[RESTRICT AUTOMERGE] CTS in infeasible for bugs 62133227, 24346430 and 35430570.
Reason: These bugs have an OOB read of less than 16 bytes, which cannot be detected with the updated scheme of 16 byte alignment.
Bug: 35430570
Bug: 24346430
Bug: 62133227
Test: sts-tradefed
Change-Id: Ia776548f3cb1b25456bf85f8962a2a996be859b6
Merged-In: Ia776548f3cb1b25456bf85f8962a2a996be859b6
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index 054a341..26a5610 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -43,7 +43,6 @@
<!-- Bulletin 2015-12 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
<option name="push" value="CVE-2015-6616->/data/local/tmp/CVE-2015-6616" />
- <option name="push" value="CVE-2015-6632->/data/local/tmp/CVE-2015-6632" />
<option name="push" value="CVE-2015-6626->/data/local/tmp/CVE-2015-6626" />
<!--__________________-->
@@ -160,7 +159,6 @@
<!--__________________-->
<!-- Bulletin 2017-09 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
- <option name="push" value="CVE-2017-0778->/data/local/tmp/CVE-2017-0778" />
<option name="push" value="Bug-38195738->/data/local/tmp/Bug-38195738" />
<option name="push" value="CVE-2017-11041->/data/local/tmp/CVE-2017-11041" />
@@ -281,7 +279,6 @@
<option name="push" value="CVE-2017-1317932->/data/local/tmp/CVE-2017-13179" />
<option name="push" value="CVE-2017-083332->/data/local/tmp/CVE-2017-0833" />
<option name="push" value="CVE-2017-083232->/data/local/tmp/CVE-2017-0832" />
- <option name="push" value="CVE-2017-085132->/data/local/tmp/CVE-2017-0851" />
<option name="push" value="CVE-2017-1315032->/data/local/tmp/CVE-2017-13150" />
<option name="push" value="CVE-2017-1320532->/data/local/tmp/CVE-2017-13205" />
<option name="push" value="CVE-2017-1318932->/data/local/tmp/CVE-2017-13189" />
diff --git a/hostsidetests/securitybulletin/res/cve_2015_6632.mp4 b/hostsidetests/securitybulletin/res/cve_2015_6632.mp4
deleted file mode 100644
index 661224a..0000000
--- a/hostsidetests/securitybulletin/res/cve_2015_6632.mp4
+++ /dev/null
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/cve_2017_0778.mp4 b/hostsidetests/securitybulletin/res/cve_2017_0778.mp4
deleted file mode 100644
index 84caa5a..0000000
--- a/hostsidetests/securitybulletin/res/cve_2017_0778.mp4
+++ /dev/null
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/cve_2017_0851.hevc b/hostsidetests/securitybulletin/res/cve_2017_0851.hevc
deleted file mode 100644
index d0bd9a7..0000000
--- a/hostsidetests/securitybulletin/res/cve_2017_0851.hevc
+++ /dev/null
Binary files differ
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/Android.mk
deleted file mode 100644
index 3e020f4..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/Android.mk
+++ /dev/null
@@ -1,33 +0,0 @@
-#Copyright (C) 2020 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := CVE-2015-6632
-LOCAL_SRC_FILES := poc.cpp
-LOCAL_SRC_FILES += ../includes/memutils.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-LOCAL_C_INCLUDES := frameworks/av/media/libstagefright
