Merge "applypatch: fix memory leaks reported by static analysis."
diff --git a/Android.mk b/Android.mk
index 602a856..a48980f 100644
--- a/Android.mk
+++ b/Android.mk
@@ -104,28 +104,10 @@
 LOCAL_MODULE := libverifier
 LOCAL_MODULE_TAGS := tests
 LOCAL_SRC_FILES := \
-    asn1_decoder.cpp
-include $(BUILD_STATIC_LIBRARY)
-
-include $(CLEAR_VARS)
-LOCAL_CLANG := true
-LOCAL_MODULE := verifier_test
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_MODULE_TAGS := tests
-LOCAL_CFLAGS += -Wno-unused-parameter
-LOCAL_SRC_FILES := \
-    verifier_test.cpp \
     asn1_decoder.cpp \
     verifier.cpp \
     ui.cpp
-LOCAL_STATIC_LIBRARIES := \
-    libmincrypt \
-    libminui \
-    libminzip \
-    libcutils \
-    libc
-include $(BUILD_EXECUTABLE)
-
+include $(BUILD_STATIC_LIBRARY)
 
 include $(LOCAL_PATH)/minui/Android.mk \
     $(LOCAL_PATH)/minzip/Android.mk \
diff --git a/README.md b/README.md
index bab7e87..01fab94 100644
--- a/README.md
+++ b/README.md
@@ -10,3 +10,20 @@
     # without flashing the recovery partition:
     adb reboot bootloader
     fastboot boot $ANDROID_PRODUCT_OUT/recovery.img
+
+Running the tests
+-----------------
+    # After setting up environment and lunch.
+    mmma -j bootable/recovery
+
+    # Running the tests on device.
+    adb root
+    adb sync data
+
+    # 32-bit device
+    adb shell /data/nativetest/recovery_unit_test/recovery_unit_test
+    adb shell /data/nativetest/recovery_component_test/recovery_component_test
+
+    # Or 64-bit device
+    adb shell /data/nativetest64/recovery_unit_test/recovery_unit_test
+    adb shell /data/nativetest64/recovery_component_test/recovery_component_test
diff --git a/tests/Android.mk b/tests/Android.mk
index 4ce00b4..3f3c433 100644
--- a/tests/Android.mk
+++ b/tests/Android.mk
@@ -16,11 +16,40 @@
 
 LOCAL_PATH := $(call my-dir)
 
+# Unit tests
+include $(CLEAR_VARS)
+LOCAL_CLANG := true
+LOCAL_MODULE := recovery_unit_test
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
+LOCAL_STATIC_LIBRARIES := libverifier
+LOCAL_SRC_FILES := unit/asn1_decoder_test.cpp
+LOCAL_C_INCLUDES := bootable/recovery
+include $(BUILD_NATIVE_TEST)
+
+# Component tests
 include $(CLEAR_VARS)
 LOCAL_CLANG := true
 LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
-LOCAL_STATIC_LIBRARIES := libverifier
-LOCAL_SRC_FILES := asn1_decoder_test.cpp
-LOCAL_MODULE := asn1_decoder_test
-LOCAL_C_INCLUDES := $(LOCAL_PATH)/..
+LOCAL_MODULE := recovery_component_test
+LOCAL_C_INCLUDES := bootable/recovery
+LOCAL_SRC_FILES := component/verifier_test.cpp
+LOCAL_FORCE_STATIC_EXECUTABLE := true
+LOCAL_STATIC_LIBRARIES := \
+    libbase \
+    libverifier \
+    libmincrypt \
+    libminui \
+    libminzip \
+    libcutils \
+    libc
+
+testdata_out_path := $(TARGET_OUT_DATA_NATIVE_TESTS)/$(LOCAL_MODULE)
+testdata_files := $(call find-subdir-files, testdata/*)
+
+GEN := $(addprefix $(testdata_out_path)/, $(testdata_files))
+$(GEN): PRIVATE_PATH := $(LOCAL_PATH)
+$(GEN): PRIVATE_CUSTOM_TOOL = cp $< $@
+$(GEN): $(testdata_out_path)/% : $(LOCAL_PATH)/%
+	$(transform-generated-source)
+LOCAL_GENERATED_SOURCES += $(GEN)
 include $(BUILD_NATIVE_TEST)
diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp
new file mode 100644
index 0000000..7f7b1b4
--- /dev/null
+++ b/tests/component/verifier_test.cpp
@@ -0,0 +1,267 @@
+/*
+ * Copyright (C) 2009 The Android Open Source Project
+ *
+ * Licensed under the Apache License, version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agree to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <gtest/gtest.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <memory>
+#include <string>
+#include <vector>
+
+#include <android-base/stringprintf.h>
+
+#include "common.h"
+#include "mincrypt/sha.h"
+#include "mincrypt/sha256.h"
+#include "minzip/SysUtil.h"
+#include "ui.h"
+#include "verifier.h"
+
+#if defined(__LP64__)
+#define NATIVE_TEST_PATH "/nativetest64"
+#else
+#define NATIVE_TEST_PATH "/nativetest"
+#endif
+
+static const char* DATA_PATH = getenv("ANDROID_DATA");
+static const char* TESTDATA_PATH = "/recovery_component_test/testdata/";
+
+// This is build/target/product/security/testkey.x509.pem after being
+// dumped out by dumpkey.jar.
+RSAPublicKey test_key =
+    { 64, 0xc926ad21,
+      { 0x6afee91fu, 0x7fa31d5bu, 0x38a0b217u, 0x99df9baeu,
+        0xfe72991du, 0x727d3c04u, 0x20943f99u, 0xd08e7826u,
+        0x69e7c8a2u, 0xdeeccc8eu, 0x6b9af76fu, 0x553311c4u,
+        0x07b9e247u, 0x54c8bbcau, 0x6a540d81u, 0x48dbf567u,
+        0x98c92877u, 0x134fbfdeu, 0x01b32564u, 0x24581948u,
+        0x6cddc3b8u, 0x0cd444dau, 0xfe0381ccu, 0xf15818dfu,
+        0xc06e6d42u, 0x2e2f6412u, 0x093a6737u, 0x94d83b31u,
+        0xa466c87au, 0xb3f284a0u, 0xa694ec2cu, 0x053359e6u,
+        0x9717ee6au, 0x0732e080u, 0x220d5008u, 0xdc4af350u,
+        0x93d0a7c3u, 0xe330c9eau, 0xcac3da1eu, 0x8ebecf8fu,
+        0xc2be387fu, 0x38a14e89u, 0x211586f0u, 0x18b846f5u,
+        0x43be4c72u, 0xb578c204u, 0x1bbfb230u, 0xf1e267a8u,
+        0xa2d3e656u, 0x64b8e4feu, 0xe7e83d4bu, 0x3e77a943u,
+        0x3559ffd9u, 0x0ebb0f99u, 0x0aa76ce6u, 0xd3786ea7u,
+        0xbca8cd6bu, 0x068ca8e8u, 0xeb1de2ffu, 0x3e3ecd6cu,
+        0xe0d9d825u, 0xb1edc762u, 0xdec60b24u, 0xd6931904u},
+      { 0xccdcb989u, 0xe19281f9u, 0xa6e80accu, 0xb7f40560u,
+        0x0efb0bccu, 0x7f12b0bbu, 0x1e90531au, 0x136d95d0u,
+        0x9e660665u, 0x7d54918fu, 0xe3b93ea2u, 0x2f415d10u,
+        0x3d2df6e6u, 0x7a627ecfu, 0xa6f22d70u, 0xb995907au,
+        0x09de16b2u, 0xfeb8bd61u, 0xf24ec294u, 0x716a427fu,
+        0x2e12046fu, 0xeaf3d56au, 0xd9b873adu, 0x0ced340bu,
+        0xbc9cec09u, 0x73c65903u, 0xee39ce9bu, 0x3eede25au,
+        0x397633b7u, 0x2583c165u, 0x8514f97du, 0xe9166510u,
+        0x0b6fae99u, 0xa47139fdu, 0xdb8352f0u, 0xb2ad7f2cu,
+        0xa11552e2u, 0xd4d490a7u, 0xe11e8568u, 0xe9e484dau,
+        0xd3ef8449u, 0xa47055dau, 0x4edd9557u, 0x03a78ba1u,
+        0x770e130du, 0x16762facu, 0x0cbdfcc4u, 0xf3070540u,
+        0x008b6515u, 0x60e7e1b7u, 0xa72cf7f9u, 0xaff86e39u,
+        0x4296faadu, 0xfc90430eu, 0x6cc8f377u, 0xb398fd43u,
+        0x423c5997u, 0x991d59c4u, 0x6464bf73u, 0x96431575u,
+        0x15e3d207u, 0x30532a7au, 0x8c4be618u, 0x460a4d76u },
+      3
+    };
+
+RSAPublicKey test_f4_key =
+    { 64, 0xc9bd1f21,
+      { 0x1178db1fu, 0xbf5d0e55u, 0x3393a165u, 0x0ef4c287u,
+        0xbc472a4au, 0x383fc5a1u, 0x4a13b7d2u, 0xb1ff2ac3u,
+        0xaf66b4d9u, 0x9280acefu, 0xa2165bdbu, 0x6a4d6e5cu,
+        0x08ea676bu, 0xb7ac70c7u, 0xcd158139u, 0xa635ccfeu,
+        0xa46ab8a8u, 0x445a3e8bu, 0xdc81d9bbu, 0x91ce1a20u,
+        0x68021cdeu, 0x4516eda9u, 0x8d43c30cu, 0xed1eff14u,
+        0xca387e4cu, 0x58adc233u, 0x4657ab27u, 0xa95b521eu,
+        0xdfc0e30cu, 0x394d64a1u, 0xc6b321a1u, 0x2ca22cb8u,
+        0xb1892d5cu, 0x5d605f3eu, 0x6025483cu, 0x9afd5181u,
+        0x6e1a7105u, 0x03010593u, 0x70acd304u, 0xab957cbfu,
+        0x8844abbbu, 0x53846837u, 0x24e98a43u, 0x2ba060c1u,
+        0x8b88b88eu, 0x44eea405u, 0xb259fc41u, 0x0907ad9cu,
+        0x13003adau, 0xcf79634eu, 0x7d314ec9u, 0xfbbe4c2bu,
+        0xd84d0823u, 0xfd30fd88u, 0x68d8a909u, 0xfb4572d9u,
+        0xa21301c2u, 0xd00a4785u, 0x6862b50cu, 0xcfe49796u,
+        0xdaacbd83u, 0xfb620906u, 0xdf71e0ccu, 0xbbc5b030u },
+      { 0x69a82189u, 0x1a8b22f4u, 0xcf49207bu, 0x68cc056au,
+        0xb206b7d2u, 0x1d449bbdu, 0xe9d342f2u, 0x29daea58u,
+        0xb19d011au, 0xc62f15e4u, 0x9452697au, 0xb62bb87eu,
+        0x60f95cc2u, 0x279ebb2du, 0x17c1efd8u, 0xec47558bu,
+        0xc81334d1u, 0x88fe7601u, 0x79992eb1u, 0xb4555615u,
+        0x2022ac8cu, 0xc79a4b8cu, 0xb288b034u, 0xd6b942f0u,
+        0x0caa32fbu, 0xa065ba51u, 0x4de9f154u, 0x29f64f6cu,
+        0x7910af5eu, 0x3ed4636au, 0xe4c81911u, 0x9183f37du,
+        0x5811e1c4u, 0x29c7a58cu, 0x9715d4d3u, 0xc7e2dce3u,
+        0x140972ebu, 0xf4c8a69eu, 0xa104d424u, 0x5dabbdfbu,
+        0x41cb4c6bu, 0xd7f44717u, 0x61785ff7u, 0x5e0bc273u,
+        0x36426c70u, 0x2aa6f08eu, 0x083badbfu, 0x3cab941bu,
+        0x8871da23u, 0x1ab3dbaeu, 0x7115a21du, 0xf5aa0965u,
+        0xf766f562u, 0x7f110225u, 0x86d96a04u, 0xc50a120eu,
+        0x3a751ca3u, 0xc21aa186u, 0xba7359d0u, 0x3ff2b257u,
+        0xd116e8bbu, 0xfc1318c0u, 0x070e5b1du, 0x83b759a6u },
+      65537
+    };
+
+ECPublicKey test_ec_key =
+    {
+       {
+         {0xd656fa24u, 0x931416cau, 0x1c0278c6u, 0x174ebe4cu,
+          0x6018236au, 0x45ba1656u, 0xe8c05d84u, 0x670ed500u}
+      },
+      {
+        {0x0d179adeu, 0x4c16827du, 0x9f8cb992u, 0x8f69ff8au,
+         0x481b1020u, 0x798d91afu, 0x184db8e9u, 0xb5848dd9u}
+      }
+    };
+
+RecoveryUI* ui = NULL;
+
+class MockUI : public RecoveryUI {
+    void Init() { }
+    void SetStage(int, int) { }
+    void SetLocale(const char*) { }
+    void SetBackground(Icon icon) { }
+
+    void SetProgressType(ProgressType determinate) { }
+    void ShowProgress(float portion, float seconds) { }
+    void SetProgress(float fraction) { }
+
+    void ShowText(bool visible) { }
+    bool IsTextVisible() { return false; }
+    bool WasTextEverVisible() { return false; }
+    void Print(const char* fmt, ...) {
+        va_list ap;
+        va_start(ap, fmt);
+        vfprintf(stderr, fmt, ap);
+        va_end(ap);
+    }
+    void PrintOnScreenOnly(const char* fmt, ...) {
+        va_list ap;
+        va_start(ap, fmt);
+        vfprintf(stderr, fmt, ap);
+        va_end(ap);
+    }
+    void ShowFile(const char*) { }
+
+    void StartMenu(const char* const * headers, const char* const * items,
+                           int initial_selection) { }
+    int SelectMenu(int sel) { return 0; }
+    void EndMenu() { }
+};
+
+void
+ui_print(const char* format, ...) {
+    va_list ap;
+    va_start(ap, format);
+    vfprintf(stdout, format, ap);
+    va_end(ap);
+}
+
+class VerifierTest : public testing::TestWithParam<std::vector<std::string>> {
+  public:
+    MemMapping memmap;
+    std::vector<Certificate> certs;
+
+    virtual void SetUp() {
+        std::vector<std::string> args = GetParam();
+        std::string package = android::base::StringPrintf("%s%s%s%s", DATA_PATH, NATIVE_TEST_PATH,
+                TESTDATA_PATH, args[0].c_str());
+        for (auto it = ++(args.cbegin()); it != args.cend(); ++it) {
+            if (it->substr(it->length() - 3, it->length()) == "256") {
+                if (certs.empty()) {
+                    FAIL() << "May only specify -sha256 after key type\n";
+                }
+                certs.back().hash_len = SHA256_DIGEST_SIZE;
+            } else if (*it == "ec") {
+                certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC,
+                        nullptr, std::unique_ptr<ECPublicKey>(new ECPublicKey(test_ec_key)));
+            } else if (*it == "e3") {
+                certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+                        std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
+            } else if (*it == "f4") {
+                certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+                        std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_f4_key)), nullptr);
+            }
+        }
+        if (certs.empty()) {
+            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+                    std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
+        }
+        if (sysMapFile(package.c_str(), &memmap) != 0) {
+            FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n";
+        }
+    }
+
+    static void SetUpTestCase() {
+        ui = new MockUI();
+    }
+};
+
+class VerifierSuccessTest : public VerifierTest {
+};
+
+class VerifierFailureTest : public VerifierTest {
+};
+
+TEST_P(VerifierSuccessTest, VerifySucceed) {
+    ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs), VERIFY_SUCCESS);
+}
+
+TEST_P(VerifierFailureTest, VerifyFailure) {
+    ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs), VERIFY_FAILURE);
+}
+
+INSTANTIATE_TEST_CASE_P(SingleKeySuccess, VerifierSuccessTest,
+        ::testing::Values(
+            std::vector<std::string>({"otasigned.zip", "e3"}),
+            std::vector<std::string>({"otasigned_f4.zip", "f4"}),
+            std::vector<std::string>({"otasigned_sha256.zip", "e3", "sha256"}),
+            std::vector<std::string>({"otasigned_f4_sha256.zip", "f4", "sha256"}),
+            std::vector<std::string>({"otasigned_ecdsa_sha256.zip", "ec", "sha256"})));
+
+INSTANTIATE_TEST_CASE_P(MultiKeySuccess, VerifierSuccessTest,
+        ::testing::Values(
+            std::vector<std::string>({"otasigned.zip", "f4", "e3"}),
+            std::vector<std::string>({"otasigned_f4.zip", "ec", "f4"}),
