Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / cts / efcd9a59b1d07db75858c2caf2059aaee09616a9^! / .
commitefcd9a59b1d07db75858c2caf2059aaee09616a9[log] [tgz]
authorUtsav Singh <utsavs@google.com>Tue May 31 08:14:28 2016 -0700
committerUtsav Singh <utsavs@google.com>Tue May 31 08:14:28 2016 -0700
treef8fa625af34c5d89cf6c15885ed8e17a8875916c
parent531276e53b0ab7bdc8df8ba21f80a7824ee68ea2 [diff]
DO NOT MERGE: CTS test case for CVE-2015-1532

Verifies for Heap overflow in libpng(9patch) which is exposed via
BitmapFactory.decodeStream in Java. The test case uses a a crafted PNG image
with incorrect npTc chunk to trigger the vulnerability.

Bug: 19151999

Change-Id: I4c0b95236619acd417000c24726d8f77a4d7e078
Signed-off-by: Utsav Singh <utsavs@google.com>

diff --git a/tests/tests/security/res/raw/cve_2015_1532.png b/tests/tests/security/res/raw/cve_2015_1532.png
new file mode 100644
index 0000000..57924ae
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2015_1532.png
Binary files differ

diff --git a/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java b/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java
new file mode 100644
index 0000000..0ee5a3d
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.graphics.BitmapFactory;
+import android.test.AndroidTestCase;
+
+import com.android.cts.security.R;
+
+import java.io.BufferedInputStream;
+import java.io.InputStream;
+
+public class BitmapFactoryDecodeStreamTest extends AndroidTestCase {
+    /*
+     * This test case reproduces the bug in CVE-2015-1532.
+     * It verifies that the BitmapFactory:decodeStream method is not vulnerable
+     * to heap corruption by trying to open a crafted PNG image with incorrect
+     * npTc chunk.
+     */
+    public void testNinePatchHeapOverflow() throws Exception {
+        InputStream inStream = new BufferedInputStream(mContext.getResources().openRawResource(
+                R.raw.cve_2015_1532));
+        BitmapFactory.decodeStream(inStream);
+
+    }
+}