Error: unaligned opcodes detected in executable segment

Question

When compiling poc of CVE-2015-1528 from https://github.com/secmob/PoCForCVE-2015-1528 via ndk-build, this error appears:

[armeabi] Compile++ thumb: exploitmedia <= shellcode.cpp
/home/android/Desktop/work_space/PoCForCVE-2015-1528/mediaserver/jni/shellcode.cpp:109:38: warning: always_inline function might not be inlinable [-Wattributes]
__attribute__((always_inline)) void *run_code(char *code,dlopen_t dlopen_f){
                                  ^
/tmp/ccd5ZsxF.s: Assembler messages:
/tmp/ccd5ZsxF.s: Error: unaligned opcodes detected in executable segment
make: *** [/home/android/Desktop/work_space/PoCForCVE-2015-1528/mediaserver/obj/local/armeabi/objs/exploitmedia/shellcode.o] Error 1

Note: The goal of compiling this poc is educational.

Answer 1

Unused automatically allocated variables may cause this problem with --gdwarf-2

I don't understand the problem deeply, but here goes a minimal runnable example.

Consider this Linux ARMv8 hello world:

.text
.global _start
_start:
asm_main_after_prologue:
    /* write */
    mov x0, #1
    ldr x1, =msg
    ldr x2, =len
    mov x8, #64
    svc #0

    /* exit */
    mov x0, #0
    mov x8, #93
    svc #0
msg:
    .ascii "hello syscall v8\n"
len = . - msg

which assembles fine with:

aarch64-linux-gnu-as --gdwarf-2 hello.S

on Ubuntu 16.04 aarch64-linux-gnu-gcc 5.4.0.

Now, if you remove the references to the msg variable:

.text
.global _start
_start:
asm_main_after_prologue:
    /* exit */
    mov x0, #0
    mov x8, #93
    svc #0
msg:
    .ascii "hello syscall v8\n"
len = . - msg

it starts failing with:

hello.S: Assembler messages:
hello.S: Error: unaligned opcodes detected in executable segment

So somehow, when references are removed, it must be thinking that the hello syscall v8 string is an instruction instead of data.

Answer 2

I found the solution. I should use AOSP compiler like mmm. After compiling AOSP, mmm commnad appears. usage:

mmm path/to/PoCForCVE-2015-1528/mediaserver/