OSDN Git Service
Eric Laurent [Tue, 30 Jun 2015 18:21:44 +0000 (18:21 +0000)]
am
c655561b: (-s ours) am
29b83cbb: DO NOT MERGE - audio effects: fix heap overflow
* commit '
c655561b3580ae7ba3a721e69ac240606e11fab8':
DO NOT MERGE - audio effects: fix heap overflow
Wei Jia [Tue, 30 Jun 2015 18:21:32 +0000 (18:21 +0000)]
am
13c925ca: am
6ff53b96: Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev
* commit '
13c925cab2decaed6786b0642f2b5a9f8516e71a':
Prevent integer overflow when processing covr MPEG4 atoms
Eric Laurent [Tue, 23 Jun 2015 01:32:08 +0000 (01:32 +0000)]
am
29b83cbb: DO NOT MERGE - audio effects: fix heap overflow
* commit '
29b83cbb9018e53a18cf6e0fb34893f9774dcb96':
DO NOT MERGE - audio effects: fix heap overflow
Eric Laurent [Fri, 19 Jun 2015 22:33:57 +0000 (15:33 -0700)]
DO NOT MERGE - audio effects: fix heap overflow
Check consistency of effect command reply sizes before
copying to reply address.
Also add null pointer check on reply size.
Also remove unused parameter warning.
Bug:
21953516.
Change-Id: I4cf00c12eaed696af28f3b7613f7e36f47a160c4
Eric Laurent [Fri, 19 Jun 2015 22:33:57 +0000 (15:33 -0700)]
audio effects: fix heap overflow
Check consistency of effect command reply sizes before
copying to reply address.
Also add null pointer check on reply size.
Also remove unused parameter warning.
Bug:
21953516.
Change-Id: I4cf00c12eaed696af28f3b7613f7e36f47a160c4
(cherry picked from commit
0f714a464d2425afe00d6450535e763131b40844)
Wei Jia [Sat, 6 Jun 2015 00:43:52 +0000 (17:43 -0700)]
resolved conflicts for merge of
1f44d837 to lmp-dev
Change-Id: Id60c2470ec2afebdbc1c0c995b90e294c9c879eb
Joshua J. Drake [Fri, 5 Jun 2015 16:43:45 +0000 (16:43 +0000)]
am
f0e1fb59: am
4a492bf2: Fix integer underflow in covr MPEG4 processing
* commit '
f0e1fb59f3ea24ce4f7f10d156bf8470a7236445':
Fix integer underflow in covr MPEG4 processing
Wei Jia [Fri, 5 Jun 2015 16:32:42 +0000 (16:32 +0000)]
am
6ff53b96: Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev
* commit '
6ff53b96235bf99cdc1023b99d44f1c4cade1c0a':
Prevent integer overflow when processing covr MPEG4 atoms
Wei Jia [Fri, 5 Jun 2015 16:32:41 +0000 (16:32 +0000)]
am
82e90e10: Merge "Fix integer overflow when handling MPEG4 tx3g atom" into klp-dev
* commit '
82e90e10481c334bb5f2cecf1621cb8f9308c21c':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Fri, 5 Jun 2015 16:32:40 +0000 (16:32 +0000)]
am
4a492bf2: Fix integer underflow in covr MPEG4 processing
* commit '
4a492bf2ac47b9844d2527e1fcdf0064c3d8d52e':
Fix integer underflow in covr MPEG4 processing
Wei Jia [Fri, 5 Jun 2015 16:14:26 +0000 (16:14 +0000)]
Merge "Prevent reading past the end of the buffer in 3GPP" into lmp-dev
Wei Jia [Fri, 5 Jun 2015 16:13:54 +0000 (16:13 +0000)]
Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev
Wei Jia [Fri, 5 Jun 2015 16:13:39 +0000 (16:13 +0000)]
Merge "Fix integer overflow when handling MPEG4 tx3g atom" into klp-dev
Joshua J. Drake [Mon, 4 May 2015 22:57:24 +0000 (17:57 -0500)]
Prevent integer underflow if size is below 6
When processing 3GPP metadata, a subtraction operation may underflow and
lead to a rather large linear byteswap operation in the subsequent
framedata decoding code. Bound the 'size' value to prevent this from
occurring.
Bug:
20923261
Change-Id: I35dfbc8878c6b65cfe8b8adb7351a77ad4d604e5
(cherry picked from commit
9458e715d391ee8fe455fc31f07ff35ce12e0531)
Joshua J. Drake [Mon, 4 May 2015 22:33:49 +0000 (17:33 -0500)]
Prevent reading past the end of the buffer in 3GPP
Metadata processed within the parse3GPPMetaData function may not be NUL
terminated and thus calling setCString may read out of bounds. Ensure
proper NUL termination, but take care not to interfere with other special
cases (ie, albm).
Bug:
20923261
Change-Id: Ie93b3038b534b4c4460571a68f4d734cff7ad324
(cherry picked from commit
5cea0155cfc41f67e91343c342f44251c03fde3a)
Joshua J. Drake [Mon, 4 May 2015 23:36:35 +0000 (18:36 -0500)]
Prevent integer overflow when processing covr MPEG4 atoms
If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.
Bug:
20923261
Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f
Joshua J. Drake [Mon, 4 May 2015 23:29:08 +0000 (18:29 -0500)]
Fix integer overflow when handling MPEG4 tx3g atom
When the sum of the 'size' and 'chunk_size' variables is larger than 2^32,
an integer overflow occurs. Using the result value to allocate memory
leads to an undersized buffer allocation and later a potentially
exploitable heap corruption condition. Ensure that integer overflow does
not occur.
Bug:
20923261
Change-Id: Id050a36b33196864bdd98b5ea24241f95a0b5d1f
Joshua J. Drake [Mon, 4 May 2015 22:14:11 +0000 (17:14 -0500)]
Fix integer underflow in covr MPEG4 processing
When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an
integer underflow can occur. This causes an extraordinarily large value to
be passed to MetaData::setData, leading to a buffer overflow.
Bug:
20923261
Change-Id: Icd28f63594ad941eabb3a12c750a4a2d5d2bf94b
Andy Hung [Wed, 27 May 2015 21:18:26 +0000 (14:18 -0700)]
IOMX: Clear buffer id for arm32
Initial counter needs to be cleared for ease of debugging.
Bug:
20634516
Change-Id: I4131d759b9cc296bbecf25a53433d42b22ef228f
(cherry picked from commit
9113c1e619fd78fe53b548180fdc02300d33303d)
Andy Hung [Wed, 27 May 2015 02:23:57 +0000 (02:23 +0000)]
am
9d038ba4: (-s ours) am
0e27e080: DO NOT MERGE - IOMX: Add buffer range check to emptyBuffer
* commit '
9d038ba466df9179f1ec0d2b58dcabf19761bf24':
DO NOT MERGE - IOMX: Add buffer range check to emptyBuffer
Andy Hung [Wed, 27 May 2015 02:10:59 +0000 (02:10 +0000)]
am
0e27e080: DO NOT MERGE - IOMX: Add buffer range check to emptyBuffer
* commit '
0e27e080c255b23b4b0e19cb3bc9519cc162b73f':
DO NOT MERGE - IOMX: Add buffer range check to emptyBuffer
Andy Hung [Wed, 27 May 2015 01:31:28 +0000 (01:31 +0000)]
Merge "IOMX: Enable buffer ptr to buffer id translation for arm32" into lmp-dev
Andy Hung [Tue, 26 May 2015 18:14:36 +0000 (11:14 -0700)]
DO NOT MERGE - IOMX: Add buffer range check to emptyBuffer
Bug:
20634516
Change-Id: If351dbd573bb4aeb6968bfa33f6d407225bc752c
Andy Hung [Tue, 26 May 2015 18:32:13 +0000 (11:32 -0700)]
IOMX: Enable buffer ptr to buffer id translation for arm32
Bug:
20634516
Change-Id: Iac9eac3cb251eccd9bbad5df7421a07edc21da0c
(cherry picked from commit
2d6b6601743c3c6960c6511a2cb774ef902759f4)
Andy Hung [Tue, 26 May 2015 18:14:36 +0000 (11:14 -0700)]
IOMX: Add buffer range check to emptyBuffer
Bug:
20634516
Change-Id: If351dbd573bb4aeb6968bfa33f6d407225bc752c
(cherry picked from commit
d971df0eb300356b3c995d533289216f43aa60de)
Chong Zhang [Thu, 14 May 2015 23:31:16 +0000 (23:31 +0000)]
am
96a41a2b: (-s ours) am
dbe6c320: HDCP: buffer over flow check -- DO NOT MERGE
* commit '
96a41a2ba5985aeb9163923f54d84cdaa3d0363d':
HDCP: buffer over flow check -- DO NOT MERGE
Chong Zhang [Thu, 14 May 2015 23:17:08 +0000 (23:17 +0000)]
am
dbe6c320: HDCP: buffer over flow check -- DO NOT MERGE
* commit '
dbe6c320b414d8139c46aaf880d5f154ef4f9af8':
HDCP: buffer over flow check -- DO NOT MERGE
Chong Zhang [Tue, 28 Apr 2015 01:38:17 +0000 (18:38 -0700)]
HDCP: buffer over flow check -- DO NOT MERGE
bug:
20222489
Change-Id: I3a64a5999d68ea243d187f12ec7717b7f26d93a3
(cherry picked from commit
532cd7b86a5fdc7b9a30a45d8ae2d16ef7660a72)
Chong Zhang [Tue, 28 Apr 2015 01:38:17 +0000 (18:38 -0700)]
HDCP: buffer over flow check -- DO NOT MERGE
bug:
20222489
Change-Id: I3a64a5999d68ea243d187f12ec7717b7f26d93a3
(cherry picked from commit
532cd7b86a5fdc7b9a30a45d8ae2d16ef7660a72)
Lajos Molnar [Tue, 12 May 2015 21:45:35 +0000 (21:45 +0000)]
Merge "Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes" into lmp-dev
Robert Shih [Mon, 11 May 2015 11:19:37 +0000 (11:19 +0000)]
am
a3e8f60f: (-s ours) am
7acac10a: Merge "DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes" into klp-dev
* commit '
a3e8f60f5e409f65f12636df5fad7f20ff736df5':
DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes
Robert Shih [Mon, 11 May 2015 11:10:36 +0000 (11:10 +0000)]
am
7acac10a: Merge "DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes" into klp-dev
* commit '
7acac10aae34da5ae4d628c5a270e7e3e94f7598':
DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes
Robert Shih [Mon, 11 May 2015 03:00:49 +0000 (03:00 +0000)]
Merge "DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes" into klp-dev
Marco Nelissen [Thu, 7 May 2015 15:33:19 +0000 (15:33 +0000)]
am
5a75b421: am
30d77e2c: Fix potential buffer overrun
* commit '
5a75b4215821d633af18dd8dae2495299c070bf0':
Fix potential buffer overrun
Marco Nelissen [Thu, 7 May 2015 15:02:30 +0000 (15:02 +0000)]
am
30d77e2c: Fix potential buffer overrun
* commit '
30d77e2c75c1973f9fb363717af92cf640685da3':
Fix potential buffer overrun
Marco Nelissen [Fri, 1 May 2015 23:18:26 +0000 (16:18 -0700)]
Fix potential buffer overrun
The "samples" parameter indicates the max number of sample tuples, not
the max number of samples.
Bug:
16183063
Change-Id: I5347497bbbe65910b8489d354e985ebc90d65516
Lajos Molnar [Thu, 2 Apr 2015 02:32:25 +0000 (19:32 -0700)]
DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes
Bug:
19641538
Change-Id: I5aae3f100846c125decc61eec7cd6563e3f33777
Lajos Molnar [Thu, 2 Apr 2015 02:32:25 +0000 (19:32 -0700)]
Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes
Bug:
19641538
Change-Id: I5aae3f100846c125decc61eec7cd6563e3f33777
Marco Nelissen [Mon, 20 Apr 2015 18:08:59 +0000 (11:08 -0700)]
Add some sanity checks
Bug:
19400722
Change-Id: Ib3afdf73fd4647eeea5721c61c8b72dbba0647f6
Nick Kralevich [Fri, 10 Apr 2015 23:44:36 +0000 (23:44 +0000)]
am
b919a3a3: am
64290793: Merge "Fix integer underflow in ESDS processing" into klp-dev
* commit '
b919a3a3d38c4b1cbb378c38cc6154a81ebe01c7':
Fix integer underflow in ESDS processing
Nick Kralevich [Fri, 10 Apr 2015 23:44:35 +0000 (23:44 +0000)]
am
47759307: am
17b625b7: Merge "Fix integer overflow during MP4 atom processing" into klp-dev
* commit '
4775930799bd9a9fbad8efe5d338e890dd7444ed':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Fri, 10 Apr 2015 23:44:30 +0000 (23:44 +0000)]
am
4a131250: am
030d8d0a: Fix several ineffective integer overflow checks
* commit '
4a13125033f2130cadb4c48b3e6e0085d8c98829':
Fix several ineffective integer overflow checks
Nick Kralevich [Fri, 10 Apr 2015 23:34:59 +0000 (23:34 +0000)]
am
64290793: Merge "Fix integer underflow in ESDS processing" into klp-dev
* commit '
6429079345404932c5be5956efc7154390d2ed0e':
Fix integer underflow in ESDS processing
Nick Kralevich [Fri, 10 Apr 2015 23:34:57 +0000 (23:34 +0000)]
am
17b625b7: Merge "Fix integer overflow during MP4 atom processing" into klp-dev
* commit '
17b625b7f51b75fde6640c737474b8b2c51412bf':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Fri, 10 Apr 2015 23:34:56 +0000 (23:34 +0000)]
am
030d8d0a: Fix several ineffective integer overflow checks
* commit '
030d8d0a557097b88d6ecbf6d04823213512b620':
Fix several ineffective integer overflow checks
Nick Kralevich [Fri, 10 Apr 2015 23:16:02 +0000 (23:16 +0000)]
Merge "Fix integer underflow in ESDS processing" into klp-dev
Nick Kralevich [Fri, 10 Apr 2015 23:15:52 +0000 (23:15 +0000)]
Merge "Fix integer overflow during MP4 atom processing" into klp-dev
Joshua J. Drake [Thu, 9 Apr 2015 04:53:10 +0000 (23:53 -0500)]
Fix integer underflow in ESDS processing
Several arithmetic operations within parseESDescriptor could underflow, leading
to an out-of-bounds read operation. Ensure that subtractions from 'size' do not
cause it to wrap around.
Bug:
20139950
(cherry picked from commit
07c0f59d6c48874982d2b5c713487612e5af465a)
Change-Id: I377d21051e07ca654ea1f7037120429d3f71924a
Joshua J. Drake [Thu, 9 Apr 2015 04:44:57 +0000 (23:44 -0500)]
Fix integer overflow during MP4 atom processing
A few sample table related FourCC values are handled by the
setSampleToChunkParams function. An integer overflow exists within this
function. Validate that mNumSampleToChunkOffets will not cause an integer
overflow.
Bug:
20139950
(cherry picked from commit
c24607c29c96f939aed9e33bfa702b1dd79da4b7)
Change-Id: I49086952451b09a234d8b82669251ab9f1ef58d9
Joshua J. Drake [Thu, 9 Apr 2015 04:23:55 +0000 (23:23 -0500)]
Fix several ineffective integer overflow checks
Commit
edd4a76 (which addressed bugs
15328708,
15342615,
15342751) added
several integer overflow checks. Unfortunately, those checks fail to take into
account integer promotion rules and are thus themselves subject to an integer
overflow. Cast the sizeof() operator to a uint64_t to force promotion while
multiplying.
Bug:
20139950
(cherry picked from commit
e2e812e58e8d2716b00d7d82db99b08d3afb4b32)
Change-Id: I080eb3fa147601f18cedab86e0360406c3963d7b
Eric Laurent [Fri, 6 Feb 2015 18:44:24 +0000 (10:44 -0800)]
DO NOT MERGE - audio policy service: fix possible memory overflow
Add limit on number of audio ports and patches requested by
listaudioPorts() and listAudioPatches().
