OSDN Git Service
Abhishek Arya [Tue, 18 Aug 2015 01:45:49 +0000 (01:45 +0000)]
am
deba0610: Merge "Revert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"" into klp-dev
* commit '
deba0610c89d54390c9d2d0a0f3b79fd7679779c':
Revert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"
Abhishek Arya [Tue, 18 Aug 2015 01:45:48 +0000 (01:45 +0000)]
am
9abb7401: Fix compile failure after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
* commit '
9abb7401df730b5c510f6b8dac2716a0928d9623':
Fix compile failure after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
Abhishek Arya [Tue, 18 Aug 2015 01:31:42 +0000 (01:31 +0000)]
Merge "Revert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"" into klp-dev
Abhishek Arya [Tue, 18 Aug 2015 01:24:11 +0000 (18:24 -0700)]
Fix compile failure after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
Bug:
20674086
Change-Id: I2ee6b7e0eabbf696c0986d08b2d759d48cb9eb7b
Wei Jia [Tue, 18 Aug 2015 01:00:53 +0000 (01:00 +0000)]
am
1a09d352: Merge "libstagefright: check remaining data size before parsing it." into klp-dev
* commit '
1a09d3521e8849dcb1090ecb50393f6e9ee140ec':
libstagefright: check remaining data size before parsing it.
Abhishek Arya [Tue, 18 Aug 2015 00:53:14 +0000 (00:53 +0000)]
am
c23e3dd8: Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
* commit '
c23e3dd8af7397f023aae040c4a03dd14091cbed':
Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
Wei Jia [Tue, 18 Aug 2015 00:53:12 +0000 (00:53 +0000)]
am
567b6551: Merge "SoftAVCEnc: check requested memory size before allocation." into klp-dev
* commit '
567b6551f8bc240cc267054ea5de55c46f10cc29':
SoftAVCEnc: check requested memory size before allocation.
Abhishek Arya [Tue, 18 Aug 2015 00:53:11 +0000 (00:53 +0000)]
am
94c1969c: Merge "libstagefright: check memory size for overflow before allocation." into klp-dev
* commit '
94c1969c38d4386933ed5cad7f625029442f6331':
libstagefright: check memory size for overflow before allocation.
Wei Jia [Tue, 18 Aug 2015 00:53:10 +0000 (00:53 +0000)]
am
120f259d: Merge "ABuffer: reset members when memory allocation fails." into klp-dev
* commit '
120f259d0de4dc048a2b9007c0f19b8808e59021':
ABuffer: reset members when memory allocation fails.
Wei Jia [Tue, 18 Aug 2015 00:53:09 +0000 (00:53 +0000)]
am
fc8c226b: Merge "Revert "SoftAVCEnc: check requested memory size before allocation."" into klp-dev
* commit '
fc8c226b75a45876e6545c3a217698ada52bd2d6':
Revert "SoftAVCEnc: check requested memory size before allocation."
Wei Jia [Tue, 18 Aug 2015 00:53:08 +0000 (00:53 +0000)]
am
74d3170f: Merge "Fix comparison sign warnings." into klp-dev
* commit '
74d3170ffc02620fcedb5a98c7a66e83ee2faa87':
Fix comparison sign warnings.
Wei Jia [Tue, 18 Aug 2015 00:53:07 +0000 (00:53 +0000)]
am
479b4de0: SoftAVCEnc: check requested memory size before allocation.
* commit '
479b4de0d267eb7d4c419f4da0069186a952ad17':
SoftAVCEnc: check requested memory size before allocation.
Wei Jia [Tue, 18 Aug 2015 00:48:01 +0000 (00:48 +0000)]
Merge "libstagefright: check remaining data size before parsing it." into klp-dev
Abhishek Arya [Mon, 17 Aug 2015 22:34:16 +0000 (22:34 +0000)]
Revert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"
This reverts commit
c23e3dd8af7397f023aae040c4a03dd14091cbed.
This speculative fix didn't fix the compile failure, do checking locally.
