A Hidden Weakness
a year ago
- #Firefox
- #BugHunting
- #Android
- Android platform defines different API levels, with some symbols only available starting from certain API versions.
- Using symbols like ASystemFontIterator_open on older APIs requires dynamic lookup via dlopen and dlsym or refusing to run on older APIs.
- Android offers __ANDROID_UNAVAILABLE_SYMBOLS_ARE_WEAK__ for weak symbol definitions, combined with compiler and runtime checks.
- Clang's -Werror=unguarded-availability ensures static checks for API level mismatches, preventing unsafe weak symbol calls.
- Firefox's build system defaults to hidden visibility, causing weak symbols to be undefined in shared libraries, leading to crashes.
- The fix involves temporarily changing visibility to default when including Android system headers to ensure symbols are correctly resolved.