Build 'libturbomodulejsijni.so' with option -fstack-protector compile flag to enable Stack Smashing Protection (SSP)

This issue has been created since 2022-09-23.

Description

We use React-Native for our android/iOS application. Security team on a customer's behalf identified and reported a vulnerability - libarcore_sdk_jni.so library is not compiled with Stack smashing protection (SSP) in Android.

This is categorized as "Weak Binary Protection | Lacks Stack smashing Protection (SSP) for Libraries".

https://wiki.osdev.org/Stack_Smashing_Protector#:~:text=The%20Stack%20Smashing%20Protector%20(SSP,mitigation%20against%20return%2Doriented%20programming.

Binary needs to be compiled with 'fstack-protector'. Here are couple of links which explains the required change:

Version

0.64.2

Output of npx react-native info

System:
OS: macOS 13.0
CPU: (12) x64 Intel(R) Core(TM) i7-9750H CPU @ 2.60GHz
Memory: 120.68 MB / 16.00 GB
Shell: 5.8.1 - /bin/zsh
Binaries:
Node: 14.19.3 - ~/.nvm/versions/node/v14.19.3/bin/node
Yarn: 1.22.4 - ~/.yarn/bin/yarn
npm: 6.14.17 - ~/.nvm/versions/node/v14.19.3/bin/npm
Watchman: 2022.03.21.00 - /usr/local/bin/watchman
Managers:
CocoaPods: 1.11.3 - /usr/local/bin/pod
SDKs:
iOS SDK:
Platforms: DriverKit 22.1, iOS 16.1, macOS 13.0, tvOS 16.1, watchOS 9.1
Android SDK:
API Levels: 28, 29, 30, 32
Build Tools: 27.0.3, 28.0.3, 29.0.2, 30.0.3
System Images: android-31 | Google APIs Intel x86 Atom_64, android-31 | Google Play Intel x86 Atom_64, android-Tiramisu | Google APIs Intel x86 Atom_64
Android NDK: Not Found
IDEs:
Android Studio: 2021.1 AI-211.7628.21.2111.8309675
Xcode: 14.1/14B5024i - /usr/bin/xcodebuild
Languages:
Java: 11.0.11 - /usr/bin/javac
npmPackages:
@react-native-community/cli: ^4.13.0 => 4.14.0
react: 17.0.1 => 17.0.1
react-native: 0.64.2 => 0.64.2
react-native-macos: Not Found
npmGlobalPackages:
react-native: Not Found

Steps to reproduce

NA

Snack, code example, screenshot, or link to a repository

NA

github-actions[bot] wrote this answer on 2022-09-23
⚠️ Missing Environment Information
ℹ️ Your issue may be missing information about your development environment. You can obtain the missing information by running react-native info in a console.
cortinico wrote this answer on 2022-09-24

libarcore_sdk_jni.so library is not compiled with Stack smashing protection (SSP) in Android.

libarcore_sdk_jni is not a library we own. It's most likely a library from AR Core SDK from Google so you should open this issue against their issue tracker.

jitendragupta24 wrote this answer on 2022-09-24

@cortinico There was a typo in description, though title was correct. I cannot reopen this bug, I will go ahead and create new one. Thanks.

More Details About Repo
Owner Name facebook
Repo Name react-native
Full Name facebook/react-native
Language JavaScript
Created Date 2015-01-09
Updated Date 2022-10-07
Star Count 105180
Watcher Count 3671
Fork Count 22481
Issue Count 2230

