hostsidetests/securitybulletin/securityPatch/CVE-2021-39804/poc.cpp - platform/cts - Git at Google

 /**
  * Copyright (C) 2022 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 // This PoC is written taking reference from
 // frameworks/base/native/graphics/jni/imagedecoder.cpp

 #include "../includes/common.h"
 #include <android/imagedecoder.h>
 #include <binder/IPCThreadState.h>
 #include <vector>

 bool testInProgress = false;
 struct sigaction new_action, old_action;
 void sigsegv_handler(int signum, siginfo_t *info, void *context) {
   if (testInProgress && info->si_signo == SIGSEGV) {
     (*old_action.sa_sigaction)(signum, info, context);
     return;
   }
   exit(EXIT_FAILURE);
 }

 int main(int argc, char **argv) {
   FAIL_CHECK(argc >= 2);
   sigemptyset(&new_action.sa_mask);
   new_action.sa_flags = SA_SIGINFO;
   new_action.sa_sigaction = sigsegv_handler;
   sigaction(SIGSEGV, &new_action, &old_action);
   android::ProcessState::self()->startThreadPool();
   FILE *file = fopen(argv[1], "r");
   FAIL_CHECK(file);
   fseek(file, 0, SEEK_END);
   size_t size = ftell(file);
   fseek(file, 0, SEEK_SET);
   std::vector<uint8_t> buffer(size);
   fread((void *)buffer.data(), 1, size, file);
   fclose(file);
   testInProgress = true;
   AImageDecoder *decoder;
   if (AImageDecoder_createFromBuffer(buffer.data(), size, &decoder) ==
       ANDROID_IMAGE_DECODER_SUCCESS) {
     AImageDecoder_delete(decoder);
   }
   testInProgress = false;
   FAIL_CHECK(decoder);
   return EXIT_SUCCESS;
 }
	/**
	* Copyright (C) 2022 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	// This PoC is written taking reference from
	// frameworks/base/native/graphics/jni/imagedecoder.cpp

	#include "../includes/common.h"
	#include <android/imagedecoder.h>
	#include <binder/IPCThreadState.h>
	#include <vector>

	bool testInProgress = false;
	struct sigaction new_action, old_action;
	void sigsegv_handler(int signum, siginfo_t info, void context) {
	if (testInProgress && info->si_signo == SIGSEGV) {
	(*old_action.sa_sigaction)(signum, info, context);
	return;
	}
	exit(EXIT_FAILURE);
	}

	int main(int argc, char **argv) {
	FAIL_CHECK(argc >= 2);
	sigemptyset(&new_action.sa_mask);
	new_action.sa_flags = SA_SIGINFO;
	new_action.sa_sigaction = sigsegv_handler;
	sigaction(SIGSEGV, &new_action, &old_action);
	android::ProcessState::self()->startThreadPool();
	FILE *file = fopen(argv[1], "r");
	FAIL_CHECK(file);
	fseek(file, 0, SEEK_END);
	size_t size = ftell(file);
	fseek(file, 0, SEEK_SET);
	std::vector<uint8_t> buffer(size);
	fread((void *)buffer.data(), 1, size, file);
	fclose(file);
	testInProgress = true;
	AImageDecoder *decoder;
	if (AImageDecoder_createFromBuffer(buffer.data(), size, &decoder) ==
	ANDROID_IMAGE_DECODER_SUCCESS) {
	AImageDecoder_delete(decoder);
	}
	testInProgress = false;
	FAIL_CHECK(decoder);
	return EXIT_SUCCESS;
	}