Bug:
19261727.
Change-Id: I21dfdf11cf805734cc3b7b2a85762c5598f60580
(cherry picked from commit
1d670b11313250442455a22f1056ad649d607fb2)
Eric Laurent [Tue, 11 Nov 2014 01:34:39 +0000 (01:34 +0000)]
am
ae6965ae: am
3aef3560: am
e360f0f6: IAudioPolicyService: bound array size in queryDefaultPreProcessing automerge:
99370d2
automerge:
cb5c8c0
* commit '
cb5c8c0de3f796f6a2499d4467abe59e11ffa8f5':
Eric Laurent [Tue, 11 Nov 2014 00:22:26 +0000 (00:22 +0000)]
am
ae6965ae: am
3aef3560: am
e360f0f6: IAudioPolicyService: bound array size in queryDefaultPreProcessing
automerge:
99370d2
* commit '
99370d2da54d7537ffda7fef1f6ef36f8b690321':
IAudioPolicyService: bound array size in queryDefaultPreProcessing
Eric Laurent [Mon, 10 Nov 2014 23:31:32 +0000 (23:31 +0000)]
am
99370d2d: am
ae6965ae: am
3aef3560: am
e360f0f6: IAudioPolicyService: bound array size in queryDefaultPreProcessing
* commit '
99370d2da54d7537ffda7fef1f6ef36f8b690321':
IAudioPolicyService: bound array size in queryDefaultPreProcessing
Eric Laurent [Mon, 10 Nov 2014 23:28:27 +0000 (23:28 +0000)]
am
ae6965ae: am
3aef3560: am
e360f0f6: IAudioPolicyService: bound array size in queryDefaultPreProcessing
* commit '
ae6965ae7664aaea489a8d58358035610075c9af':
IAudioPolicyService: bound array size in queryDefaultPreProcessing
Eric Laurent [Mon, 10 Nov 2014 23:20:25 +0000 (23:20 +0000)]
am
3aef3560: am
e360f0f6: IAudioPolicyService: bound array size in queryDefaultPreProcessing
* commit '
3aef35600523eb6b4ccc8086a8913e80701a031a':
IAudioPolicyService: bound array size in queryDefaultPreProcessing
Eric Laurent [Mon, 10 Nov 2014 23:16:22 +0000 (23:16 +0000)]
am
e360f0f6: IAudioPolicyService: bound array size in queryDefaultPreProcessing
* commit '
e360f0f6cad290f69e07fd3a20dcf11a1dbc4160':
IAudioPolicyService: bound array size in queryDefaultPreProcessing
Eric Laurent [Wed, 5 Nov 2014 20:15:36 +0000 (12:15 -0800)]
IAudioPolicyService: bound array size in queryDefaultPreProcessing
Bug:
18226810.
Change-Id: Ib8e2bfe835a8681aac50bf23161db14e50c9a124
(cherry picked from commit
74adca9ad30b7f8a70d40c5237bade0d16c4ea58)
Eric Laurent [Sat, 8 Nov 2014 01:28:28 +0000 (17:28 -0800)]
audioflinger: fix duplicating thread output buffers clear
Also clear mix buffer in DuplicatingThread::threadLoop_mix()
instead of just sink buffer when output threads are not
ready.
Bug:
18262127.