YOU MAY BE INTERESTED

Issue Title Created Date Comment Count Updated Date
Mehrsprachigkeit der Eingabemaske im Backend 13 2014-05-28 2022-09-22
LG LMX210EMW - Error uploading firehose error (HELLO_RESP) 3 2022-06-08 2022-08-01
it supports inline_keyboard but not keyboard 3 2020-10-18 2022-07-16
[BUG] `cog` is skipping my `1.0.0` tag 2 2022-08-23 2022-09-22
Windows get frozen (accept keyboard input but stay graphically static) after waking up from suspend 1 2022-05-20 2022-08-23
after rebuild => SOLR schema version not supported: 2.8. Supported versions are [2.7] 1 2018-04-01 2022-09-17
Globe needs to be updated to use new BufferGeometry to support three.js r125+ 0 2022-08-25 2022-09-16
the game shouldn't allow a person to have a name that exists in the game already 2 2022-09-12 2022-09-25
minor SPELLING issue with HERETICS (IMMERSION BREAKING) 5 2022-09-12 2022-09-25
my first report i dont know if it belongs here got killed over nothing from non murderbone 2 2022-09-13 2022-09-25
Can't type operators in comments 1 2021-08-21 2022-09-21
Cannot install Python 3.9.3 on Ubuntu 18.04 4 2021-04-04 2022-10-05
https://johngrib.github.io/wiki/hammerspoon-tutorial-03/ 11 2020-06-11 2022-10-03
Translation into Arabic in the "Edit" menu. 1 2021-11-28 2022-10-02
Browser close-window causes hang 3 2021-03-09 2022-08-28
guides: font weight is too great in a blockquote 1 2020-11-11 2022-09-19
Refresh Store.Chats 2 2021-04-09 2022-01-13
testRetryWithOneShotFailPublisher unit test issue 0 2022-03-30 2022-07-09
一台服务器可以安装k8s跑应用吗? 1 2021-09-09 2021-12-21
can we compile a model without shape information? 3 2022-05-13 2022-10-02
Cryptography issue with some episodes 14 2022-03-10 2022-09-16
Super Mario Odyssey graphical issues on amd/intel after 1.1.200 6 2022-08-02 2022-09-29
trainning problem 1 2022-01-10 2022-01-12
Dev Mode Should Close Launcher Window 1 2022-05-31 2022-09-17
systemd timers not triggering 5 2022-05-08 2022-09-20
Reverse proxy issue - Unauthorized 1 2022-02-26 2022-09-20
What's the RSS feed URL? 2 2022-02-03 2022-08-23
Bug in parse_profiling_output javascript ? 0 2022-02-10 2022-09-23
VirtualContest問題ステータス表示の不具合 0 2021-12-27 2022-08-26
Feature Request: Print relative paths 0 2021-12-13 2022-09-30
ImportError with PyQt5.QtNetwork: undefined symbol: krb5_ser_context_init, version krb5_3_MIT 0 2022-05-18 2022-09-21
pydm application cannot find new widget 8 2022-05-13 2022-09-21
Feature QueryBlockNbt 2 2021-05-11 2022-09-19
Shader error on Metal 5 2021-12-27 2022-09-27
maintainers: Promote Tianon Gravi maintainer 7 2021-09-24 2022-08-16
Vercel : Cannot connect to the socket server 2 2022-07-22 2022-09-22
[rv_plic] D3 review opens 3 2022-07-25 2022-07-24
plugins.MarkerCluster - markers are not showned when tiles=None 2 2020-10-15 2022-10-03
Security Scans Failing Due to ASP.Net Core 2.1.9 Dependency Installation 5 2019-11-25 2022-09-30
[release-1.13] Check AllowAny mode in RDS cache key 1 2022-07-22 2022-10-01
Solutions with namespaces that are in multiple projects can cause duplicate nodes 0 2022-08-04 2022-09-26
Add environment tests for integration libraries 0 2021-09-17 2022-09-29
add resource detection to java tests 2 2021-09-17 2022-10-06
Emotes blurry in new emotes menu 3 2021-09-20 2022-09-18
TODO: Allow the use of fuzzy patching. 0 2022-06-11 2022-09-26
Dead link in most (all?) quality declarations 8 2021-04-01 2022-09-21
Breaking change in markupsafe makes flask crash on service startup 3 2022-02-18 2022-09-26
Add Coinbase wallet connect 0 2021-08-02 2022-08-21
Improvements following move of tile and distribute out of Flow 1 2022-02-17 2022-10-01
How to set height and width of the dialog ? 2 2016-09-26 2022-09-30