Change-Id: I1598f7208c8232ca38c0fcad17f211598591594e
Abhishek Arya [Mon, 17 Aug 2015 21:50:02 +0000 (14:50 -0700)]
Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
BUG:
20674086
Change-Id: Idaff17975b327adea65c39bdba1ab4e88789c0cd
Wei Jia [Mon, 17 Aug 2015 19:49:39 +0000 (19:49 +0000)]
Merge "SoftAVCEnc: check requested memory size before allocation." into klp-dev
Abhishek Arya [Mon, 17 Aug 2015 18:39:11 +0000 (18:39 +0000)]
Merge "libstagefright: check memory size for overflow before allocation." into klp-dev
Wei Jia [Mon, 17 Aug 2015 00:41:50 +0000 (17:41 -0700)]
libstagefright: check remaining data size before parsing it.
Bug:
23248776
Change-Id: I45cf53e58e4375afcf260b122264c968ec0ff6c8
(cherry picked from commit
3bf1e0fdf27e1188b8d3574ed073595b8eacb114)
Wei Jia [Mon, 17 Aug 2015 00:46:34 +0000 (17:46 -0700)]
SoftAVCEnc: check requested memory size before allocation.
Bug:
20674674
Change-Id: If80186a7b9078e575d389220f3bebe9f7630a956
(cherry picked from commit
f6fe4340219a8e674f3250fe32d4697ec8184b24)
Wei Jia [Sun, 16 Aug 2015 20:20:57 +0000 (20:20 +0000)]
Merge "ABuffer: reset members when memory allocation fails." into klp-dev
Wei Jia [Sun, 16 Aug 2015 18:19:37 +0000 (18:19 +0000)]
Merge "Revert "SoftAVCEnc: check requested memory size before allocation."" into klp-dev
Wei Jia [Sun, 16 Aug 2015 18:14:33 +0000 (18:14 +0000)]
Revert "SoftAVCEnc: check requested memory size before allocation."
This reverts commit
479b4de0d267eb7d4c419f4da0069186a952ad17.
Change-Id: I014746db3f861cb1cd5bf1b76f86b0356836a128
Wei Jia [Sun, 16 Aug 2015 18:02:05 +0000 (18:02 +0000)]
Merge "Fix comparison sign warnings." into klp-dev
Dan Albert [Fri, 8 May 2015 17:43:54 +0000 (10:43 -0700)]
Fix comparison sign warnings.
Bug:
23213430
Change-Id: I6f2e2b03b968a569b122004b4803c5d17fccfb12
(cherry picked from commit
635bc8f90429b2fdcaf7f8d43f7f59bcd0fe951c)
Wei Jia [Mon, 20 Jul 2015 18:34:22 +0000 (11:34 -0700)]
ABuffer: reset members when memory allocation fails.
Bug:
22077698
Change-Id: I2beb724662d041ad2339d0f4c7f983e7ac5e5e6f
(cherry picked from commit
94b0badc025b14141ff234e3e4e2745411742bac)
Wei Jia [Sat, 15 Aug 2015 00:16:46 +0000 (17:16 -0700)]
SoftAVCEnc: check requested memory size before allocation.
Bug:
20674674
Change-Id: I569e7a9b33fe64779a40e55539929c3dc4303c19
(cherry picked from commit
f6fe4340219a8e674f3250fe32d4697ec8184b24)
Wei Jia [Wed, 3 Jun 2015 20:47:51 +0000 (13:47 -0700)]
libstagefright: check memory size for overflow before allocation.
Bug:
20674086
Change-Id: I431aa2b7d30a942350ab6d105451c6b77e2f99d4
(cherry picked from commit
42cccd7c8811597d56fb86afeacf6231d693dea6)
Wei Jia [Thu, 13 Aug 2015 18:08:00 +0000 (18:08 +0000)]
am
3ce29384: libstagefright: fix possible overflow in amrwbenc.
* commit '
3ce293842fed1b3abd2ff0aecd2a0c70a55086ee':
libstagefright: fix possible overflow in amrwbenc.
Wei Jia [Wed, 12 Aug 2015 17:08:41 +0000 (10:08 -0700)]
libstagefright: fix possible overflow in amrwbenc.
Bug:
23142203
Change-Id: I309df51e4df6412655f04cc093d792bf6c7944f7
(cherry picked from commit
9dd01777aa14bbb90a6cdccf97383bb4e3d717a5)
Wei Jia [Thu, 13 Aug 2015 16:34:17 +0000 (16:34 +0000)]
am
f51115bd: libstagefright: fix possible overflow in ID3.
* commit '
f51115bd8e44c2779b74477277c6f6046916e7cf':
libstagefright: fix possible overflow in ID3.
Wei Jia [Wed, 12 Aug 2015 17:41:00 +0000 (10:41 -0700)]
libstagefright: fix possible overflow in ID3.
Bug:
23129786
Change-Id: I2e6b7a6927aa4362ab49dd6824bbb1abf7b4e661
(cherry picked from commit
09da86913ca97d7a818a8917b6601527e5e18a24)
Nick Kralevich [Tue, 11 Aug 2015 04:24:54 +0000 (21:24 -0700)]
resolved conflicts for merge of
c86eae32 to klp-modular-dev
Change-Id: I127912aed9c9e57a985c46bee13d111e159d2c6f
Nick Kralevich [Tue, 11 Aug 2015 03:31:38 +0000 (03:31 +0000)]
am
9d9491f9: am
0dbd0d7b: am
c9924410: am
2fe61ed0: am
3b8d3fa0: am
186d1fb9: am
f4dfe12e: am
54d88fe2: am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
9d9491f9fb83523cfe68f2aa26c14f72f70812fc':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Tue, 11 Aug 2015 03:24:13 +0000 (03:24 +0000)]
am
0dbd0d7b: am
c9924410: am
2fe61ed0: am
3b8d3fa0: am
186d1fb9: am
f4dfe12e: am
54d88fe2: am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
0dbd0d7bfe340ac46271c7f87969431b62a023ed':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Tue, 11 Aug 2015 03:07:29 +0000 (03:07 +0000)]
am
c9924410: am
2fe61ed0: am
3b8d3fa0: am
186d1fb9: am
f4dfe12e: am
54d88fe2: am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
c99244105803ac32f4cc698b5b2a85b225d925a2':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Tue, 11 Aug 2015 02:57:48 +0000 (02:57 +0000)]
am
2fe61ed0: am
3b8d3fa0: am
186d1fb9: am
f4dfe12e: am
54d88fe2: am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
2fe61ed032e083dc39265f3b88274fcb8fbeed9b':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Tue, 11 Aug 2015 02:49:10 +0000 (02:49 +0000)]
am
3b8d3fa0: am
186d1fb9: am
f4dfe12e: am
54d88fe2: am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
3b8d3fa0dd97c05f77c4686986812e40203678d2':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Tue, 11 Aug 2015 02:37:17 +0000 (02:37 +0000)]
am
186d1fb9: am
f4dfe12e: am
54d88fe2: am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
186d1fb9b72439c1c3317d72e4a0f52f466e6861':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Tue, 11 Aug 2015 02:32:49 +0000 (02:32 +0000)]
am
f4dfe12e: am
54d88fe2: am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
f4dfe12ecd26e7d6965a2abc062709b6d7d942c4':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Tue, 11 Aug 2015 02:26:38 +0000 (02:26 +0000)]
am
54d88fe2: am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
54d88fe2f17b1c5c6e4d0d1d1e36089fea3a1df0':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Tue, 11 Aug 2015 02:20:00 +0000 (02:20 +0000)]
am
aa8dab77: Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
* commit '
aa8dab77aa9ef1bb6e5414ee5e773001de725bef':
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 16:55:57 +0000 (16:55 +0000)]
am
f59348ed: am
0080e03e: am
3ebcce0e: am
2c0f9591: am
fea5921b: am
9fff1d37: am
d9d35098: am
af6b3a6b: am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
f59348edfc54baa8f6e6532c6484656cf444d199':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 16:41:15 +0000 (16:41 +0000)]
am
0080e03e: am
3ebcce0e: am
2c0f9591: am
fea5921b: am
9fff1d37: am
d9d35098: am
af6b3a6b: am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
0080e03e2a69dcb5ecbcb2848f358ca73163714c':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 16:34:15 +0000 (16:34 +0000)]
am
3ebcce0e: am
2c0f9591: am
fea5921b: am
9fff1d37: am
d9d35098: am
af6b3a6b: am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
3ebcce0e3fda1ffae9453ca0cc389ee852e1d0a2':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 16:23:51 +0000 (16:23 +0000)]
am
2c0f9591: am
fea5921b: am
9fff1d37: am
d9d35098: am
af6b3a6b: am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
2c0f959112a1d9048e8dc527f2f9dc0cc3e490c9':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 16:16:08 +0000 (16:16 +0000)]
am
fea5921b: am
9fff1d37: am
d9d35098: am
af6b3a6b: am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
fea5921b975cf43c88b8f93d4f2500abde6088be':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 16:08:43 +0000 (16:08 +0000)]
am
9fff1d37: am
d9d35098: am
af6b3a6b: am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
9fff1d37d6129dfce7a6f89004ec4a9cea9c9cad':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 16:01:24 +0000 (16:01 +0000)]
am
d9d35098: am
af6b3a6b: am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
d9d35098aaaa546d79d0707734aac9b4b12c5be1':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 15:19:26 +0000 (15:19 +0000)]
am
af6b3a6b: am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
af6b3a6bc44e65e6dbf95c1e5dadf76aa78018d9':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Sat, 8 Aug 2015 14:55:23 +0000 (14:55 +0000)]
Merge "MPEG4Extractor.cpp: Add check for size == SIZE_MAX" into jb-dev
Marco Nelissen [Sat, 8 Aug 2015 02:47:04 +0000 (02:47 +0000)]
am
450e1015: Fix Ogg album art
* commit '
450e1015b7939292ca988dd1b4f0303a094478e9':
Fix Ogg album art
Marco Nelissen [Sat, 8 Aug 2015 01:12:33 +0000 (01:12 +0000)]
am
2e637bfd: Merge "Extra sanity checks on sample size and resolution" into klp-dev
* commit '
2e637bfd64c59200414130671e32e3e087e9f147':
Extra sanity checks on sample size and resolution
Marco Nelissen [Thu, 6 Aug 2015 15:03:47 +0000 (08:03 -0700)]
Fix Ogg album art
Bug:
23036083
Bug: https://code.google.com/p/android/issues/detail?id=182053
Change-Id: I1a5cbe06990900160c2addade238c1e9feab8f71
(cherry picked from commit
c63cc509404b9328aedd1be3adc4e87cd07b4eb1)
Marco Nelissen [Sat, 8 Aug 2015 00:59:49 +0000 (00:59 +0000)]
Merge "Extra sanity checks on sample size and resolution" into klp-dev
Nick Kralevich [Fri, 7 Aug 2015 23:09:03 +0000 (23:09 +0000)]
am
bce77a36: am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
bce77a36125b25ce864b40bd5938ca89becea898':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Fri, 7 Aug 2015 18:41:28 +0000 (18:41 +0000)]
am
0e20b209: MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
* commit '
0e20b2093aa2bbc93afed8d68d3765d18a431b74':
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
Nick Kralevich [Fri, 7 Aug 2015 18:19:24 +0000 (11:19 -0700)]
MPEG4Extractor.cpp: handle chunk_size > SIZE_MAX
chunk_size is a uint64_t, so it can legitimately be bigger
than SIZE_MAX, which would cause the subtraction to underflow.
