1 /**
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 #include <stdlib.h>
17
18 #ifdef TEST_ARM32
19 #include <unistd.h>
20 #include "../includes/common.h"
21
22 #include <string.h>
23 #include <algorithm>
24 #include <vector>
25 #include "vpx/vp8dx.h"
26 #include "vpx/vpx_decoder.h"
27 #include "vpx_ports/mem_ops.h"
28
29 #define IVF_FILE_HDR_SZ 32
30 #define IVF_FRAME_HDR_SZ (4 + 8) /* 4 byte size + 8 byte timestamp */
31
32 FILE *fp = nullptr;
33
exitHandler(void)34 void exitHandler(void) {
35 if (fp) {
36 fclose(fp);
37 }
38 }
39
40 bool testInProgress = false;
41 struct sigaction new_action, old_action;
sigabrt_handler(int32_t signum,siginfo_t * info,void * context)42 void sigabrt_handler(int32_t signum, siginfo_t *info, void* context) {
43 if (testInProgress && info->si_signo == SIGABRT) {
44 (*old_action.sa_sigaction)(signum, info, context);
45 return;
46 }
47 _exit(EXIT_FAILURE);
48 }
49 #endif
50
main(int32_t argc,char ** argv)51 int32_t main(int32_t argc, char **argv) {
52 (void)argc;
53 (void)argv;
54
55 #ifdef TEST_ARM32
56 atexit(exitHandler);
57
58 sigemptyset(&new_action.sa_mask);
59 new_action.sa_flags = SA_SIGINFO;
60 new_action.sa_sigaction = sigabrt_handler;
61 sigaction(SIGABRT, &new_action, &old_action);
62
63 FAIL_CHECK(argc >= 2);
64 fp = fopen(argv[1], "rb");
65 FAIL_CHECK(fp);
66
67 fseek(fp, 0, SEEK_END);
68 size_t size = ftell(fp);
69 fseek(fp, 0, SEEK_SET);
70 FAIL_CHECK(size > IVF_FILE_HDR_SZ);
71
72 std::vector<uint8_t> buffer(size);
73 FAIL_CHECK(fread((void *)buffer.data(), sizeof(uint8_t), size, fp) == size);
74
75 vpx_codec_ctx_t codec;
76 vpx_codec_dec_cfg_t cfg;
77 memset(&cfg, 0, sizeof(vpx_codec_dec_cfg_t));
78 cfg.threads = 1;
79 FAIL_CHECK(vpx_codec_dec_init(&codec, &vpx_codec_vp8_dx_algo, &cfg, 0) == VPX_CODEC_OK);
80
81 uint8_t *data = buffer.data();
82 data += IVF_FILE_HDR_SZ;
83 size -= IVF_FILE_HDR_SZ;
84
85 while (size > IVF_FRAME_HDR_SZ) {
86 size_t frame_size = mem_get_le32(data);
87 size -= IVF_FRAME_HDR_SZ;
88 data += IVF_FRAME_HDR_SZ;
89 frame_size = std::min(size, frame_size);
90
91 testInProgress = true;
92 vpx_codec_decode(&codec, data, frame_size, nullptr, 0);
93 testInProgress = false;
94
95 vpx_codec_iter_t iter = nullptr;
96 vpx_image_t *img = nullptr;
97 while ((img = vpx_codec_get_frame(&codec, &iter)) != nullptr) {
98 if (img->d_w > img->w || img->d_h > img->h) {
99 return EXIT_VULNERABLE;
100 }
101 }
102 data += frame_size;
103 size -= frame_size;
104 }
105 vpx_codec_destroy(&codec);
106 #endif
107
108 return EXIT_SUCCESS;
109 }
110