OSDN Git Service
Joshua J. Drake [Fri, 7 Aug 2015 17:38:06 +0000 (17:38 +0000)]
am
4254be9a: am
9364bdc9: am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
4254be9a0d16bac995aa73d60e8e92839960bd32':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 17:38:05 +0000 (17:38 +0000)]
am
8e0e43d2: am
3621c056: am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
8e0e43d2f6cd86888c8ab58303e5163809ec8b04':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 17:38:04 +0000 (17:38 +0000)]
am
ffe509ff: am
d0af1ded: (-s ours) am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
ffe509ffb243462597eb018a623241739d032be1':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 17:19:23 +0000 (17:19 +0000)]
am
9364bdc9: am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
9364bdc9a1298a609eb825be051c393cbf3d7a38':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 17:19:22 +0000 (17:19 +0000)]
am
3621c056: am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
3621c05605c5a3f2c452668beacb71a08dc2d7c8':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 17:19:20 +0000 (17:19 +0000)]
am
d0af1ded: (-s ours) am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
d0af1dedf5d903a52fac58f694b3f8edbf20e656':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 16:29:36 +0000 (16:29 +0000)]
am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
905aae465fa88d6d793c670c08c360900c6cb3f7':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:29:35 +0000 (16:29 +0000)]
am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
bcc8e5817fa3dc624f214e58f756098053ac5682':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 16:29:34 +0000 (16:29 +0000)]
am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
a421314f9cc1b061d94a79e2aa1a92916ea4b9bf':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 16:17:11 +0000 (16:17 +0000)]
am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
11c88f66205dd9095cbe87f3486ef7262e4d2e22':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:17:10 +0000 (16:17 +0000)]
am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
bb99a362dc76f9bf040f6256369fabf27ad1c2f5':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 16:13:44 +0000 (16:13 +0000)]
am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
430475da7f0edb86ee6a85378d1583ab07f7f93d':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 16:11:07 +0000 (16:11 +0000)]
am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
2796ba1c511517a4904d10d1fdc830c86d161342':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:11:05 +0000 (16:11 +0000)]
am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
8d60fc3e3ecd4d7c2b18f25962f0ea42f3644ebd':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 15:50:46 +0000 (08:50 -0700)]
resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
Bug:
20923261
Change-Id: I6fe12a7c5768f77454bd0391b07f4c3181607d14
Marco Nelissen [Fri, 7 Aug 2015 14:25:10 +0000 (14:25 +0000)]
am
f26400c9: Fix crash on malformed id3
* commit '
f26400c9d01a0e2f71690d5ebc644270f098d590':
Fix crash on malformed id3
Marco Nelissen [Tue, 4 Aug 2015 23:49:28 +0000 (16:49 -0700)]
Fix crash on malformed id3
Bug:
22954006
Change-Id: I488cb1e2c69fc7043b6040481b30fa866000515d
Joshua J. Drake [Tue, 4 Aug 2015 21:42:34 +0000 (21:42 +0000)]
am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
a555788d9cd4a22a8f5d7dccd288f7d185cef209':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:42:34 +0000 (21:42 +0000)]
am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
338bbf53be077a99f532e813d4cf14a192c55f74':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:42:33 +0000 (21:42 +0000)]
am
cd5cf679: am
df1ecfe3: am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
cd5cf6797c26ca7d3ce2f9a379bdef099dae2aae':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:37:01 +0000 (21:37 +0000)]
am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
0e33cb2dd5ccf6f4db8c694cb2c233bb1d2a2d0b':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:37:00 +0000 (21:37 +0000)]
am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
fd334e346bd0fc9b11756539d1635eabdb6b04cb':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:36:59 +0000 (21:36 +0000)]
am
df1ecfe3: am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
df1ecfe3913b9c3bce17947d877498093a42a56f':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:31:51 +0000 (21:31 +0000)]
am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
e4ccf3a14beabfeeb6c7df47ae118f3db999c1ce':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:31:40 +0000 (21:31 +0000)]
am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
03d539a7a9c8ae7aef9cb8bda9042187327566a2':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:31:38 +0000 (21:31 +0000)]
am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
52d1defcfe51bd3b5f4e191fb70a0a0a406c33dc':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:25:41 +0000 (21:25 +0000)]
am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
3329a19b4d11d3c1310bbe9aa54b6a66488ab862':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:25:40 +0000 (21:25 +0000)]
am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
a5b9055d7ce1d82ee29ed2f45aa4f8a82ccc76f2':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:25:38 +0000 (21:25 +0000)]
am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
9481a101f8246263d969af66a7b39fad7346772e':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:18:33 +0000 (21:18 +0000)]
am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
c87faed60483afb2466e03892bda80b72e5822c7':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:18:32 +0000 (21:18 +0000)]
am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
f1ce97ddc2f82d844a6fb8341585eb7b2e655f44':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:18:30 +0000 (21:18 +0000)]
am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
a81b3779cc6f6046c8a9149bf544e9d726c9b2b2':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Mon, 4 May 2015 22:14:11 +0000 (17:14 -0500)]
Fix integer underflow in covr MPEG4 processing
When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an
integer underflow can occur. This causes an extraordinarily large value to
be passed to MetaData::setData, leading to a buffer overflow.
Bug:
20923261
(cherry picked from commit
4a492bf2ac47b9844d2527e1fcdf0064c3d8d52e)
Change-Id: I83490cbaf5b368073fcd8668a9241dfc90bebd90
Joshua J. Drake [Mon, 4 May 2015 23:29:08 +0000 (18:29 -0500)]
Fix integer overflow when handling MPEG4 tx3g atom
When the sum of the 'size' and 'chunk_size' variables is larger than 2^32,
an integer overflow occurs. Using the result value to allocate memory
leads to an undersized buffer allocation and later a potentially
exploitable heap corruption condition. Ensure that integer overflow does
not occur.
Bug:
20923261
(cherry picked from commit
e5f0966c76bd0a7e81e4205c8d8b55e6b34c833e)
Change-Id: I3f240f75fd681becbf89cb7e7554388471c28059
Joshua J. Drake [Mon, 4 May 2015 23:36:35 +0000 (18:36 -0500)]
Prevent integer overflow when processing covr MPEG4 atoms
If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.
(cherrypicked from commit
05ddc499b9d50c90f552ed1333110f28a1406e7c)
Bug:
20923261
Change-Id: If09a02738759acdff8d95149bb9cb5f18a0a123e
Wei Jia [Tue, 4 Aug 2015 18:19:37 +0000 (18:19 +0000)]
am
d9a9a324: am
10ef7f75: am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
d9a9a324766b26be2ff0d10537ea0b215b0261e3':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 18:00:56 +0000 (18:00 +0000)]
am
10ef7f75: am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
10ef7f7514bdf6d9c38c93d9bb0194c0920d152f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:51:22 +0000 (17:51 +0000)]
am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
b0924c631cfccd10c1f95d6ae44c8cd852e14a9f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:29:31 +0000 (17:29 +0000)]
am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
7af634e131361862d2e47fb344278e31ed05be4f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:20:14 +0000 (17:20 +0000)]
am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
8ec119d2f033221e4cb0fd2b2948e780581b3d35':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:09:44 +0000 (17:09 +0000)]
am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
d138024f94fe01934be700ce16aa84418fbe1827':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 16:59:31 +0000 (16:59 +0000)]
am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
b32957dbf4527251ad3b2bbda4ccc5fff4df0718':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 16:54:23 +0000 (16:54 +0000)]
am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
a9d7c917d3a76d0bef9b8afe7ade206534be68a4':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 16:47:48 +0000 (16:47 +0000)]
am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
a99d3d8327d60c8f8ef3e34fc4b81ef382e9e6d2':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 16:40:31 +0000 (16:40 +0000)]
am
738a753a: SampleTable: fix integer overflow checks.
* commit '
738a753a3ca7bf8f9f608ca941575626265294e4':
SampleTable: fix integer overflow checks.
Wei Jia [Thu, 4 Jun 2015 17:40:23 +0000 (10:40 -0700)]
SampleTable: fix integer overflow checks.
