Merge "Snap for 4485191 from 2ea5a39d763d021d26d24650bfc91269a9f0196b to nougat-mr1-cts-release" into nougat-mr1-cts-release
diff --git a/apps/CtsVerifier/AndroidManifest.xml b/apps/CtsVerifier/AndroidManifest.xml
index 0908a48..30a9d85 100644
--- a/apps/CtsVerifier/AndroidManifest.xml
+++ b/apps/CtsVerifier/AndroidManifest.xml
@@ -18,7 +18,7 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.cts.verifier"
android:versionCode="5"
- android:versionName="7.1_r12">
+ android:versionName="7.1_r13">
<uses-sdk android:minSdkVersion="19" android:targetSdkVersion="25"/>
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/projection/offscreen/ProjectionOffscreenActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/projection/offscreen/ProjectionOffscreenActivity.java
index cfa097b..5657edd 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/projection/offscreen/ProjectionOffscreenActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/projection/offscreen/ProjectionOffscreenActivity.java
@@ -181,6 +181,14 @@
protected void onDestroy() {
super.onDestroy();
unregisterReceiver(mReceiver);
+ try {
+ mService.stopRendering();
+ } catch (RemoteException e) {
+ Log.e(TAG, "Failed to execute stopRendering", e);
+ }
+ if (mConnection != null) {
+ unbindService(mConnection);
+ }
mReader.close();
}
diff --git a/hostsidetests/appsecurity/res/pkgsigverify/v1-only-starts-with-00000000-magic.apk b/hostsidetests/appsecurity/res/pkgsigverify/v1-only-starts-with-00000000-magic.apk
new file mode 100644
index 0000000..9348840
--- /dev/null
+++ b/hostsidetests/appsecurity/res/pkgsigverify/v1-only-starts-with-00000000-magic.apk
Binary files differ
diff --git a/hostsidetests/appsecurity/res/pkgsigverify/v1-only-starts-with-dex-magic.apk b/hostsidetests/appsecurity/res/pkgsigverify/v1-only-starts-with-dex-magic.apk
new file mode 100644
index 0000000..865169b
--- /dev/null
+++ b/hostsidetests/appsecurity/res/pkgsigverify/v1-only-starts-with-dex-magic.apk
Binary files differ
diff --git a/hostsidetests/appsecurity/res/pkgsigverify/v2-only-starts-with-00000000-magic.apk b/hostsidetests/appsecurity/res/pkgsigverify/v2-only-starts-with-00000000-magic.apk
new file mode 100644
index 0000000..3ffc616
--- /dev/null
+++ b/hostsidetests/appsecurity/res/pkgsigverify/v2-only-starts-with-00000000-magic.apk
Binary files differ
diff --git a/hostsidetests/appsecurity/res/pkgsigverify/v2-only-starts-with-dex-magic.apk b/hostsidetests/appsecurity/res/pkgsigverify/v2-only-starts-with-dex-magic.apk
new file mode 100644
index 0000000..477357a
--- /dev/null
+++ b/hostsidetests/appsecurity/res/pkgsigverify/v2-only-starts-with-dex-magic.apk
Binary files differ
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/PkgInstallSignatureVerificationTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/PkgInstallSignatureVerificationTest.java
index c0c7dc0..ce9852c 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/PkgInstallSignatureVerificationTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/PkgInstallSignatureVerificationTest.java
@@ -24,6 +24,7 @@
import java.io.OutputStream;
import java.util.Locale;
+import android.platform.test.annotations.SecurityTest;
import com.android.tradefed.build.IBuildInfo;
import com.android.tradefed.device.DeviceNotAvailableException;
import com.android.tradefed.device.ITestDevice;
@@ -419,6 +420,23 @@
"v2-only-with-rsa-pkcs1-sha256-1024.apk", "signatures do not match");
}
+ @SecurityTest
+ public void testInstallApkWhichDoesNotStartWithZipLocalFileHeaderMagic() throws Exception {
+ // The APKs below are competely fine except they don't start with ZIP Local File Header
+ // magic. Thus, these APKs will install just fine unless Package Manager requires that APKs
+ // start with ZIP Local File Header magic.
+ String error = "Failed to parse";
+
+ // Obtained by modifying apksigner to output four unused 0x00 bytes at the start of the APK
+ assertInstallFailsWithError("v1-only-starts-with-00000000-magic.apk", error);
+ assertInstallFailsWithError("v2-only-starts-with-00000000-magic.apk", error);
+
+ // Obtained by modifying apksigner to output 8 unused bytes (DEX magic and version) at the
+ // start of the APK
+ assertInstallFailsWithError("v1-only-starts-with-dex-magic.apk", error);
+ assertInstallFailsWithError("v2-only-starts-with-dex-magic.apk", error);
+ }
+
private void assertInstallSucceeds(String apkFilenameInResources) throws Exception {
String installResult = installPackageFromResource(apkFilenameInResources);
if (installResult != null) {
diff --git a/libs/commonutil/src/com/android/cts/util/SecurityTest.java b/libs/commonutil/src/com/android/cts/util/SecurityTest.java
new file mode 100644
index 0000000..cc1d08f
--- /dev/null
+++ b/libs/commonutil/src/com/android/cts/util/SecurityTest.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.cts.util;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Marks the type of test with purpose of evaluating security vulnerabilities.
+ *
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.METHOD, ElementType.TYPE})
+public @interface SecurityTest {
+
+}
diff --git a/tests/tests/graphics/assets/out_of_unicode_end_cmap12.ttf b/tests/tests/graphics/assets/out_of_unicode_end_cmap12.ttf
new file mode 100644
index 0000000..9d7c121
--- /dev/null
+++ b/tests/tests/graphics/assets/out_of_unicode_end_cmap12.ttf
Binary files differ
diff --git a/tests/tests/graphics/assets/out_of_unicode_end_cmap12.ttx b/tests/tests/graphics/assets/out_of_unicode_end_cmap12.ttx
new file mode 100644
index 0000000..392c790
--- /dev/null
+++ b/tests/tests/graphics/assets/out_of_unicode_end_cmap12.ttx
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (C) 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<ttFont sfntVersion="\x00\x01\x00\x00" ttLibVersion="3.0">
+
+ <GlyphOrder>
+ <GlyphID id="0" name=".notdef"/>
+ <GlyphID id="1" name="a"/>
+ <GlyphID id="2" name="b"/>
+ </GlyphOrder>
+
+ <head>
+ <tableVersion value="1.0"/>
+ <fontRevision value="1.0"/>
+ <checkSumAdjustment value="0x640cdb2f"/>
+ <magicNumber value="0x5f0f3cf5"/>
+ <flags value="00000000 00000011"/>
+ <unitsPerEm value="1000"/>
+ <created value="Fri Mar 17 07:26:00 2017"/>
+ <macStyle value="00000000 00000000"/>
+ <lowestRecPPEM value="7"/>
+ <fontDirectionHint value="2"/>
+ <glyphDataFormat value="0"/>
+ </head>
+
+ <hhea>
+ <tableVersion value="0x00010000"/>
+ <ascent value="1000"/>
+ <descent value="-200"/>
+ <lineGap value="0"/>
+ <caretSlopeRise value="1"/>
+ <caretSlopeRun value="0"/>
+ <caretOffset value="0"/>
+ <reserved0 value="0"/>
+ <reserved1 value="0"/>
+ <reserved2 value="0"/>
+ <reserved3 value="0"/>
+ <metricDataFormat value="0"/>
+ </hhea>
+
+ <maxp>
+ <tableVersion value="0x10000"/>
+ <maxZones value="0"/>
+ <maxTwilightPoints value="0"/>
+ <maxStorage value="0"/>
+ <maxFunctionDefs value="0"/>
+ <maxInstructionDefs value="0"/>
+ <maxStackElements value="0"/>
+ <maxSizeOfInstructions value="0"/>
+ <maxComponentElements value="0"/>
+ </maxp>
+
+ <OS_2>
+ <!-- The fields 'usFirstCharIndex' and 'usLastCharIndex'
+ will be recalculated by the compiler -->
+ <version value="3"/>
+ <xAvgCharWidth value="594"/>
+ <usWeightClass value="400"/>
+ <usWidthClass value="5"/>
+ <fsType value="00000000 00001000"/>
+ <ySubscriptXSize value="650"/>
+ <ySubscriptYSize value="600"/>
+ <ySubscriptXOffset value="0"/>
+ <ySubscriptYOffset value="75"/>
+ <ySuperscriptXSize value="650"/>
+ <ySuperscriptYSize value="600"/>
+ <ySuperscriptXOffset value="0"/>
+ <ySuperscriptYOffset value="350"/>
+ <yStrikeoutSize value="50"/>
+ <yStrikeoutPosition value="300"/>
+ <sFamilyClass value="0"/>
+ <panose>
+ <bFamilyType value="0"/>
+ <bSerifStyle value="0"/>
+ <bWeight value="5"/>
+ <bProportion value="0"/>
+ <bContrast value="0"/>
+ <bStrokeVariation value="0"/>
+ <bArmStyle value="0"/>
+ <bLetterForm value="0"/>
+ <bMidline value="0"/>
+ <bXHeight value="0"/>
+ </panose>
+ <ulUnicodeRange1 value="00000000 00000000 00000000 00000001"/>
+ <ulUnicodeRange2 value="00000000 00000000 00000000 00000000"/>
+ <ulUnicodeRange3 value="00000000 00000000 00000000 00000000"/>
+ <ulUnicodeRange4 value="00000000 00000000 00000000 00000000"/>
+ <achVendID value="UKWN"/>
+ <fsSelection value="00000000 01000000"/>
+ <usFirstCharIndex value="32"/>
+ <usLastCharIndex value="122"/>
+ <sTypoAscender value="800"/>
+ <sTypoDescender value="-200"/>
+ <sTypoLineGap value="200"/>
+ <usWinAscent value="1000"/>
+ <usWinDescent value="200"/>
+ <ulCodePageRange1 value="00000000 00000000 00000000 00000001"/>
+ <ulCodePageRange2 value="00000000 00000000 00000000 00000000"/>
+ <sxHeight value="500"/>
+ <sCapHeight value="700"/>
+ <usDefaultChar value="0"/>
+ <usBreakChar value="32"/>
+ <usMaxContext value="0"/>
+ </OS_2>
+
+ <hmtx>
+ <mtx name=".notdef" width="500" lsb="93"/>
+ <mtx name="a" width="3000" lsb="93"/>
+ <mtx name="b" width="3000" lsb="93"/>
+ </hmtx>
+
+ <cmap>
+ <tableVersion version="0"/>
+ <cmap_format_12 format="12" reserved="0" length="0" nGroups="1" platformID="3" platEncID="10" language="0">
+ <!-- Note that following hexcode is pseudo ttx source.
+ You may want to see hexdump of out_of_unicode_end_cmap12.ttf -->
+ <hexdata>
+ 00 0c <!-- format: 12 -->
+ 00 00 <!-- reserved -->
+ 00 00 00 1c <!-- length: 28 bytes -->
+ 00 00 00 00 <!-- langauge -->
+ 00 00 00 01 <!-- num of groups -->
+
+ <!-- Bad Font: cmap metadata specifies the encoding is Unicode but the cmap entry exceeds the
+ maximum code point: U+10FFFF. -->
+ <!-- start of the first group -->
+ 00 10 ff ff <!-- start code point -->
+ 00 11 00 00 <!-- end code point -->
+ 00 00 00 01 <!-- start glyph ID -->
+ </hexdata>
+ </cmap_format_12>
+ </cmap>
+
+ <loca>
+ <!-- The 'loca' table will be calculated by the compiler -->
+ </loca>
+
+ <glyf>
+ <TTGlyph name=".notdef" xMin="0" yMin="0" xMax="0" yMax="0" />
+ <TTGlyph name="a" xMin="0" yMin="0" xMax="0" yMax="0" />
+ <TTGlyph name="b" xMin="0" yMin="0" xMax="0" yMax="0" />
+ </glyf>
+
+ <name>
+ <namerecord nameID="0" platformID="3" platEncID="1" langID="0x409">
+ Copyright (C) 2017 The Android Open Source Project
+ </namerecord>
+ <namerecord nameID="1" platformID="3" platEncID="1" langID="0x409">
+ Sample Font
+ </namerecord>
+ <namerecord nameID="2" platformID="3" platEncID="1" langID="0x409">
+ Regular
+ </namerecord>
