git.osdn.net Git - android-x86/frameworks-native.git/log

(root) / android-x86 / frameworks-native.git / log

Chris Forbes [Tue, 16 May 2017 19:42:42 +0000 (19:42 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c am: 05df3a6f4d am: 81bab8081e am: 209ad9b6fe am: d4cbd296d6 am: 593a1a217a am: e3bc28ad88 am: 600e610344 am: ce069c5a07
am: a078c0780c

Change-Id: I060bbdef30d8710b8e5d779a0f75b61040530353

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:39:41 +0000 (19:39 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c am: 05df3a6f4d am: 81bab8081e am: 209ad9b6fe am: d4cbd296d6 am: 593a1a217a am: e3bc28ad88 am: 600e610344
am: ce069c5a07

Change-Id: Ic185b2a7c35ea0260d5380d606f6b7b82c78b717

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:36:43 +0000 (19:36 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c am: 05df3a6f4d am: 81bab8081e am: 209ad9b6fe am: d4cbd296d6 am: 593a1a217a am: e3bc28ad88
am: 600e610344

Change-Id: I19dec89ef157c3a61300622c4425d5f6801f139e

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:33:42 +0000 (19:33 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c am: 05df3a6f4d am: 81bab8081e am: 209ad9b6fe am: d4cbd296d6 am: 593a1a217a
am: e3bc28ad88

Change-Id: I4ad5bf17fdca2bd0adee7a06150d595ef9b6a0fa

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:30:42 +0000 (19:30 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c am: 05df3a6f4d am: 81bab8081e am: 209ad9b6fe am: d4cbd296d6
am: 593a1a217a

Change-Id: I6c50751f24fdc5756bd5d1357df184d2a08f3c08

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:27:40 +0000 (19:27 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c am: 05df3a6f4d am: 81bab8081e am: 209ad9b6fe
am: d4cbd296d6

Change-Id: I3ddc8b4600015cd53d1a41b687518cdbbc7696b6

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:24:11 +0000 (19:24 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c am: 05df3a6f4d am: 81bab8081e
am: 209ad9b6fe

Change-Id: I31fe784570c5978faf7484b3f71a074523c0d33c

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:21:39 +0000 (19:21 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c am: 05df3a6f4d
am: 81bab8081e

Change-Id: I78509c86bada44d1d9f9c40e4d64a5120e4c7ab6

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:18:41 +0000 (19:18 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340 am: 5c5ee81b0c
am: 05df3a6f4d

Change-Id: I50c771aee7375315ba6c6aa4029baacfe9c199d8

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:15:38 +0000 (19:15 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0 am: 71d3ef1340
am: 5c5ee81b0c

Change-Id: Ie7ec2067057ea2dbd4b9af0c93a00ba53879b72f

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:12:38 +0000 (19:12 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am: 25556811f0
am: 71d3ef1340

Change-Id: I75797414173ebfb38eefe02ac0a635f10c59d883

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:10:08 +0000 (19:10 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev
am: 25556811f0

Change-Id: I5a267f8dccb75625fafd96e67bc0fbb9a2492ce7

commit | commitdiff | tree

Chris Forbes [Tue, 16 May 2017 19:00:54 +0000 (19:00 +0000)]

Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev

commit | commitdiff | tree

Chris Forbes [Wed, 10 May 2017 20:12:00 +0000 (13:12 -0700)]

ui: Fix bad size check in Fence::unflatten

Differs slightly from mnc+ patch: GetFlattenedSize was fixed in mnc.

Test: Boot device, run poc from bug, observe no longer crashes
Bug: 37285689
Change-Id: Id8b851733b088cce0d07493fbf76e7e24f9299ad

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:40:03 +0000 (18:40 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours am: bec844f6d4 am: e7c7be2c17 am: cc184e4209 am: 2c86168b51 am: f4a1a4e7fd am: 1102b311c8 am: f571b41457 am: fa765bacf8
am: 146f77fc3c

Change-Id: Id3334d9c0eefe429cf28fea41365024f313b807b

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:37:03 +0000 (18:37 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours am: bec844f6d4 am: e7c7be2c17 am: cc184e4209 am: 2c86168b51 am: f4a1a4e7fd am: 1102b311c8 am: f571b41457
am: fa765bacf8

Change-Id: I9365e5aec00280a9466908a8f3a9e525757283ed

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:34:02 +0000 (18:34 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours am: bec844f6d4 am: e7c7be2c17 am: cc184e4209 am: 2c86168b51 am: f4a1a4e7fd am: 1102b311c8
am: f571b41457

Change-Id: I739439543fd954b15a6da5909a47873e9a6dd029

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:31:01 +0000 (18:31 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours am: bec844f6d4 am: e7c7be2c17 am: cc184e4209 am: 2c86168b51 am: f4a1a4e7fd
am: 1102b311c8

Change-Id: I2fc05fc6415e981f3fe13770697c810309312729

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:28:01 +0000 (18:28 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours am: bec844f6d4 am: e7c7be2c17 am: cc184e4209 am: 2c86168b51
am: f4a1a4e7fd

Change-Id: I7ecadb481757312b22c4b47a6f8040c0e7a18d72

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:25:00 +0000 (18:25 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours am: bec844f6d4 am: e7c7be2c17 am: cc184e4209
am: 2c86168b51

Change-Id: I82f10a43940d6038946f25870c8394900d5219fb

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:21:59 +0000 (18:21 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours am: bec844f6d4 am: e7c7be2c17
am: cc184e4209

Change-Id: I20d492d5b3728ccf2ef68695d54b79f1a3c8371a

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:19:31 +0000 (18:19 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours am: bec844f6d4
am: e7c7be2c17

Change-Id: I79e844eff3739ea737d20f381da6fa4da9852015

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:16:30 +0000 (18:16 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2 am: 057ae95ab2 -s ours
am: bec844f6d4

Change-Id: I48d94557a005c4b0b46bf339ca685e9d1d231d97

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:13:30 +0000 (18:13 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e am: 7cb9cd3df2
am: 057ae95ab2 -s ours

Change-Id: I2c6441b19650f31c7bbab9ce22191ae162ba9e58

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 18:02:29 +0000 (18:02 +0000)]

libgui: Check slot received from IGBP in Surface am: ac93b3a30e
am: 7cb9cd3df2

Change-Id: Iff706258762cac4bfb7d97af7d365412d9ee661d

commit | commitdiff | tree

Dan Stoza [Mon, 15 May 2017 17:59:58 +0000 (17:59 +0000)]

libgui: Check slot received from IGBP in Surface
am: ac93b3a30e

Change-Id: I6ab9bc7f577634c0bf23359b5eb60e6dd07e4854

commit | commitdiff | tree

Dan Stoza [Mon, 1 May 2017 23:31:53 +0000 (16:31 -0700)]

libgui: Check slot received from IGBP in Surface

Checks that the slot number received from mGraphicBufferProducer in
Surface::dequeueBuffer is on the interval [0, NUM_BUFFER_SLOTS) to
protect against a malicious BnGraphicBufferProducer.

Bug: 36991414
Change-Id: I1a76fd1bcce1c558f1c0c30f03638278288ed4fa

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 20:15:54 +0000 (20:15 +0000)]

Merge "Fix security vulnerability" into nyc-dev am: 2188ad799e
am: 80672db6b8

Change-Id: I5008bd9cd2b14dd52d261f5934024f7526e96f7f

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 20:15:42 +0000 (20:15 +0000)]

Fix security vulnerability am: 45b202513b
am: 8778a131c2

Change-Id: Ic9300f2597702d6e83d80222dbc5ca7d2642f621

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 20:12:43 +0000 (20:12 +0000)]

Merge "Fix security vulnerability" into nyc-dev
am: 2188ad799e

Change-Id: Iac558b8fedbbfdd76ebe90867b70d57c33f8b644

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 20:12:42 +0000 (20:12 +0000)]

Fix security vulnerability
am: 45b202513b

Change-Id: Ifaf692c814e2562332914854dc95c7715d37a5c0

commit | commitdiff | tree

TreeHugger Robot [Thu, 2 Feb 2017 20:08:46 +0000 (20:08 +0000)]

Merge "Fix security vulnerability" into nyc-dev

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:54:35 +0000 (01:54 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f am: 132d0f2aef am: 3995674f24 am: c7892d9d0b am: cca3b79c32 am: ebbf8a6b5a am: 5ba227f96e am: 40cd915a54 am: ded5521871
am: 0e0a258771

