NativeFunction does not promote variadic arguments smaller than sizeof(int)

[0x410c]

Environment: Android 28 (9.0) Google API x86_64 emulator image.

frida latest build

in a specific application after hooking when calling the real constructor, app crashes with :

03-19 13:29:59.813 12420 12499 F com.package: runtime.cc:566] JNI DETECTED ERROR IN APPLICATION: unexpected jboolean value: -1473958912
03-19 13:29:59.814 12420 12499 F com.package: runtime.cc:566]     in call to CallNonvirtualVoidMethod

with example code :

db1.$init.overload(...).implementation = function (){
	return this.$init(...);
}

this is not related to a constructor hook i guess, but a invalid jboolean memory.

constructor contains multiple values with boolean parameters also

[muhzii]

Hi @0x410c ,

Try calling Java.deoptimizeEverything() before applying the hook.

[0x410c]

same behavior, also crash is not on hooking but when i call the original function!

[0x410c]

this is from the android source
the origination of the error :

bool CheckBoolean(jboolean z) {
    if (z != JNI_TRUE && z != JNI_FALSE) {
      AbortF("unexpected jboolean value: %d", z);
      return false;
    }
    return true;
  }

[0x410c]

also working fine on arm64 android 9

[oleavr]

@0x410c Thanks so much for reporting! You found a fundamental flaw in how NativeFunction handles varargs 🎉

[0x410c]

how can i test this?

[oleavr]

@0x410c Grab 12.8.15, just released.

[0x410c]

working! thanks!