Commit bf0aad42 authored by Robert Shih's avatar Robert Shih Committed by The Android Automerger
Browse files

test if libFLAC is patched against CVE-2014-9028

Overview of CVE-2014-9028:

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1
allows remote attackers to execute arbitrary code via a crafted .flac
file.

(source: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9028)

heap_oob_flac has a .mp3 extension to avoid compresstion by aapt. When a
resource file is compressed openRawResourceFd would fail. Please refer
to kNoCompressExt in frameworks/base/tools/aapt/Package.cpp for more
details.

Bug: 23238405
Change-Id: I7c13b19beb83c10fced360537a84b2f053ce8a26
parent e4f1a594
File added
......@@ -89,6 +89,37 @@ public class MediaPlayerTest extends MediaPlayerTestBase {
}
}
public void testFlacHeapOverflow() throws Exception {
testIfMediaServerDied(R.raw.heap_oob_flac);
}
private void testIfMediaServerDied(int res) throws Exception {
mMediaPlayer.setOnErrorListener(new MediaPlayer.OnErrorListener() {
@Override
public boolean onError(MediaPlayer mp, int what, int extra) {
assertTrue(mp == mMediaPlayer);
assertTrue("mediaserver process died", what != MediaPlayer.MEDIA_ERROR_SERVER_DIED);
return false;
}
});
mMediaPlayer.setOnCompletionListener(new MediaPlayer.OnCompletionListener() {
@Override
public void onCompletion(MediaPlayer mp) {
assertTrue(mp == mMediaPlayer);
mOnCompletionCalled.signal();
}
});
AssetFileDescriptor afd = mResources.openRawResourceFd(res);
mMediaPlayer.setDataSource(afd.getFileDescriptor(), afd.getStartOffset(), afd.getLength());
afd.close();
mMediaPlayer.prepare();
mMediaPlayer.start();
mOnCompletionCalled.waitForSignal();
mMediaPlayer.release();
}
// Bug 13652927
public void testVorbisCrash() throws Exception {
MediaPlayer mp = mMediaPlayer;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment