Make CVE-2015-1805 test more robust
Previously this test could have failed if FIXED_ADDR was already mapped.
Bug: 27275324
Bug: 27721803
Change-Id: I3d0d194701281b124364280377a44f15ab588490
diff --git a/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp b/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
index dbc8ede..be380c7 100644
--- a/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
+++ b/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
@@ -259,13 +259,14 @@
#define FIXED_ADDR 0x45678000
#define TIMEOUT 60 /* seconds */
-struct iovec *iovs = NULL;
-int fd[2];
+static struct iovec *iovs = NULL;
+static int fd[2];
+static void *overflow_addr;
void* func_map(void*)
{
- munmap((void*)(FIXED_ADDR), PAGE_SIZE);
- mmap((void*)(FIXED_ADDR), PAGE_SIZE, PROT_READ | PROT_WRITE,
+ munmap(overflow_addr, PAGE_SIZE);
+ overflow_addr = mmap(overflow_addr, PAGE_SIZE, PROT_READ | PROT_WRITE,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
return NULL;
}
@@ -306,8 +307,10 @@
iovs[OVERFLOW_BUF].iov_base = bufs[OVERFLOW_BUF];
iovs[OVERFLOW_BUF].iov_len = IOV_LEN;
- bufs[OVERFLOW_BUF] = mmap((void*)(FIXED_ADDR), PAGE_SIZE, PROT_READ | PROT_WRITE,
- MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
+ overflow_addr = mmap((void *) FIXED_ADDR, PAGE_SIZE, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+ bufs[OVERFLOW_BUF] = overflow_addr;
if (bufs[OVERFLOW_BUF] == MAP_FAILED) {
ALOGE("mmap fixed addr failed:%s", strerror(errno));
goto __close_pipe;
@@ -338,6 +341,12 @@
pthread_join(thr_map, NULL);
pthread_join(thr_readv, NULL);
+ bufs[OVERFLOW_BUF] = overflow_addr;
+ if (bufs[OVERFLOW_BUF] == MAP_FAILED) {
+ ALOGE("mmap fixed addr failed:%s", strerror(errno));
+ goto __free_bufs;
+ }
+
clock_gettime(CLOCK_MONOTONIC, &ts);
if ((ts.tv_sec - time) > TIMEOUT) {
ret = true;