https://code.google.com/p/android/issues/detail?id=182251
Bug:
23034759
Change-Id: Ic1637fb26bf6edb0feb1bcf2876fd370db1ed547
Joshua J. Drake [Fri, 7 Aug 2015 17:38:06 +0000 (17:38 +0000)]
am
4254be9a: am
9364bdc9: am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
4254be9a0d16bac995aa73d60e8e92839960bd32':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 17:38:05 +0000 (17:38 +0000)]
am
8e0e43d2: am
3621c056: am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
8e0e43d2f6cd86888c8ab58303e5163809ec8b04':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 17:38:04 +0000 (17:38 +0000)]
am
ffe509ff: am
d0af1ded: (-s ours) am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
ffe509ffb243462597eb018a623241739d032be1':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 17:19:23 +0000 (17:19 +0000)]
am
9364bdc9: am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
9364bdc9a1298a609eb825be051c393cbf3d7a38':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 17:19:22 +0000 (17:19 +0000)]
am
3621c056: am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
3621c05605c5a3f2c452668beacb71a08dc2d7c8':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 17:19:20 +0000 (17:19 +0000)]
am
d0af1ded: (-s ours) am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
d0af1dedf5d903a52fac58f694b3f8edbf20e656':
Prevent integer overflow when processing covr MPEG4 atoms
Nick Kralevich [Fri, 7 Aug 2015 17:02:37 +0000 (10:02 -0700)]
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
If size == SIZE_MAX, the line:
uint8_t *buffer = new (std::nothrow) uint8_t[size + 1];
ends up allocating zero bytes, which is obviously incorrect.
This is conceptually a cherrypick of commit
b2d33aee5122c91a59c2a676c0b89ad340232450 , but specifically for
Android 4.1 through Android 4.4. In Android 5.0, new code
was introduced which caused the function parseMetaData()
to be renamed.
Bug:
23031033
Change-Id: Ib34e740f3292a484f8a24e513c1cce58f2f33ecb
Joshua J. Drake [Fri, 7 Aug 2015 16:29:36 +0000 (16:29 +0000)]
am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
905aae465fa88d6d793c670c08c360900c6cb3f7':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:29:35 +0000 (16:29 +0000)]
am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
bcc8e5817fa3dc624f214e58f756098053ac5682':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 16:29:34 +0000 (16:29 +0000)]
am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
a421314f9cc1b061d94a79e2aa1a92916ea4b9bf':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 16:17:11 +0000 (16:17 +0000)]
am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
11c88f66205dd9095cbe87f3486ef7262e4d2e22':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:17:10 +0000 (16:17 +0000)]
am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
bb99a362dc76f9bf040f6256369fabf27ad1c2f5':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 16:13:44 +0000 (16:13 +0000)]
am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
430475da7f0edb86ee6a85378d1583ab07f7f93d':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 16:11:07 +0000 (16:11 +0000)]
am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
2796ba1c511517a4904d10d1fdc830c86d161342':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:11:05 +0000 (16:11 +0000)]
am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
8d60fc3e3ecd4d7c2b18f25962f0ea42f3644ebd':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 15:50:46 +0000 (08:50 -0700)]
resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
Bug:
20923261
Change-Id: I6fe12a7c5768f77454bd0391b07f4c3181607d14
Marco Nelissen [Fri, 7 Aug 2015 14:25:10 +0000 (14:25 +0000)]
am
f26400c9: Fix crash on malformed id3
* commit '
f26400c9d01a0e2f71690d5ebc644270f098d590':
Fix crash on malformed id3
Marco Nelissen [Tue, 4 Aug 2015 15:38:24 +0000 (08:38 -0700)]
Extra sanity checks on sample size and resolution
Instead of rejecting the samples later when they don't fit in the
buffer, reject the entire file early.
