diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-08 16:00:26 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-04-08 16:00:26 +0000 |
commit | 6220a299beb9439fb4ab47de1609d1fe116b38cc (patch) | |
tree | d2bd15857f5bff3e418772dffcfb6d6782663730 | |
parent | b865555223066b5a9273252ee6b0c3ac97ba7357 (diff) | |
parent | f0ff5a6b4659491e915abe941c7a194f06b09bec (diff) | |
download | dng_sdk-aml_tz2_303800001.tar.gz |
Snap for 8426163 from f0ff5a6b4659491e915abe941c7a194f06b09bec to mainline-tzdata2-releaseandroid-mainline-12.0.0_r112aml_tz2_305400500aml_tz2_305400300aml_tz2_305400100aml_tz2_304500300aml_tz2_303900110aml_tz2_303900102aml_tz2_303800002aml_tz2_303800001aml_tz2_303200001android12-mainline-tzdata2-releaseaml_tz2_305400100
Change-Id: I255c9145b7d9a11f129b9f8dd80c68b0e692e17f
-rw-r--r-- | Android.bp | 43 | ||||
-rw-r--r-- | METADATA | 6 | ||||
-rw-r--r-- | fuzzer/Android.bp | 39 | ||||
-rw-r--r-- | fuzzer/README.md | 47 | ||||
-rw-r--r-- | fuzzer/dng_parser_fuzzer.cpp | 36 | ||||
-rwxr-xr-x | fuzzer/seeds/CVE_2020_9589/original.dng | bin | 266600 -> 0 bytes | |||
-rwxr-xr-x | fuzzer/seeds/CVE_2020_9589/poc.dng | bin | 266600 -> 0 bytes | |||
-rw-r--r-- | source/dng_date_time.cpp | 54 | ||||
-rw-r--r-- | source/dng_utils.h | 40 |
9 files changed, 21 insertions, 244 deletions
@@ -1,46 +1,3 @@ -// *** THIS PACKAGE HAS SPECIAL LICENSING CONDITIONS. PLEASE -// CONSULT THE OWNERS AND opensource-licensing@google.com BEFORE -// DEPENDING ON IT IN YOUR PROJECT. *** -package { - default_applicable_licenses: ["external_dng_sdk_license"], -} - -// Added automatically by a large-scale-change that took the approach of -// 'apply every license found to every target'. While this makes sure we respect -// every license restriction, it may not be entirely correct. -// -// e.g. GPL in an MIT project might only apply to the contrib/ directory. -// -// Please consider splitting the single license below into multiple licenses, -// taking care not to lose any license_kind information, and overriding the -// default license using the 'licenses: [...]' property on targets as needed. -// -// For unused files, consider creating a 'fileGroup' with "//visibility:private" -// to attach the license to, and including a comment whether the files may be -// used in the current project. -// -// large-scale-change included anything that looked like it might be a license -// text as a license_text. e.g. LICENSE, NOTICE, COPYING etc. -// -// Please consider removing redundant or irrelevant files from 'license_text:'. -// See: http://go/android-license-faq -license { - name: "external_dng_sdk_license", - visibility: [":__subpackages__"], - license_kinds: [ - "SPDX-license-identifier-Apache-2.0", - "SPDX-license-identifier-MIT", - "legacy_by_exception_only", // by exception only - ], - license_text: [ - "LICENSE", - "LICENSE.source_code", - "LICENSE.technology", - "NOTICE", - "PATENTS", - ], -} - cc_defaults { name: "libdng_sdk-defaults", srcs: [ diff --git a/METADATA b/METADATA deleted file mode 100644 index 3814b8d..0000000 --- a/METADATA +++ /dev/null @@ -1,6 +0,0 @@ -# *** THIS PACKAGE HAS SPECIAL LICENSING CONDITIONS. PLEASE -# CONSULT THE OWNERS AND opensource-licensing@google.com