Merge changes Ic7dedc9b,Ie022d219

    ],

}

// bta unit tests for target

cc_test {

    name: "net_test_bta_security",

    defaults: [

        "fluoride_bta_defaults",

        "mts_defaults"

    ],

    test_suites: ["device-tests"],

    srcs: [

        ":TestCommonMockFunctions",

	":TestMockDevice",

	":TestMockStack",

	":TestMockBtif",

        "test/bta_hf_client_security_test.cc",

    ],

    shared_libs: [

        "android.hardware.bluetooth.audio@2.0",

        "android.hardware.bluetooth.audio@2.1",

        "libcrypto",

        "liblog",

        "libprotobuf-cpp-lite",

    ],

    static_libs: [

        "crypto_toolbox_for_tests",

        "libbtcore",

        "libbt-bta",

        "libbt-bta-core",

        "libbt-audio-hal-interface",

        "libbluetooth-types",

        "libbt-protos-lite",

        "libosi",

        "libbt-common",

    ],

}

cc_test {

    name: "bt_host_test_bta",

    defaults: [

    client_cb->at_cb.offset += tmp;

  }

  /* prevent buffer overflow in cases where LEN exceeds available buffer space

   */

  if (len > BTA_HF_CLIENT_AT_PARSER_MAX_LEN - client_cb->at_cb.offset) {

    return;

  }

  memcpy(client_cb->at_cb.buf + client_cb->at_cb.offset, buf, len);

  client_cb->at_cb.offset += len;

/******************************************************************************

 *

 *  Copyright 2022 The Android Open Source Project

 *

 *  Licensed under the Apache License, Version 2.0 (the "License");

 *  you may not use this file except in compliance with the License.

 *  You may obtain a copy of the License at:

 *

 *  http://www.apache.org/licenses/LICENSE-2.0

 *

 *  Unless required by applicable law or agreed to in writing, software

 *  distributed under the License is distributed on an "AS IS" BASIS,

 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 *  See the License for the specific language governing permissions and

 *  limitations under the License.

 *

 ******************************************************************************/

#include <gtest/gtest.h>

#include "bta/hf_client/bta_hf_client_int.h"

#include "bta/include/bta_hf_client_api.h"

#include "common/message_loop_thread.h"

#include "device/include/esco_parameters.h"

#include "test/mock/mock_device_controller.h"

#include "types/raw_address.h"

namespace base {

class MessageLoop;

}  // namespace base

bluetooth::common::MessageLoopThread* get_main_thread() { return nullptr; }

void do_in_main_thread(base::Location const&, base::OnceCallback<void()>) {

  return;

}

namespace {

const RawAddress bdaddr1({0x11, 0x22, 0x33, 0x44, 0x55, 0x66});

}  // namespace

// TODO(jpawlowski): there is some weird dependency issue in tests, and the

// tests here fail to compile without this definition.

void LogMsg(uint32_t trace_set_mask, const char* fmt_str, ...) {}

class BtaHfClientSecurityTest : public testing::Test {

 protected:

  void SetUp() override {

    // Reset the memory block, this is the state on which the allocate handle

    // would start operating

    bta_hf_client_cb_arr_init();

  }

};

// Attempt to parse a buffer which exceeds available buffer space.

// This should fail but not crash

TEST_F(BtaHfClientSecurityTest, test_parse_overflow_buffer) {

  uint16_t p_handle;

  bool status = bta_hf_client_allocate_handle(bdaddr1, &p_handle);

  tBTA_HF_CLIENT_CB* cb;

  // Allocation should succeed

  ASSERT_EQ(true, status);

  ASSERT_GT(p_handle, 0);

  cb = bta_hf_client_find_cb_by_bda(bdaddr1);

  ASSERT_TRUE(cb != NULL);

  uint16_t len = BTA_HF_CLIENT_AT_PARSER_MAX_LEN * 2 + 3;

  char buf[BTA_HF_CLIENT_AT_PARSER_MAX_LEN * 2 + 3] = {'\n'};

  bta_hf_client_at_parse(cb, (char*)(&buf[0]), len);

  ASSERT_TRUE(len);

  ASSERT_TRUE(buf != NULL);

  ASSERT_TRUE(1);

}

  LOG_INFO("%s", __func__);

  std::lock_guard<std::recursive_mutex> lock(codec_mutex_);

  bool opus_enabled =

      osi_property_get_bool("persist.bluetooth.opus.enabled", false);

  for (int i = BTAV_A2DP_CODEC_INDEX_MIN; i < BTAV_A2DP_CODEC_INDEX_MAX; i++) {

    btav_a2dp_codec_index_t codec_index =

        static_cast<btav_a2dp_codec_index_t>(i);

      codec_priority = cp_iter->second;

    }

    // If OPUS is not supported it is disabled

    if (codec_index == BTAV_A2DP_CODEC_INDEX_SOURCE_OPUS && !opus_enabled) {

      codec_priority = BTAV_A2DP_CODEC_PRIORITY_DISABLED;

      LOG_INFO("%s: OPUS codec disabled, updated priority to %d", __func__,

               codec_priority);

    }

    A2dpCodecConfig* codec_config =

        A2dpCodecConfig::createCodec(codec_index, codec_priority);

    if (codec_config == nullptr) continue;

    p += ex_len * 4;

  }

  if ((p - p_start) > len) {

  if ((p - p_start) >= len) {

    osi_free_and_reset((void**)&p_data->p_pkt);

    return;

  }

  /* adjust length for any padding at end of packet */

  if (o_p) {

    /* padding length in last byte of packet */

    pad_len = *(p_start + len);

    pad_len = *(p_start + len - 1);

  }

  /* do sanity check */

  if (pad_len > (len - offset)) {

  if (pad_len >= (len - offset)) {

    AVDT_TRACE_WARNING("Got bad media packet");

    osi_free_and_reset((void**)&p_data->p_pkt);

  }