Change-Id: I4479a276592fc9d5d25378a5abee12473a2104ae

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:52:06 +0000 (01:52 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f am: 132d0f2aef am: 3995674f24 am: c7892d9d0b am: cca3b79c32 am: ebbf8a6b5a am: 5ba227f96e am: 40cd915a54
am: ded5521871

Change-Id: Ibf93b2a73caab87ee6c0b27234a8cdc05c0aa61e

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:49:06 +0000 (01:49 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f am: 132d0f2aef am: 3995674f24 am: c7892d9d0b am: cca3b79c32 am: ebbf8a6b5a am: 5ba227f96e
am: 40cd915a54

Change-Id: Ib34c9d0e90e77565ab6d0d7fb805bb425964b5aa

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:46:34 +0000 (01:46 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f am: 132d0f2aef am: 3995674f24 am: c7892d9d0b am: cca3b79c32 am: ebbf8a6b5a
am: 5ba227f96e

Change-Id: I9fc225ba640b4391d60380d7c588015c3e5516a7

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:43:34 +0000 (01:43 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f am: 132d0f2aef am: 3995674f24 am: c7892d9d0b am: cca3b79c32
am: ebbf8a6b5a

Change-Id: Id8c91e714058b999805aa6da613a4343fecc1d6a

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:41:34 +0000 (01:41 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f am: 132d0f2aef am: 3995674f24 am: c7892d9d0b
am: cca3b79c32

Change-Id: I2e5da5ee33eb2757f360881e6ecc7dfd9fb67938

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:38:33 +0000 (01:38 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f am: 132d0f2aef am: 3995674f24
am: c7892d9d0b

Change-Id: Ic59ba49542b907591f3e514ae0417ed82a5be7aa

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:36:33 +0000 (01:36 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f am: 132d0f2aef
am: 3995674f24

Change-Id: I979af2b40c8ee1b3820204cee5fa7e21e4906bf9

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:34:03 +0000 (01:34 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834 am: ac2b87ac0f
am: 132d0f2aef

Change-Id: If2aa999ec1f261ea34a6aa725241ea50226083ad

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:31:32 +0000 (01:31 +0000)]

Fix security vulnerability am: 2ae83f4f62 am: 11ab583834
am: ac2b87ac0f

Change-Id: I3b249a9ec1820917dc015c72bd093535927c9ed6

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:29:02 +0000 (01:29 +0000)]

Fix security vulnerability am: 2ae83f4f62
am: 11ab583834

Change-Id: I09ec85b9f83e1f4458940415cd07f6fca725c552

commit | commitdiff | tree

Fabien Sanglard [Thu, 2 Feb 2017 01:27:03 +0000 (01:27 +0000)]

Fix security vulnerability
am: 2ae83f4f62

Change-Id: Ie0590dbb8429b5b289f3095055abdc8d29b95a7f

commit | commitdiff | tree

Fabien Sanglard [Thu, 19 Jan 2017 19:13:20 +0000 (11:13 -0800)]

Fix security vulnerability

Test: hammerhead
Bug: 32628763
Change-Id: I19a81b63fffee8f323a5925c7e8633fbd640b91c

commit | commitdiff | tree

Fabien Sanglard [Thu, 19 Jan 2017 00:43:18 +0000 (16:43 -0800)]

Fix security vulnerability

Change-Id: I4c9ea3a3177131fa29d2561da71ef18bec3af108
Test: angler, marlin
Bug: 32628763

commit | commitdiff | tree

Fabien Sanglard [Tue, 6 Dec 2016 19:30:39 +0000 (19:30 +0000)]

Merge "Fix security vulneratibly 31960359" into nyc-dev am: fefc4f4e94
am: afee0c9de4

Change-Id: I8378cc46c5d1caaa3b018c45929b6767cefa3bb9

commit | commitdiff | tree

Fabien Sanglard [Tue, 6 Dec 2016 19:30:28 +0000 (19:30 +0000)]

Fix security vulneratibly 31960359 am: dffa078205
am: b8b076e553

Change-Id: Ia073be4ad2910078ac1e736ef6d2afadd849a525

commit | commitdiff | tree

Fabien Sanglard [Tue, 6 Dec 2016 19:26:58 +0000 (19:26 +0000)]

Merge "Fix security vulneratibly 31960359" into nyc-dev
am: fefc4f4e94

Change-Id: I06631f20e9a9070ff3a71c03f9d4bab324a8b27b

commit | commitdiff | tree

Fabien Sanglard [Tue, 6 Dec 2016 19:26:57 +0000 (19:26 +0000)]

Fix security vulneratibly 31960359
am: dffa078205

Change-Id: Icea9297e2e5f7467ece053ae869208758f40b954

commit | commitdiff | tree

Fabien Sanglard [Tue, 6 Dec 2016 19:22:20 +0000 (19:22 +0000)]

Merge "Fix security vulneratibly 31960359" into nyc-dev

commit | commitdiff | tree

Christopher Tate [Tue, 6 Dec 2016 00:24:19 +0000 (00:24 +0000)]

resolve merge conflicts of 13c5c34 to mnc-dev am: 79b74d787d am: abe293b950 am: 02e4440eab am: 953c05276e am: e37a4dc7c4
am: 8ed5e3d7ca

Change-Id: I634d3910a329dd10a90086c5c116ae716b2187af

commit | commitdiff | tree

Christopher Tate [Tue, 6 Dec 2016 00:22:18 +0000 (00:22 +0000)]

resolve merge conflicts of 13c5c34 to mnc-dev am: 79b74d787d am: abe293b950 am: 02e4440eab am: 953c05276e
am: e37a4dc7c4

Change-Id: Ie0e23d8fc47bf2cb87181ddf1a03dd439fc0f3f4

commit | commitdiff | tree

Christopher Tate [Tue, 6 Dec 2016 00:17:19 +0000 (00:17 +0000)]

resolve merge conflicts of 13c5c34 to mnc-dev am: 79b74d787d am: abe293b950 am: 02e4440eab
am: 953c05276e

Change-Id: If6e16f080e701171d7c9b69adbeaab3a6910b63a

commit | commitdiff | tree

Christopher Tate [Tue, 6 Dec 2016 00:13:48 +0000 (00:13 +0000)]

resolve merge conflicts of 13c5c34 to mnc-dev am: 79b74d787d am: abe293b950
am: 02e4440eab

Change-Id: I66e7e982176555f09bf298325754d708ef0ecac0

commit | commitdiff | tree

Christopher Tate [Tue, 6 Dec 2016 00:09:47 +0000 (00:09 +0000)]

resolve merge conflicts of 13c5c34 to mnc-dev am: 79b74d787d
am: abe293b950

Change-Id: I7f8ce6dbb313d592b97b41a982e629680eba36c4

commit | commitdiff | tree

Christopher Tate [Tue, 6 Dec 2016 00:06:18 +0000 (00:06 +0000)]

resolve merge conflicts of 13c5c34 to mnc-dev
am: 79b74d787d

Change-Id: I383dde0596fe37282db3bb62f7ad65e763fdd1dc

commit | commitdiff | tree

Fabien Sanglard [Mon, 5 Dec 2016 23:06:29 +0000 (15:06 -0800)]

Fix security vulneratibly 31960359

BufferQueueCore features a variable mLastQueuedSlot which is not
initialized in its constructor resulting in security vulnerability

Bug: 31960359
Change-Id: If892f59f6288d8b81b1e312995832a20c8341494
Tests: Manually on Angler

commit | commitdiff | tree

Christopher Tate [Mon, 5 Dec 2016 22:10:47 +0000 (14:10 -0800)]

resolve merge conflicts of 13c5c34 to mnc-dev

Change-Id: I7f57cde153648f48ff038400aa437b76971d4771

commit | commitdiff | tree

Christopher Tate [Mon, 5 Dec 2016 21:23:36 +0000 (21:23 +0000)]

Correct overflow check in Parcel resize code am: 8b64307e95
am: ed6937ae2c

Change-Id: I9ea154fd1f2ca3a69f756066fb49efc99e889224

commit | commitdiff | tree

Christopher Tate [Mon, 5 Dec 2016 21:20:07 +0000 (21:20 +0000)]

Correct overflow check in Parcel resize code
am: 8b64307e95

Change-Id: I371fb7c6aaf34d44d69c740eea95fe3ba125164a

commit | commitdiff | tree

Christopher Tate [Thu, 3 Nov 2016 20:32:41 +0000 (13:32 -0700)]

Correct overflow check in Parcel resize code

Bug 31929765

Change-Id: Ie27b9945f1de056624668869bdf9a5578abff467

commit | commitdiff | tree

Casey Dahlin [Tue, 15 Nov 2016 23:57:19 +0000 (23:57 +0000)]