Bug:
22882938
Change-Id: I748153b0e9e827e3f2526468756295b4b5000de6
(cherry picked from commit
beef7e58c1f1837bdaed6ac37414d8c48a133813)
Marco Nelissen [Tue, 4 Aug 2015 23:49:28 +0000 (16:49 -0700)]
Fix crash on malformed id3
Bug:
22954006
Change-Id: I488cb1e2c69fc7043b6040481b30fa866000515d
Joshua J. Drake [Tue, 4 Aug 2015 21:42:34 +0000 (21:42 +0000)]
am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
a555788d9cd4a22a8f5d7dccd288f7d185cef209':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:42:34 +0000 (21:42 +0000)]
am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
338bbf53be077a99f532e813d4cf14a192c55f74':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:42:33 +0000 (21:42 +0000)]
am
cd5cf679: am
df1ecfe3: am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
cd5cf6797c26ca7d3ce2f9a379bdef099dae2aae':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:37:01 +0000 (21:37 +0000)]
am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
0e33cb2dd5ccf6f4db8c694cb2c233bb1d2a2d0b':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:37:00 +0000 (21:37 +0000)]
am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
fd334e346bd0fc9b11756539d1635eabdb6b04cb':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:36:59 +0000 (21:36 +0000)]
am
df1ecfe3: am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
df1ecfe3913b9c3bce17947d877498093a42a56f':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:31:51 +0000 (21:31 +0000)]
am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
e4ccf3a14beabfeeb6c7df47ae118f3db999c1ce':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:31:40 +0000 (21:31 +0000)]
am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
03d539a7a9c8ae7aef9cb8bda9042187327566a2':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:31:38 +0000 (21:31 +0000)]
am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
52d1defcfe51bd3b5f4e191fb70a0a0a406c33dc':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:25:41 +0000 (21:25 +0000)]
am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
3329a19b4d11d3c1310bbe9aa54b6a66488ab862':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:25:40 +0000 (21:25 +0000)]
am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
a5b9055d7ce1d82ee29ed2f45aa4f8a82ccc76f2':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:25:38 +0000 (21:25 +0000)]
am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
9481a101f8246263d969af66a7b39fad7346772e':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:18:33 +0000 (21:18 +0000)]
am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
c87faed60483afb2466e03892bda80b72e5822c7':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:18:32 +0000 (21:18 +0000)]
am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
f1ce97ddc2f82d844a6fb8341585eb7b2e655f44':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:18:30 +0000 (21:18 +0000)]
am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
a81b3779cc6f6046c8a9149bf544e9d726c9b2b2':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Mon, 4 May 2015 22:14:11 +0000 (17:14 -0500)]
Fix integer underflow in covr MPEG4 processing
When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an
integer underflow can occur. This causes an extraordinarily large value to
be passed to MetaData::setData, leading to a buffer overflow.
Bug:
20923261
(cherry picked from commit
4a492bf2ac47b9844d2527e1fcdf0064c3d8d52e)
Change-Id: I83490cbaf5b368073fcd8668a9241dfc90bebd90
Joshua J. Drake [Mon, 4 May 2015 23:29:08 +0000 (18:29 -0500)]
Fix integer overflow when handling MPEG4 tx3g atom
When the sum of the 'size' and 'chunk_size' variables is larger than 2^32,
an integer overflow occurs. Using the result value to allocate memory
leads to an undersized buffer allocation and later a potentially
exploitable heap corruption condition. Ensure that integer overflow does
not occur.
Bug:
20923261
(cherry picked from commit
e5f0966c76bd0a7e81e4205c8d8b55e6b34c833e)
Change-Id: I3f240f75fd681becbf89cb7e7554388471c28059
Joshua J. Drake [Mon, 4 May 2015 23:36:35 +0000 (18:36 -0500)]
Prevent integer overflow when processing covr MPEG4 atoms
If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.
(cherrypicked from commit
05ddc499b9d50c90f552ed1333110f28a1406e7c)
Bug:
20923261
Change-Id: If09a02738759acdff8d95149bb9cb5f18a0a123e
Wei Jia [Tue, 4 Aug 2015 18:19:37 +0000 (18:19 +0000)]
am
d9a9a324: am
10ef7f75: am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
d9a9a324766b26be2ff0d10537ea0b215b0261e3':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 18:00:56 +0000 (18:00 +0000)]
am
10ef7f75: am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
10ef7f7514bdf6d9c38c93d9bb0194c0920d152f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:51:22 +0000 (17:51 +0000)]
am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
b0924c631cfccd10c1f95d6ae44c8cd852e14a9f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:29:31 +0000 (17:29 +0000)]
am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
7af634e131361862d2e47fb344278e31ed05be4f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:20:14 +0000 (17:20 +0000)]
am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
8ec119d2f033221e4cb0fd2b2948e780581b3d35':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:09:44 +0000 (17:09 +0000)]
am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
d138024f94fe01934be700ce16aa84418fbe1827':
SampleTable: fix integer overflow checks.