mm-audio: Fix Security Issues

Add validation for input paramters for test
app.

Change-Id: I36c7e1a9af42dede6bb21d4619c3c549fc4f2701

4 files changed, 209 insertions, 3 deletions

diff --git a/mm-audio/aenc-aac/qdsp6/Makefile.am b/mm-audio/aenc-aac/qdsp6/Makefile.am
index cb89ec17..a79ce703 100644
--- a/mm-audio/aenc-aac/qdsp6/Makefile.am
+++ b/mm-audio/aenc-aac/qdsp6/Makefile.am
@@ -29,4 +29,5 @@ libOmxAacEnc_la_LDFLAGS = -shared $(GLIB_LIBS) -avoid-version $(OMXAUDIO_LIBRARY
 
 bin_PROGRAMS = mm-aenc-omxaac-test
 mm_aenc_omxaac_test_SOURCES = ./test/omx_aac_enc_test.c
+mm_aenc_omxaac_test_CFLAGS = -include errno.h -include limits.h
 mm_aenc_omxaac_test_LDADD = -lmm-omxcore -ldl -lpthread -llog libOmxAacEnc.la
diff --git a/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c b/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c
index 8b3adc52..b4b0be87 100644
--- a/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c
+++ b/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c
@@ -268,6 +268,74 @@ static OMX_ERRORTYPE FillBufferDone(OMX_IN OMX_HANDLETYPE hComponent,
                                      OMX_IN OMX_PTR pAppData,
                                      OMX_IN OMX_BUFFERHEADERTYPE* pBuffer);
 static OMX_ERRORTYPE  parse_pcm_header();
+
+typedef enum {
+    UINTMAX = 1,
+    UCHARMAX,
+    USHRTMAX
+}datatype;
+
+int get_input_and_validate(char *input, datatype type)
+{
+    unsigned long int value = 0;
+    char *ptr = NULL;
+    int status = 0;
+
+    errno = 0;
+    ptr = (char *)malloc(strlen(input) + 1);
+    if (ptr == NULL) {
+        DEBUG_PRINT("Low memory\n");
+        status = -1;
+        goto exit;
+    }
+    if (input == NULL){
+        DEBUG_PRINT("No input is given\n");
+        status = -1;
+        goto exit;
+    }
+    /* Check for negative input */
+    if (*input == '-') {
+        DEBUG_PRINT("Negative Number is not allowed\n");
+        status = -1;
+        goto exit;
+    }
+    /* Convert string to unsigned long int */
+    value = strtoul(input, &ptr, 10);
+    if (errno != 0){
+        perror("strtoul");
+        status = errno;
+        goto exit;
+    }
+    /* check if number input is zero or string or string##number or viceversa */
+    if (value == 0 || *ptr != '\0'){
+        DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input);
+        status = -1;
+        goto exit;
+    }
+    /* check for out of range */
+    switch(type) {
+    case 1 :if (value > UINT_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+            }
+            break;
+    case 2 :if (value > UCHAR_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+            }
+            break;
+    case 3 :if (value > USHRT_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+            }
+            break;
+    }
+exit:
+    if (status != 0)
+        exit(0);
+    return value;
+}
+
 void wait_for_event(void)
 {
     pthread_mutex_lock(&lock);
@@ -529,7 +597,7 @@ int main(int argc, char **argv)
       aac_samplerate = (uint32_t)atoi(argv[3]);
       aac_channels = (uint32_t)atoi(argv[4]);
       tunnel  = (uint32_t)atoi(argv[5]);
-      rectime = (uint32_t)atoi(argv[6]);
+      rectime = (uint32_t)get_input_and_validate(argv[6], UINTMAX);
       bitrate = (uint32_t)atoi(argv[7]);
       format =  (uint32_t)atoi(argv[8]);
       profile = (uint32_t)atoi(argv[9]);
diff --git a/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c b/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c
index 63c24cb5..e5f72cc3 100644
--- a/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c
+++ b/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c
@@ -256,6 +256,13 @@ OMX_BUFFERHEADERTYPE  **pOutputBufHdrs = NULL;
 int Init_Encoder(char*);
 int Play_Encoder();
 OMX_STRING aud_comp;
+
+typedef enum {
+    UINTMAX = 1,
+    UCHARMAX,
+    USHRTMAX
+}datatype;
+
 /**************************************************************************/
 /*                STATIC DECLARATIONS                       */
 /**************************************************************************/
@@ -281,6 +288,68 @@ static OMX_ERRORTYPE FillBufferDone(OMX_IN OMX_HANDLETYPE hComponent,
                                      OMX_IN OMX_PTR pAppData,
                                      OMX_IN OMX_BUFFERHEADERTYPE* pBuffer);
 static OMX_ERRORTYPE  parse_pcm_header();
+
+int get_input_and_validate(char *input, datatype type)
+{
+    unsigned long int value = 0;
+    char *ptr = NULL;
+    int status = 0;
+
+    errno = 0;
+    ptr = (char *)malloc(strlen(input) + 1);
+    if (ptr == NULL) {
+        DEBUG_PRINT("Low memory\n");
+        status = -1;
+        goto exit;
+    }
+    if (input == NULL){
+        DEBUG_PRINT("No input is given\n");
+        status = -1;
+        goto exit;
+    }
+    /* Check for negative input */
+    if (*input == '-') {
+        DEBUG_PRINT("Negative Number is not allowed\n");
+        status = -1;
+        goto exit;
+    }
+    /* Convert string to unsigned long int */
+    value = strtoul(input, &ptr, 10);
+    if (errno != 0){
+        perror("strtoul");
+        status = errno;
+        goto exit;
+    }
+    /* check if number input is zero or string or string##number or viceversa */
+    if (value == 0 || *ptr != '\0'){
+        DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input);
+        status = -1;
+        goto exit;
+    }
+    /* check for out of range */
+    switch(type) {
+    case 1 :if (value > UINT_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+            }
+            break;
+    case 2 :if (value > UCHAR_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+                }
+            break;
+    case 3 :if (value > USHRT_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+            }
+            break;
+    }
+exit:
+    if (status != 0)
+        exit(0);
+    return value;
+}
+
 void wait_for_event(void)
 {
     pthread_mutex_lock(&lock);
@@ -565,7 +634,7 @@ int main(int argc, char **argv)
         max_bitrate  = (uint32_t)atoi(argv[5]);
         cdmarate     = (uint32_t)atoi(argv[6]);
         recpath      = (uint32_t)atoi(argv[7]); // No configuration support yet..
-        rectime      = (uint32_t)atoi(argv[8]);
+        rectime      = (uint32_t)get_input_and_validate(argv[8], UINTMAX);
 