Merge "Fix integer overflow in unsafeReadTypedVector" into nyc-dev am: e81a4f1518
am: 2dbc712abe

Change-Id: I14abc8f99e191328ac70176c90ba4f57e617a45e

commit | commitdiff | tree

Casey Dahlin [Tue, 15 Nov 2016 23:57:07 +0000 (23:57 +0000)]

Fix integer overflow in unsafeReadTypedVector am: 65a8f07e57
am: 894ba10a5f

Change-Id: If93da0dbcbf78ea65e3ac950c5539861587526bb

commit | commitdiff | tree

Casey Dahlin [Tue, 15 Nov 2016 23:49:37 +0000 (23:49 +0000)]

Merge "Fix integer overflow in unsafeReadTypedVector" into nyc-dev
am: e81a4f1518

Change-Id: I0b6ed467fc45cf8d6d233730a5a3d4b6dd3eafa7

commit | commitdiff | tree

Casey Dahlin [Tue, 15 Nov 2016 23:49:36 +0000 (23:49 +0000)]

Fix integer overflow in unsafeReadTypedVector
am: 65a8f07e57

Change-Id: If37f6f01bfd8e7107063ce6993cf4c2b671fe99b

commit | commitdiff | tree

Casey Dahlin [Tue, 15 Nov 2016 23:40:20 +0000 (23:40 +0000)]

Merge "Fix integer overflow in unsafeReadTypedVector" into nyc-dev

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:37:51 +0000 (01:37 +0000)]

Fix SF security vulnerability: 32660278 am: 2d8a2432e0 am: e5c91fe2e2 am: 9d14ab5409 am: 275b2347ef am: aff7827b4f am: c8684d517a am: 57dbf1c224 am: b17adaa85f
am: c261a17e51

Change-Id: I8ef7a57b682596d4644bca2c8e5a7003d3125cca

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:31:22 +0000 (01:31 +0000)]

Fix SF security vulnerability: 32660278 am: 2d8a2432e0 am: e5c91fe2e2 am: 9d14ab5409 am: 275b2347ef am: aff7827b4f am: c8684d517a am: 57dbf1c224
am: b17adaa85f

Change-Id: I4259f7bbfafe66f7690c1ecd80f8c81a398ae78f

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:23:50 +0000 (01:23 +0000)]

Fix SF security vulnerability: 32660278 am: 2d8a2432e0 am: e5c91fe2e2 am: 9d14ab5409 am: 275b2347ef am: aff7827b4f am: c8684d517a
am: 57dbf1c224

Change-Id: I5f91ea6e826a24d37bf8c7f7cbcc49a235532a14

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:23:50 +0000 (01:23 +0000)]

Fix SF security vulnerability: 32706020 am: d073eb7a3f am: 230b943c6b am: a928cc7169 am: 0517da2c5a am: b0dff427a1
am: 1852db9aa3

Change-Id: Ief2e221eb25138131d4b9fe19b669dca26dd1726

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:17:50 +0000 (01:17 +0000)]

Fix SF security vulnerability: 32660278 am: 2d8a2432e0 am: e5c91fe2e2 am: 9d14ab5409 am: 275b2347ef am: aff7827b4f
am: c8684d517a

Change-Id: I7d37baee66a7a16cb77e227b66ba93bc87119810

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:17:50 +0000 (01:17 +0000)]

Fix SF security vulnerability: 32706020 am: d073eb7a3f am: 230b943c6b am: a928cc7169 am: 0517da2c5a
am: b0dff427a1

Change-Id: If61fab86a971de18633549240d32f41205bc52e9

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:10:20 +0000 (01:10 +0000)]

Fix SF security vulnerability: 32660278 am: 2d8a2432e0 am: e5c91fe2e2 am: 9d14ab5409 am: 275b2347ef
am: aff7827b4f

Change-Id: I2a759e2ecdf1c67cb764a9279da23386cfb54914

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:10:20 +0000 (01:10 +0000)]

Fix SF security vulnerability: 32706020 am: d073eb7a3f am: 230b943c6b am: a928cc7169
am: 0517da2c5a

Change-Id: Ie25ecd20988d9aa8d3f59b07d00b80c0a18d5e3a

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:02:50 +0000 (01:02 +0000)]