+            std::vector<std::string>({"otasigned_sha256.zip", "ec", "e3", "e3", "sha256"}),
+            std::vector<std::string>({"otasigned_f4_sha256.zip", "ec", "sha256", "e3", "f4", "sha256"}),
+            std::vector<std::string>({"otasigned_ecdsa_sha256.zip", "f4", "sha256", "e3", "ec", "sha256"})));
+
+INSTANTIATE_TEST_CASE_P(WrongKey, VerifierFailureTest,
+        ::testing::Values(
+            std::vector<std::string>({"otasigned.zip", "f4"}),
+            std::vector<std::string>({"otasigned_f4.zip", "e3"}),
+            std::vector<std::string>({"otasigned_ecdsa_sha256.zip", "e3", "sha256"})));
+
+INSTANTIATE_TEST_CASE_P(WrongHash, VerifierFailureTest,
+        ::testing::Values(
+            std::vector<std::string>({"otasigned.zip", "e3", "sha256"}),
+            std::vector<std::string>({"otasigned_f4.zip", "f4", "sha256"}),
+            std::vector<std::string>({"otasigned_sha256.zip"}),
+            std::vector<std::string>({"otasigned_f4_sha256.zip", "f4"}),
+            std::vector<std::string>({"otasigned_ecdsa_sha256.zip"})));
+
+INSTANTIATE_TEST_CASE_P(BadPackage, VerifierFailureTest,
+        ::testing::Values(
+            std::vector<std::string>({"random.zip"}),
+            std::vector<std::string>({"fake-eocd.zip"}),
+            std::vector<std::string>({"alter-metadata.zip"}),
+            std::vector<std::string>({"alter-footer.zip"})));
diff --git a/testdata/alter-footer.zip b/tests/testdata/alter-footer.zip
similarity index 100%
rename from testdata/alter-footer.zip
rename to tests/testdata/alter-footer.zip
Binary files differ
diff --git a/testdata/alter-metadata.zip b/tests/testdata/alter-metadata.zip
similarity index 100%
rename from testdata/alter-metadata.zip
rename to tests/testdata/alter-metadata.zip
Binary files differ
diff --git a/testdata/fake-eocd.zip b/tests/testdata/fake-eocd.zip
similarity index 100%
rename from testdata/fake-eocd.zip
rename to tests/testdata/fake-eocd.zip
Binary files differ
diff --git a/testdata/jarsigned.zip b/tests/testdata/jarsigned.zip
similarity index 100%
rename from testdata/jarsigned.zip
rename to tests/testdata/jarsigned.zip
Binary files differ
diff --git a/testdata/otasigned.zip b/tests/testdata/otasigned.zip
similarity index 100%
rename from testdata/otasigned.zip
rename to tests/testdata/otasigned.zip
Binary files differ
diff --git a/testdata/otasigned_ecdsa_sha256.zip b/tests/testdata/otasigned_ecdsa_sha256.zip
similarity index 100%
rename from testdata/otasigned_ecdsa_sha256.zip
rename to tests/testdata/otasigned_ecdsa_sha256.zip
Binary files differ
diff --git a/testdata/otasigned_f4.zip b/tests/testdata/otasigned_f4.zip
similarity index 100%
rename from testdata/otasigned_f4.zip
rename to tests/testdata/otasigned_f4.zip
Binary files differ
diff --git a/testdata/otasigned_f4_sha256.zip b/tests/testdata/otasigned_f4_sha256.zip
similarity index 100%
rename from testdata/otasigned_f4_sha256.zip
rename to tests/testdata/otasigned_f4_sha256.zip
Binary files differ
diff --git a/testdata/otasigned_sha256.zip b/tests/testdata/otasigned_sha256.zip
similarity index 100%
rename from testdata/otasigned_sha256.zip
rename to tests/testdata/otasigned_sha256.zip
Binary files differ
diff --git a/testdata/random.zip b/tests/testdata/random.zip
similarity index 100%
rename from testdata/random.zip
rename to tests/testdata/random.zip
Binary files differ
diff --git a/testdata/test_f4.pk8 b/tests/testdata/test_f4.pk8
similarity index 100%
rename from testdata/test_f4.pk8
rename to tests/testdata/test_f4.pk8
Binary files differ
diff --git a/testdata/test_f4.x509.pem b/tests/testdata/test_f4.x509.pem
similarity index 100%
rename from testdata/test_f4.x509.pem
rename to tests/testdata/test_f4.x509.pem
diff --git a/testdata/test_f4_sha256.x509.pem b/tests/testdata/test_f4_sha256.x509.pem
similarity index 100%
rename from testdata/test_f4_sha256.x509.pem
rename to tests/testdata/test_f4_sha256.x509.pem
diff --git a/testdata/testkey.pk8 b/tests/testdata/testkey.pk8
similarity index 100%
rename from testdata/testkey.pk8
rename to tests/testdata/testkey.pk8
Binary files differ
diff --git a/testdata/testkey.x509.pem b/tests/testdata/testkey.x509.pem
similarity index 100%
rename from testdata/testkey.x509.pem
rename to tests/testdata/testkey.x509.pem
diff --git a/testdata/testkey_ecdsa.pk8 b/tests/testdata/testkey_ecdsa.pk8
similarity index 100%
rename from testdata/testkey_ecdsa.pk8
rename to tests/testdata/testkey_ecdsa.pk8
Binary files differ
diff --git a/testdata/testkey_ecdsa.x509.pem b/tests/testdata/testkey_ecdsa.x509.pem
similarity index 100%
rename from testdata/testkey_ecdsa.x509.pem
rename to tests/testdata/testkey_ecdsa.x509.pem
diff --git a/testdata/testkey_sha256.x509.pem b/tests/testdata/testkey_sha256.x509.pem
similarity index 100%
rename from testdata/testkey_sha256.x509.pem
rename to tests/testdata/testkey_sha256.x509.pem
diff --git a/testdata/unsigned.zip b/tests/testdata/unsigned.zip
similarity index 100%
rename from testdata/unsigned.zip
rename to tests/testdata/unsigned.zip
Binary files differ
diff --git a/tests/asn1_decoder_test.cpp b/tests/unit/asn1_decoder_test.cpp
similarity index 100%
rename from tests/asn1_decoder_test.cpp
rename to tests/unit/asn1_decoder_test.cpp
diff --git a/updater/install.cpp b/updater/install.cpp
index 5326b12..45bbf2b 100644
--- a/updater/install.cpp
+++ b/updater/install.cpp
@@ -34,6 +34,9 @@
 #include <linux/xattr.h>
 #include <inttypes.h>
 
