Android 7.1.2 Release 37 (5650810)
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXUiSAQAKCRDorT+BmrEO
eMiPAJ9MNOCLD5Bg6/JyLjb5XZFBG+DinwCfexFS4L9srdncEIoIMm9JbSll2Yg=
=po99
-----END PGP SIGNATURE-----
DO NOT MERGE: Initialize the ZipArchive to zero before parsing

The fields of the ZipArchive on the stack are not initialized before we
call libminzip to parse the zip file. As a result, some random memory
location is freed unintentionally when we close the ZipArchive upon
parsing failures.

Bug: 35385357
Test: recompile and run the poc with asan.
Change-Id: I7e7f8ab4816c84a158af7389e1a889f8fc65f079
(cherry picked from commit 2050579b79f495832ec8aa11655a809d87bfc8e3)
2 files changed
tree: 7d962468955fc1d6d67f1e13a9020b9ed81c7f2b
  1. Android.mk
  2. CleanSpec.mk
  3. NOTICE
  4. README.md
  5. adb_install.cpp
  6. adb_install.h
  7. applypatch/
  8. asn1_decoder.cpp
  9. asn1_decoder.h
  10. bootloader.h
  11. bootloader_message/
  12. common.h
  13. default_device.cpp
  14. device.cpp
  15. device.h
  16. edify/
  17. error_code.h
  18. etc/
  19. fonts/
  20. fuse_sdcard_provider.cpp
  21. fuse_sdcard_provider.h
  22. fuse_sideload.cpp
  23. fuse_sideload.h
  24. install.cpp
  25. install.h
  26. interlace-frames.py
  27. minadbd/
  28. minui/
  29. minzip/
  30. mtdutils/
  31. otafault/
  32. print_sha1.h
  33. recovery-persist.cpp
  34. recovery-persist.rc
  35. recovery-refresh.cpp
  36. recovery-refresh.rc
  37. recovery.cpp
  38. res-hdpi/
  39. res-mdpi/
  40. res-xhdpi/
  41. res-xxhdpi/
  42. res-xxxhdpi/
  43. roots.cpp
  44. roots.h
  45. screen_ui.cpp
  46. screen_ui.h
  47. tests/
  48. tools/
  49. ui.cpp
  50. ui.h
  51. uncrypt/
  52. unique_fd.h
  53. update_verifier/
  54. updater/
  55. verifier.cpp
  56. verifier.h
  57. wear_touch.cpp
  58. wear_touch.h
  59. wear_ui.cpp
  60. wear_ui.h
README.md

The Recovery Image

Quick turn-around testing

mm -j && m ramdisk-nodeps && m recoveryimage-nodeps

# To boot into the new recovery image
# without flashing the recovery partition:
adb reboot bootloader
fastboot boot $ANDROID_PRODUCT_OUT/recovery.img

Running the tests

# After setting up environment and lunch.
mmma -j bootable/recovery

# Running the tests on device.
adb root
adb sync data

# 32-bit device
adb shell /data/nativetest/recovery_unit_test/recovery_unit_test
adb shell /data/nativetest/recovery_component_test/recovery_component_test

# Or 64-bit device
adb shell /data/nativetest64/recovery_unit_test/recovery_unit_test
adb shell /data/nativetest64/recovery_component_test/recovery_component_test