Fix SF security vulnerability: 32706020 am: d073eb7a3f am: 230b943c6b
am: a928cc7169

Change-Id: I682597ada156253e34ef067ae565d656c6bb39f7

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 01:02:49 +0000 (01:02 +0000)]

Fix SF security vulnerability: 32660278 am: 2d8a2432e0 am: e5c91fe2e2 am: 9d14ab5409
am: 275b2347ef

Change-Id: Iae0109ec3bddd6f71bab1759003a34e75270f6d4

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 00:55:19 +0000 (00:55 +0000)]

Fix SF security vulnerability: 32660278 am: 2d8a2432e0 am: e5c91fe2e2
am: 9d14ab5409

Change-Id: I0ed8d425157308f35b43818a9592267c06cdc807

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 00:55:19 +0000 (00:55 +0000)]

Fix SF security vulnerability: 32706020 am: d073eb7a3f
am: 230b943c6b

Change-Id: I439ff370c0a353bb9a0adc14a39aedd1ec5a783d

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 00:47:19 +0000 (00:47 +0000)]

Fix SF security vulnerability: 32660278 am: 2d8a2432e0
am: e5c91fe2e2

Change-Id: I0c2becbd05d41fae542a1c68b6f0f26b0f10a15a

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 00:47:18 +0000 (00:47 +0000)]

Fix SF security vulnerability: 32706020
am: d073eb7a3f

Change-Id: I5b7bf4ecee39de868b9c275531a6f11e65d1c3fd

commit | commitdiff | tree

Fabien Sanglard [Tue, 15 Nov 2016 00:39:18 +0000 (00:39 +0000)]

Fix SF security vulnerability: 32660278
am: 2d8a2432e0

Change-Id: Ia5f419d7d113692f5d52b483f70ca09589333e13

commit | commitdiff | tree

Fabien Sanglard [Tue, 8 Nov 2016 23:35:02 +0000 (15:35 -0800)]

Fix SF security vulnerability: 32706020

Because of lack of mutex lock when get mConsumerName, if one thread
getConsumerName, another thread setConsumerName frequently, an UAF will
be triggered.

Change-Id: Id1bbf0d15de6d16def2f54ecade385058cda3b65
Test: Marling with poc provided in bug report.
Bug: 32706020

commit | commitdiff | tree

Fabien Sanglard [Tue, 8 Nov 2016 23:31:32 +0000 (15:31 -0800)]

Fix SF security vulnerability: 32660278

Because of lack of mutex lock when get mSidebandStream, if one thread
getSidebandStream, another thread setSidebandStream frequently, an UAF
will be triggered.

Bug: 32660278
Test: Marlin device with poc
Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45

commit | commitdiff | tree

Jeff Sharkey [Mon, 31 Oct 2016 17:22:19 +0000 (11:22 -0600)]

Check and restorecon cache/code_cache directories.

To speed up boot times, we recently relaxed SELinux restorecon logic
to only consider relabeling app storage when the top level SELinux
label changed.

However, if an app manually deletes either their cache or code_cache
directories, installd will helpfully recreate those directories at
the next boot, but they'll be stuck with incorrect SELinux labels
which an app can't fix. (Our historically aggressive restorecons had
relabeled them, which is why we didn't observe until now.)

This change checks the labels of the cache/code_cache directories,
and runs a restorecon if needed, fixing the issue above.

Test: delete cache and verify recreated with correct label
Bug: 32504081
Change-Id: I0114ae4129223e5909b1075d56a9b1145ebc5ef4

commit | commitdiff | tree

Casey Dahlin [Thu, 27 Oct 2016 00:18:25 +0000 (17:18 -0700)]

Fix integer overflow in unsafeReadTypedVector

Passing a size to std::vector that is too big causes it to silently
under-allocate when exceptions are disabled, leaving us open to an OOB
write. We check the bounds and the resulting size now to verify
allocation succeeds.