BEFORE -# DEPENDING ON IT IN YOUR PROJECT. *** -third_party { - license_type: BY_EXCEPTION_ONLY -} diff --git a/fuzzer/Android.bp b/fuzzer/Android.bp deleted file mode 100644 index 26e2fa6..0000000 --- a/fuzzer/Android.bp +++ /dev/null @@ -1,39 +0,0 @@ -// *** THIS PACKAGE HAS SPECIAL LICENSING CONDITIONS. PLEASE -// CONSULT THE OWNERS AND opensource-licensing@google.com BEFORE -// DEPENDING ON IT IN YOUR PROJECT. *** -package { - // See: http://go/android-license-faq - // A large-scale-change added 'default_applicable_licenses' to import - // all of the 'license_kinds' from "external_dng_sdk_license" - // to get the below license kinds: - // SPDX-license-identifier-MIT - // legacy_by_exception_only (by exception only) - default_applicable_licenses: ["external_dng_sdk_license"], -} - -cc_fuzz { - name: "dng_parser_fuzzer", - host_supported: true, - srcs: [ - "dng_parser_fuzzer.cpp", - ], - cflags: [ - "-Wno-unused-parameter", - "-fexceptions", - ], - static_libs: [ - "libdng_sdk", - "libjpeg", - "liblog", - "libz", - ], - target: { - darwin: { - enabled: false, - }, - }, - corpus: [ - "seeds/CVE_2020_9589/original.dng", - "seeds/CVE_2020_9589/poc.dng", - ], -} diff --git a/fuzzer/README.md b/fuzzer/README.md deleted file mode 100644 index edc7ef2..0000000 --- a/fuzzer/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# Fuzzing DNG SDK - -This fuzzer is intented to do a varian analysis of the issue reported -in b/156261521. - -Here is a list of some CVEs previously discovered in DNG SDK: - -* CVE-2020-9589 -* CVE-2020-9590 -* CVE-2020-9620 -* CVE-2020-9621 -* CVE-2020-9622 -* CVE-2020-9623 -* CVE-2020-9624 -* CVE-2020-9625 -* CVE-2020-9626 -* CVE-2020-9627 -* CVE-2020-9628 -* CVE-2020-9629 - -## Building & running the fuzz target: Android device - -It is recommended to set rss limit to higher values (such as 4096) when running -the fuzzer to avoid frequent OOM libFuzzer crashes. - -```sh -$ source build/envsetup.sh -$ lunch aosp_arm64-eng -$ SANITIZE_TARGET=hwaddress make dng_parser_fuzzer -$ adb sync data -$ adb shell /data/fuzz/arm64/dng_parser_fuzzer/dng_parser_fuzzer \ -$ -rss_limit=4096 \ -$ /data/fuzz/arm64/dng_parser_fuzzer/corpus -``` - -## Building & running the fuzz target: Host - -```sh -$ source build/envsetup.sh -$ lunch aosp_x86_64-eng -$ SANITIZE_HOST=address make dng_parser_fuzzer -$ LD_LIBRARY_PATH=$ANDROID_HOST_OUT/fuzz/x86_64/lib/ \ -$ $ANDROID_HOST_OUT/fuzz/x86_64/dng_parser_fuzzer/dng_parser_fuzzer \ -$ -rss_limit_mb=4096 \ -$ $ANDROID_HOST_OUT/fuzz/x86_64/dng_parser_fuzzer/corpus/ -``` - diff --git a/fuzzer/dng_parser_fuzzer.cpp b/fuzzer/dng_parser_fuzzer.cpp deleted file mode 100644 index 84db0f3..0000000 --- a/fuzzer/dng_parser_fuzzer.cpp +++ /dev/null @@ -1,36 +0,0 @@ -#include <stddef.h> -#include <stdint.h> - -#include "dng_exceptions.h" -#include "dng_host.h" -#include "dng_info.h" -#include "dng_memory_stream.h" -#include "dng_negative.h" - - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - dng_host host; - dng_memory_stream stream(host.Allocator()); - - stream.Put(data, size); - stream.SetReadPosition(0); - - std::unique_ptr<dng_negative> negative(host.Make_dng_negative()); - - try { - dng_info