Bug:
20139950
Bug:
22935234
(cherry picked from commit
a105482ae577852ffd08ce88ae5d1ba81db875ac)
Change-Id: I408d261de1a6dd5c4343bcf3a7dfd8a259e0e2f3
Joshua J. Drake [Tue, 4 Aug 2015 05:30:59 +0000 (05:30 +0000)]
am
712090a6: am
cfc12112: am
ac7cb990: am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
712090a60253a2879e0c7d21a33f43534ffb51fc':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 05:30:58 +0000 (05:30 +0000)]
am
d053da7b: am
a9f1e993: am
134dc311: am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
d053da7b4bb60290bf51052cc7abe070fd819479':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 05:30:57 +0000 (05:30 +0000)]
am
45c12368: am
b77a6189: am
4837e90f: am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
45c12368f1ced4c6783195432fdffdc7a3e36cca':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 04:55:58 +0000 (04:55 +0000)]
am
cfc12112: am
ac7cb990: am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
cfc121128aef10a98e5ad9162f43e3f368abd103':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 04:55:55 +0000 (04:55 +0000)]
am
a9f1e993: am
134dc311: am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
a9f1e993fa7849bc658d89a2faa58344faa88a5f':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 04:55:50 +0000 (04:55 +0000)]
am
b77a6189: am
4837e90f: am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
b77a6189a468a90fe74fafca862a31c3bf899ceb':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 04:45:44 +0000 (04:45 +0000)]
am
ac7cb990: am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
ac7cb990cc4c8a59a945ce36e5702e0adb213db4':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 04:45:42 +0000 (04:45 +0000)]
am
134dc311: am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
134dc3110c401544e4d3a3a1deab1c131fb77720':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 04:45:41 +0000 (04:45 +0000)]
am
4837e90f: am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
4837e90fd1d3fa127ef99652d314ad70f4776221':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 03:35:37 +0000 (03:35 +0000)]
am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
b417986c3a3a6bb9ca33657385a3433ff54090b2':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 03:35:36 +0000 (03:35 +0000)]
am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
80a6d9f37571c89905b8ae4074529a960a5f2194':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 03:35:34 +0000 (03:35 +0000)]
am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
9c5578c1a3bb00623d6ee99340ce0ce290e6c5a1':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 03:25:53 +0000 (03:25 +0000)]
am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
d1c08d6bff6d1936cf0e9cbfa5054128f5280ef3':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 03:25:52 +0000 (03:25 +0000)]
am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
e10c2e621a0a49618c9d69a7dd09400c23464ced':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 03:25:51 +0000 (03:25 +0000)]
am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
36617c67a9c29d7f9798972b6514086b22b731f8':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 03:15:46 +0000 (03:15 +0000)]
am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
efa73c2e5f5a4eb7c420b5920e00de5a69f525af':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 03:15:45 +0000 (03:15 +0000)]
am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
74ebcd65d1833879944a496739da6983b1d18235':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 03:15:44 +0000 (03:15 +0000)]
am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
7374360f60999bfeabe0fb24e985073b7d8f47e8':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 03:03:53 +0000 (03:03 +0000)]
am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
2e24d0911ee585cbd447efe6150bafaaf8f9ef66':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 03:03:52 +0000 (03:03 +0000)]
am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
272f4056162e119db61fb304b01f0152c07b8e02':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 03:03:51 +0000 (03:03 +0000)]
am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
4e44b2ee286bd993210aa81ad20ebbf1d1a816c6':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 02:56:01 +0000 (02:56 +0000)]
am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
a59d5e6692d0b0dc0924144f596d09e7dd2b193c':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 02:55:59 +0000 (02:55 +0000)]
am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
52302d917b06b11625b9de686153d1e2520f42cd':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 02:55:56 +0000 (02:55 +0000)]
am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
4534ec1a552c125ef7eea0990a84fcefb58335b9':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 02:50:52 +0000 (02:50 +0000)]
am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
8ef5da3ddddd1bb4356d9cc6df4d52ad8afc4459':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 02:50:51 +0000 (02:50 +0000)]
am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
f354c48e386d1405d67882c382e26e3e4598e797':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 02:50:45 +0000 (02:50 +0000)]
am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
4a5fbf74b493eb293918c41a5b5f60dd7b8ebb58':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 02:41:32 +0000 (02:41 +0000)]
am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
4dd7cb699f49b56f94a32080fdac7f0ec8237ff4':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 02:41:31 +0000 (02:41 +0000)]
am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
5c4428f6391478ae983e1fcf7c42c832aa1a5e69':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 02:41:30 +0000 (02:41 +0000)]
am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
3cc11bfc00cbb3ed87a4464777a75606b4973b51':
Fix several ineffective integer overflow checks
Joshua J. Drake [Thu, 9 Apr 2015 04:53:10 +0000 (23:53 -0500)]
Fix integer underflow in ESDS processing
Several arithmetic operations within parseESDescriptor could underflow, leading
to an out-of-bounds read operation. Ensure that subtractions from 'size' do not
cause it to wrap around.