Test: Verified reproducer attached to bug no longer crashes Camera
service.
Bug: 31677614

Change-Id: I064b1442838032d93658f8bf63b7aa6d021c99b7

commit | commitdiff | tree

Ruben Brunk [Wed, 26 Oct 2016 00:15:11 +0000 (00:15 +0000)]

Merge "Do not set VR mode feature as handset default." into nyc-mr1-dev

commit | commitdiff | tree

Steve Pfetsch [Tue, 25 Oct 2016 21:54:41 +0000 (21:54 +0000)]

Merge "Revert "services: surfaceflinger: ASAN fix"" into nyc-mr1-dev

commit | commitdiff | tree

Steve Pfetsch [Tue, 25 Oct 2016 21:47:58 +0000 (21:47 +0000)]

Revert "services: surfaceflinger: ASAN fix"

This reverts commit 1d3df546d5ee4dcc9e7cae6f8b8b790f741539af.

Original patch may have caused a stability issue caught in monkey testing.

Bug: 32312240
Change-Id: Ie8d291679590e624b8b90c4786b1c25c76cb2c9f

commit | commitdiff | tree

TreeHugger Robot [Tue, 25 Oct 2016 20:44:14 +0000 (20:44 +0000)]

Merge "DO NOT MERGE. Revert "Dumpstate should hold a wakelock to save bug report time."" into nyc-mr1-dev

commit | commitdiff | tree

Felipe Leme [Tue, 25 Oct 2016 18:18:24 +0000 (18:18 +0000)]

DO NOT MERGE. Revert "Dumpstate should hold a wakelock to save bug report time."

This reverts commit f87959e00732d7d737527f1248a71adea99ae29d.

BUG: 32402587
Fixes: 32365477

Change-Id: Ic4daec37efbaef1906450bf6609d5588d5c9a835

commit | commitdiff | tree

Ruben Brunk [Tue, 25 Oct 2016 01:28:46 +0000 (18:28 -0700)]

Do not set VR mode feature as handset default.

Bug: 31959453
Change-Id: I6fef6781e14f3c1239197798b79cc9239d34d53d

commit | commitdiff | tree

Felipe Leme [Fri, 21 Oct 2016 18:38:26 +0000 (11:38 -0700)]

DO NOT MERGE. Added a is_zipping() function.

BUG: 32219165
Fixes: 32335112
Change-Id: I2bc630f9c840ccd3a2e0474ed16a766e8a405ad8

commit | commitdiff | tree

Steve Pfetsch [Fri, 30 Sep 2016 00:16:29 +0000 (17:16 -0700)]

services: surfaceflinger: ASAN fix

Move layer removal to the main thread, while the display is on.

Bug: 30281222
Change-Id: Id9f956c1e626819734868340e7fa12abf257b702

commit | commitdiff | tree

Wei Wang [Tue, 11 Oct 2016 22:26:06 +0000 (15:26 -0700)]

Move atrace init into on fs trigger

sysfs should be ready on ealier stage than boot

Bug: 32025203
Test: take systrace
Change-Id: Id73b6959f3075dc793d93551963193a211060da8

commit | commitdiff | tree

Wei Liu [Fri, 26 Aug 2016 21:51:42 +0000 (14:51 -0700)]

Dumpstate should hold a wakelock to save bug report time. DO NOT MERGE.

BUG: 31828706
BUG: 30832947

Change-Id: I0a4b1fcce91caa96ccbc4e890d9968e3033487de
(cherry picked from commit f87959e00732d7d737527f1248a71adea99ae29d)

commit | commitdiff | tree

TreeHugger Robot [Fri, 30 Sep 2016 17:00:16 +0000 (17:00 +0000)]

Merge "Add "ip xfrm policy" to dumpstate output" into nyc-mr1-dev

commit | commitdiff | tree

Jesse Hall [Wed, 28 Sep 2016 18:26:57 +0000 (11:26 -0700)]

EGL: check that display is still valid

Bug: 31522731
Change-Id: I84d82e55aba5b58dfdbcac9e208c36767fbedfd1

commit | commitdiff | tree

Erik Kline [Wed, 28 Sep 2016 08:26:26 +0000 (17:26 +0900)]

Add "ip xfrm policy" to dumpstate output

Bug: 30869013
Change-Id: I1f0e5d820f0153484c38ecb0f9c764fca02d786c

commit | commitdiff | tree

Lorenzo Colitti [Mon, 26 Sep 2016 04:37:45 +0000 (13:37 +0900)]

Add socket dumps via ss to bugreports.

Bug: 23113288
Change-Id: I6304425f968fcb22c75c3f6e64bf7992e34e0889

frameworks/native

RSS Atom

About OSDN

Find Software

Develop Software

Help