[RESTRICT AUTOMERGE] Updated CTS test for Android Security b/37239013
Bug: 37239013
Bug: 72456628
Test: Ran the new testcase on android-8.0.0_r21 with/without patch
Change-Id: I4911e390c027ab400a669175ceeda706af8cc298
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0697/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0697/Android.mk
index 48f8633..5be44e7 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0697/Android.mk
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0697/Android.mk
@@ -16,6 +16,7 @@
include $(CLEAR_VARS)
LOCAL_MODULE := CVE-2017-0697
LOCAL_SRC_FILES := poc.cpp
+LOCAL_SRC_FILES += ../includes/memutils_track.c
LOCAL_MULTILIB := both
LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
@@ -30,4 +31,5 @@
LOCAL_ARM_MODE := arm
LOCAL_CFLAGS += -Wall -Werror
+LOCAL_CFLAGS += -DCHECK_MEMORY_LEAK -DENABLE_SELECTIVE_OVERLOADING
include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0697/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0697/poc.cpp
index 9b5e629..f6374b4 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0697/poc.cpp
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0697/poc.cpp
@@ -16,116 +16,31 @@
#include <media/IMediaHTTPService.h>
#include "include/MPEG4Extractor.h"
#include <media/stagefright/MetaData.h>
-#include <dlfcn.h>
-#include <sys/mman.h>
#include <media/stagefright/DataSource.h>
-#include "../includes/common.h"
+#include "../includes/memutils_track.h"
+#define PSSH_BOX_SIZE 1048576
+char enable_selective_overload = ENABLE_NONE;
using namespace android;
-#define PSSH_BOX_SIZE 1048576
-#define MAX_ENTRIES 1024
-void check_memleak(void);
-bool track_malloc = false;
-#define ALLOCATED_STATE 1
-#define FREED_STATE 2
-
-typedef struct {
- void* ptr;
- size_t size;
- int status;
- int index;
-} allocated_mem_ptr;
-
-static void* (*real_malloc)(unsigned long) = NULL;
-static void (*real_free)(void *) = NULL;
-static int s_memutils_initialized = 0;
-static int index = 0;
-static allocated_mem_ptr mem_ptrs[MAX_ENTRIES] = { { 0, 0, 0, 0 } };
-
-void exit_handler(void) {
- check_memleak();
-}
-
-void memutils_init(void) {
- real_malloc = (void *(*)(unsigned long))dlsym(RTLD_NEXT, "malloc");
- if (real_malloc == NULL) {
- return;
- }
- real_free = (void (*)(void *))dlsym(RTLD_NEXT, "free");
- if (real_free == NULL) {
- return;
- }
- atexit(exit_handler);
- s_memutils_initialized = 1;
-}
-
-void *malloc(size_t size) {
- void* mem_ptr = NULL;
- if (s_memutils_initialized == 0) {
- memutils_init();
- }
- if (track_malloc == false) {
- return real_malloc(size);
- }
- if (size != PSSH_BOX_SIZE) {
- return real_malloc(size);
- }
- if (index >= MAX_ENTRIES) {
- return real_malloc(size);
- }
- mem_ptr = real_malloc(size);
- mem_ptrs[index].ptr = mem_ptr;
- mem_ptrs[index].status = ALLOCATED_STATE;
- mem_ptrs[index].size = size;
- mem_ptrs[index].index = index;
- index++;
- return mem_ptr;
-}
-
-void free(void *ptr) {
- if (s_memutils_initialized == 0) {
- memutils_init();
- }
- if (ptr) {
- for (int i = 0; i < MAX_ENTRIES; i++) {
- if (ptr == mem_ptrs[i].ptr) {
- if ((i == mem_ptrs[i].index)
- && (mem_ptrs[i].status != FREED_STATE)) {
- real_free(ptr);
- mem_ptrs[i].status = FREED_STATE;
- return;
- }
- }
- }
- }
- real_free(ptr);
- return;
-}
-
-void check_memleak(void) {
- for (int i = 0; i < MAX_ENTRIES; i++) {
- if (mem_ptrs[i].status == ALLOCATED_STATE) {
- exit (EXIT_VULNERABLE);
- }
- }
- return;
+bool is_tracking_required(size_t size) {
+ return (size == PSSH_BOX_SIZE);
}
int main(int argc, char* argv[]) {
if (argc < 2) {
- return EXIT_SUCCESS;
+ return EXIT_FAILURE;
}
sp < DataSource > dataSource = DataSource::CreateFromURI(NULL, argv[1]);
if (dataSource == nullptr) {
- return EXIT_SUCCESS;
+ return EXIT_FAILURE;
}
MPEG4Extractor *extractor = new MPEG4Extractor(dataSource);
- track_malloc = true;
+ enable_selective_overload = ENABLE_MALLOC_CHECK;
extractor->getMetaData();
- track_malloc = false;
+ enable_selective_overload = ENABLE_NONE;
return EXIT_SUCCESS;
}
