Google Git
Sign in
android / platform / cts / f4693406f54^! / .
commitf4693406f546bdb0a47d676ad72b8cc164206c15[log] [tgz]
authorS Vasudev Prasad <vasudev.prasad@ittiam.com>Tue Jun 02 19:50:02 2020 +0530
committerStacie Mashnitskaya <mashnitskaya@google.com>Mon Oct 12 15:18:07 2020 -0700
treea8b37fd8e16487f7d3aa82f64264d1302aa9173b
parent9d721032c2039bef0595c6a6240d1d696f4d8e7b [diff]
[RESTRICT AUTOMERGE] CTS test for Android Security b/77600398

Bug: 77600398
Bug: 113527738
Test: Ran the new testcase on android-8.1.0_r1 without fix
      and on android-8.1.0_r52 with fix

Merged-In: I08bd2849b6b883678a2e5b14c961dabf5f613f01
Change-Id: I08bd2849b6b883678a2e5b14c961dabf5f613f01

diff --git a/tests/tests/security/res/raw/cve_2018_9474.mp4 b/tests/tests/security/res/raw/cve_2018_9474.mp4
new file mode 100644
index 0000000..3ff485a
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2018_9474.mp4
Binary files differ

diff --git a/tests/tests/security/src/android/security/cts/StagefrightTest.java b/tests/tests/security/src/android/security/cts/StagefrightTest.java
index a6f5b67..ad2c7be 100644
--- a/tests/tests/security/src/android/security/cts/StagefrightTest.java
+++ b/tests/tests/security/src/android/security/cts/StagefrightTest.java

@@ -38,6 +38,7 @@
 import android.opengl.GLES11Ext;
 import android.os.Looper;
 import android.os.SystemClock;
+import android.os.Parcel;
 import android.platform.test.annotations.SecurityTest;
 import android.util.Log;
 import android.view.Surface;
@@ -1241,6 +1242,42 @@
      ***********************************************************/
 
     @Test
+    @SecurityTest(minPatchLevel = "2018-09")
+    public void testStagefright_cve_2018_9474() throws Exception {
+        MediaPlayer mp = new MediaPlayer();
+        Surface surface = getDummySurface();
+        mp.setSurface(surface);
+        AssetFileDescriptor fd = getInstrumentation().getContext().getResources()
+                .openRawResourceFd(R.raw.cve_2018_9474);
+
+        mp.setDataSource(fd.getFileDescriptor(), fd.getStartOffset(), fd.getLength());
+        mp.prepare();
+
+        MediaPlayer.TrackInfo[] trackInfos = mp.getTrackInfo();
+        if (trackInfos == null || trackInfos.length == 0) {
+            return;
+        }
+
+        MediaPlayer.TrackInfo trackInfo = trackInfos[0];
+
+        int trackType = trackInfo.getTrackType();
+        MediaFormat format = trackInfo.getFormat();
+
+        Parcel data = Parcel.obtain();
+        trackInfo.writeToParcel(data, 0);
+
+        data.setDataPosition(0);
+        int trackTypeFromParcel = data.readInt();
+        String mimeTypeFromParcel = data.readString();
+        data.recycle();
+
+        if (trackType == trackTypeFromParcel) {
+            assertFalse("Device *IS* vulnerable to CVE-2018-9474",
+                        mimeTypeFromParcel.equals("und"));
+        }
+    }
+
+    @Test
     @SecurityTest(minPatchLevel = "2019-09")
     public void testStagefright_cve_2019_2108() throws Exception {
         doStagefrightTestRawBlob(R.raw.cve_2019_2108_hevc, "video/hevc", 320, 240,