+ <namerecord nameID="4" platformID="3" platEncID="1" langID="0x409">
+ Sample Font
+ </namerecord>
+ <namerecord nameID="6" platformID="3" platEncID="1" langID="0x409">
+ SampleFont-Regular
+ </namerecord>
+ <namerecord nameID="13" platformID="3" platEncID="1" langID="0x409">
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ </namerecord>
+ <namerecord nameID="14" platformID="3" platEncID="1" langID="0x409">
+ http://www.apache.org/licenses/LICENSE-2.0
+ </namerecord>
+ </name>
+
+ <post>
+ <formatType value="3.0"/>
+ <italicAngle value="0.0"/>
+ <underlinePosition value="-75"/>
+ <underlineThickness value="50"/>
+ <isFixedPitch value="0"/>
+ <minMemType42 value="0"/>
+ <maxMemType42 value="0"/>
+ <minMemType1 value="0"/>
+ <maxMemType1 value="0"/>
+ </post>
+
+</ttFont>
diff --git a/tests/tests/graphics/assets/out_of_unicode_start_cmap12.ttf b/tests/tests/graphics/assets/out_of_unicode_start_cmap12.ttf
new file mode 100644
index 0000000..7d48357
--- /dev/null
+++ b/tests/tests/graphics/assets/out_of_unicode_start_cmap12.ttf
Binary files differ
diff --git a/tests/tests/graphics/assets/out_of_unicode_start_cmap12.ttx b/tests/tests/graphics/assets/out_of_unicode_start_cmap12.ttx
new file mode 100644
index 0000000..26426bd
--- /dev/null
+++ b/tests/tests/graphics/assets/out_of_unicode_start_cmap12.ttx
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (C) 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<ttFont sfntVersion="\x00\x01\x00\x00" ttLibVersion="3.0">
+
+ <GlyphOrder>
+ <GlyphID id="0" name=".notdef"/>
+ <GlyphID id="1" name="a"/>
+ <GlyphID id="2" name="b"/>
+ </GlyphOrder>
+
+ <head>
+ <tableVersion value="1.0"/>
+ <fontRevision value="1.0"/>
+ <checkSumAdjustment value="0x640cdb2f"/>
+ <magicNumber value="0x5f0f3cf5"/>
+ <flags value="00000000 00000011"/>
+ <unitsPerEm value="1000"/>
+ <created value="Fri Mar 17 07:26:00 2017"/>
+ <macStyle value="00000000 00000000"/>
+ <lowestRecPPEM value="7"/>
+ <fontDirectionHint value="2"/>
+ <glyphDataFormat value="0"/>
+ </head>
+
+ <hhea>
+ <tableVersion value="0x00010000"/>
+ <ascent value="1000"/>
+ <descent value="-200"/>
+ <lineGap value="0"/>
+ <caretSlopeRise value="1"/>
+ <caretSlopeRun value="0"/>
+ <caretOffset value="0"/>
+ <reserved0 value="0"/>
+ <reserved1 value="0"/>
+ <reserved2 value="0"/>
+ <reserved3 value="0"/>
+ <metricDataFormat value="0"/>
+ </hhea>
+
+ <maxp>
+ <tableVersion value="0x10000"/>
+ <maxZones value="0"/>
+ <maxTwilightPoints value="0"/>
+ <maxStorage value="0"/>
+ <maxFunctionDefs value="0"/>
+ <maxInstructionDefs value="0"/>
+ <maxStackElements value="0"/>
+ <maxSizeOfInstructions value="0"/>
+ <maxComponentElements value="0"/>
+ </maxp>
+
+ <OS_2>
+ <!-- The fields 'usFirstCharIndex' and 'usLastCharIndex'
+ will be recalculated by the compiler -->
+ <version value="3"/>
+ <xAvgCharWidth value="594"/>
+ <usWeightClass value="400"/>
+ <usWidthClass value="5"/>
+ <fsType value="00000000 00001000"/>
+ <ySubscriptXSize value="650"/>
+ <ySubscriptYSize value="600"/>
+ <ySubscriptXOffset value="0"/>
+ <ySubscriptYOffset value="75"/>
+ <ySuperscriptXSize value="650"/>
+ <ySuperscriptYSize value="600"/>
+ <ySuperscriptXOffset value="0"/>
+ <ySuperscriptYOffset value="350"/>
+ <yStrikeoutSize value="50"/>
+ <yStrikeoutPosition value="300"/>
+ <sFamilyClass value="0"/>
+ <panose>
+ <bFamilyType value="0"/>
+ <bSerifStyle value="0"/>
+ <bWeight value="5"/>
+ <bProportion value="0"/>
+ <bContrast value="0"/>
+ <bStrokeVariation value="0"/>
+ <bArmStyle value="0"/>
+ <bLetterForm value="0"/>
+ <bMidline value="0"/>
+ <bXHeight value="0"/>
+ </panose>
+ <ulUnicodeRange1 value="00000000 00000000 00000000 00000001"/>
+ <ulUnicodeRange2 value="00000000 00000000 00000000 00000000"/>
+ <ulUnicodeRange3 value="00000000 00000000 00000000 00000000"/>
+ <ulUnicodeRange4 value="00000000 00000000 00000000 00000000"/>
+ <achVendID value="UKWN"/>
+ <fsSelection value="00000000 01000000"/>
+ <usFirstCharIndex value="32"/>
+ <usLastCharIndex value="122"/>
+ <sTypoAscender value="800"/>
+ <sTypoDescender value="-200"/>
+ <sTypoLineGap value="200"/>
+ <usWinAscent value="1000"/>
+ <usWinDescent value="200"/>
+ <ulCodePageRange1 value="00000000 00000000 00000000 00000001"/>
+ <ulCodePageRange2 value="00000000 00000000 00000000 00000000"/>
+ <sxHeight value="500"/>
+ <sCapHeight value="700"/>
+ <usDefaultChar value="0"/>
+ <usBreakChar value="32"/>
+ <usMaxContext value="0"/>
+ </OS_2>
+
+ <hmtx>
+ <mtx name=".notdef" width="500" lsb="93"/>
+ <mtx name="a" width="3000" lsb="93"/>
+ <mtx name="b" width="3000" lsb="93"/>
+ </hmtx>
+
+ <cmap>
+ <tableVersion version="0"/>
+ <cmap_format_12 format="12" reserved="0" length="0" nGroups="1" platformID="3" platEncID="10" language="0">
+ <!-- Note that following hexcode is pseudo ttx source.
+ You may want to see hexdump of out_of_unicode_start_cmap12.ttf -->
+ <hexdata>
+ 00 0c <!-- format: 12 -->
+ 00 00 <!-- reserved -->
+ 00 00 00 1c <!-- length: 28 bytes -->
+ 00 00 00 00 <!-- langauge -->
+ 00 00 00 01 <!-- num of groups -->
+
+ <!-- Bad Font: cmap metadata specifies the encoding is Unicode but the cmap entry exceeds the maximum
+ code point: U+10FFFF. -->
+ <!-- start of the first group -->
+ 00 11 00 00 <!-- start code point -->
+ 00 11 00 00 <!-- end code point -->
+ 00 00 00 01 <!-- start glyph ID -->
+ </hexdata>
+ </cmap_format_12>
+ </cmap>
+
+ <loca>