-LOCAL_SHARED_LIBRARIES := libstagefright
-LOCAL_SHARED_LIBRARIES += libutils
-
-LOCAL_COMPATIBILITY_SUITE := cts sts vts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -Wno-unused-parameter -DCHECK_OVERFLOW
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/poc.cpp
deleted file mode 100644
index 4ab4169..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6632/poc.cpp
+++ /dev/null
@@ -1,33 +0,0 @@
-/**
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <media/stagefright/FileSource.h>
-#include <media/stagefright/MediaExtractor.h>
-#include <media/stagefright/MetaData.h>
-#include "include/MPEG4Extractor.h"
-
-using namespace android;
-int main(int argc, char **argv) {
- if (argc < 2) {
- return EXIT_SUCCESS;
- }
- sp < IMediaSource > mediaSource;
- sp < DataSource > dataSource = new FileSource(argv[1]);
- MediaExtractor *ret = new MPEG4Extractor(dataSource.get());
-
- sp < MetaData > metadata;
- metadata = ret->getMetaData();
- return EXIT_SUCCESS;
-}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/Android.mk
deleted file mode 100644
index 1c5bad5..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/Android.mk
+++ /dev/null
@@ -1,34 +0,0 @@
-#Copyright (C) 2020 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := CVE-2017-0778
-LOCAL_SRC_FILES := poc.cpp
-LOCAL_SRC_FILES += ../includes/memutils.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-LOCAL_C_INCLUDES := frameworks/av/media/libstagefright
-LOCAL_SHARED_LIBRARIES := libstagefright
-LOCAL_SHARED_LIBRARIES += libutils
-
-LOCAL_COMPATIBILITY_SUITE := cts sts vts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -Wno-unused-parameter -DCHECK_OVERFLOW \
- -DFORCE_UNALIGN -DENABLE_SELECTIVE_OVERLOADING
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/poc.cpp
deleted file mode 100644
index 2eb89c2..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0778/poc.cpp
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <media/stagefright/FileSource.h>
-#include <media/stagefright/MediaExtractor.h>
-#include <media/stagefright/MetaData.h>
-#include "include/MPEG4Extractor.h"
-#include "../includes/memutils.h"
-
-using namespace android;
-char enable_selective_overload = ENABLE_NONE;
-int main(int argc, char **argv) {
- if (argc < 2) {
- return EXIT_SUCCESS;
- }
- sp < IMediaSource > mediaSource;
- sp < DataSource > dataSource = new FileSource(argv[1]);
- MediaExtractor *ret = new MPEG4Extractor(dataSource.get());
-
- sp < MetaData > metadata;
- enable_selective_overload = ENABLE_MEMALIGN_CHECK | ENABLE_MALLOC_CHECK;
- metadata = ret->getMetaData();
- enable_selective_overload = ENABLE_NONE;
- return EXIT_SUCCESS;
-}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/Android.mk
deleted file mode 100644
index 6f8c228..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/Android.mk
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright (C) 2020 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := CVE-2017-0851
