gaoyang3513/SDK_RK3288
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,420 Commits 2 Branches 0 Tags
b97cbde9ce43314c71ce2eeeac0ab9e07d059d38
Commit Graph

4 Commits

Author SHA1 Message Date
Firefly
6eb14e89e5 [cts] test if libFLAC is patched against CVE-2014-9028 
Overview of CVE-2014-9028:

Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1
allows remote attackers to execute arbitrary code via a crafted .flac
file.

(source: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9028)

heap_oob_flac has a .mp3 extension to avoid compresstion by aapt. When a
resource file is compressed openRawResourceFd would fail. Please refer
to kNoCompressExt in frameworks/base/tools/aapt/Package.cpp for more
details.

Bug: 23238405
Change-Id: I7c13b19beb83c10fced360537a84b2f053ce8a26
 2016-05-23 20:15:05 +08:00
Firefly
4852cc7100 [cts] From: Firefly <service@t-firefly.com> 
Date: Wed, 30 Sep 2015 18:22:30 +0900
Subject: [PATCH] DO NOT MERGE security: Test OOB arbitrary write at
 AMessage::FromParcel

 Bug: 24123723
 Change-Id: Icf427b0b3ef2e559c38e0a778dfbcbe60e522ef4
 (cherry picked from commit b69bdab25e7f215752a4867661fc8361509ed0a7)

Signed-off-by: Firefly <service@t-firefly.com>
 2016-05-23 20:14:59 +08:00
Firefly
b8b8a7b243 [cts] CTS: check non-zygote apps are not debuggable 
Adds an hostside-like CTS test running a Java app (jar file) from
app_process, without forking from zygote, and checks it is not
debuggable (having no JDWP connection) using 'adb jdwp' command.

Bug: 23050463

(cherry picked from commit e37f4b4f078394e183547a8a913fd12e69c08cd7)

Change-Id: I5300ccff6ad3c202289f7dad0aa8789f69124c23
 2015-12-31 15:59:05 +08:00
Firefly
93013a6efc Commit of manifest rk312x_android5.1_rel_v1.02_0423.xml 2015-05-20 17:06:22 +08:00