Merge changes Ia776548f,I6948de2f,I789a1d45,I5e56b65f into oc-dev
* changes:
[RESTRICT AUTOMERGE] CTS in infeasible for bugs 62133227, 24346430 and 35430570.
[RESTRICT AUTOMERGE] Updated CTS test for Android Security b/17769851
[RESTRICT AUTOMERGE] Updated CTS test for Android Security b/32096780
[RESTRICT AUTOMERGE] Updated CTS test for Android Security b/34749571
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index cf0fa76..26a5610 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -42,7 +42,7 @@
<!-- Bulletin 2015-12 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
- <option name="push" value="CVE-2015-6632->/data/local/tmp/CVE-2015-6632" />
+ <option name="push" value="CVE-2015-6616->/data/local/tmp/CVE-2015-6616" />
<option name="push" value="CVE-2015-6626->/data/local/tmp/CVE-2015-6626" />
<!--__________________-->
@@ -159,7 +159,6 @@
<!--__________________-->
<!-- Bulletin 2017-09 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
- <option name="push" value="CVE-2017-0778->/data/local/tmp/CVE-2017-0778" />
<option name="push" value="Bug-38195738->/data/local/tmp/Bug-38195738" />
<option name="push" value="CVE-2017-11041->/data/local/tmp/CVE-2017-11041" />
@@ -280,7 +279,6 @@
<option name="push" value="CVE-2017-1317932->/data/local/tmp/CVE-2017-13179" />
<option name="push" value="CVE-2017-083332->/data/local/tmp/CVE-2017-0833" />
<option name="push" value="CVE-2017-083232->/data/local/tmp/CVE-2017-0832" />
- <option name="push" value="CVE-2017-085132->/data/local/tmp/CVE-2017-0851" />
<option name="push" value="CVE-2017-1315032->/data/local/tmp/CVE-2017-13150" />
<option name="push" value="CVE-2017-1320532->/data/local/tmp/CVE-2017-13205" />
<option name="push" value="CVE-2017-1318932->/data/local/tmp/CVE-2017-13189" />
diff --git a/hostsidetests/securitybulletin/res/cve_2015_6616.mp4 b/hostsidetests/securitybulletin/res/cve_2015_6616.mp4
new file mode 100644
index 0000000..716c942
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2015_6616.mp4
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/cve_2015_6632.mp4 b/hostsidetests/securitybulletin/res/cve_2015_6632.mp4
deleted file mode 100644
index 661224a..0000000
--- a/hostsidetests/securitybulletin/res/cve_2015_6632.mp4
+++ /dev/null
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/cve_2017_0778.mp4 b/hostsidetests/securitybulletin/res/cve_2017_0778.mp4
deleted file mode 100644
index 84caa5a..0000000
--- a/hostsidetests/securitybulletin/res/cve_2017_0778.mp4
+++ /dev/null
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/cve_2017_0851.hevc b/hostsidetests/securitybulletin/res/cve_2017_0851.hevc
deleted file mode 100644
index d0bd9a7..0000000
--- a/hostsidetests/securitybulletin/res/cve_2017_0851.hevc
+++ /dev/null
Binary files differ
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616/Android.mk
similarity index 70%
rename from hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/Android.mk
rename to hostsidetests/securitybulletin/securityPatch/CVE-2015-6616/Android.mk
index 3e020f4..a7fba7e 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/Android.mk
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616/Android.mk
@@ -1,4 +1,4 @@
-#Copyright (C) 2020 The Android Open Source Project
+# Copyright (C) 2020 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,19 +15,24 @@
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2015-6632
+LOCAL_MODULE := CVE-2015-6616
LOCAL_SRC_FILES := poc.cpp
-LOCAL_SRC_FILES += ../includes/memutils.c
LOCAL_MULTILIB := both
LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
LOCAL_C_INCLUDES := frameworks/av/media/libstagefright
+LOCAL_C_INCLUDES += frameworks/av/include/media/stagefright
+LOCAL_C_INCLUDES += cts/hostsidetests/securitybulletin/securityPatch/includes
LOCAL_SHARED_LIBRARIES := libstagefright
+LOCAL_SHARED_LIBRARIES += libstagefright_foundation
+LOCAL_SHARED_LIBRARIES += libdrmframework
+LOCAL_SHARED_LIBRARIES += liblog
LOCAL_SHARED_LIBRARIES += libutils
+# Tag this module as a cts test artifact
LOCAL_COMPATIBILITY_SUITE := cts sts vts
LOCAL_CTS_TEST_PACKAGE := android.security.cts
LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -Wno-unused-parameter -DCHECK_OVERFLOW
+LOCAL_CFLAGS += -Wall -Werror
include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616/poc.cpp
new file mode 100644
index 0000000..a6aca76
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616/poc.cpp
@@ -0,0 +1,52 @@
+/**
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <sys/types.h>
+#include <include/MPEG4Extractor.h>
+#include "FileSource.h"
+#include "common.h"
+
+void * operator new(size_t size) {
+ if (size > 64 * 1024 * 1024) {
+ exit (EXIT_VULNERABLE);
+ }
+ return malloc(size);
+}
+
+using namespace android;
+
+int main(int argc, char **argv) {
+ if (argc < 2) {
+ return EXIT_FAILURE;
+ }
+
+ sp < DataSource > dataSource = new FileSource(argv[1]);
+ if (dataSource == nullptr) {
+ return EXIT_FAILURE;
+ }
+
+ MPEG4Extractor *ret = new MPEG4Extractor(dataSource.get());
+ if (ret == nullptr) {
+ return EXIT_FAILURE;
+ }
+
+ sp < IMediaSource > source = ret->getTrack(0);
+ if (source == nullptr) {
+ return EXIT_FAILURE;
+ }
+
+ source->start(NULL);
+ return EXIT_SUCCESS;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/poc.cpp
deleted file mode 100644
index 4ab4169..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/poc.cpp
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <media/stagefright/FileSource.h>
-#include <media/stagefright/MediaExtractor.h>
-#include <media/stagefright/MetaData.h>
-#include "include/MPEG4Extractor.h"
-
-using namespace android;
-int main(int argc, char **argv) {
- if (argc < 2) {
- return EXIT_SUCCESS;
- }
- sp < IMediaSource > mediaSource;
- sp < DataSource > dataSource = new FileSource(argv[1]);
- MediaExtractor *ret = new MPEG4Extractor(dataSource.get());
-
- sp < MetaData > metadata;
- metadata = ret->getMetaData();
- return EXIT_SUCCESS;
-}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0597/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0597/poc.cpp
index 24664c1..7a72d00 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0597/poc.cpp
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0597/poc.cpp
@@ -61,7 +61,7 @@
status_t status = track->initCheck();
if (status != NO_ERROR) {
track.clear();
- return -1;
+ return EXIT_FAILURE;
}
track->start();
sleep(TIMEOUT_SEC);
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0713/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0713/poc.cpp
index 5d8b3cb..ca922be 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0713/poc.cpp
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0713/poc.cpp
@@ -63,7 +63,7 @@
int main(int argc, char **argv) {
if (argc != 2) {
- return EXIT_SUCCESS;
+ return EXIT_FAILURE;
}
SkWStream* outputStream = new NullWStream();
SkScalar pageWidth = 100;
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/Android.mk
deleted file mode 100644
index 1c5bad5..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/Android.mk
+++ /dev/null
@@ -1,34 +0,0 @@
-#Copyright (C) 2020 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := CVE-2017-0778
-LOCAL_SRC_FILES := poc.cpp
-LOCAL_SRC_FILES += ../includes/memutils.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-LOCAL_C_INCLUDES := frameworks/av/media/libstagefright
-LOCAL_SHARED_LIBRARIES := libstagefright
-LOCAL_SHARED_LIBRARIES += libutils
-
-LOCAL_COMPATIBILITY_SUITE := cts sts vts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -Wno-unused-parameter -DCHECK_OVERFLOW \
- -DFORCE_UNALIGN -DENABLE_SELECTIVE_OVERLOADING
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/poc.cpp
deleted file mode 100644
index 2eb89c2..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/poc.cpp
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <media/stagefright/FileSource.h>
-#include <media/stagefright/MediaExtractor.h>
-#include <media/stagefright/MetaData.h>
-#include "include/MPEG4Extractor.h"
-#include "../includes/memutils.h"
-
-using namespace android;
-char enable_selective_overload = ENABLE_NONE;
-int main(int argc, char **argv) {
- if (argc < 2) {
- return EXIT_SUCCESS;
- }
- sp < IMediaSource > mediaSource;
- sp < DataSource > dataSource = new FileSource(argv[1]);
- MediaExtractor *ret = new MPEG4Extractor(dataSource.get());
-
- sp < MetaData > metadata;
- enable_selective_overload = ENABLE_MEMALIGN_CHECK | ENABLE_MALLOC_CHECK;
- metadata = ret->getMetaData();
- enable_selective_overload = ENABLE_NONE;
- return EXIT_SUCCESS;
-}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/Android.mk
deleted file mode 100644
index 6f8c228..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/Android.mk
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright (C) 2020 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := CVE-2017-0851
-LOCAL_SRC_FILES := poc.c
-LOCAL_SRC_FILES += ../includes/memutils.c
-LOCAL_MULTILIB := 32
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_C_INCLUDES := external/libhevc/common
-LOCAL_C_INCLUDES += external/libhevc/decoder
-LOCAL_SHARED_LIBRARIES := libstagefright_soft_hevcdec
-LOCAL_SHARED_LIBRARIES += liblog
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts sts vts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -DCHECK_OVERFLOW
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/poc.c
deleted file mode 100644
index 22dbc87..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/poc.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/**
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define _GNU_SOURCE
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/time.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "ihevc_typedefs.h"
-#include "ihevcd_cxa.h"
-
-#define IP_BUF_LEN (256 * 1024)
-#define FRAME_WIDTH 8192
-#define FRAME_HEIGHT 4096
-#define OP_BUF_LEN_0 (FRAME_WIDTH * FRAME_HEIGHT)
-#define OP_BUF_LEN_1 (FRAME_WIDTH * FRAME_HEIGHT) / 2
-#define NUM_OP_BUFS (2)
-#define OP_BUF_LEN (OP_BUF_LEN_0 + OP_BUF_LEN_1)
-#define NUM_CORES (1)
-#define MEMSET_VAL (0xFF)
-#define TEST_MALLOC_SIZE (8)
-
-#define EXIT_ON_ERROR(status) {\
- if (IV_SUCCESS != status) {\
- if(ps_ip_file)\
- fclose(ps_ip_file);\
-\
- if(pu1_bs_buf)\
- free(pu1_bs_buf);\
-\
- if(ps_out_buf) {\
- free(ps_out_buf);\
- if(ps_out_buf->pu1_bufs[0])\
- free(ps_out_buf->pu1_bufs[0]);\
- }\
- exit(EXIT_SUCCESS);\
- }\
-}
-
-void * ihevca_aligned_malloc(void *pv_ctxt, WORD32 alignment, WORD32 i4_size) {
- (void) pv_ctxt;
- return memalign(alignment, i4_size);
-}
-
-void ihevca_aligned_free(void *pv_ctxt, void *pv_buf) {
- (void) pv_ctxt;
- free(pv_buf);
- return;
-}
-
-void flush_output(iv_obj_t *codec_obj, ivd_out_bufdesc_t *ps_out_buf,
- UWORD8 *pu1_bs_buf, UWORD32 *pu4_op_frm_ts,
- UWORD32 u4_ip_frm_ts, UWORD32 u4_bytes_remaining) {
- WORD32 ret;
-
- do {
- ivd_ctl_flush_ip_t s_ctl_ip;
- ivd_ctl_flush_op_t s_ctl_op;
-
- if (*pu4_op_frm_ts >= (10000))
- break;
-
- s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_FLUSH;
- s_ctl_ip.u4_size = sizeof(ivd_ctl_flush_ip_t);
- s_ctl_op.u4_size = sizeof(ivd_ctl_flush_op_t);
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_ip, (void *) &s_ctl_op);
-
- if (IV_SUCCESS == ret) {
- ivd_video_decode_ip_t *ps_video_decode_ip = memalign(
- 8, sizeof(ivd_video_decode_ip_t));
- ivd_video_decode_op_t *ps_video_decode_op = memalign(
- 8, sizeof(ivd_video_decode_op_t));
- ps_out_buf =
- (ivd_out_bufdesc_t *) &ps_video_decode_ip->s_out_buffer;
-
- memset(ps_out_buf, MEMSET_VAL, sizeof(ivd_out_bufdesc_t));
-
- for (int tmp = 0; tmp < IVD_VIDDEC_MAX_IO_BUFFERS; tmp++) {
- ps_out_buf->pu1_bufs[tmp] = malloc(TEST_MALLOC_SIZE);
- ps_out_buf->u4_min_out_buf_size[tmp] = TEST_MALLOC_SIZE;
- }
-
- ps_video_decode_ip->e_cmd = IVD_CMD_VIDEO_DECODE;
- ps_video_decode_ip->u4_ts = u4_ip_frm_ts;
- ps_video_decode_ip->pv_stream_buffer = pu1_bs_buf;
- ps_video_decode_ip->u4_num_Bytes = u4_bytes_remaining;
- ps_video_decode_ip->u4_size = sizeof(ivd_video_decode_ip_t);
- ps_video_decode_ip->s_out_buffer.u4_min_out_buf_size[0] = ps_out_buf
- ->u4_min_out_buf_size[0];
- ps_video_decode_ip->s_out_buffer.u4_min_out_buf_size[1] = ps_out_buf
- ->u4_min_out_buf_size[1];
- ps_video_decode_ip->s_out_buffer.u4_min_out_buf_size[2] = ps_out_buf
- ->u4_min_out_buf_size[2];
- ps_video_decode_ip->s_out_buffer.pu1_bufs[0] =
- ps_out_buf->pu1_bufs[0];
- ps_video_decode_ip->s_out_buffer.pu1_bufs[1] =
- ps_out_buf->pu1_bufs[1];
- ps_video_decode_ip->s_out_buffer.pu1_bufs[2] =
- ps_out_buf->pu1_bufs[2];
- ps_video_decode_ip->s_out_buffer.u4_num_bufs =
- IVD_VIDDEC_MAX_IO_BUFFERS + 1;
-
- ps_video_decode_op->u4_size = sizeof(ivd_video_decode_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) ps_video_decode_ip,
- (void *) ps_video_decode_op);
-
- if (1 == ps_video_decode_op->u4_output_present) {
- (*pu4_op_frm_ts)++;
- }
- }
- } while (IV_SUCCESS == ret);
-}
-
-int main(WORD32 argc, CHAR *argv[]) {
- FILE *ps_ip_file = NULL;
- WORD32 ret;
- UWORD8 *pu1_bs_buf = NULL;
- ivd_out_bufdesc_t *ps_out_buf;
- UWORD32 file_pos = 0;
- UWORD32 u4_ip_frm_ts = 0, u4_op_frm_ts = 0;
- WORD32 u4_bytes_remaining = 0;
- iv_obj_t *codec_obj;
-
- /* Usage */
- if (argc < 2) {
- return EXIT_SUCCESS;
- }
-
- ps_ip_file = fopen(argv[1], "rb");
- if (!ps_ip_file) {
- return EXIT_SUCCESS;
- }
-
- /* Create decoder instance */
- {
- ihevcd_cxa_create_ip_t s_create_ip;
- ihevcd_cxa_create_op_t s_create_op;
- void *fxns = &ihevcd_cxa_api_function;
-
- ps_out_buf = (ivd_out_bufdesc_t *) malloc(sizeof(ivd_out_bufdesc_t));
- s_create_ip.s_ivd_create_ip_t.e_cmd = IVD_CMD_CREATE;
- s_create_ip.s_ivd_create_ip_t.u4_share_disp_buf = 0;
- s_create_ip.s_ivd_create_ip_t.e_output_format = IV_YUV_420SP_UV;
- s_create_ip.s_ivd_create_ip_t.pf_aligned_alloc = ihevca_aligned_malloc;
- s_create_ip.s_ivd_create_ip_t.pf_aligned_free = ihevca_aligned_free;
- s_create_ip.s_ivd_create_ip_t.pv_mem_ctxt = NULL;
- s_create_ip.s_ivd_create_ip_t.u4_size = sizeof(ihevcd_cxa_create_ip_t);
- s_create_op.s_ivd_create_op_t.u4_size = sizeof(ihevcd_cxa_create_op_t);
-
- ret = ihevcd_cxa_api_function(NULL, (void *) &s_create_ip,
- (void *) &s_create_op);
- EXIT_ON_ERROR(ret);
-
- codec_obj = (iv_obj_t*) s_create_op.s_ivd_create_op_t.pv_handle;
- codec_obj->pv_fxns = fxns;
- codec_obj->u4_size = sizeof(iv_obj_t);
- }
-
- /* set num of cores */
- {
- ihevcd_cxa_ctl_set_num_cores_ip_t s_ctl_set_cores_ip;
- ihevcd_cxa_ctl_set_num_cores_op_t s_ctl_set_cores_op;
-
- s_ctl_set_cores_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_set_cores_ip.e_sub_cmd =
- (IVD_CONTROL_API_COMMAND_TYPE_T) IHEVCD_CXA_CMD_CTL_SET_NUM_CORES;
- s_ctl_set_cores_ip.u4_num_cores = NUM_CORES;
- s_ctl_set_cores_ip.u4_size = sizeof(ihevcd_cxa_ctl_set_num_cores_ip_t);
- s_ctl_set_cores_op.u4_size = sizeof(ihevcd_cxa_ctl_set_num_cores_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_set_cores_ip,
- (void *) &s_ctl_set_cores_op);
- EXIT_ON_ERROR(ret);
- }
-
- /* Allocate input and output buffers for IV_YUV_420SP_UV */
- {
- pu1_bs_buf = (UWORD8 *) malloc(IP_BUF_LEN);
- ps_out_buf->pu1_bufs[0] = (UWORD8 *) malloc(OP_BUF_LEN);
- if ((ps_out_buf->pu1_bufs[0] == NULL) || (pu1_bs_buf == NULL)) {
- EXIT_ON_ERROR(IV_FAIL);
- }
-
- ps_out_buf->pu1_bufs[1] = ps_out_buf->pu1_bufs[0] + OP_BUF_LEN_0;
- }
-
- /* Set the decoder in frame decode mode */
- {
- ivd_ctl_set_config_ip_t s_ctl_ip;
- ivd_ctl_set_config_op_t s_ctl_op;
-
- s_ctl_ip.u4_disp_wd = 0;
- s_ctl_ip.e_frm_skip_mode = IVD_SKIP_NONE;
- s_ctl_ip.e_frm_out_mode = IVD_DISPLAY_FRAME_OUT;
- s_ctl_ip.e_vid_dec_mode = IVD_DECODE_FRAME;
- s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_SETPARAMS;
- s_ctl_ip.u4_size = sizeof(ivd_ctl_set_config_ip_t);
- s_ctl_op.u4_size = sizeof(ivd_ctl_set_config_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_ip, (void *) &s_ctl_op);
- }
-
- while ((u4_bytes_remaining = fread(pu1_bs_buf, sizeof(UWORD8),
- IP_BUF_LEN,
- ps_ip_file))) {
- {
- ivd_video_decode_ip_t s_video_decode_ip;
- ivd_video_decode_op_t s_video_decode_op;
-
- s_video_decode_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
- s_video_decode_ip.u4_ts = u4_ip_frm_ts;
- s_video_decode_ip.pv_stream_buffer = pu1_bs_buf;
- s_video_decode_ip.u4_num_Bytes = u4_bytes_remaining;
- s_video_decode_ip.u4_size = sizeof(ivd_video_decode_ip_t);
- s_video_decode_ip.s_out_buffer.u4_min_out_buf_size[0] =
- OP_BUF_LEN_0;
- s_video_decode_ip.s_out_buffer.u4_min_out_buf_size[1] =
- OP_BUF_LEN_1;
- s_video_decode_ip.s_out_buffer.u4_min_out_buf_size[2] = 0;
- s_video_decode_ip.s_out_buffer.pu1_bufs[0] =
- ps_out_buf->pu1_bufs[0];
- s_video_decode_ip.s_out_buffer.pu1_bufs[1] =
- ps_out_buf->pu1_bufs[1];
- s_video_decode_ip.s_out_buffer.pu1_bufs[2] = NULL;
- s_video_decode_ip.s_out_buffer.u4_num_bufs = NUM_OP_BUFS;
- s_video_decode_op.u4_size = sizeof(ivd_video_decode_op_t);
-
- /* API Call: Video Decode */
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_video_decode_ip,
- (void *) &s_video_decode_op);
-
- if ((IV_SUCCESS != ret)
- && ((s_video_decode_op.u4_error_code & 0xFF)
- == IVD_RES_CHANGED)) {
- ivd_ctl_reset_ip_t s_ctl_ip;
- ivd_ctl_reset_op_t s_ctl_op;
-
- flush_output(codec_obj, ps_out_buf, pu1_bs_buf, &u4_op_frm_ts,
- u4_ip_frm_ts, u4_bytes_remaining);
-
- s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_RESET;
- s_ctl_ip.u4_size = sizeof(ivd_ctl_reset_ip_t);
- s_ctl_op.u4_size = sizeof(ivd_ctl_reset_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_ip,
- (void *) &s_ctl_op);
- EXIT_ON_ERROR(ret);
-
- /* set num of cores */
- {
- ihevcd_cxa_ctl_set_num_cores_ip_t s_ctl_set_cores_ip;
- ihevcd_cxa_ctl_set_num_cores_op_t s_ctl_set_cores_op;
-
- s_ctl_set_cores_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_set_cores_ip.e_sub_cmd =
- (IVD_CONTROL_API_COMMAND_TYPE_T) IHEVCD_CXA_CMD_CTL_SET_NUM_CORES;
- s_ctl_set_cores_ip.u4_num_cores = NUM_CORES;
- s_ctl_set_cores_ip.u4_size =
- sizeof(ihevcd_cxa_ctl_set_num_cores_ip_t);
- s_ctl_set_cores_op.u4_size =
- sizeof(ihevcd_cxa_ctl_set_num_cores_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_set_cores_ip,
- (void *) &s_ctl_set_cores_op);
- EXIT_ON_ERROR(ret);
- }
- }
- file_pos += s_video_decode_op.u4_num_bytes_consumed;
- fseek(ps_ip_file, file_pos, SEEK_SET);
- u4_ip_frm_ts++;
-
- if (1 == s_video_decode_op.u4_output_present) {
- u4_op_frm_ts++;
- } else {
- if ((s_video_decode_op.u4_error_code >> IVD_FATALERROR) & 1) {
- break;
- }
- }
- }
- }
-
- /* To get the last decoded frames, call process with NULL input */
- flush_output(codec_obj, ps_out_buf, pu1_bs_buf, &u4_op_frm_ts, u4_ip_frm_ts,
- u4_bytes_remaining);
-
- /* Delete decoder and close all the files and free all the memory */
- {
- ivd_delete_ip_t s_delete_dec_ip;
- ivd_delete_op_t s_delete_dec_op;
-
- s_delete_dec_ip.e_cmd = IVD_CMD_DELETE;
- s_delete_dec_ip.u4_size = sizeof(ivd_delete_ip_t);
- s_delete_dec_op.u4_size = sizeof(ivd_delete_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_delete_dec_ip,
- (void *) &s_delete_dec_op);
-
- EXIT_ON_ERROR(ret);
- }
- fclose(ps_ip_file);
- free(ps_out_buf->pu1_bufs[0]);
- free(ps_out_buf);
- free(pu1_bs_buf);
- return EXIT_SUCCESS;
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
index 9799392..689dae2 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
@@ -51,6 +51,18 @@
******************************************************************************/
/**
+ * b/17769851
+ * Vulnerability Behaviour: EXIT_VULNERABLE (113)
+ **/
+ @Test
+ @SecurityTest(minPatchLevel = "2015-12")
+ public void testPocCVE_2015_6616() throws Exception {
+ String inputFiles[] = {"cve_2015_6616.mp4"};
+ AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2015-6616",
+ AdbUtils.TMP_PATH + inputFiles[0], inputFiles, AdbUtils.TMP_PATH, getDevice());
+ }
+
+ /**
* b/111603051
* Vulnerability Behaviour: SIGSEGV in self
*/
@@ -201,30 +213,6 @@
}
/**
- * b/24346430
- * Vulnerability Behaviour: SIGSEGV in self
- **/
- @Test
- @SecurityTest(minPatchLevel = "2015-12")
- public void testPocCVE_2015_6632() throws Exception {
- String inputFiles[] = {"cve_2015_6632.mp4"};
- AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2015-6632",
- AdbUtils.TMP_PATH + inputFiles[0], inputFiles, AdbUtils.TMP_PATH, getDevice());
- }
-
- /**
- * b/62133227
- * Vulnerability Behaviour: SIGSEGV in self
- **/
- @Test
- @SecurityTest(minPatchLevel = "2017-09")
- public void testPocCVE_2017_0778() throws Exception {
- String inputFiles[] = {"cve_2017_0778.mp4"};
- AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2017-0778",
- AdbUtils.TMP_PATH + inputFiles[0], inputFiles, AdbUtils.TMP_PATH, getDevice());
- }
-
- /**
* b/36576151
* Vulnerability Behaviour: SIGSEGV in self
**/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
index 5482561..141077a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
@@ -84,18 +84,6 @@
******************************************************************************/
/**
- * b/35430570
- * Vulnerability Behaviour: SIGSEGV in self
- **/
- @Test
- @SecurityTest(minPatchLevel = "2017-11")
- public void testPocCVE_2017_0851() throws Exception {
- String inputFiles[] = {"cve_2017_0851.hevc"};
- AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2017-0851",
- AdbUtils.TMP_PATH + inputFiles[0], inputFiles, AdbUtils.TMP_PATH, getDevice());
- }
-
- /**
* b/68299873
**/
@Test