mm-audio: Fix Security Issues
Add validation for input paramters for test
app.
Change-Id: I36c7e1a9af42dede6bb21d4619c3c549fc4f2701
diff --git a/mm-audio/aenc-aac/qdsp6/Makefile.am b/mm-audio/aenc-aac/qdsp6/Makefile.am
index cb89ec1..a79ce70 100644
--- a/mm-audio/aenc-aac/qdsp6/Makefile.am
+++ b/mm-audio/aenc-aac/qdsp6/Makefile.am
@@ -29,4 +29,5 @@
bin_PROGRAMS = mm-aenc-omxaac-test
mm_aenc_omxaac_test_SOURCES = ./test/omx_aac_enc_test.c
+mm_aenc_omxaac_test_CFLAGS = -include errno.h -include limits.h
mm_aenc_omxaac_test_LDADD = -lmm-omxcore -ldl -lpthread -llog libOmxAacEnc.la
diff --git a/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c b/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c
index 8b3adc5..b4b0be8 100644
--- a/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c
+++ b/mm-audio/aenc-aac/qdsp6/test/omx_aac_enc_test.c
@@ -268,6 +268,74 @@
OMX_IN OMX_PTR pAppData,
OMX_IN OMX_BUFFERHEADERTYPE* pBuffer);
static OMX_ERRORTYPE parse_pcm_header();
+
+typedef enum {
+ UINTMAX = 1,
+ UCHARMAX,
+ USHRTMAX
+}datatype;
+
+int get_input_and_validate(char *input, datatype type)
+{
+ unsigned long int value = 0;
+ char *ptr = NULL;
+ int status = 0;
+
+ errno = 0;
+ ptr = (char *)malloc(strlen(input) + 1);
+ if (ptr == NULL) {
+ DEBUG_PRINT("Low memory\n");
+ status = -1;
+ goto exit;
+ }
+ if (input == NULL){
+ DEBUG_PRINT("No input is given\n");
+ status = -1;
+ goto exit;
+ }
+ /* Check for negative input */
+ if (*input == '-') {
+ DEBUG_PRINT("Negative Number is not allowed\n");
+ status = -1;
+ goto exit;
+ }
+ /* Convert string to unsigned long int */
+ value = strtoul(input, &ptr, 10);
+ if (errno != 0){
+ perror("strtoul");
+ status = errno;
+ goto exit;
+ }
+ /* check if number input is zero or string or string##number or viceversa */
+ if (value == 0 || *ptr != '\0'){
+ DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input);
+ status = -1;
+ goto exit;
+ }
+ /* check for out of range */
+ switch(type) {
+ case 1 :if (value > UINT_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ case 2 :if (value > UCHAR_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ case 3 :if (value > USHRT_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ }
+exit:
+ if (status != 0)
+ exit(0);
+ return value;
+}
+
void wait_for_event(void)
{
pthread_mutex_lock(&lock);
@@ -529,7 +597,7 @@
aac_samplerate = (uint32_t)atoi(argv[3]);
aac_channels = (uint32_t)atoi(argv[4]);
tunnel = (uint32_t)atoi(argv[5]);
- rectime = (uint32_t)atoi(argv[6]);
+ rectime = (uint32_t)get_input_and_validate(argv[6], UINTMAX);
bitrate = (uint32_t)atoi(argv[7]);
format = (uint32_t)atoi(argv[8]);
profile = (uint32_t)atoi(argv[9]);
diff --git a/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c b/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c
index 63c24cb..e5f72cc 100644
--- a/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c
+++ b/mm-audio/aenc-evrc/qdsp6/test/omx_evrc_enc_test.c
@@ -256,6 +256,13 @@
int Init_Encoder(char*);
int Play_Encoder();
OMX_STRING aud_comp;
+
+typedef enum {
+ UINTMAX = 1,
+ UCHARMAX,
+ USHRTMAX
+}datatype;
+
/**************************************************************************/
/* STATIC DECLARATIONS */
/**************************************************************************/
@@ -281,6 +288,68 @@
OMX_IN OMX_PTR pAppData,
OMX_IN OMX_BUFFERHEADERTYPE* pBuffer);
static OMX_ERRORTYPE parse_pcm_header();
+
+int get_input_and_validate(char *input, datatype type)
+{
+ unsigned long int value = 0;
+ char *ptr = NULL;
+ int status = 0;
+
+ errno = 0;
+ ptr = (char *)malloc(strlen(input) + 1);
+ if (ptr == NULL) {
+ DEBUG_PRINT("Low memory\n");
+ status = -1;
+ goto exit;
+ }
