1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.cts; 18 19 import android.graphics.Bitmap; 20 import android.graphics.Canvas; 21 import android.graphics.Color; 22 import android.graphics.Movie; 23 import android.graphics.Paint; 24 import android.graphics.PorterDuff; 25 import android.graphics.PorterDuffXfermode; 26 import android.platform.test.annotations.SecurityTest; 27 import android.test.AndroidTestCase; 28 29 import java.io.InputStream; 30 31 import android.security.cts.R; 32 33 @SecurityTest 34 public class Movie33897722 extends AndroidTestCase { 35 /** 36 * Verifies that decoding a particular GIF file does not read out out of bounds. 37 * 38 * The image has a color map of size 2, but states that pixels should come from values 39 * larger than 2. Ensure that we do not attempt to read colors from beyond the end of the 40 * color map, which would be reading memory that we do not control, and may be uninitialized. 41 */ 42 public void test_android_bug_33897722() { 43 InputStream exploitImage = mContext.getResources().openRawResource(R.raw.bug_33897722); 44 Movie movie = Movie.decodeStream(exploitImage); 45 assertNotNull(movie); 46 assertEquals(movie.width(), 600); 47 assertEquals(movie.height(), 752); 48 49 // The image has a 10 x 10 frame on top of a transparent background. Only test the 50 // 10 x 10 frame, since the original bug would never have used uninitialized memory 51 // outside of it. 52 Bitmap bitmap = Bitmap.createBitmap(10, 10, Bitmap.Config.ARGB_8888); 53 Canvas canvas = new Canvas(bitmap); 54 55 // Use Src PorterDuff mode, to see exactly what the Movie creates. 56 Paint paint = new Paint(); 57 paint.setXfermode(new PorterDuffXfermode(PorterDuff.Mode.SRC)); 58 59 movie.draw(canvas, 0, 0, paint); 60 61 for (int x = 0; x < 10; x++) { 62 for (int y = 0; y < 10; y++) { 63 assertEquals(bitmap.getPixel(x, y), Color.TRANSPARENT); 64 } 65 } 66 } 67 } 68