-LOCAL_SRC_FILES := poc.c
-LOCAL_SRC_FILES += ../includes/memutils.c
-LOCAL_MULTILIB := 32
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_C_INCLUDES := external/libhevc/common
-LOCAL_C_INCLUDES += external/libhevc/decoder
-LOCAL_SHARED_LIBRARIES := libstagefright_soft_hevcdec
-LOCAL_SHARED_LIBRARIES += liblog
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts sts vts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -DCHECK_OVERFLOW
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/poc.c
deleted file mode 100644
index 22dbc87..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0851/poc.c
+++ /dev/null
@@ -1,330 +0,0 @@
-/**
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define _GNU_SOURCE
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <sys/time.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include "ihevc_typedefs.h"
-#include "ihevcd_cxa.h"
-
-#define IP_BUF_LEN (256 * 1024)
-#define FRAME_WIDTH 8192
-#define FRAME_HEIGHT 4096
-#define OP_BUF_LEN_0 (FRAME_WIDTH * FRAME_HEIGHT)
-#define OP_BUF_LEN_1 (FRAME_WIDTH * FRAME_HEIGHT) / 2
-#define NUM_OP_BUFS (2)
-#define OP_BUF_LEN (OP_BUF_LEN_0 + OP_BUF_LEN_1)
-#define NUM_CORES (1)
-#define MEMSET_VAL (0xFF)
-#define TEST_MALLOC_SIZE (8)
-
-#define EXIT_ON_ERROR(status) {\
- if (IV_SUCCESS != status) {\
- if(ps_ip_file)\
- fclose(ps_ip_file);\
-\
- if(pu1_bs_buf)\
- free(pu1_bs_buf);\
-\
- if(ps_out_buf) {\
- free(ps_out_buf);\
- if(ps_out_buf->pu1_bufs[0])\
- free(ps_out_buf->pu1_bufs[0]);\
- }\
- exit(EXIT_SUCCESS);\
- }\
-}
-
-void * ihevca_aligned_malloc(void *pv_ctxt, WORD32 alignment, WORD32 i4_size) {
- (void) pv_ctxt;
- return memalign(alignment, i4_size);
-}
-
-void ihevca_aligned_free(void *pv_ctxt, void *pv_buf) {
- (void) pv_ctxt;
- free(pv_buf);
- return;
-}
-
-void flush_output(iv_obj_t *codec_obj, ivd_out_bufdesc_t *ps_out_buf,
- UWORD8 *pu1_bs_buf, UWORD32 *pu4_op_frm_ts,
- UWORD32 u4_ip_frm_ts, UWORD32 u4_bytes_remaining) {
- WORD32 ret;
-
- do {
- ivd_ctl_flush_ip_t s_ctl_ip;
- ivd_ctl_flush_op_t s_ctl_op;
-
- if (*pu4_op_frm_ts >= (10000))
- break;
-
- s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_FLUSH;
- s_ctl_ip.u4_size = sizeof(ivd_ctl_flush_ip_t);
- s_ctl_op.u4_size = sizeof(ivd_ctl_flush_op_t);
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_ip, (void *) &s_ctl_op);
-
- if (IV_SUCCESS == ret) {
- ivd_video_decode_ip_t *ps_video_decode_ip = memalign(
- 8, sizeof(ivd_video_decode_ip_t));
- ivd_video_decode_op_t *ps_video_decode_op = memalign(
- 8, sizeof(ivd_video_decode_op_t));
- ps_out_buf =
- (ivd_out_bufdesc_t *) &ps_video_decode_ip->s_out_buffer;
-
- memset(ps_out_buf, MEMSET_VAL, sizeof(ivd_out_bufdesc_t));
-
- for (int tmp = 0; tmp < IVD_VIDDEC_MAX_IO_BUFFERS; tmp++) {
- ps_out_buf->pu1_bufs[tmp] = malloc(TEST_MALLOC_SIZE);
- ps_out_buf->u4_min_out_buf_size[tmp] = TEST_MALLOC_SIZE;
- }
-
- ps_video_decode_ip->e_cmd = IVD_CMD_VIDEO_DECODE;
- ps_video_decode_ip->u4_ts = u4_ip_frm_ts;