+ if (input == NULL){
+ DEBUG_PRINT("No input is given\n");
+ status = -1;
+ goto exit;
+ }
+ /* Check for negative input */
+ if (*input == '-') {
+ DEBUG_PRINT("Negative Number is not allowed\n");
+ status = -1;
+ goto exit;
+ }
+ /* Convert string to unsigned long int */
+ value = strtoul(input, &ptr, 10);
+ if (errno != 0){
+ perror("strtoul");
+ status = errno;
+ goto exit;
+ }
+ /* check if number input is zero or string or string##number or viceversa */
+ if (value == 0 || *ptr != '\0'){
+ DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input);
+ status = -1;
+ goto exit;
+ }
+ /* check for out of range */
+ switch(type) {
+ case 1 :if (value > UINT_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ case 2 :if (value > UCHAR_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ case 3 :if (value > USHRT_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ }
+exit:
+ if (status != 0)
+ exit(0);
+ return value;
+}
+
void wait_for_event(void)
{
pthread_mutex_lock(&lock);
@@ -565,7 +634,7 @@
max_bitrate = (uint32_t)atoi(argv[5]);
cdmarate = (uint32_t)atoi(argv[6]);
recpath = (uint32_t)atoi(argv[7]); // No configuration support yet..
- rectime = (uint32_t)atoi(argv[8]);
+ rectime = (uint32_t)get_input_and_validate(argv[8], UINTMAX);
} else {
DEBUG_PRINT(" invalid format: \n");
diff --git a/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c b/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c
index 8150acb..a0b39c2 100644
--- a/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c
+++ b/mm-audio/aenc-qcelp13/qdsp6/test/omx_qcelp13_enc_test.c
@@ -250,6 +250,12 @@
OMX_BUFFERHEADERTYPE **pInputBufHdrs = NULL;
OMX_BUFFERHEADERTYPE **pOutputBufHdrs = NULL;
+typedef enum {
+ UINTMAX = 1,
+ UCHARMAX,
+ USHRTMAX
+}datatype;
+
/************************************************************************/
/* GLOBAL FUNC DECL */
/************************************************************************/
@@ -281,6 +287,68 @@
OMX_IN OMX_PTR pAppData,
OMX_IN OMX_BUFFERHEADERTYPE* pBuffer);
static OMX_ERRORTYPE parse_pcm_header();
+
+int get_input_and_validate(char *input, datatype type)
+{
+ unsigned long int value = 0;
+ char *ptr = NULL;
+ int status = 0;
+
+ errno = 0;
+ ptr = (char *)malloc(strlen(input) + 1);
+ if (ptr == NULL) {
+ DEBUG_PRINT("Low memory\n");
+ status = -1;
+ goto exit;
+ }
+ if (input == NULL){
+ DEBUG_PRINT("No input is given\n");
+ status = -1;
+ goto exit;
+ }
+ /* Check for negative input */
+ if (*input == '-') {
+ DEBUG_PRINT("Negative Number is not allowed\n");
+ status = -1;
+ goto exit;
+ }
+ /* Convert string to unsigned long int */
+ value = strtoul(input, &ptr, 10);
+ if (errno != 0){
+ perror("strtoul");
+ status = errno;
+ goto exit;
+ }
+ /* check if number input is zero or string or string##number or viceversa */
+ if (value == 0 || *ptr != '\0'){
+ DEBUG_PRINT("Input is string+number or Zero or string = %s\n", input);
+ status = -1;
+ goto exit;
+ }
+ /* check for out of range */
+ switch(type) {
+ case 1 :if (value > UINT_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ case 2 :if (value > UCHAR_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ case 3 :if (value > USHRT_MAX) {
+ DEBUG_PRINT("Input is Out of range\n");
+ status = -1;
+ }
+ break;
+ }
+exit:
+ if (status != 0)
+ exit(0);
+ return value;
+}
+
void wait_for_event(void)
{
pthread_mutex_lock(&lock);
@@ -566,7 +634,7 @@
max_bitrate = (uint32_t)atoi(argv[5]);
cdmarate = (uint32_t)atoi(argv[6]);
recpath = (uint32_t)atoi(argv[7]); // No configuration support yet..
- rectime = (uint32_t)atoi(argv[8]);
+ rectime = (uint32_t)get_input_and_validate(argv[8], UINTMAX);
} else {
DEBUG_PRINT(" invalid format: \n");