diff options
author | Sachin Mohan Gadag <sgadag@codeaurora.org> | 2017-07-31 15:28:09 +0530 |
---|---|---|
committer | Sachin Mohan Gadag <sgadag@codeaurora.org> | 2017-09-12 19:57:31 +0530 |
commit | 10aefdac16a4a24d12094a4a8c40ace55eaadc79 (patch) | |
tree | 533e329193aaf164957dc3a0fe08b15438d04cca /mm-audio | |
parent | 83382efdec0987d5262c7d3df65f1795b3483254 (diff) | |
download | android_hardware_qcom_audio-10aefdac16a4a24d12094a4a8c40ace55eaadc79.tar.gz android_hardware_qcom_audio-10aefdac16a4a24d12094a4a8c40ace55eaadc79.tar.bz2 android_hardware_qcom_audio-10aefdac16a4a24d12094a4a8c40ace55eaadc79.zip |
mm-audio: Fix Security Issues
Add validation for input paramters for test
app.
Change-Id: I36c7e1a9af42dede6bb21d4619c3c549fc4f2701
Diffstat (limited to 'mm-audio')
-rw-r--r-- | mm-audio/aenc-aac/qdsp6/Makefile.am | 1 | ||||
-rw-r--r-- | mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c | 70 | ||||
-rw-r--r-- | mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c | 71 | ||||
-rw-r--r-- | mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c | 70 |
4 files changed, 209 insertions, 3 deletions
diff --git a/mm-audio/aenc-aac/qdsp6/Makefile.am b/mm-audio/aenc-aac/qdsp6/Makefile.am index cb89ec17..a79ce703 100644 --- a/mm-audio/aenc-aac/qdsp6/Makefile.am +++ b/mm-audio/aenc-aac/qdsp6/Makefile.am @@ -29,4 +29,5 @@ libOmxAacEnc_la_LDFLAGS = -shared $(GLIB_LIBS) -avoid-version $(OMXAUDIO_LIBRARY bin_PROGRAMS = mm-aenc-omxaac-test mm_aenc_omxaac_test_SOURCES = ./test/omx_aac_enc_test.c +mm_aenc_omxaac_test_CFLAGS = -include errno.h -include limits.h mm_aenc_omxaac_test_LDADD = -lmm-omxcore -ldl -lpthread -llog libOmxAacEnc.la diff --git a/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c b/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c index 8b3adc52..b4b0be87 100644 --- a/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c +++ b/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c @@ -268,6 +268,74 @@ static OMX_ERRORTYPE FillBufferDone(OMX_IN OMX_HANDLETYPE hComponent, OMX_IN OMX_PTR pAppData, OMX_IN OMX_BUFFERHEADERTYPE* pBuffer); static OMX_ERRORTYPE parse_pcm_header(); + +typedef enum { + UINTMAX = 1, + UCHARMAX, + USHRTMAX +}datatype; + +int get_input_and_validate(char *input, datatype type) +{ + unsigned long int value = 0; + char *ptr = NULL; + int status = 0; + + errno = 0; + ptr = (char *)malloc(strlen(input) + 1); + if (ptr == NULL) { + DEBUG_PRINT("Low memory\n"); + status = -1; + goto exit; + } + if (input == NULL){ + DEBUG_PRINT("No input is given\n"); + status = -1; + goto exit; + } + /* Check for negative input */ + if (*input == '-') { + DEBUG_PRINT("Negative Number is not allowed\n"); + status = -1; + goto exit; + } + /* Convert string to unsigned long int */ + value = strtoul(input, &ptr, 10); + if (errno != 0){ + perror("strtoul"); + status = errno; + goto exit; + } + /* check if number input is zero or string or string##number or viceversa */ + if (value == 0 || *ptr != '\0'){ + DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input); + status = -1; + goto exit; + } + /* check for out of range */ + switch(type) { + case 1 :if (value > UINT_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + case 2 :if (value > UCHAR_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + case 3 :if (value > USHRT_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + } +exit: + if (status != 0) + exit(0); + return value; +} + void wait_for_event(void) { pthread_mutex_lock(&lock); @@ -529,7 +597,7 @@ int main(int argc, char **argv) aac_samplerate = (uint32_t)atoi(argv[3]); aac_channels = (uint32_t)atoi(argv[4]); tunnel = (uint32_t)atoi(argv[5]); - rectime = (uint32_t)atoi(argv[6]); + rectime = (uint32_t)get_input_and_validate(argv[6], UINTMAX); bitrate = (uint32_t)atoi(argv[7]); format = (uint32_t)atoi(argv[8]); profile = (uint32_t)atoi(argv[9]); diff --git a/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c b/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c index 63c24cb5..e5f72cc3 100644 --- a/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c +++ b/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c @@ -256,6 +256,13 @@ OMX_BUFFERHEADERTYPE **pOutputBufHdrs = NULL; int Init_Encoder(char*); int Play_Encoder(); OMX_STRING aud_comp; + +typedef enum { + UINTMAX = 1, + UCHARMAX, + USHRTMAX +}datatype; + /**************************************************************************/ /* STATIC