From 5bbef84a43259cfc34513c20a51d6fb9e3a1b65e Mon Sep 17 00:00:00 2001
From: NkBe <HSSkyBoy@outlook.com>
Date: Tue, 30 Sep 2025 23:23:31 +0800
Subject: [PATCH] feat: Add null checks for JNI method arguments

Adds a null pointer check for the origApkPath and cacheApkPath arguments in the enableOpenatHook native method.

Previously, passing nullptr to this method would lead to a potential crash. The added checks ensure the function handles invalid input gracefully by logging an error and returning early, thus preventing a potential crash.
---
 .github/workflows/master.yml                  |  4 +-
 .../src/main/jni/src/jni/bypass_sig.cpp       | 72 ++++++++++---------
 2 files changed, 43 insertions(+), 33 deletions(-)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index 68403e6..72224da 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -2,6 +2,8 @@ name: Build CI
 
 on:
   workflow_dispatch:
+  pull_request:
+  merge_group:
 
 jobs:
   build:
@@ -41,7 +43,7 @@ jobs:
       uses: actions/cache@v4
       with:
         path: ~/.ccache
-        key: ${{ runner.os }}-ccache-${{ github.sha }}
+        key: ${{ runner.os }}-ccache-${{ hashFiles('**/src/**/*.cpp', '**/src/**/*.h', '**/CMakeLists.txt') }}
         restore-keys: |
           ${{ runner.os }}-ccache-
 
diff --git a/patch-loader/src/main/jni/src/jni/bypass_sig.cpp b/patch-loader/src/main/jni/src/jni/bypass_sig.cpp
index dd3419d..f922404 100644
--- a/patch-loader/src/main/jni/src/jni/bypass_sig.cpp
+++ b/patch-loader/src/main/jni/src/jni/bypass_sig.cpp
@@ -1,6 +1,6 @@
 //
 // Created by VIP on 2021/4/25.
-// Update by HSSkyBoy on 2025/9/7
+// Update by HSSkyBoy on 2025/9/11
 //
 
 #include "bypass_sig.h"
@@ -17,57 +17,65 @@ using lsplant::operator""_sym;
 
 namespace lspd {
 
-std::string apkPath;
-std::string redirectPath;
+    std::string apkPath;
+    std::string redirectPath;
 
-inline static constexpr const char* kLibCName = "libc.so";
+    inline static constexpr const char* kLibCName = "libc.so";
 
 // 修改回傳型別以匹配 kImg 的實際型別
-std::unique_ptr<SandHook::ElfImg> &GetC(bool release = false) {
-    static auto kImg = std::make_unique<SandHook::ElfImg>(kLibCName);
-    if (release) {
-        kImg.reset();
-        kImg = nullptr;
+    std::unique_ptr<SandHook::ElfImg> &GetC(bool release = false) {
+        static auto kImg = std::make_unique<SandHook::ElfImg>(kLibCName);
+        if (release) {
+            kImg.reset();
+            kImg = nullptr;
+        }
+        return kImg;
     }
-    return kImg;
-}
 
-inline static auto __openat_ =
-    "__openat"_sym.hook->*[]<lsplant::Backup auto backup>(int fd, const char *pathname, int flag,
-                                                          int mode) static -> int {
-    if (pathname && strcmp(pathname, apkPath.c_str()) == 0) {
-        return backup(fd, redirectPath.c_str(), flag, mode);
-    }
-    return backup(fd, pathname, flag, mode);
-};
+    inline static auto __openat_ =
+            "__openat"_sym.hook->*[]<lsplant::Backup auto backup>(int fd, const char *pathname, int flag,
+                                                                  int mode) static -> int {
+                if (pathname && strcmp(pathname, apkPath.c_str()) == 0) {
+                    return backup(fd, redirectPath.c_str(), flag, mode);
+                }
+                return backup(fd, pathname, flag, mode);
+            };
 
     static bool HookOpenat(const lsplant::HookHandler &handler) { return handler(__openat_); }
 
     LSP_DEF_NATIVE_METHOD(void, SigBypass, enableOpenatHook, jstring origApkPath,
                           jstring cacheApkPath) {
+        if (origApkPath == nullptr || cacheApkPath == nullptr) {
+            LOGE("Invalid arguments: original or cache path is null.");
+            return;
+        }
+
         lsplant::JUTFString str1(env, origApkPath);
         lsplant::JUTFString str2(env, cacheApkPath);
+
         apkPath = str1.get();
         redirectPath = str2.get();
 
-    auto r = HookOpenat(lsplant::InitInfo{
-        .inline_hooker =
-            [](auto t, auto r) {
-                void *bk = nullptr;
-                return HookInline(t, r, &bk) == 0 ? bk : nullptr;
-            },
-        .art_symbol_resolver = [](auto symbol) { return GetC()->getSymbAddress(symbol); },
-    });
-    if (!r) {
-        LOGE("Hook __openat fail");
+        auto r = HookOpenat(lsplant::InitInfo{
+                .inline_hooker =
+                [](auto t, auto r) {
+                    void *bk = nullptr;
+                    return HookInline(t, r, &bk) == 0 ? bk : nullptr;
+                },
+                .art_symbol_resolver = [](auto symbol) {
+                    return GetC()->getSymbAddress(symbol);
+                },
+        });
+        if (!r) {
+            LOGE("Hook __openat fail");
         }
         // 无论 Hook 成功与否，都确保清除 libc.so 的 ElfImg
         GetC(true);
     }
 
-static JNINativeMethod gMethods[] = {
-    LSP_NATIVE_METHOD(SigBypass, enableOpenatHook, "(Ljava/lang/String;Ljava/lang/String;)V")};
+    static JNINativeMethod gMethods[] = {
+            LSP_NATIVE_METHOD(SigBypass, enableOpenatHook, "(Ljava/lang/String;Ljava/lang/String;)V")};
 
-void RegisterBypass(JNIEnv *env) { REGISTER_LSP_NATIVE_METHODS(SigBypass); }
+    void RegisterBypass(JNIEnv *env) { REGISTER_LSP_NATIVE_METHODS(SigBypass); }
 
 }  // namespace lspd