- ps_video_decode_ip->pv_stream_buffer = pu1_bs_buf;
- ps_video_decode_ip->u4_num_Bytes = u4_bytes_remaining;
- ps_video_decode_ip->u4_size = sizeof(ivd_video_decode_ip_t);
- ps_video_decode_ip->s_out_buffer.u4_min_out_buf_size[0] = ps_out_buf
- ->u4_min_out_buf_size[0];
- ps_video_decode_ip->s_out_buffer.u4_min_out_buf_size[1] = ps_out_buf
- ->u4_min_out_buf_size[1];
- ps_video_decode_ip->s_out_buffer.u4_min_out_buf_size[2] = ps_out_buf
- ->u4_min_out_buf_size[2];
- ps_video_decode_ip->s_out_buffer.pu1_bufs[0] =
- ps_out_buf->pu1_bufs[0];
- ps_video_decode_ip->s_out_buffer.pu1_bufs[1] =
- ps_out_buf->pu1_bufs[1];
- ps_video_decode_ip->s_out_buffer.pu1_bufs[2] =
- ps_out_buf->pu1_bufs[2];
- ps_video_decode_ip->s_out_buffer.u4_num_bufs =
- IVD_VIDDEC_MAX_IO_BUFFERS + 1;
-
- ps_video_decode_op->u4_size = sizeof(ivd_video_decode_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) ps_video_decode_ip,
- (void *) ps_video_decode_op);
-
- if (1 == ps_video_decode_op->u4_output_present) {
- (*pu4_op_frm_ts)++;
- }
- }
- } while (IV_SUCCESS == ret);
-}
-
-int main(WORD32 argc, CHAR *argv[]) {
- FILE *ps_ip_file = NULL;
- WORD32 ret;
- UWORD8 *pu1_bs_buf = NULL;
- ivd_out_bufdesc_t *ps_out_buf;
- UWORD32 file_pos = 0;
- UWORD32 u4_ip_frm_ts = 0, u4_op_frm_ts = 0;
- WORD32 u4_bytes_remaining = 0;
- iv_obj_t *codec_obj;
-
- /* Usage */
- if (argc < 2) {
- return EXIT_SUCCESS;
- }
-
- ps_ip_file = fopen(argv[1], "rb");
- if (!ps_ip_file) {
- return EXIT_SUCCESS;
- }
-
- /* Create decoder instance */
- {
- ihevcd_cxa_create_ip_t s_create_ip;
- ihevcd_cxa_create_op_t s_create_op;
- void *fxns = &ihevcd_cxa_api_function;
-
- ps_out_buf = (ivd_out_bufdesc_t *) malloc(sizeof(ivd_out_bufdesc_t));
- s_create_ip.s_ivd_create_ip_t.e_cmd = IVD_CMD_CREATE;
- s_create_ip.s_ivd_create_ip_t.u4_share_disp_buf = 0;
- s_create_ip.s_ivd_create_ip_t.e_output_format = IV_YUV_420SP_UV;
- s_create_ip.s_ivd_create_ip_t.pf_aligned_alloc = ihevca_aligned_malloc;
- s_create_ip.s_ivd_create_ip_t.pf_aligned_free = ihevca_aligned_free;
- s_create_ip.s_ivd_create_ip_t.pv_mem_ctxt = NULL;
- s_create_ip.s_ivd_create_ip_t.u4_size = sizeof(ihevcd_cxa_create_ip_t);
- s_create_op.s_ivd_create_op_t.u4_size = sizeof(ihevcd_cxa_create_op_t);
-
- ret = ihevcd_cxa_api_function(NULL, (void *) &s_create_ip,
- (void *) &s_create_op);
- EXIT_ON_ERROR(ret);
-
- codec_obj = (iv_obj_t*) s_create_op.s_ivd_create_op_t.pv_handle;
- codec_obj->pv_fxns = fxns;
- codec_obj->u4_size = sizeof(iv_obj_t);
- }
-
- /* set num of cores */
- {
- ihevcd_cxa_ctl_set_num_cores_ip_t s_ctl_set_cores_ip;
- ihevcd_cxa_ctl_set_num_cores_op_t s_ctl_set_cores_op;
-
- s_ctl_set_cores_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_set_cores_ip.e_sub_cmd =
- (IVD_CONTROL_API_COMMAND_TYPE_T) IHEVCD_CXA_CMD_CTL_SET_NUM_CORES;
- s_ctl_set_cores_ip.u4_num_cores = NUM_CORES;
- s_ctl_set_cores_ip.u4_size = sizeof(ihevcd_cxa_ctl_set_num_cores_ip_t);
- s_ctl_set_cores_op.u4_size = sizeof(ihevcd_cxa_ctl_set_num_cores_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_set_cores_ip,
- (void *) &s_ctl_set_cores_op);
- EXIT_ON_ERROR(ret);
- }
-
- /* Allocate input and output buffers for IV_YUV_420SP_UV */
- {
- pu1_bs_buf = (UWORD8 *) malloc(IP_BUF_LEN);
- ps_out_buf->pu1_bufs[0] = (UWORD8 *) malloc(OP_BUF_LEN);
- if ((ps_out_buf->pu1_bufs[0] == NULL) || (pu1_bs_buf == NULL)) {
- EXIT_ON_ERROR(IV_FAIL);
- }
-
- ps_out_buf->pu1_bufs[1] = ps_out_buf->pu1_bufs[0] + OP_BUF_LEN_0;
- }
-
- /* Set the decoder in frame decode mode */
- {
- ivd_ctl_set_config_ip_t s_ctl_ip;
- ivd_ctl_set_config_op_t s_ctl_op;
-
- s_ctl_ip.u4_disp_wd = 0;
- s_ctl_ip.e_frm_skip_mode = IVD_SKIP_NONE;
- s_ctl_ip.e_frm_out_mode = IVD_DISPLAY_FRAME_OUT;
- s_ctl_ip.e_vid_dec_mode = IVD_DECODE_FRAME;
- s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_SETPARAMS;
- s_ctl_ip.u4_size = sizeof(ivd_ctl_set_config_ip_t);
- s_ctl_op.u4_size = sizeof(ivd_ctl_set_config_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_ip, (void *) &s_ctl_op);
- }
-
- while ((u4_bytes_remaining = fread(pu1_bs_buf, sizeof(UWORD8),
- IP_BUF_LEN,
- ps_ip_file))) {
- {
- ivd_video_decode_ip_t s_video_decode_ip;
- ivd_video_decode_op_t s_video_decode_op;
-
- s_video_decode_ip.e_cmd = IVD_CMD_VIDEO_DECODE;
- s_video_decode_ip.u4_ts = u4_ip_frm_ts;
- s_video_decode_ip.pv_stream_buffer = pu1_bs_buf;
- s_video_decode_ip.u4_num_Bytes = u4_bytes_remaining;
- s_video_decode_ip.u4_size = sizeof(ivd_video_decode_ip_t);
- s_video_decode_ip.s_out_buffer.u4_min_out_buf_size[0] =
- OP_BUF_LEN_0;
- s_video_decode_ip.s_out_buffer.u4_min_out_buf_size[1] =
- OP_BUF_LEN_1;
- s_video_decode_ip.s_out_buffer.u4_min_out_buf_size[2] = 0;
- s_video_decode_ip.s_out_buffer.pu1_bufs[0] =
- ps_out_buf->pu1_bufs[0];
- s_video_decode_ip.s_out_buffer.pu1_bufs[1] =
- ps_out_buf->pu1_bufs[1];
- s_video_decode_ip.s_out_buffer.pu1_bufs[2] = NULL;
- s_video_decode_ip.s_out_buffer.u4_num_bufs = NUM_OP_BUFS;
- s_video_decode_op.u4_size = sizeof(ivd_video_decode_op_t);
-
- /* API Call: Video Decode */
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_video_decode_ip,
- (void *) &s_video_decode_op);
-
- if ((IV_SUCCESS != ret)
- && ((s_video_decode_op.u4_error_code & 0xFF)
- == IVD_RES_CHANGED)) {
- ivd_ctl_reset_ip_t s_ctl_ip;
- ivd_ctl_reset_op_t s_ctl_op;
-
- flush_output(codec_obj, ps_out_buf, pu1_bs_buf, &u4_op_frm_ts,
- u4_ip_frm_ts, u4_bytes_remaining);
-
- s_ctl_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_ip.e_sub_cmd = IVD_CMD_CTL_RESET;
- s_ctl_ip.u4_size = sizeof(ivd_ctl_reset_ip_t);
- s_ctl_op.u4_size = sizeof(ivd_ctl_reset_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_ip,
- (void *) &s_ctl_op);
- EXIT_ON_ERROR(ret);
-
- /* set num of cores */
- {
- ihevcd_cxa_ctl_set_num_cores_ip_t s_ctl_set_cores_ip;
- ihevcd_cxa_ctl_set_num_cores_op_t s_ctl_set_cores_op;
-
- s_ctl_set_cores_ip.e_cmd = IVD_CMD_VIDEO_CTL;
- s_ctl_set_cores_ip.e_sub_cmd =
- (IVD_CONTROL_API_COMMAND_TYPE_T) IHEVCD_CXA_CMD_CTL_SET_NUM_CORES;