DECLARATIONS */ /**************************************************************************/ @@ -281,6 +288,68 @@ static OMX_ERRORTYPE FillBufferDone(OMX_IN OMX_HANDLETYPE hComponent, OMX_IN OMX_PTR pAppData, OMX_IN OMX_BUFFERHEADERTYPE* pBuffer); static OMX_ERRORTYPE parse_pcm_header(); + +int get_input_and_validate(char *input, datatype type) +{ + unsigned long int value = 0; + char *ptr = NULL; + int status = 0; + + errno = 0; + ptr = (char *)malloc(strlen(input) + 1); + if (ptr == NULL) { + DEBUG_PRINT("Low memory\n"); + status = -1; + goto exit; + } + if (input == NULL){ + DEBUG_PRINT("No input is given\n"); + status = -1; + goto exit; + } + /* Check for negative input */ + if (*input == '-') { + DEBUG_PRINT("Negative Number is not allowed\n"); + status = -1; + goto exit; + } + /* Convert string to unsigned long int */ + value = strtoul(input, &ptr, 10); + if (errno != 0){ + perror("strtoul"); + status = errno; + goto exit; + } + /* check if number input is zero or string or string##number or viceversa */ + if (value == 0 || *ptr != '\0'){ + DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input); + status = -1; + goto exit; + } + /* check for out of range */ + switch(type) { + case 1 :if (value > UINT_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + case 2 :if (value > UCHAR_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + case 3 :if (value > USHRT_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + } +exit: + if (status != 0) + exit(0); + return value; +} + void wait_for_event(void) { pthread_mutex_lock(&lock); @@ -565,7 +634,7 @@ int main(int argc, char **argv) max_bitrate = (uint32_t)atoi(argv[5]); cdmarate = (uint32_t)atoi(argv[6]); recpath = (uint32_t)atoi(argv[7]); // No configuration support yet.. - rectime = (uint32_t)atoi(argv[8]); + rectime = (uint32_t)get_input_and_validate(argv[8], UINTMAX); } else { DEBUG_PRINT(" invalid format: \n"); diff --git a/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c b/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c index 8150acb0..a0b39c25 100644 --- a/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c +++ b/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c @@ -250,6 +250,12 @@ OMX_COMPONENTTYPE* qcelp13_enc_handle = 0; OMX_BUFFERHEADERTYPE **pInputBufHdrs = NULL; OMX_BUFFERHEADERTYPE **pOutputBufHdrs = NULL; +typedef enum { + UINTMAX = 1, + UCHARMAX, + USHRTMAX +}datatype; + /************************************************************************/ /* GLOBAL FUNC DECL */ /************************************************************************/ @@ -281,6 +287,68 @@ static OMX_ERRORTYPE FillBufferDone(OMX_IN OMX_HANDLETYPE hComponent, OMX_IN OMX_PTR pAppData, OMX_IN OMX_BUFFERHEADERTYPE* pBuffer); static OMX_ERRORTYPE parse_pcm_header(); + +int get_input_and_validate(char *input, datatype type) +{ + unsigned long int value = 0; + char *ptr = NULL; + int status = 0; + + errno = 0; + ptr = (char *)malloc(strlen(input) + 1); + if (ptr == NULL) { + DEBUG_PRINT("Low memory\n"); + status = -1; + goto exit; + } + if (input == NULL){ + DEBUG_PRINT("No input is given\n"); + status = -1; + goto exit; + } + /* Check for negative input */ + if (*input == '-') { + DEBUG_PRINT("Negative Number is not allowed\n"); + status = -1; + goto exit; + } + /* Convert string to unsigned long int */ + value = strtoul(input, &ptr, 10); + if (errno != 0){ + perror("strtoul"); + status = errno; + goto exit; + } + /* check if number input is zero or string or string##number or viceversa */ + if (value == 0 || *ptr != '\0'){ + DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input); + status = -1; + goto exit; + } + /* check for out of range */ + switch(type) { + case 1 :if (value > UINT_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + case 2 :if (value > UCHAR_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + case 3 :if (value > USHRT_MAX) { + DEBUG_PRINT("Input is Out of range\n"); + status = -1; + } + break; + } +exit: + if (status != 0) + exit(0); + return value; +} + void wait_for_event(void) { pthread_mutex_lock(&lock); @@ -566,7 +634,7 @@ int main(int argc, char **argv) max_bitrate = (uint32_t)atoi(argv[5]); cdmarate = (uint32_t)atoi(argv[6]); recpath = (uint32_t)atoi(argv[7]); // No configuration support yet.. - rectime = (uint32_t)atoi(argv[8]); + rectime = (uint32_t)get_input_and_validate(argv[8], UINTMAX); } else { DEBUG_PRINT(" invalid format: \n"); |