info; - info.Parse(host, stream); - info.PostParse(host); - - if (info.IsValidDNG()) { - negative->Parse(host, stream, info); - negative->PostParse(host, stream, info); - negative->ReadStage1Image(host, stream, info); - } - } catch (dng_exception &e) { - // dng_sdk throws C++ exceptions on errors - // catch them here to prevent libFuzzer from crashing. - } - - return 0; -} diff --git a/fuzzer/seeds/CVE_2020_9589/original.dng b/fuzzer/seeds/CVE_2020_9589/original.dng Binary files differdeleted file mode 100755 index a30ac76..0000000 --- a/fuzzer/seeds/CVE_2020_9589/original.dng +++ /dev/null diff --git a/fuzzer/seeds/CVE_2020_9589/poc.dng b/fuzzer/seeds/CVE_2020_9589/poc.dng Binary files differdeleted file mode 100755 index b838844..0000000 --- a/fuzzer/seeds/CVE_2020_9589/poc.dng +++ /dev/null diff --git a/source/dng_date_time.cpp b/source/dng_date_time.cpp index b143181..bede131 100644 --- a/source/dng_date_time.cpp +++ b/source/dng_date_time.cpp @@ -806,44 +806,32 @@ dng_time_zone LocalTimeZone (const dng_date_time &dt) #if qMacOS CFTimeZoneRef zoneRef = CFTimeZoneCopyDefault (); - - CFReleaseHelper<CFTimeZoneRef> zoneRefDeleter (zoneRef); - + if (zoneRef) { + + CFGregorianDate gregDate; - // New path that doesn't use deprecated CFGregorian-based APIs. - - CFCalendarRef calendar = - CFCalendarCreateWithIdentifier (kCFAllocatorDefault, - kCFGregorianCalendar); - - CFReleaseHelper<CFCalendarRef> calendarDeleter (calendar); - - CFAbsoluteTime absTime; - - if (CFCalendarComposeAbsoluteTime (calendar, - &absTime, - "yMdHms", - dt.fYear, - dt.fMonth, - dt.fDay, - dt.fHour, - dt.fMinute, - dt.fSecond)) + gregDate.year = dt.fYear; + gregDate.month = (SInt8) dt.fMonth; + gregDate.day = (SInt8) dt.fDay; + gregDate.hour = (SInt8) dt.fHour; + gregDate.minute = (SInt8) dt.fMinute; + gregDate.second = (SInt8) dt.fSecond; + + CFAbsoluteTime absTime = CFGregorianDateGetAbsoluteTime (gregDate, zoneRef); + + CFTimeInterval secondsDelta = CFTimeZoneGetSecondsFromGMT (zoneRef, absTime); + + CFRelease (zoneRef); + + result.SetOffsetSeconds (Round_int32 (secondsDelta)); + + if (result.IsValid ()) { - - CFTimeInterval secondsDelta = CFTimeZoneGetSecondsFromGMT (zoneRef, absTime); - - result.SetOffsetSeconds (Round_int32 (secondsDelta)); - - if (result.IsValid ()) - { - return result; - } - + return result; } - + } #endif diff --git a/source/dng_utils.h b/source/dng_utils.h index db38599..691f0b9 100644 --- a/source/dng_utils.h +++ b/source/dng_utils.h @@ -1259,46 +1259,6 @@ void LimitFloatBitDepth (dng_host &host, /*****************************************************************************/ -#if qMacOS - -/*****************************************************************************/ - -template<typename T> -class CFReleaseHelper - { - - private: - - T fRef; - - public: - - CFReleaseHelper (T ref) - : fRef (ref) - { - } - - ~CFReleaseHelper () - { - if (fRef) - { - CFRelease (fRef); - } - } - - T Get () const - { - return fRef; - } - - }; - -/*****************************************************************************/ - -#endif // qMacOS - -/*****************************************************************************/ - #endif /*****************************************************************************/ |