+ <!-- The 'loca' table will be calculated by the compiler -->
+ </loca>
+
+ <glyf>
+ <TTGlyph name=".notdef" xMin="0" yMin="0" xMax="0" yMax="0" />
+ <TTGlyph name="a" xMin="0" yMin="0" xMax="0" yMax="0" />
+ <TTGlyph name="b" xMin="0" yMin="0" xMax="0" yMax="0" />
+ </glyf>
+
+ <name>
+ <namerecord nameID="0" platformID="3" platEncID="1" langID="0x409">
+ Copyright (C) 2017 The Android Open Source Project
+ </namerecord>
+ <namerecord nameID="1" platformID="3" platEncID="1" langID="0x409">
+ Sample Font
+ </namerecord>
+ <namerecord nameID="2" platformID="3" platEncID="1" langID="0x409">
+ Regular
+ </namerecord>
+ <namerecord nameID="4" platformID="3" platEncID="1" langID="0x409">
+ Sample Font
+ </namerecord>
+ <namerecord nameID="6" platformID="3" platEncID="1" langID="0x409">
+ SampleFont-Regular
+ </namerecord>
+ <namerecord nameID="13" platformID="3" platEncID="1" langID="0x409">
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ </namerecord>
+ <namerecord nameID="14" platformID="3" platEncID="1" langID="0x409">
+ http://www.apache.org/licenses/LICENSE-2.0
+ </namerecord>
+ </name>
+
+ <post>
+ <formatType value="3.0"/>
+ <italicAngle value="0.0"/>
+ <underlinePosition value="-75"/>
+ <underlineThickness value="50"/>
+ <isFixedPitch value="0"/>
+ <minMemType42 value="0"/>
+ <maxMemType42 value="0"/>
+ <minMemType1 value="0"/>
+ <maxMemType1 value="0"/>
+ </post>
+
+</ttFont>
diff --git a/tests/tests/graphics/assets/too_large_end_cmap12.ttf b/tests/tests/graphics/assets/too_large_end_cmap12.ttf
new file mode 100644
index 0000000..eb0e563
--- /dev/null
+++ b/tests/tests/graphics/assets/too_large_end_cmap12.ttf
Binary files differ
diff --git a/tests/tests/graphics/assets/too_large_end_cmap12.ttx b/tests/tests/graphics/assets/too_large_end_cmap12.ttx
new file mode 100644
index 0000000..7324fbe
--- /dev/null
+++ b/tests/tests/graphics/assets/too_large_end_cmap12.ttx
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (C) 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<ttFont sfntVersion="\x00\x01\x00\x00" ttLibVersion="3.0">
+
+ <GlyphOrder>
+ <GlyphID id="0" name=".notdef"/>
+ <GlyphID id="1" name="a"/>
+ <GlyphID id="2" name="b"/>
+ </GlyphOrder>
+
+ <head>
+ <tableVersion value="1.0"/>
+ <fontRevision value="1.0"/>
+ <checkSumAdjustment value="0x640cdb2f"/>
+ <magicNumber value="0x5f0f3cf5"/>
+ <flags value="00000000 00000011"/>
+ <unitsPerEm value="1000"/>
+ <created value="Fri Mar 17 07:26:00 2017"/>
+ <macStyle value="00000000 00000000"/>
+ <lowestRecPPEM value="7"/>
+ <fontDirectionHint value="2"/>
+ <glyphDataFormat value="0"/>
+ </head>
+
+ <hhea>
+ <tableVersion value="0x00010000"/>
+ <ascent value="1000"/>
+ <descent value="-200"/>
+ <lineGap value="0"/>
+ <caretSlopeRise value="1"/>
+ <caretSlopeRun value="0"/>
+ <caretOffset value="0"/>
+ <reserved0 value="0"/>
+ <reserved1 value="0"/>
+ <reserved2 value="0"/>
+ <reserved3 value="0"/>
+ <metricDataFormat value="0"/>
+ </hhea>
+
+ <maxp>
+ <tableVersion value="0x10000"/>
+ <maxZones value="0"/>
+ <maxTwilightPoints value="0"/>
+ <maxStorage value="0"/>
+ <maxFunctionDefs value="0"/>
+ <maxInstructionDefs value="0"/>
+ <maxStackElements value="0"/>
+ <maxSizeOfInstructions value="0"/>
+ <maxComponentElements value="0"/>
+ </maxp>
+
+ <OS_2>
+ <!-- The fields 'usFirstCharIndex' and 'usLastCharIndex'
+ will be recalculated by the compiler -->
+ <version value="3"/>
+ <xAvgCharWidth value="594"/>
+ <usWeightClass value="400"/>
+ <usWidthClass value="5"/>
+ <fsType value="00000000 00001000"/>
+ <ySubscriptXSize value="650"/>
+ <ySubscriptYSize value="600"/>
+ <ySubscriptXOffset value="0"/>
+ <ySubscriptYOffset value="75"/>
+ <ySuperscriptXSize value="650"/>
+ <ySuperscriptYSize value="600"/>
+ <ySuperscriptXOffset value="0"/>
+ <ySuperscriptYOffset value="350"/>
+ <yStrikeoutSize value="50"/>
+ <yStrikeoutPosition value="300"/>
+ <sFamilyClass value="0"/>
+ <panose>
+ <bFamilyType value="0"/>
+ <bSerifStyle value="0"/>
+ <bWeight value="5"/>
+ <bProportion value="0"/>
+ <bContrast value="0"/>
+ <bStrokeVariation value="0"/>
+ <bArmStyle value="0"/>
+ <bLetterForm value="0"/>
+ <bMidline value="0"/>
+ <bXHeight value="0"/>
+ </panose>
+ <ulUnicodeRange1 value="00000000 00000000 00000000 00000001"/>
+ <ulUnicodeRange2 value="00000000 00000000 00000000 00000000"/>
+ <ulUnicodeRange3 value="00000000 00000000 00000000 00000000"/>
+ <ulUnicodeRange4 value="00000000 00000000 00000000 00000000"/>
+ <achVendID value="UKWN"/>
+ <fsSelection value="00000000 01000000"/>
+ <usFirstCharIndex value="32"/>
+ <usLastCharIndex value="122"/>
+ <sTypoAscender value="800"/>
+ <sTypoDescender value="-200"/>
+ <sTypoLineGap value="200"/>
+ <usWinAscent value="1000"/>
+ <usWinDescent value="200"/>
+ <ulCodePageRange1 value="00000000 00000000 00000000 00000001"/>
+ <ulCodePageRange2 value="00000000 00000000 00000000 00000000"/>
+ <sxHeight value="500"/>
+ <sCapHeight value="700"/>
+ <usDefaultChar value="0"/>
+ <usBreakChar value="32"/>
+ <usMaxContext value="0"/>
+ </OS_2>
+
+ <hmtx>
+ <mtx name=".notdef" width="500" lsb="93"/>
+ <mtx name="a" width="3000" lsb="93"/>
+ <mtx name="b" width="3000" lsb="93"/>
+ </hmtx>
+
+ <cmap>
+ <tableVersion version="0"/>
+ <cmap_format_12 format="12" reserved="0" length="0" nGroups="1" platformID="3" platEncID="10" language="0">
+ <!-- Note that following hexcode is pseudo ttx source.
