1 /******************************************************************************
2  *
3  *  Copyright 2022 The Android Open Source Project
4  *
5  *  Licensed under the Apache License, Version 2.0 (the "License");
6  *  you may not use this file except in compliance with the License.
7  *  You may obtain a copy of the License at:
8  *
9  *  http://www.apache.org/licenses/LICENSE-2.0
10  *
11  *  Unless required by applicable law or agreed to in writing, software
12  *  distributed under the License is distributed on an "AS IS" BASIS,
13  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  *  See the License for the specific language governing permissions and
15  *  limitations under the License.
16  *
17  ******************************************************************************/
18 
19 #include <gtest/gtest.h>
20 
21 #include "bta/hf_client/bta_hf_client_int.h"
22 #include "bta/include/bta_hf_client_api.h"
23 #include "common/message_loop_thread.h"
24 #include "device/include/esco_parameters.h"
25 #include "types/raw_address.h"
26 
27 namespace base {
28 class MessageLoop;
29 }  // namespace base
30 
31 namespace {
32 const RawAddress bdaddr1({0x11, 0x22, 0x33, 0x44, 0x55, 0x66});
33 }  // namespace
34 
35 class BtaHfClientSecurityTest : public testing::Test {
36 protected:
SetUp()37   void SetUp() override {
38     // Reset the memory block, this is the state on which the allocate handle
39     // would start operating
40     bta_hf_client_cb_arr_init();
41   }
42 };
43 
44 // Attempt to parse a buffer which exceeds available buffer space.
45 // This should fail but not crash
TEST_F(BtaHfClientSecurityTest,test_parse_overflow_buffer)46 TEST_F(BtaHfClientSecurityTest, test_parse_overflow_buffer) {
47   uint16_t p_handle;
48   bool status = bta_hf_client_allocate_handle(bdaddr1, &p_handle);
49 
50   tBTA_HF_CLIENT_CB* cb;
51 
52   // Allocation should succeed
53   ASSERT_EQ(true, status);
54   ASSERT_GT(p_handle, 0);
55 
56   cb = bta_hf_client_find_cb_by_bda(bdaddr1);
57 
58   ASSERT_TRUE(cb != NULL);
59 
60   uint16_t len = BTA_HF_CLIENT_AT_PARSER_MAX_LEN * 2 + 3;
61   char buf[BTA_HF_CLIENT_AT_PARSER_MAX_LEN * 2 + 3] = {'\n'};
62 
63   bta_hf_client_at_parse(cb, (char*)(&buf[0]), len);
64 
65   ASSERT_TRUE(len);
66   ASSERT_TRUE(buf != NULL);
67 
68   ASSERT_TRUE(1);
69 }
70