Google Git
Sign in
android / platform / cts / refs/tags/android-5.1.1_r35
tag482ff1c5a2c157d949dd3af491e2d2d4525a3133
taggerThe Android Open Source Project <initial-contribution@android.com>Mon Mar 07 11:02:13 2016 -0800
object8e1c005a6066256af9b6923c717b7a36f6423c51 
Android 5.1.1 release 35
commit8e1c005a6066256af9b6923c717b7a36f6423c51[log] [tgz]
authorRobert Shih <robertshih@google.com>Tue Aug 25 15:24:08 2015 -0700
committerThe Android Automerger <android-build@android.com>Tue Sep 01 13:48:11 2015 -0700
tree03941b8ae745c81691c3d4d62929d9bf2a2eac18
parent4d751795efebe9a1154b3dfaf544c7c4d87243c7 [diff]
test if libFLAC is patched against CVE-2014-9028

Overview of CVE-2014-9028:

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1
allows remote attackers to execute arbitrary code via a crafted .flac
file.

(source: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9028)

heap_oob_flac has a .mp3 extension to avoid compresstion by aapt. When a
resource file is compressed openRawResourceFd would fail. Please refer
to kNoCompressExt in frameworks/base/tools/aapt/Package.cpp for more
details.

Bug: 23238405
Change-Id: I7c13b19beb83c10fced360537a84b2f053ce8a26
2 files changed
tree: 03941b8ae745c81691c3d4d62929d9bf2a2eac18
  1. apps/
  2. build/
  3. common/
  4. development/
  5. hostsidetests/
  6. libs/
  7. suite/
  8. tests/
  9. tools/
  10. .gitignore
  11. Android.mk
  12. CleanSpec.mk
  13. CtsBuild.mk
  14. CtsCoverage.mk
  15. CtsTestCaseList.mk