androidandroid-ndkjvm-crash

What is the meaning of 0xdeadcab1 fault address


I have observed this value in the r3 or x8 register (on ARM) a handful of times when crashing in native code on Android. The crash is always caused by signal 11 (SIGSEGV), code 1 (SEGV_MAPERR). I was wondering if the specific value 0xdeadcab1 offers any additional information (like 0xdeadbaad indicates a heap corruption) or is it synonymous with SIGSEGV/SEGV_MAPERR?


Solution

  • The 0xdeadcab1 constant is hardcoded in Android's C++ runtime called GAbi++. This runtime, upon termination (i.e. a call to std::terminate()), dereferences this address to make it stand out in stack traces. cab1 is meant to stand for "C++ ABI". The GAbi++ runtime isn't the default on Android, but it is embedded in STLPort, which was a common STL implementation on Android for a long time (it has been removed in NDK 18 in favour of libc++).

    I have observed this apparent segfault in out-of-memory situations, where a std::bad_alloc is thrown, but if exceptions are disabled, it will fall back on std::terminate() (which will dereference this address in order to generate a segfault under GAbi++). I wouldn't rule out other scenarios also causing the same segfault.