pl_droidsonroids_gif_GifInfoHandle_renderFrame+240)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #05 pc 00000000001d3194  /data/app/com.viber.voip-vq6KvINuXLpOq8H18SFGkg==/oat/arm64/base.odex (offset 0x1cd000) (com.viber.jni.im2.Im2MessageNative.getMessage [DEDUPED]+180)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #06 pc 000000000056f24c  /system/lib64/libart.so (art_quick_invoke_static_stub+604)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #07 pc 00000000000d4224  /system/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+232)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #08 pc 0000000000283fa8  /system/lib64/libart.so (art::interpreter::ArtInterpreterToCompiledCodeBridge(art::Thread*, art::ArtMethod*, art::ShadowFrame*, unsigned short, art::JValue*)+344)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #09 pc 000000000027dfb0  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+968)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #10 pc 000000000053ff9c  /system/lib64/libart.so (MterpInvokeStatic+204)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #11 pc 0000000000561794  /system/lib64/libart.so (ExecuteMterpImpl+14612)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #12 pc 0000000001b8277e  /data/app/com.viber.voip-vq6KvINuXLpOq8H18SFGkg==/oat/arm64/base.vdex (pl.droidsonroids.gif.GifInfoHandle.a+6)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #13 pc 0000000000257cb4  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.4019025862+488)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #14 pc 000000000025d7a8  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #15 pc 000000000027df94  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #16 pc 0000000000541adc  /system/lib64/libart.so (MterpInvokeVirtualQuick+584)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #17 pc 0000000000565394  /system/lib64/libart.so (ExecuteMterpImpl+29972)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #18 pc 0000000001b85086  /data/app/com.viber.voip-vq6KvINuXLpOq8H18SFGkg==/oat/arm64/base.vdex (pl.droidsonroids.gif.p.a+16)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #19 pc 0000000000257cb4  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.4019025862+488)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #20 pc 000000000025d7a8  /system/lib64/libart.so (art::interpreter::ArtInterpreterToInterpreterBridge(art::Thread*, art::CodeItemDataAccessor const&, art::ShadowFrame*, art::JValue*)+216)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #21 pc 000000000027df94  /system/lib64/libart.so (bool art::interpreter::DoCall<false, false>(art::ArtMethod*, art::Thread*, art::ShadowFrame&, art::Instruction const*, unsigned short, art::JValue*)+940)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #22 pc 0000000000541adc  /system/lib64/libart.so (MterpInvokeVirtualQuick+584)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #23 pc 0000000000565394  /system/lib64/libart.so (ExecuteMterpImpl+29972)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #24 pc 0000000001b851ca  /data/app/com.viber.voip-vq6KvINuXLpOq8H18SFGkg==/oat/arm64/base.vdex (pl.droidsonroids.gif.q.run+16)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #25 pc 0000000000257cb4  /system/lib64/libart.so (_ZN3art11interpreterL7ExecuteEPNS_6ThreadERKNS_20CodeItemDataAccessorERNS_11ShadowFrameENS_6JValueEb.llvm.4019025862+488)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #26 pc 000000000052aa88  /system/lib64/libart.so (artQuickToInterpreterBridge+1020)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #27 pc 00000000005780fc  /system/lib64/libart.so (art_quick_to_interpreter_bridge+92)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #28 pc 000000000033d624  /system/framework/arm64/boot.oat (offset 0x13b000) (java.util.concurrent.Executors$RunnableAdapter.call+68)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #29 pc 00000000003fbbfc  /system/framework/arm64/boot.oat (offset 0x13b000) (java.util.concurrent.FutureTask.run+204)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #30 pc 00000000004c4edc  /system/framework/arm64/boot.oat (offset 0x13b000) (java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run+140)
11-23 10:14:33.172 10721 10721 F DEBUG   :     #31 pc 000000000000a120  /dev/ashmem/dalvik-jit-code-cache (deleted)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment