test if libFLAC is patched against CVE-2014-9028
Overview of CVE-2014-9028: Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file. (source: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9028) heap_oob_flac has a .mp3 extension to avoid compresstion by aapt. When a resource file is compressed openRawResourceFd would fail. Please refer to kNoCompressExt in frameworks/base/tools/aapt/Package.cpp for more details. Bug: 23238405 Change-Id: I7c13b19beb83c10fced360537a84b2f053ce8a26
Showing
File added
Please register or sign in to comment