     } else {
           DEBUG_PRINT(" invalid format: \n");
diff --git a/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c b/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c
index 8150acb0..a0b39c25 100644
--- a/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c
+++ b/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c
@@ -250,6 +250,12 @@ OMX_COMPONENTTYPE* qcelp13_enc_handle = 0;
 OMX_BUFFERHEADERTYPE  **pInputBufHdrs = NULL;
 OMX_BUFFERHEADERTYPE  **pOutputBufHdrs = NULL;
 
+typedef enum {
+    UINTMAX = 1,
+    UCHARMAX,
+    USHRTMAX
+}datatype;
+
 /************************************************************************/
 /*                GLOBAL FUNC DECL                        */
 /************************************************************************/
@@ -281,6 +287,68 @@ static OMX_ERRORTYPE FillBufferDone(OMX_IN OMX_HANDLETYPE hComponent,
                                      OMX_IN OMX_PTR pAppData,
                                      OMX_IN OMX_BUFFERHEADERTYPE* pBuffer);
 static OMX_ERRORTYPE  parse_pcm_header();
+
+int get_input_and_validate(char *input, datatype type)
+{
+    unsigned long int value = 0;
+    char *ptr = NULL;
+    int status = 0;
+
+    errno = 0;
+    ptr = (char *)malloc(strlen(input) + 1);
+    if (ptr == NULL) {
+        DEBUG_PRINT("Low memory\n");
+        status = -1;
+        goto exit;
+    }
+    if (input == NULL){
+        DEBUG_PRINT("No input is given\n");
+        status = -1;
+        goto exit;
+    }
+    /* Check for negative input */
+    if (*input == '-') {
+        DEBUG_PRINT("Negative Number is not allowed\n");
+        status = -1;
+        goto exit;
+    }
+    /* Convert string to unsigned long int */
+    value = strtoul(input, &ptr, 10);
+    if (errno != 0){
+        perror("strtoul");
+        status = errno;
+        goto exit;
+    }
+    /* check if number input is zero or string or string##number or viceversa */
+    if (value == 0 || *ptr != '\0'){
+        DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input);
+        status = -1;
+        goto exit;
+    }
+    /* check for out of range */
+    switch(type) {
+    case 1 :if (value > UINT_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+            }
+            break;
+    case 2 :if (value > UCHAR_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+            }
+            break;
+    case 3 :if (value > USHRT_MAX) {
+                DEBUG_PRINT("Input is Out of range\n");
+                status = -1;
+            }
+            break;
+    }
+exit:
+    if (status != 0)
+        exit(0);
+    return value;
+}
+
 void wait_for_event(void)
 {
     pthread_mutex_lock(&lock);
@@ -566,7 +634,7 @@ int main(int argc, char **argv)
         max_bitrate  = (uint32_t)atoi(argv[5]);
         cdmarate     = (uint32_t)atoi(argv[6]);
         recpath      = (uint32_t)atoi(argv[7]); // No configuration support yet..
-        rectime      = (uint32_t)atoi(argv[8]);
+        rectime      = (uint32_t)get_input_and_validate(argv[8], UINTMAX);
 
     } else {
           DEBUG_PRINT(" invalid format: \n");