+ You may want to see hexdump of too_large_end_cmap12.ttf -->
+ <hexdata>
+ 00 0c <!-- format: 12 -->
+ 00 00 <!-- reserved -->
+ 00 00 00 1c <!-- length: 28 bytes -->
+ 00 00 00 00 <!-- langauge -->
+ 00 00 00 01 <!-- num of groups -->
+
+ <!-- Bad Font: cmap metadata specifies the encoding is Unicode but the cmap entry exceeds the maximum
+ code point: U+10FFFF. -->
+ <!-- start of the first group -->
+ 00 10 ff ff <!-- start code point -->
+ ff ff ff ff <!-- end code point -->
+ 00 00 00 01 <!-- start glyph ID -->
+ </hexdata>
+ </cmap_format_12>
+ </cmap>
+
+ <loca>
+ <!-- The 'loca' table will be calculated by the compiler -->
+ </loca>
+
+ <glyf>
+ <TTGlyph name=".notdef" xMin="0" yMin="0" xMax="0" yMax="0" />
+ <TTGlyph name="a" xMin="0" yMin="0" xMax="0" yMax="0" />
+ <TTGlyph name="b" xMin="0" yMin="0" xMax="0" yMax="0" />
+ </glyf>
+
+ <name>
+ <namerecord nameID="0" platformID="3" platEncID="1" langID="0x409">
+ Copyright (C) 2017 The Android Open Source Project
+ </namerecord>
+ <namerecord nameID="1" platformID="3" platEncID="1" langID="0x409">
+ Sample Font
+ </namerecord>
+ <namerecord nameID="2" platformID="3" platEncID="1" langID="0x409">
+ Regular
+ </namerecord>
+ <namerecord nameID="4" platformID="3" platEncID="1" langID="0x409">
+ Sample Font
+ </namerecord>
+ <namerecord nameID="6" platformID="3" platEncID="1" langID="0x409">
+ SampleFont-Regular
+ </namerecord>
+ <namerecord nameID="13" platformID="3" platEncID="1" langID="0x409">
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ </namerecord>
+ <namerecord nameID="14" platformID="3" platEncID="1" langID="0x409">
+ http://www.apache.org/licenses/LICENSE-2.0
+ </namerecord>
+ </name>
+
+ <post>
+ <formatType value="3.0"/>
+ <italicAngle value="0.0"/>
+ <underlinePosition value="-75"/>
+ <underlineThickness value="50"/>
+ <isFixedPitch value="0"/>
+ <minMemType42 value="0"/>
+ <maxMemType42 value="0"/>
+ <minMemType1 value="0"/>
+ <maxMemType1 value="0"/>
+ </post>
+
+</ttFont>
diff --git a/tests/tests/graphics/assets/too_large_start_cmap12.ttf b/tests/tests/graphics/assets/too_large_start_cmap12.ttf
new file mode 100644
index 0000000..1ce785a
--- /dev/null
+++ b/tests/tests/graphics/assets/too_large_start_cmap12.ttf
Binary files differ
diff --git a/tests/tests/graphics/assets/too_large_start_cmap12.ttx b/tests/tests/graphics/assets/too_large_start_cmap12.ttx
new file mode 100644
index 0000000..6cefec4
--- /dev/null
+++ b/tests/tests/graphics/assets/too_large_start_cmap12.ttx
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (C) 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<ttFont sfntVersion="\x00\x01\x00\x00" ttLibVersion="3.0">
+
+ <GlyphOrder>
+ <GlyphID id="0" name=".notdef"/>
+ <GlyphID id="1" name="a"/>
+ <GlyphID id="2" name="b"/>
+ </GlyphOrder>
+
+ <head>
+ <tableVersion value="1.0"/>
+ <fontRevision value="1.0"/>
+ <checkSumAdjustment value="0x640cdb2f"/>
+ <magicNumber value="0x5f0f3cf5"/>
+ <flags value="00000000 00000011"/>
+ <unitsPerEm value="1000"/>
+ <created value="Fri Mar 17 07:26:00 2017"/>
+ <macStyle value="00000000 00000000"/>
+ <lowestRecPPEM value="7"/>
+ <fontDirectionHint value="2"/>
+ <glyphDataFormat value="0"/>
+ </head>
+
+ <hhea>
+ <tableVersion value="0x00010000"/>
+ <ascent value="1000"/>
+ <descent value="-200"/>
+ <lineGap value="0"/>
+ <caretSlopeRise value="1"/>
+ <caretSlopeRun value="0"/>
+ <caretOffset value="0"/>
+ <reserved0 value="0"/>
+ <reserved1 value="0"/>
+ <reserved2 value="0"/>
+ <reserved3 value="0"/>
+ <metricDataFormat value="0"/>
+ </hhea>
+
+ <maxp>
+ <tableVersion value="0x10000"/>
+ <maxZones value="0"/>
+ <maxTwilightPoints value="0"/>
+ <maxStorage value="0"/>
+ <maxFunctionDefs value="0"/>
+ <maxInstructionDefs value="0"/>
+ <maxStackElements value="0"/>
+ <maxSizeOfInstructions value="0"/>
+ <maxComponentElements value="0"/>
+ </maxp>
+
+ <OS_2>
+ <!-- The fields 'usFirstCharIndex' and 'usLastCharIndex'
+ will be recalculated by the compiler -->
+ <version value="3"/>
+ <xAvgCharWidth value="594"/>
+ <usWeightClass value="400"/>
+ <usWidthClass value="5"/>
+ <fsType value="00000000 00001000"/>
+ <ySubscriptXSize value="650"/>
+ <ySubscriptYSize value="600"/>
+ <ySubscriptXOffset value="0"/>
+ <ySubscriptYOffset value="75"/>
+ <ySuperscriptXSize value="650"/>
+ <ySuperscriptYSize value="600"/>
+ <ySuperscriptXOffset value="0"/>
+ <ySuperscriptYOffset value="350"/>
+ <yStrikeoutSize value="50"/>
+ <yStrikeoutPosition value="300"/>
+ <sFamilyClass value="0"/>
+ <panose>
+ <bFamilyType value="0"/>
+ <bSerifStyle value="0"/>
+ <bWeight value="5"/>
+ <bProportion value="0"/>
+ <bContrast value="0"/>
+ <bStrokeVariation value="0"/>
+ <bArmStyle value="0"/>
+ <bLetterForm value="0"/>
+ <bMidline value="0"/>
+ <bXHeight value="0"/>
+ </panose>
+ <ulUnicodeRange1 value="00000000 00000000 00000000 00000001"/>
+ <ulUnicodeRange2 value="00000000 00000000 00000000 00000000"/>
+ <ulUnicodeRange3 value="00000000 00000000 00000000 00000000"/>
+ <ulUnicodeRange4 value="00000000 00000000 00000000 00000000"/>
+ <achVendID value="UKWN"/>
+ <fsSelection value="00000000 01000000"/>
+ <usFirstCharIndex value="32"/>
+ <usLastCharIndex value="122"/>
+ <sTypoAscender value="800"/>
+ <sTypoDescender value="-200"/>
+ <sTypoLineGap value="200"/>
+ <usWinAscent value="1000"/>
+ <usWinDescent value="200"/>
+ <ulCodePageRange1 value="00000000 00000000 00000000 00000001"/>
+ <ulCodePageRange2 value="00000000 00000000 00000000 00000000"/>
+ <sxHeight value="500"/>
+ <sCapHeight value="700"/>
+ <usDefaultChar value="0"/>
+ <usBreakChar value="32"/>
+ <usMaxContext value="0"/>
+ </OS_2>
+
+ <hmtx>
+ <mtx name=".notdef" width="500" lsb="93"/>
+ <mtx name="a" width="3000" lsb="93"/>
+ <mtx name="b" width="3000" lsb="93"/>
+ </hmtx>
+
+ <cmap>
+ <tableVersion version="0"/>
+ <cmap_format_12 format="12" reserved="0" length="0" nGroups="1" platformID="3" platEncID="10" language="0">
+ <!-- Note that following hexcode is pseudo ttx source.