- s_ctl_set_cores_ip.u4_num_cores = NUM_CORES;
- s_ctl_set_cores_ip.u4_size =
- sizeof(ihevcd_cxa_ctl_set_num_cores_ip_t);
- s_ctl_set_cores_op.u4_size =
- sizeof(ihevcd_cxa_ctl_set_num_cores_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_ctl_set_cores_ip,
- (void *) &s_ctl_set_cores_op);
- EXIT_ON_ERROR(ret);
- }
- }
- file_pos += s_video_decode_op.u4_num_bytes_consumed;
- fseek(ps_ip_file, file_pos, SEEK_SET);
- u4_ip_frm_ts++;
-
- if (1 == s_video_decode_op.u4_output_present) {
- u4_op_frm_ts++;
- } else {
- if ((s_video_decode_op.u4_error_code >> IVD_FATALERROR) & 1) {
- break;
- }
- }
- }
- }
-
- /* To get the last decoded frames, call process with NULL input */
- flush_output(codec_obj, ps_out_buf, pu1_bs_buf, &u4_op_frm_ts, u4_ip_frm_ts,
- u4_bytes_remaining);
-
- /* Delete decoder and close all the files and free all the memory */
- {
- ivd_delete_ip_t s_delete_dec_ip;
- ivd_delete_op_t s_delete_dec_op;
-
- s_delete_dec_ip.e_cmd = IVD_CMD_DELETE;
- s_delete_dec_ip.u4_size = sizeof(ivd_delete_ip_t);
- s_delete_dec_op.u4_size = sizeof(ivd_delete_op_t);
-
- ret = ihevcd_cxa_api_function((iv_obj_t *) codec_obj,
- (void *) &s_delete_dec_ip,
- (void *) &s_delete_dec_op);
-
- EXIT_ON_ERROR(ret);
- }
- fclose(ps_ip_file);
- free(ps_out_buf->pu1_bufs[0]);
- free(ps_out_buf);
- free(pu1_bs_buf);
- return EXIT_SUCCESS;
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
index 4e10de0..689dae2 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
@@ -213,30 +213,6 @@
}
/**
- * b/24346430
- * Vulnerability Behaviour: SIGSEGV in self
- **/
- @Test
- @SecurityTest(minPatchLevel = "2015-12")
- public void testPocCVE_2015_6632() throws Exception {
- String inputFiles[] = {"cve_2015_6632.mp4"};
- AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2015-6632",
- AdbUtils.TMP_PATH + inputFiles[0], inputFiles, AdbUtils.TMP_PATH, getDevice());
- }
-
- /**
- * b/62133227
- * Vulnerability Behaviour: SIGSEGV in self
- **/
- @Test
- @SecurityTest(minPatchLevel = "2017-09")
- public void testPocCVE_2017_0778() throws Exception {
- String inputFiles[] = {"cve_2017_0778.mp4"};
- AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2017-0778",
- AdbUtils.TMP_PATH + inputFiles[0], inputFiles, AdbUtils.TMP_PATH, getDevice());
- }
-
- /**
* b/36576151
* Vulnerability Behaviour: SIGSEGV in self
**/
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
index 5482561..141077a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
@@ -84,18 +84,6 @@
******************************************************************************/
/**
- * b/35430570
- * Vulnerability Behaviour: SIGSEGV in self
- **/
- @Test
- @SecurityTest(minPatchLevel = "2017-11")
- public void testPocCVE_2017_0851() throws Exception {
- String inputFiles[] = {"cve_2017_0851.hevc"};
- AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2017-0851",
- AdbUtils.TMP_PATH + inputFiles[0], inputFiles, AdbUtils.TMP_PATH, getDevice());
- }
-
- /**
* b/68299873
**/
@Test
