Comment 6 for bug 2026151

aapt --version and aapt2 version just works. The problem appears to be inside /usr/lib/arm-linux-gnueabihf/android/libandroidfw.so.

Digging a bit more, the code crashes here:

#0 android::ResTable_config::copyFromDeviceNoSwap (this=0xfffee6a0, o=...)
    at ./libs/androidfw/ResourceTypes.cpp:1838

1835 void ResTable_config::copyFromDeviceNoSwap(const ResTable_config& o) {
1836 const size_t size = dtohl(o.size);
1837 if (size >= sizeof(ResTable_config)) {
1838 *this = o;
1839 } else {
1840 memcpy(this, &o, size);
1841 memset(((uint8_t*)this)+size, 0, sizeof(ResTable_config)-size);
1842 }

The exact instruction is loading the contents of some registers to the address stored in r1

0xf7eb95d8 <+20>: ldm r1!, {r2, r3, r4, r5, r6}

Here is the value of r1:

(gdb) i r r1
r1 0xf7fcf71d 4160550685

This address is where the .apk file is mapped to? o.O what...

f7fcf000-f7fd0000 r--s 00000000 fc:10 25777288 /tmp/tmpntfkh146/out.apk

And it is not writable, what explain the bus error.

The package with this code is android-libandroidfw.