+ You may want to see hexdump of too_large_start_cmap12.ttf -->
+ <hexdata>
+ 00 0c <!-- format: 12 -->
+ 00 00 <!-- reserved -->
+ 00 00 00 1c <!-- length: 28 bytes -->
+ 00 00 00 00 <!-- langauge -->
+ 00 00 00 01 <!-- num of groups -->
+
+ <!-- Bad Font: cmap metadata specifies the encoding is Unicode but the cmap entry exceeds the maximum
+ code point: U+10FFFF. -->
+ <!-- start of the first group -->
+ ff ff ff ff <!-- start code point -->
+ ff ff ff ff <!-- end code point -->
+ 00 00 00 01 <!-- start glyph ID -->
+ </hexdata>
+ </cmap_format_12>
+ </cmap>
+
+ <loca>
+ <!-- The 'loca' table will be calculated by the compiler -->
+ </loca>
+
+ <glyf>
+ <TTGlyph name=".notdef" xMin="0" yMin="0" xMax="0" yMax="0" />
+ <TTGlyph name="a" xMin="0" yMin="0" xMax="0" yMax="0" />
+ <TTGlyph name="b" xMin="0" yMin="0" xMax="0" yMax="0" />
+ </glyf>
+
+ <name>
+ <namerecord nameID="0" platformID="3" platEncID="1" langID="0x409">
+ Copyright (C) 2017 The Android Open Source Project
+ </namerecord>
+ <namerecord nameID="1" platformID="3" platEncID="1" langID="0x409">
+ Sample Font
+ </namerecord>
+ <namerecord nameID="2" platformID="3" platEncID="1" langID="0x409">
+ Regular
+ </namerecord>
+ <namerecord nameID="4" platformID="3" platEncID="1" langID="0x409">
+ Sample Font
+ </namerecord>
+ <namerecord nameID="6" platformID="3" platEncID="1" langID="0x409">
+ SampleFont-Regular
+ </namerecord>
+ <namerecord nameID="13" platformID="3" platEncID="1" langID="0x409">
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ </namerecord>
+ <namerecord nameID="14" platformID="3" platEncID="1" langID="0x409">
+ http://www.apache.org/licenses/LICENSE-2.0
+ </namerecord>
+ </name>
+
+ <post>
+ <formatType value="3.0"/>
+ <italicAngle value="0.0"/>
+ <underlinePosition value="-75"/>
+ <underlineThickness value="50"/>
+ <isFixedPitch value="0"/>
+ <minMemType42 value="0"/>
+ <maxMemType42 value="0"/>
+ <minMemType1 value="0"/>
+ <maxMemType1 value="0"/>
+ </post>
+
+</ttFont>
diff --git a/tests/tests/graphics/src/android/graphics/cts/TypefaceTest.java b/tests/tests/graphics/src/android/graphics/cts/TypefaceTest.java
index 2c35952..f4aab94 100644
--- a/tests/tests/graphics/src/android/graphics/cts/TypefaceTest.java
+++ b/tests/tests/graphics/src/android/graphics/cts/TypefaceTest.java
@@ -221,6 +221,21 @@
typeface3, typeface4);
}
+ public void testInvalidCmapFont_tooLargeCodePoints() {
+ // Following three font doen't have any coverage between U+0000..U+10FFFF. Just make sure
+ // they don't crash us.
+ final String[] INVALID_CMAP_FONTS = {
+ "out_of_unicode_start_cmap12.ttf",
+ "out_of_unicode_end_cmap12.ttf",
+ "too_large_start_cmap12.ttf",
+ "too_large_end_cmap12.ttf",
+ };
+ for (final String file : INVALID_CMAP_FONTS) {
+ final Typeface typeface = Typeface.createFromAsset(mContext.getAssets(), file);
+ assertNotNull(typeface);
+ }
+ }
+
public void testInvalidCmapFont_unsortedEntries() {
// Following two font files have glyph for U+0400 and U+0100 but the fonts must not be used
// due to invalid cmap data. For more details, see each ttx source file.
diff --git a/tests/tests/media/src/android/media/cts/AudioManagerTest.java b/tests/tests/media/src/android/media/cts/AudioManagerTest.java
index c6f740d..084b19f 100644
--- a/tests/tests/media/src/android/media/cts/AudioManagerTest.java
+++ b/tests/tests/media/src/android/media/cts/AudioManagerTest.java
@@ -47,6 +47,9 @@
import android.test.InstrumentationTestCase;
import android.view.SoundEffectConstants;
+import java.util.HashMap;
+import java.util.Map;
+
public class AudioManagerTest extends InstrumentationTestCase {
private final static int MP3_TO_PLAY = R.raw.testmp3;
@@ -59,6 +62,9 @@
private boolean mIsTelevision;
private Context mContext;
+ private int mOriginalRingerMode;
+ private Map<Integer, Integer> mOriginalStreamVolumes = new HashMap<>();
+
@Override
protected void setUp() throws Exception {
super.setUp();
@@ -74,6 +80,39 @@
mIsTelevision = packageManager != null
&& (packageManager.hasSystemFeature(PackageManager.FEATURE_LEANBACK)
|| packageManager.hasSystemFeature(PackageManager.FEATURE_TELEVISION));
+
+ // Store the original volumes that that they can be recovered in tearDown().
+ final int[] streamTypes = {
+ AudioManager.STREAM_VOICE_CALL,
+ AudioManager.STREAM_SYSTEM,
+ AudioManager.STREAM_RING,
+ AudioManager.STREAM_MUSIC,
+ AudioManager.STREAM_ALARM,
+ AudioManager.STREAM_NOTIFICATION,
+ AudioManager.STREAM_DTMF,
+ };
+ mOriginalRingerMode = mAudioManager.getRingerMode();
+ for (int streamType : streamTypes) {
+ mOriginalStreamVolumes.put(streamType, mAudioManager.getStreamVolume(streamType));
+ }
+ }
+
+ @Override
+ protected void tearDown() throws Exception {
+ try {
+ Utils.toggleNotificationPolicyAccess(
+ mContext.getPackageName(), getInstrumentation(), true);
+
+ // Recover the volume and the ringer mode that the test may have overwritten.
+ for (Map.Entry<Integer, Integer> e : mOriginalStreamVolumes.entrySet()) {
+ mAudioManager.setStreamVolume(e.getKey(), e.getValue(),
+ AudioManager.FLAG_ALLOW_RINGER_MODES);
+ }
+ mAudioManager.setRingerMode(mOriginalRingerMode);
+ } finally {
+ Utils.toggleNotificationPolicyAccess(
+ mContext.getPackageName(), getInstrumentation(), false);
+ }
}
public void testMicrophoneMute() throws Exception {
diff --git a/tests/tests/media/src/android/media/cts/MediaPlayerTest.java b/tests/tests/media/src/android/media/cts/MediaPlayerTest.java
index dee7e20..3f0cc39 100644
--- a/tests/tests/media/src/android/media/cts/MediaPlayerTest.java
+++ b/tests/tests/media/src/android/media/cts/MediaPlayerTest.java
@@ -104,10 +104,6 @@
}
}
- public void testonInputBufferFilledSigsegv() throws Exception {
- testIfMediaServerDied(R.raw.on_input_buffer_filled_sigsegv);
- }
-
public void testFlacHeapOverflow() throws Exception {
testIfMediaServerDied(R.raw.heap_oob_flac);
}
diff --git a/tests/tests/permission2/src/android/permission2/cts/PermissionPolicyTest.java b/tests/tests/permission2/src/android/permission2/cts/PermissionPolicyTest.java
index 1e72ad1..11f16ec 100644
--- a/tests/tests/permission2/src/android/permission2/cts/PermissionPolicyTest.java
+++ b/tests/tests/permission2/src/android/permission2/cts/PermissionPolicyTest.java
@@ -43,7 +43,7 @@
* Tests for permission policy on the platform.