Change-Id: I4c22bbeaccdcc8d7c10c5882dde3439eb73d6ede
(cherry picked from commit
02b5708776ba2a9b4ff8c09008483aef7dbe38c7)
Eric Laurent [Mon, 3 Nov 2014 21:18:07 +0000 (21:18 +0000)]
am
42f785c5: am
4fbe49a8: am
96016c2d: am
9944ff09: am
70c3507d: am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls. automerge:
ca83dd2
automerge:
ba30b45
* commit '
ba30b4547c6b7ca949ef74e760ccc6157f435690':
Chris Elliott [Mon, 3 Nov 2014 21:14:34 +0000 (21:14 +0000)]
Revert "audio: prevent larger than required sleeps - DO NOT MERGE" automerge:
b6dcdbf -s ours
automerge:
ed394bc -s ours
* commit '
ed394bcfa79da3dd25cd24d485aa0d063818a977':
Chris Elliott [Mon, 3 Nov 2014 21:14:28 +0000 (21:14 +0000)]
audio: prevent larger than required sleeps - DO NOT MERGE automerge:
620208d -s ours
automerge:
b2c3ad1 -s ours
* commit '
b2c3ad13cb248159910bef6ac51f7e6023e133b9':
Chris Elliott [Mon, 3 Nov 2014 21:13:02 +0000 (21:13 +0000)]
Revert "audio: prevent larger than required sleeps - DO NOT MERGE" automerge:
2feb18d -s ours
automerge:
bb92112 -s ours
* commit '
bb9211236cf6104d16fc09b58550ce692d9af4e9':
Haynes Mathew George [Mon, 3 Nov 2014 21:12:35 +0000 (21:12 +0000)]
audio: prevent larger than required sleeps - DO NOT MERGE automerge:
8c0417c -s ours
automerge:
52ea677 -s ours
* commit '
52ea677828b23b216484dd34f84da2699ed850e3':
Eric Laurent [Fri, 31 Oct 2014 01:33:21 +0000 (01:33 +0000)]
am
42f785c5: am
4fbe49a8: am
96016c2d: am
9944ff09: am
70c3507d: am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
automerge:
ca83dd2
* commit '
ca83dd27f6c662bcbb0cea204c4df7ca77a479fd':
audio policy: validate stream type received from binder calls.
Eric Laurent [Fri, 31 Oct 2014 00:50:17 +0000 (00:50 +0000)]
am
ca83dd27: (-s ours) am
42f785c5: am
4fbe49a8: am
96016c2d: am
9944ff09: am
70c3507d: am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
ca83dd27f6c662bcbb0cea204c4df7ca77a479fd':
audio policy: validate stream type received from binder calls.
Eric Laurent [Fri, 31 Oct 2014 00:26:23 +0000 (00:26 +0000)]
am
42f785c5: am
4fbe49a8: am
96016c2d: am
9944ff09: am
70c3507d: am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
42f785c5d5ae596d781171327c98c541f0517feb':
audio policy: validate stream type received from binder calls.
Eric Laurent [Fri, 31 Oct 2014 00:17:14 +0000 (00:17 +0000)]
am
4fbe49a8: am
96016c2d: am
9944ff09: am
70c3507d: am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
4fbe49a83d41a64d44e363ccd691e7bfc41bb6af':
audio policy: validate stream type received from binder calls.
Eric Laurent [Fri, 31 Oct 2014 00:11:15 +0000 (00:11 +0000)]
am
96016c2d: am
9944ff09: am
70c3507d: am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
96016c2d583ccca9fffd6974cb9473f7effd6cf5':
audio policy: validate stream type received from binder calls.
Eric Laurent [Thu, 30 Oct 2014 23:55:43 +0000 (23:55 +0000)]
am
9944ff09: am
70c3507d: am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
9944ff09ac4eb076cab994ef245b0103f60836ba':
audio policy: validate stream type received from binder calls.
Eric Laurent [Thu, 30 Oct 2014 23:48:47 +0000 (23:48 +0000)]
am
70c3507d: am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
70c3507d915baaa5a0ab163eeb0a445030f4f492':
audio policy: validate stream type received from binder calls.
Eric Laurent [Thu, 30 Oct 2014 23:41:08 +0000 (23:41 +0000)]
am
450b10c9: am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
450b10c97514411ef1d0d887d4e18851fd286f0b':
audio policy: validate stream type received from binder calls.
Eric Laurent [Thu, 30 Oct 2014 23:25:15 +0000 (23:25 +0000)]
am
d0f9dc71: am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
d0f9dc7156e531d5cd0615f6e682d2449e08e9a7':
audio policy: validate stream type received from binder calls.
Eric Laurent [Thu, 30 Oct 2014 23:01:01 +0000 (23:01 +0000)]
am
e0a65f30: am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
e0a65f3008ac5874106b21d03e19296c8015da41':
audio policy: validate stream type received from binder calls.
Eric Laurent [Thu, 30 Oct 2014 22:52:48 +0000 (22:52 +0000)]
am
f5af3a72: am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
f5af3a72f308cd4dff7859e62922ee5a13bd4c15':
audio policy: validate stream type received from binder calls.
Eric Laurent [Thu, 30 Oct 2014 22:44:00 +0000 (22:44 +0000)]
am
6d80b687: audio policy: validate stream type received from binder calls.
* commit '
6d80b687c3b8d9c8da7cdad7d9813aa51c1cf15e':
audio policy: validate stream type received from binder calls.
Eric Laurent [Thu, 30 Oct 2014 21:46:18 +0000 (14:46 -0700)]
audio policy: validate stream type received from binder calls.
Bug:
18001784.
Bug:
18002005.
Change-Id: If08866a3c21bcbfd8cdbbf8336bcf1faad66f321
Chris Elliott [Tue, 28 Oct 2014 23:27:54 +0000 (23:27 +0000)]
Revert "audio: prevent larger than required sleeps - DO NOT MERGE"
automerge:
b6dcdbf -s ours
* commit '
b6dcdbf436ffacb52a41ac8ef9b07f99fd64779f':
Revert "audio: prevent larger than required sleeps - DO NOT MERGE"
Chris Elliott [Tue, 28 Oct 2014 23:27:51 +0000 (23:27 +0000)]
audio: prevent larger than required sleeps - DO NOT MERGE
automerge:
620208d -s ours
* commit '
620208dc0bbd7a0792702df3ab08800fdad60cec':
audio: prevent larger than required sleeps - DO NOT MERGE
Chris Elliott [Tue, 28 Oct 2014 23:26:28 +0000 (23:26 +0000)]
Revert "audio: prevent larger than required sleeps - DO NOT MERGE"
automerge:
2feb18d -s ours
* commit '
2feb18ddfdbd20941ebcc3314780a582da5608e4':
Revert "audio: prevent larger than required sleeps - DO NOT MERGE"
Haynes Mathew George [Tue, 28 Oct 2014 23:25:57 +0000 (23:25 +0000)]
audio: prevent larger than required sleeps - DO NOT MERGE
automerge:
8c0417c -s ours
* commit '
8c0417c173d1fd618ae54e2d721b0ec360ea70cc':
audio: prevent larger than required sleeps - DO NOT MERGE
Marco Nelissen [Thu, 23 Oct 2014 21:30:57 +0000 (21:30 +0000)]
Merge "64 bit fixes for NdkMediaExtractor" into lmp-dev
Marco Nelissen [Thu, 23 Oct 2014 18:36:38 +0000 (11:36 -0700)]
64 bit fixes for NdkMediaExtractor
Bug:
18094443
Change-Id: Iae049012966707f5c187c61ed68407f22c662b25
Eino-Ville Talvala [Wed, 22 Oct 2014 21:21:12 +0000 (14:21 -0700)]
CameraService: Disconnect: Release mutex while waiting for joins.
The threads shutting down may have callpaths that require taking the
binder interface mutex, so waiting to join them with that mutex held
can lead to deadlocks.
A specific instance is StreamingProcessor calling dataCallbackTimestamp,
which can immediately lead to a Camera2Client::releaseRecordingFrame call,
which requires the binder interface mutex. If this call happens right when
shutdown is occurring, and Camera2Client::disconnect is holding the mutex,
deadlock ensues.