+#include <memory>
+#include <vector>
+
 #include <android-base/parseint.h>
 #include <android-base/strings.h>
 #include <android-base/stringprintf.h>
@@ -439,8 +442,7 @@
     for (int i = 0; i < argc; ++i) {
         paths[i] = Evaluate(state, argv[i]);
         if (paths[i] == NULL) {
-            int j;
-            for (j = 0; j < i; ++i) {
+            for (int j = 0; j < i; ++j) {
                 free(paths[j]);
             }
             free(paths);
@@ -581,13 +583,13 @@
         // as the result.
 
         char* zip_path;
+        if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL;
+
         Value* v = reinterpret_cast<Value*>(malloc(sizeof(Value)));
         v->type = VAL_BLOB;
         v->size = -1;
         v->data = NULL;
 
-        if (ReadArgs(state, argv, 1, &zip_path) < 0) return NULL;
-
         ZipArchive* za = ((UpdaterInfo*)(state->cookie))->package_zip;
         const ZipEntry* entry = mzFindZipEntry(za, zip_path);
         if (entry == NULL) {
@@ -1193,44 +1195,40 @@
     }
 
     int patchcount = (argc-4) / 2;
-    Value** patches = ReadValueVarArgs(state, argc-4, argv+4);
+    std::unique_ptr<Value*, decltype(&free)> arg_values(ReadValueVarArgs(state, argc-4, argv+4),
+                                                        free);
+    if (!arg_values) {
+        return nullptr;
+    }
+    std::vector<std::unique_ptr<Value, decltype(&FreeValue)>> patch_shas;
+    std::vector<std::unique_ptr<Value, decltype(&FreeValue)>> patches;
+    // Protect values by unique_ptrs first to get rid of memory leak.
+    for (int i = 0; i < patchcount * 2; i += 2) {
+        patch_shas.emplace_back(arg_values.get()[i], FreeValue);
+        patches.emplace_back(arg_values.get()[i+1], FreeValue);
+    }
 
-    int i;
-    for (i = 0; i < patchcount; ++i) {
-        if (patches[i*2]->type != VAL_STRING) {
+    for (int i = 0; i < patchcount; ++i) {
+        if (patch_shas[i]->type != VAL_STRING) {
             ErrorAbort(state, "%s(): sha-1 #%d is not string", name, i);
-            break;
+            return nullptr;
         }
-        if (patches[i*2+1]->type != VAL_BLOB) {
+        if (patches[i]->type != VAL_BLOB) {
             ErrorAbort(state, "%s(): patch #%d is not blob", name, i);
-            break;
+            return nullptr;
         }
     }
-    if (i != patchcount) {
-        for (i = 0; i < patchcount*2; ++i) {
-            FreeValue(patches[i]);
-        }
-        free(patches);
-        return NULL;
-    }
 
-    char** patch_sha_str = reinterpret_cast<char**>(malloc(patchcount * sizeof(char*)));
-    for (i = 0; i < patchcount; ++i) {
-        patch_sha_str[i] = patches[i*2]->data;
-        patches[i*2]->data = NULL;
-        FreeValue(patches[i*2]);
-        patches[i] = patches[i*2+1];
+    std::vector<char*> patch_sha_str;
+    std::vector<Value*> patch_ptrs;
+    for (int i = 0; i < patchcount; ++i) {
+        patch_sha_str.push_back(patch_shas[i]->data);
+        patch_ptrs.push_back(patches[i].get());
     }
 
     int result = applypatch(source_filename, target_filename,
                             target_sha1, target_size,
-                            patchcount, patch_sha_str, patches, NULL);
-
-    for (i = 0; i < patchcount; ++i) {
-        FreeValue(patches[i]);
-    }
-    free(patch_sha_str);
-    free(patches);
+                            patchcount, patch_sha_str.data(), patch_ptrs.data(), NULL);
 
     return StringValue(strdup(result == 0 ? "t" : ""));
 }
@@ -1349,9 +1347,13 @@
         return ErrorAbort(state, "%s() expects at least 1 arg", name);
     }
 
-    Value** args = ReadValueVarArgs(state, argc, argv);
-    if (args == NULL) {
-        return NULL;
+    std::unique_ptr<Value*, decltype(&free)> arg_values(ReadValueVarArgs(state, argc, argv), free);
+    if (arg_values == nullptr) {
+        return nullptr;
+    }
+    std::vector<std::unique_ptr<Value, decltype(&FreeValue)>> args;
+    for (int i = 0; i < argc; ++i) {
+        args.emplace_back(arg_values.get()[i], FreeValue);
     }
 
     if (args[0]->size < 0) {
@@ -1359,14 +1361,13 @@
     }
     uint8_t digest[SHA_DIGEST_LENGTH];
     SHA1(reinterpret_cast<uint8_t*>(args[0]->data), args[0]->size, digest);
-    FreeValue(args[0]);
 