*/
public class PermissionPolicyTest extends AndroidTestCase {
- private static final Date HIDE_NON_SYSTEM_OVERLAY_WINDOWS_PATCH_DATE = parseDate("2017-09-05");
+ private static final Date HIDE_NON_SYSTEM_OVERLAY_WINDOWS_PATCH_DATE = parseDate("2017-11-01");
private static final String HIDE_NON_SYSTEM_OVERLAY_WINDOWS_PERMISSION
= "android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS";
diff --git a/tests/tests/security/res/raw/b38116746_new.ico b/tests/tests/security/res/raw/b38116746_new.ico
new file mode 100644
index 0000000..35ee5b5
--- /dev/null
+++ b/tests/tests/security/res/raw/b38116746_new.ico
Binary files differ
diff --git a/tests/tests/security/res/raw/b65290323.webp b/tests/tests/security/res/raw/b65290323.webp
new file mode 100644
index 0000000..e4671bb
--- /dev/null
+++ b/tests/tests/security/res/raw/b65290323.webp
Binary files differ
diff --git a/tests/tests/media/res/raw/on_input_buffer_filled_sigsegv.mp4 b/tests/tests/security/res/raw/bug_19779574.mp4
similarity index 100%
rename from tests/tests/media/res/raw/on_input_buffer_filled_sigsegv.mp4
rename to tests/tests/security/res/raw/bug_19779574.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_36215950.mp4 b/tests/tests/security/res/raw/bug_36215950.mp4
new file mode 100644
index 0000000..a58f49e
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_36215950.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_36895511.mp4 b/tests/tests/security/res/raw/bug_36895511.mp4
new file mode 100644
index 0000000..298494b
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_36895511.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_65717533_header_corrupt.mp4 b/tests/tests/security/res/raw/bug_65717533_header_corrupt.mp4
new file mode 100644
index 0000000..c368e40
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_65717533_header_corrupt.mp4
Binary files differ
diff --git a/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java b/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java
index 4d51ea7..714cf7b 100644
--- a/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java
+++ b/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java
@@ -37,4 +37,10 @@
BitmapFactory.decodeStream(inStream);
}
+
+ public void test_b65290323() throws Exception {
+ InputStream exploitImage = new BufferedInputStream(mContext.getResources().openRawResource(
+ R.raw.b65290323));
+ BitmapFactory.decodeStream(exploitImage);
+ }
}
diff --git a/tests/tests/security/src/android/security/cts/BitmapFactorySecurityTests.java b/tests/tests/security/src/android/security/cts/BitmapFactorySecurityTests.java
index c8bfbb1..203db12 100644
--- a/tests/tests/security/src/android/security/cts/BitmapFactorySecurityTests.java
+++ b/tests/tests/security/src/android/security/cts/BitmapFactorySecurityTests.java
@@ -17,30 +17,56 @@
package android.security.cts;
import android.graphics.BitmapFactory;
+import android.os.ParcelFileDescriptor;
import android.platform.test.annotations.SecurityTest;
import android.test.AndroidTestCase;
+import java.io.File;
+import java.io.FileDescriptor;
+import java.io.FileOutputStream;
import java.io.InputStream;
+import java.lang.Exception;
+
import android.security.cts.R;
@SecurityTest
public class BitmapFactorySecurityTests extends AndroidTestCase {
- private InputStream getResource(int resId) {
- InputStream resource = mContext.getResources().openRawResource(R.raw.bug_38116746);
- assertNotNull(resource);
- return resource;
+ private FileDescriptor getResource(int resId) {
+ try {
+ InputStream is = mContext.getResources().openRawResource(resId);
+ assertNotNull(is);
+ File file = File.createTempFile("BitmapFactorySecurityFile" + resId, "img");
+ file.deleteOnExit();
+ FileOutputStream output = new FileOutputStream(file);
+ byte[] buffer = new byte[1024];
+ int readLength;
+ while ((readLength = is.read(buffer)) != -1) {
+ output.write(buffer, 0, readLength);
+ }
+ is.close();
+ output.close();
+ ParcelFileDescriptor pfd = ParcelFileDescriptor.open(file,
+ ParcelFileDescriptor.MODE_READ_ONLY);
+ return pfd.getFileDescriptor();
+ } catch (Exception e) {
+ fail("Could not get resource " + resId + "! " + e);
+ return null;
+ }
}
/**
- * Verifies that decoding a corrupt ICO does not run out of memory.
+ * Verifies that decoding a corrupt ICO does crash.
*/
public void test_android_bug_38116746() {
- InputStream exploitImage = getResource(R.raw.bug_38116746);
+ FileDescriptor exploitImage = getResource(R.raw.bug_38116746);
try {
- BitmapFactory.decodeStream(exploitImage);
+ BitmapFactory.decodeFileDescriptor(exploitImage);
} catch (OutOfMemoryError e) {
fail("OOM attempting to decode ICO");
}
+
+ // This previously crashed in fread. No need to check the output.
+ BitmapFactory.decodeFileDescriptor(getResource(R.raw.b38116746_new));
}
}
diff --git a/tests/tests/security/src/android/security/cts/StagefrightTest.java b/tests/tests/security/src/android/security/cts/StagefrightTest.java
index b4c1309..a58f440 100644
--- a/tests/tests/security/src/android/security/cts/StagefrightTest.java
+++ b/tests/tests/security/src/android/security/cts/StagefrightTest.java
@@ -44,6 +44,9 @@
import android.view.Surface;
import android.webkit.cts.CtsTestServer;
+import com.android.cts.util.SecurityTest;
+
+import java.io.FileInputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.ArrayList;
@@ -188,6 +191,11 @@
before any existing test methods
***********************************************************/
+ @SecurityTest
+ public void testStagefright_bug_65717533() throws Exception {
+ doStagefrightTest(R.raw.bug_65717533_header_corrupt);
+ }
+
public void testStagefright_bug_32873375() throws Exception {
doStagefrightTest(R.raw.bug_32873375);
}
@@ -284,6 +292,10 @@
doStagefrightTest(R.raw.bug_27855419);
}
+ public void testStagefright_bug_19779574() throws Exception {
+ doStagefrightTest(R.raw.bug_19779574);
+ }
+
/***********************************************************
to prevent merge conflicts, add N tests below this comment,
before any existing test methods
@@ -582,6 +594,7 @@
MediaCodecInfo.CodecCapabilities caps = info.getCapabilitiesForType(mime);
if (caps != null) {
matchingCodecs.add(info.getName());
+ Log.i(TAG, "Found matching codec " + info.getName() + " for track " + t);
}
} catch (IllegalArgumentException e) {
// type is not supported
@@ -592,7 +605,12 @@
Log.w(TAG, "no codecs for track " + t + ", type " + mime);
}
// decode this track once with each matching codec
- ex.selectTrack(t);
+ try {
+ ex.selectTrack(t);
+ } catch (IllegalArgumentException e) {