Bug:
17997578
Change-Id: I71253cd5542b5920ad205976d315110ca0043d94
Chong Zhang [Wed, 22 Oct 2014 00:56:56 +0000 (00:56 +0000)]
Merge "release camera without holding CameraSource mutex" into lmp-dev
Lajos Molnar [Wed, 22 Oct 2014 00:29:43 +0000 (00:29 +0000)]
Merge "stagefright: try to free codec instance if MediaCodec.release hangs" into lmp-dev
Lajos Molnar [Wed, 22 Oct 2014 00:29:29 +0000 (00:29 +0000)]
Merge "Stagefright: MediaCodec: shutdown allocated codec on error" into lmp-dev
Chong Zhang [Tue, 21 Oct 2014 21:12:25 +0000 (14:12 -0700)]
release camera without holding CameraSource mutex
Bug:
17997578
Change-Id: Iba93848ad10ba84d2d836573da7ce242c761582f
Lajos Molnar [Tue, 21 Oct 2014 23:07:52 +0000 (16:07 -0700)]
stagefright: try to free codec instance if MediaCodec.release hangs
Bug:
18033275
Change-Id: If86cd26566d7b75941976f37829bbec619800778
Lajos Molnar [Tue, 21 Oct 2014 16:36:43 +0000 (09:36 -0700)]
mediaplayer: don't report position past last queued position
also reanchor offloaded audio track correctly
Bug:
17653702
Change-Id: If05394d3b119be8d80b7764847496246d34a2133
Praveen Chavan [Wed, 15 Oct 2014 09:24:34 +0000 (02:24 -0700)]
Stagefright: MediaCodec: shutdown allocated codec on error
If MediaCodec sees a fatal error and transitions to
UNINITIALIZED state, The codec may still be alive (with an
exception of 'mediaserver-died' error).
Handle Shutdown of the codec during release().
Bug:
17784012
Bug:
18033275
Change-Id: I891e036499d9b440a57f77fb735a5ba4da9a6e43
Eric Laurent [Tue, 21 Oct 2014 16:07:11 +0000 (09:07 -0700)]
audio policy: fix effect handle leak
Fix ref counting error in AudioPolicyEffect::addInputEffects()
and addOutputSessionEffects()
Bug:
17675112.
Change-Id: I5267d1024a585919f66ead83662e57b78ba53540
Lajos Molnar [Tue, 21 Oct 2014 00:47:54 +0000 (17:47 -0700)]
mediaplayer: limit scheduling video frames into the future
This addresses when video timestamps jumps before an audio timestamp,
but still works on slideshow video clips (<=1fps).
This, however, will not skip time-changes on video-only live video
streams, as we cannot distinguish live slideshow video clips from
non-slideshow ones.
Bug:
18032127
Change-Id: I959a714edfe1c8cf3b84704c693dcd1b3e5b7855
Ronghua Wu [Mon, 20 Oct 2014 06:12:50 +0000 (23:12 -0700)]
NuPlayer: set anchor time for each audio buffer.
And use anchor time to compute current position
Bug:
17999949
Bug:
18008307
Bug:
18032127
Change-Id: Ie493c9a1d45d7b788aef65d863f710da6326fcc1
Marco Nelissen [Mon, 20 Oct 2014 20:15:38 +0000 (13:15 -0700)]
Fix the fix
We need to clear the buffer a little more often.
Bug:
18023017
Change-Id: If8a522b9133a4269e2435af8958f6ced322e71e9
Marco Nelissen [Mon, 20 Oct 2014 14:44:58 +0000 (14:44 +0000)]
Merge "Clear effect buffer before sending to chain" into lmp-dev
The Android Automerger [Mon, 20 Oct 2014 00:10:22 +0000 (17:10 -0700)]
merge in lmp-release history after reset to
e9234f17dfbb192c96b122b9e0ce8cd9015d1589
Marco Nelissen [Fri, 17 Oct 2014 23:39:39 +0000 (16:39 -0700)]
Clear effect buffer before sending to chain
otherwise the effect might get a buffer with previous data instead
of silence.
Bug:
18023017
Change-Id: Ic6be5ce0e74552aac2a0cce9c660893f9ad27f5c
Andy Hung [Fri, 17 Oct 2014 20:38:10 +0000 (20:38 +0000)]
Merge "Fix AudioTrack retrograde getPosition when restoring tracks" into lmp-dev
Andy Hung [Fri, 17 Oct 2014 00:54:34 +0000 (17:54 -0700)]
Fix AudioTrack retrograde getPosition when restoring tracks
mReleased represents the number of frames written to the
track, but was cleared on start() causing a mismatch if the
client wrote to the track before starting. Moved the clearing
to entering the STATE_STOPPED or STATE_FLUSHED state.
Bug:
18017947
Bug:
18022276
Change-Id: I3788c98c4c3c4d9cc004378432797b3f3138e22e