     if (argc == 1) {
         return StringValue(PrintSha1(digest));
     }
 
     int i;
-    uint8_t* arg_digest = reinterpret_cast<uint8_t*>(malloc(SHA_DIGEST_LENGTH));
+    uint8_t arg_digest[SHA_DIGEST_LENGTH];
     for (i = 1; i < argc; ++i) {
         if (args[i]->type != VAL_STRING) {
             printf("%s(): arg %d is not a string; skipping",
@@ -1378,19 +1379,13 @@
         } else if (memcmp(digest, arg_digest, SHA_DIGEST_LENGTH) == 0) {
             break;
         }
-        FreeValue(args[i]);
     }
     if (i >= argc) {
         // Didn't match any of the hex strings; return false.
         return StringValue(strdup(""));
     }
-    // Found a match; free all the remaining arguments and return the
-    // matched one.
-    int j;
-    for (j = i+1; j < argc; ++j) {
-        FreeValue(args[j]);
-    }
-    return args[i];
+    // Found a match.
+    return args[i].release();
 }
 
 // Read a local file and return its contents (the Value* returned
diff --git a/verifier_test.cpp b/verifier_test.cpp
deleted file mode 100644
index 2367e00..0000000
--- a/verifier_test.cpp
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Copyright (C) 2009 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <errno.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <memory>
-#include <vector>
-
-#include "common.h"
-#include "verifier.h"
-#include "ui.h"
-#include "mincrypt/sha.h"
-#include "mincrypt/sha256.h"
-#include "minzip/SysUtil.h"
-
-// This is build/target/product/security/testkey.x509.pem after being
-// dumped out by dumpkey.jar.
-RSAPublicKey test_key =
-    { 64, 0xc926ad21,
-      { 0x6afee91fu, 0x7fa31d5bu, 0x38a0b217u, 0x99df9baeu,
-        0xfe72991du, 0x727d3c04u, 0x20943f99u, 0xd08e7826u,
-        0x69e7c8a2u, 0xdeeccc8eu, 0x6b9af76fu, 0x553311c4u,
-        0x07b9e247u, 0x54c8bbcau, 0x6a540d81u, 0x48dbf567u,
-        0x98c92877u, 0x134fbfdeu, 0x01b32564u, 0x24581948u,
-        0x6cddc3b8u, 0x0cd444dau, 0xfe0381ccu, 0xf15818dfu,
-        0xc06e6d42u, 0x2e2f6412u, 0x093a6737u, 0x94d83b31u,
-        0xa466c87au, 0xb3f284a0u, 0xa694ec2cu, 0x053359e6u,
-        0x9717ee6au, 0x0732e080u, 0x220d5008u, 0xdc4af350u,
-        0x93d0a7c3u, 0xe330c9eau, 0xcac3da1eu, 0x8ebecf8fu,
-        0xc2be387fu, 0x38a14e89u, 0x211586f0u, 0x18b846f5u,
-        0x43be4c72u, 0xb578c204u, 0x1bbfb230u, 0xf1e267a8u,
-        0xa2d3e656u, 0x64b8e4feu, 0xe7e83d4bu, 0x3e77a943u,
-        0x3559ffd9u, 0x0ebb0f99u, 0x0aa76ce6u, 0xd3786ea7u,
-        0xbca8cd6bu, 0x068ca8e8u, 0xeb1de2ffu, 0x3e3ecd6cu,
-        0xe0d9d825u, 0xb1edc762u, 0xdec60b24u, 0xd6931904u},
-      { 0xccdcb989u, 0xe19281f9u, 0xa6e80accu, 0xb7f40560u,
-        0x0efb0bccu, 0x7f12b0bbu, 0x1e90531au, 0x136d95d0u,
-        0x9e660665u, 0x7d54918fu, 0xe3b93ea2u, 0x2f415d10u,
-        0x3d2df6e6u, 0x7a627ecfu, 0xa6f22d70u, 0xb995907au,
-        0x09de16b2u, 0xfeb8bd61u, 0xf24ec294u, 0x716a427fu,
-        0x2e12046fu, 0xeaf3d56au, 0xd9b873adu, 0x0ced340bu,
-        0xbc9cec09u, 0x73c65903u, 0xee39ce9bu, 0x3eede25au,
-        0x397633b7u, 0x2583c165u, 0x8514f97du, 0xe9166510u,
-        0x0b6fae99u, 0xa47139fdu, 0xdb8352f0u, 0xb2ad7f2cu,
-        0xa11552e2u, 0xd4d490a7u, 0xe11e8568u, 0xe9e484dau,
-        0xd3ef8449u, 0xa47055dau, 0x4edd9557u, 0x03a78ba1u,
-        0x770e130du, 0x16762facu, 0x0cbdfcc4u, 0xf3070540u,
-        0x008b6515u, 0x60e7e1b7u, 0xa72cf7f9u, 0xaff86e39u,
-        0x4296faadu, 0xfc90430eu, 0x6cc8f377u, 0xb398fd43u,
-        0x423c5997u, 0x991d59c4u, 0x6464bf73u, 0x96431575u,
-        0x15e3d207u, 0x30532a7au, 0x8c4be618u, 0x460a4d76u },
-      3
-    };
-
-RSAPublicKey test_f4_key =
-    { 64, 0xc9bd1f21,
-      { 0x1178db1fu, 0xbf5d0e55u, 0x3393a165u, 0x0ef4c287u,
-        0xbc472a4au, 0x383fc5a1u, 0x4a13b7d2u, 0xb1ff2ac3u,
-        0xaf66b4d9u, 0x9280acefu, 0xa2165bdbu, 0x6a4d6e5cu,
-        0x08ea676bu, 0xb7ac70c7u, 0xcd158139u, 0xa635ccfeu,
-        0xa46ab8a8u, 0x445a3e8bu, 0xdc81d9bbu, 0x91ce1a20u,
-        0x68021cdeu, 0x4516eda9u, 0x8d43c30cu, 0xed1eff14u,
-        0xca387e4cu, 0x58adc233u, 0x4657ab27u, 0xa95b521eu,
-        0xdfc0e30cu, 0x394d64a1u, 0xc6b321a1u, 0x2ca22cb8u,
-        0xb1892d5cu, 0x5d605f3eu, 0x6025483cu, 0x9afd5181u,
-        0x6e1a7105u, 0x03010593u, 0x70acd304u, 0xab957cbfu,
-        0x8844abbbu, 0x53846837u, 0x24e98a43u, 0x2ba060c1u,
-        0x8b88b88eu, 0x44eea405u, 0xb259fc41u, 0x0907ad9cu,
-        0x13003adau, 0xcf79634eu, 0x7d314ec9u, 0xfbbe4c2bu,
-        0xd84d0823u, 0xfd30fd88u, 0x68d8a909u, 0xfb4572d9u,
-        0xa21301c2u, 0xd00a4785u, 0x6862b50cu, 0xcfe49796u,
-        0xdaacbd83u, 0xfb620906u, 0xdf71e0ccu, 0xbbc5b030u },
-      { 0x69a82189u, 0x1a8b22f4u, 0xcf49207bu, 0x68cc056au,
-        0xb206b7d2u, 0x1d449bbdu, 0xe9d342f2u, 0x29daea58u,
-        0xb19d011au, 0xc62f15e4u, 0x9452697au, 0xb62bb87eu,
-        0x60f95cc2u, 0x279ebb2du, 0x17c1efd8u, 0xec47558bu,
-        0xc81334d1u, 0x88fe7601u, 0x79992eb1u, 0xb4555615u,
-        0x2022ac8cu, 0xc79a4b8cu, 0xb288b034u, 0xd6b942f0u,
-        0x0caa32fbu, 0xa065ba51u, 0x4de9f154u, 0x29f64f6cu,
-        0x7910af5eu, 0x3ed4636au, 0xe4c81911u, 0x9183f37du,
-        0x5811e1c4u, 0x29c7a58cu, 0x9715d4d3u, 0xc7e2dce3u,
-        0x140972ebu, 0xf4c8a69eu, 0xa104d424u, 0x5dabbdfbu,
-        0x41cb4c6bu, 0xd7f44717u, 0x61785ff7u, 0x5e0bc273u,
-        0x36426c70u, 0x2aa6f08eu, 0x083badbfu, 0x3cab941bu,
-        0x8871da23u, 0x1ab3dbaeu, 0x7115a21du, 0xf5aa0965u,
-        0xf766f562u, 0x7f110225u, 0x86d96a04u, 0xc50a120eu,
-        0x3a751ca3u, 0xc21aa186u, 0xba7359d0u, 0x3ff2b257u,
-        0xd116e8bbu, 0xfc1318c0u, 0x070e5b1du, 0x83b759a6u },
-      65537
-    };
-
-ECPublicKey test_ec_key =
-    {
-       {
-         {0xd656fa24u, 0x931416cau, 0x1c0278c6u, 0x174ebe4cu,
-          0x6018236au, 0x45ba1656u, 0xe8c05d84u, 0x670ed500u}
-      },
-      {
-        {0x0d179adeu, 0x4c16827du, 0x9f8cb992u, 0x8f69ff8au,
-         0x481b1020u, 0x798d91afu, 0x184db8e9u, 0xb5848dd9u}
-      }
-    };
-
-RecoveryUI* ui = NULL;
-
-// verifier expects to find a UI object; we provide one that does
-// nothing but print.
-class FakeUI : public RecoveryUI {
-    void Init() { }
-    void SetStage(int, int) { }
-    void SetLocale(const char*) { }
-    void SetBackground(Icon icon) { }
-
-    void SetProgressType(ProgressType determinate) { }
-    void ShowProgress(float portion, float seconds) { }
-    void SetProgress(float fraction) { }
-
-    void ShowText(bool visible) { }
-    bool IsTextVisible() { return false; }
-    bool WasTextEverVisible() { return false; }
-    void Print(const char* fmt, ...) {
-        va_list ap;
-        va_start(ap, fmt);
-        vfprintf(stderr, fmt, ap);
-        va_end(ap);
-    }
-    void PrintOnScreenOnly(const char* fmt, ...) {
-        va_list ap;
-        va_start(ap, fmt);
-        vfprintf(stderr, fmt, ap);
-        va_end(ap);
-    }
-    void ShowFile(const char*) { }
-
-    void StartMenu(const char* const * headers, const char* const * items,
-                           int initial_selection) { }
-    int SelectMenu(int sel) { return 0; }
-    void EndMenu() { }
-};
-
-void
-ui_print(const char* format, ...) {
-    va_list ap;
-    va_start(ap, format);
-    vfprintf(stdout, format, ap);
-    va_end(ap);
-}
-
-int main(int argc, char** argv) {
-    if (argc < 2) {
-        fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]);
-        return 2;
-    }
-
-    std::vector<Certificate> certs;
-    int argn = 1;
-    while (argn < argc) {
-        if (strcmp(argv[argn], "-sha256") == 0) {
-            if (certs.empty()) {
-                fprintf(stderr, "May only specify -sha256 after key type\n");
-                return 2;
-            }
-            ++argn;
-            certs.back().hash_len = SHA256_DIGEST_SIZE;
-        } else if (strcmp(argv[argn], "-ec") == 0) {
-            ++argn;
-            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC,
-                    nullptr, std::unique_ptr<ECPublicKey>(new ECPublicKey(test_ec_key)));
-        } else if (strcmp(argv[argn], "-e3") == 0) {
-            ++argn;
-            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
-                    std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
-        } else if (strcmp(argv[argn], "-f4") == 0) {
-            ++argn;
-            certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
-                    std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_f4_key)), nullptr);
-        } else if (strcmp(argv[argn], "-file") == 0) {
-            if (!certs.empty()) {
-                fprintf(stderr, "Cannot specify -file with other certs specified\n");
-                return 2;
-            }
-            ++argn;
-            if (!load_keys(argv[argn], certs)) {
-                fprintf(stderr, "Cannot load keys from %s\n", argv[argn]);
-            }
-            ++argn;
-        } else if (argv[argn][0] == '-') {
-            fprintf(stderr, "Unknown argument %s\n", argv[argn]);
-            return 2;
-        } else {
-            break;
-        }
-    }
-
-    if (argn == argc) {
-        fprintf(stderr, "Must specify package to verify\n");
-        return 2;
-    }
-
-    if (certs.empty()) {
-        certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
-                std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
-    }
-
-    ui = new FakeUI();
-
-    MemMapping map;
-    if (sysMapFile(argv[argn], &map) != 0) {
-        fprintf(stderr, "failed to mmap %s: %s\n", argv[argn], strerror(errno));
-        return 4;
-    }
-
-    int result = verify_file(map.addr, map.length, certs);
-    if (result == VERIFY_SUCCESS) {
-        printf("VERIFIED\n");
-        return 0;
-    } else if (result == VERIFY_FAILURE) {
-        printf("NOT VERIFIED\n");
-        return 1;
-    } else {
-        printf("bad return value\n");
-        return 3;
-    }
-}
diff --git a/verifier_test.sh b/verifier_test.sh
deleted file mode 100755
index 4761cef..0000000
--- a/verifier_test.sh
+++ /dev/null
@@ -1,121 +0,0 @@
-#!/bin/bash
-#
-# A test suite for recovery's package signature verifier.  Run in a
-# client where you have done envsetup, lunch, etc.
-#
-# TODO: find some way to get this run regularly along with the rest of
-# the tests.
-
-EMULATOR_PORT=5580
-DATA_DIR=$ANDROID_BUILD_TOP/bootable/recovery/testdata
-
-WORK_DIR=/data/local/tmp
-
-# set to 0 to use a device instead
-USE_EMULATOR=0
-
-# ------------------------
-
-if [ "$USE_EMULATOR" == 1 ]; then
-  emulator -wipe-data -noaudio -no-window -port $EMULATOR_PORT &
-  pid_emulator=$!
-  ADB="adb -s emulator-$EMULATOR_PORT "
-else
-  ADB="adb -d "
-fi
-
-echo "waiting to connect to device"
-$ADB wait-for-device
-
-# run a command on the device; exit with the exit status of the device
-# command.
-run_command() {
-  $ADB shell "$@" \; echo \$? | awk '{if (b) {print a}; a=$0; b=1} END {exit a}'
-}
-
-testname() {
-  echo
-  echo "::: testing $1 :::"
-  testname="$1"
-}
-
-fail() {
-  echo
-  echo FAIL: $testname
-  echo
-  [ "$open_pid" == "" ] || kill $open_pid
-  [ "$pid_emulator" == "" ] || kill $pid_emulator
-  exit 1
-}
-
-
-cleanup() {
-  # not necessary if we're about to kill the emulator, but nice for
-  # running on real devices or already-running emulators.
-  run_command rm $WORK_DIR/verifier_test
-  run_command rm $WORK_DIR/package.zip
-
-  [ "$pid_emulator" == "" ] || kill $pid_emulator
-}
-
-$ADB push $ANDROID_PRODUCT_OUT/system/bin/verifier_test \
-          $WORK_DIR/verifier_test
-
-expect_succeed() {
-  testname "$1 (should succeed)"
-  $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
-  shift
-  run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip || fail
-}
-
-expect_fail() {
-  testname "$1 (should fail)"
-  $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
-  shift
-  run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip && fail
-}
-
-# not signed at all
-expect_fail unsigned.zip
-# signed in the pre-donut way
-expect_fail jarsigned.zip
-
-# success cases
-expect_succeed otasigned.zip -e3
-expect_succeed otasigned_f4.zip -f4
-expect_succeed otasigned_sha256.zip -e3 -sha256
-expect_succeed otasigned_f4_sha256.zip -f4 -sha256
-expect_succeed otasigned_ecdsa_sha256.zip -ec -sha256
-
-# success with multiple keys
-expect_succeed otasigned.zip -f4 -e3
-expect_succeed otasigned_f4.zip -ec -f4
-expect_succeed otasigned_sha256.zip -ec -e3 -e3 -sha256
-expect_succeed otasigned_f4_sha256.zip -ec -sha256 -e3 -f4 -sha256
-expect_succeed otasigned_ecdsa_sha256.zip -f4 -sha256 -e3 -ec -sha256
-
-# verified against different key
-expect_fail otasigned.zip -f4
-expect_fail otasigned_f4.zip -e3
-expect_fail otasigned_ecdsa_sha256.zip -e3 -sha256
-
-# verified against right key but wrong hash algorithm
-expect_fail otasigned.zip -e3 -sha256
-expect_fail otasigned_f4.zip -f4 -sha256
-expect_fail otasigned_sha256.zip
-expect_fail otasigned_f4_sha256.zip -f4
-expect_fail otasigned_ecdsa_sha256.zip
-
-# various other cases
-expect_fail random.zip
-expect_fail fake-eocd.zip
-expect_fail alter-metadata.zip
-expect_fail alter-footer.zip
-
-# --------------- cleanup ----------------------
-
-cleanup
-
-echo
-echo PASS
-echo