Home | History | Annotate | Download | only in cts 
      1 /*
      2  * Copyright (C) 2017 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 package android.security.cts;
     18 
     19 import android.graphics.Bitmap;
     20 import android.graphics.Canvas;
     21 import android.graphics.Color;
     22 import android.graphics.Movie;
     23 import android.graphics.Paint;
     24 import android.graphics.PorterDuff;
     25 import android.graphics.PorterDuffXfermode;
     26 import android.platform.test.annotations.SecurityTest;
     27 import android.test.AndroidTestCase;
     28 
     29 import java.io.InputStream;
     30 
     31 import android.security.cts.R;
     32 
     33 @SecurityTest
     34 public class Movie33897722 extends AndroidTestCase {
     35     /**
     36      * Verifies that decoding a particular GIF file does not read out out of bounds.
     37      *
     38      * The image has a color map of size 2, but states that pixels should come from values
     39      * larger than 2. Ensure that we do not attempt to read colors from beyond the end of the
     40      * color map, which would be reading memory that we do not control, and may be uninitialized.
     41      */
     42     public void test_android_bug_33897722() {
     43         InputStream exploitImage = mContext.getResources().openRawResource(R.raw.bug_33897722);
     44         Movie movie = Movie.decodeStream(exploitImage);
     45         assertNotNull(movie);
     46         assertEquals(movie.width(), 600);
     47         assertEquals(movie.height(), 752);
     48 
     49         // The image has a 10 x 10 frame on top of a transparent background. Only test the
     50         // 10 x 10 frame, since the original bug would never have used uninitialized memory
     51         // outside of it.
     52         Bitmap bitmap = Bitmap.createBitmap(10, 10, Bitmap.Config.ARGB_8888);
     53         Canvas canvas = new Canvas(bitmap);
     54 
     55         // Use Src PorterDuff mode, to see exactly what the Movie creates.
     56         Paint paint = new Paint();
     57         paint.setXfermode(new PorterDuffXfermode(PorterDuff.Mode.SRC));
     58 
     59         movie.draw(canvas, 0, 0, paint);
     60 
     61         for (int x = 0; x < 10; x++) {
     62             for (int y = 0; y < 10; y++) {
     63                 assertEquals(bitmap.getPixel(x, y), Color.TRANSPARENT);
     64             }
     65         }
     66     }
     67 }
     68