• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.cts;
18 
19 import android.platform.test.annotations.AsbSecurityTest;
20 
21 import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
22 import com.android.sts.common.util.TombstoneUtils;
23 import com.android.sts.common.util.TombstoneUtils.Config.BacktraceFilterPattern;
24 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
25 
26 import org.junit.Test;
27 import org.junit.runner.RunWith;
28 
29 import java.util.Arrays;
30 
31 @RunWith(DeviceJUnit4ClassRunner.class)
32 public class CVE_2021_39804 extends NonRootSecurityTestCase {
33 
34     /**
35      * b/215002587
36      * Vulnerability Behaviour: SIGSEGV in self
37      * Vulnerable Library: libheif (As per AOSP code)
38      * Vulnerable Function: reinit (As per AOSP code)
39      */
40     @AsbSecurityTest(cveBugId = 215002587)
41     @Test
testPocCVE_2021_39804()42     public void testPocCVE_2021_39804() throws Exception {
43         String inputFiles[] = {"cve_2021_39804.heif"};
44         String binaryName = "CVE-2021-39804";
45         String signals[] = {TombstoneUtils.Signals.SIGSEGV};
46         AdbUtils.pocConfig testConfig = new AdbUtils.pocConfig(binaryName, getDevice());
47         testConfig.config =
48                 new TombstoneUtils.Config().setProcessPatterns(binaryName).setBacktraceIncludes(
49                         new BacktraceFilterPattern("libheif", "android::HeifDecoderImpl::reinit"));
50         testConfig.config.setIgnoreLowFaultAddress(false);
51         testConfig.config.setSignals(signals);
52         testConfig.arguments = AdbUtils.TMP_PATH + inputFiles[0];
53         testConfig.inputFiles = Arrays.asList(inputFiles);
54         testConfig.inputFilesDestination = AdbUtils.TMP_PATH;
55         AdbUtils.runPocAssertNoCrashesNotVulnerable(testConfig);
56     }
57 }
58