+ Log.w(TAG, "couldn't select track " + t);
+ // continue on with codec initialization anyway, since that might still crash
+ }
for (String codecName: matchingCodecs) {
Log.i(TAG, "Decoding track " + t + " using codec " + codecName);
ex.seekTo(0, MediaExtractor.SEEK_TO_CLOSEST_SYNC);
@@ -777,4 +795,148 @@
t.stopLooper();
t.join(); // wait for thread to exit so we're sure the player was released
}
+
+ public void testBug36215950() throws Exception {
+ doStagefrightTestRawBlob(R.raw.bug_36215950, "video/hevc", 320, 240);
+ }
+
+ public void testBug36895511() throws Exception {
+ doStagefrightTestRawBlob(R.raw.bug_36895511, "video/hevc", 320, 240);
+ }
+
+ private void runWithTimeout(Runnable runner, int timeout) {
+ Thread t = new Thread(runner);
+ t.start();
+ try {
+ t.join(timeout);
+ } catch (InterruptedException e) {
+ fail("operation was interrupted");
+ }
+ if (t.isAlive()) {
+ fail("operation not completed within timeout of " + timeout + "ms");
+ }
+ }
+
+ private void releaseCodec(final MediaCodec codec) {
+ runWithTimeout(new Runnable() {
+ @Override
+ public void run() {
+ codec.release();
+ }
+ }, 5000);
+ }
+
+ private void doStagefrightTestRawBlob(int rid, String mime, int initWidth, int initHeight) throws Exception {
+
+ final MediaPlayerCrashListener mpcl = new MediaPlayerCrashListener();
+ final Context context = getInstrumentation().getContext();
+ final Resources resources = context.getResources();
+
+ LooperThread thr = new LooperThread(new Runnable() {
+ @Override
+ public void run() {
+
+ MediaPlayer mp = new MediaPlayer();
+ mp.setOnErrorListener(mpcl);
+ AssetFileDescriptor fd = null;
+ try {
+ fd = resources.openRawResourceFd(R.raw.good);
+
+ // the onErrorListener won't receive MEDIA_ERROR_SERVER_DIED until
+ // setDataSource has been called
+ mp.setDataSource(fd.getFileDescriptor(),
+ fd.getStartOffset(),
+ fd.getLength());
+ fd.close();
+ } catch (Exception e) {
+ // this is a known-good file, so no failure should occur
+ fail("setDataSource of known-good file failed");
+ }
+
+ synchronized(mpcl) {
+ mpcl.notify();
+ }
+ Looper.loop();
+ mp.release();
+ }
+ });
+ thr.start();
+ // wait until the thread has initialized the MediaPlayer
+ synchronized(mpcl) {
+ mpcl.wait();
+ }
+
+ AssetFileDescriptor fd = resources.openRawResourceFd(rid);
+ byte [] blob = new byte[(int)fd.getLength()];
+ FileInputStream fis = fd.createInputStream();
+ int numRead = fis.read(blob);
+ fis.close();
+ //Log.i("@@@@", "read " + numRead + " bytes");
+
+ // find all the available decoders for this format
+ ArrayList<String> matchingCodecs = new ArrayList<String>();
+ int numCodecs = MediaCodecList.getCodecCount();
+ for (int i = 0; i < numCodecs; i++) {
+ MediaCodecInfo info = MediaCodecList.getCodecInfoAt(i);
+ if (info.isEncoder()) {
+ continue;
+ }
+ try {
+ MediaCodecInfo.CodecCapabilities caps = info.getCapabilitiesForType(mime);
+ if (caps != null) {
+ matchingCodecs.add(info.getName());
+ }
+ } catch (IllegalArgumentException e) {
+ // type is not supported
+ }
+ }
+
+ if (matchingCodecs.size() == 0) {
+ Log.w(TAG, "no codecs for mime type " + mime);
+ }
+ String rname = resources.getResourceEntryName(rid);
+ // decode this blob once with each matching codec
+ for (String codecName: matchingCodecs) {
+ Log.i(TAG, "Decoding blob " + rname + " using codec " + codecName);
+ MediaCodec codec = MediaCodec.createByCodecName(codecName);
+ MediaFormat format = MediaFormat.createVideoFormat(mime, initWidth, initHeight);
+ codec.configure(format, null, null, 0);
+ codec.start();
+
+ try {
+ MediaCodec.BufferInfo info = new MediaCodec.BufferInfo();
+ ByteBuffer [] inputBuffers = codec.getInputBuffers();
+ // enqueue the bad data a number of times, in case
+ // the codec needs multiple buffers to fail.
+ for(int i = 0; i < 64; i++) {
+ int bufidx = codec.dequeueInputBuffer(5000);
+ if (bufidx >= 0) {
+ Log.i(TAG, "got input buffer of size " + inputBuffers[bufidx].capacity());
+ inputBuffers[bufidx].rewind();
+ inputBuffers[bufidx].put(blob, 0, numRead);
+ codec.queueInputBuffer(bufidx, 0, numRead, 0, 0);
+ } else {
+ Log.i(TAG, "no input buffer");
+ }
+ bufidx = codec.dequeueOutputBuffer(info, 5000);
+ if (bufidx >= 0) {
+ Log.i(TAG, "got output buffer");
+ codec.releaseOutputBuffer(bufidx, false);
+ } else {
+ Log.i(TAG, "no output buffer");
+ }
+ }
+ } catch (Exception e) {
+ // ignore, not a security issue
+ } finally {
+ releaseCodec(codec);
+ }
+ }
+
+ String cve = rname.replace("_", "-").toUpperCase();
+ assertFalse("Device *IS* vulnerable to " + cve,
+ mpcl.waitForError() == MediaPlayer.MEDIA_ERROR_SERVER_DIED);
+ thr.stopLooper();
+ thr.join();
+ }
}
diff --git a/tests/vr/src/android/vr/cts/VrCpuTest.java b/tests/vr/src/android/vr/cts/VrCpuTest.java
index f015899..bcacbbb 100644
--- a/tests/vr/src/android/vr/cts/VrCpuTest.java
+++ b/tests/vr/src/android/vr/cts/VrCpuTest.java
@@ -34,12 +34,4 @@
}
}
- public void testHasExclusiveCores() {
- mActivity = getActivity();
- if (mActivity.getPackageManager().hasSystemFeature(
- PackageManager.FEATURE_VR_MODE_HIGH_PERFORMANCE)) {
- int[] excl_cores = Process.getExclusiveCores();
- assertTrue(excl_cores.length >= 1);
- }
- }
}
diff --git a/tests/vr/src/android/vr/cts/VrDisplayTest.java b/tests/vr/src/android/vr/cts/VrDisplayTest.java
index b26f4ed..7479275 100644
--- a/tests/vr/src/android/vr/cts/VrDisplayTest.java
+++ b/tests/vr/src/android/vr/cts/VrDisplayTest.java
@@ -98,24 +98,4 @@
assertTrue(displayHeight >= 1080);
}
- /**
- * Tests that the display dimensions are between 4.7" and 6".
- */
- public void testDisplayDimensions() {
- mActivity = getGlEsActivity(1, 1);
- if (!mActivity.supportsVrHighPerformance())
- return;
-
- WindowManager windowManager = (WindowManager)mActivity.getSystemService(
- Context.WINDOW_SERVICE);
- DisplayMetrics metrics = new DisplayMetrics();
- windowManager.getDefaultDisplay().getRealMetrics(metrics);
-
- double width = metrics.widthPixels / metrics.xdpi;
- double height = metrics.heightPixels / metrics.ydpi;
- double diagonalLength = Math.sqrt(width * width + height * height);
-
- assertTrue(diagonalLength >= 4.7);
- assertTrue(diagonalLength <= 6.);
- }
}
diff --git a/tools/cts-tradefed/Android.mk b/tools/cts-tradefed/Android.mk
index 0ef8a82..ab6e665 100644
--- a/tools/cts-tradefed/Android.mk
+++ b/tools/cts-tradefed/Android.mk
@@ -25,7 +25,7 @@
LOCAL_SUITE_TARGET_ARCH := $(TARGET_ARCH)
LOCAL_SUITE_NAME := CTS
LOCAL_SUITE_FULLNAME := "Compatibility Test Suite"
-LOCAL_SUITE_VERSION := 7.1_r12
+LOCAL_SUITE_VERSION := 7.1_r13
LOCAL_MODULE := cts-tradefed