Bug:
20139950
Change-Id: I0d1b136ce68fd7c6f606ce66714bf644cfb2961c
(cherry picked from commit
07c0f59d6c48874982d2b5c713487612e5af465a)
Joshua J. Drake [Thu, 9 Apr 2015 04:44:57 +0000 (23:44 -0500)]
Fix integer overflow during MP4 atom processing
A few sample table related FourCC values are handled by the
setSampleToChunkParams function. An integer overflow exists within this
function. Validate that mNumSampleToChunkOffets will not cause an integer
overflow.
Bug:
20139950
Change-Id: I1972cc185fce5e058afa143ad5eabcc269ad324d
(cherry picked from commit
c24607c29c96f939aed9e33bfa702b1dd79da4b7)
Joshua J. Drake [Thu, 9 Apr 2015 04:23:55 +0000 (23:23 -0500)]
Fix several ineffective integer overflow checks
Commit
edd4a76 (which addressed bugs
15328708,
15342615,
15342751) added
several integer overflow checks. Unfortunately, those checks fail to take into
account integer promotion rules and are thus themselves subject to an integer
overflow. Cast the sizeof() operator to a uint64_t to force promotion while
multiplying.
Bug:
20139950
Change-Id: Ieb29a170edb805c722fc5658935f2390003e5260
(cherry picked from commit
e2e812e58e8d2716b00d7d82db99b08d3afb4b32)
Marco Nelissen [Mon, 3 Aug 2015 20:03:38 +0000 (20:03 +0000)]
am
566c70ca: Guard against codecinfo overflow
* commit '
566c70caff87c710e659c5aaad0692e031d93ded':
Guard against codecinfo overflow
Marco Nelissen [Wed, 29 Jul 2015 23:15:55 +0000 (16:15 -0700)]
Guard against codecinfo overflow
Bug:
21296336
Change-Id: I78be5141b3108142f12d7cb94839fa50f776d84a
Eric Laurent [Tue, 23 Jun 2015 01:32:08 +0000 (01:32 +0000)]
am
29b83cbb: DO NOT MERGE - audio effects: fix heap overflow
* commit '
29b83cbb9018e53a18cf6e0fb34893f9774dcb96':
DO NOT MERGE - audio effects: fix heap overflow
Eric Laurent [Fri, 19 Jun 2015 22:33:57 +0000 (15:33 -0700)]
DO NOT MERGE - audio effects: fix heap overflow
Check consistency of effect command reply sizes before
copying to reply address.
Also add null pointer check on reply size.
Also remove unused parameter warning.
Bug:
21953516.
Change-Id: I4cf00c12eaed696af28f3b7613f7e36f47a160c4
Wei Jia [Fri, 5 Jun 2015 16:32:42 +0000 (16:32 +0000)]
am
6ff53b96: Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev
* commit '
6ff53b96235bf99cdc1023b99d44f1c4cade1c0a':
Prevent integer overflow when processing covr MPEG4 atoms
Wei Jia [Fri, 5 Jun 2015 16:32:41 +0000 (16:32 +0000)]
am
82e90e10: Merge "Fix integer overflow when handling MPEG4 tx3g atom" into klp-dev
* commit '
82e90e10481c334bb5f2cecf1621cb8f9308c21c':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Fri, 5 Jun 2015 16:32:40 +0000 (16:32 +0000)]
am
4a492bf2: Fix integer underflow in covr MPEG4 processing
* commit '
4a492bf2ac47b9844d2527e1fcdf0064c3d8d52e':
Fix integer underflow in covr MPEG4 processing
Wei Jia [Fri, 5 Jun 2015 16:13:54 +0000 (16:13 +0000)]
Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev
Wei Jia [Fri, 5 Jun 2015 16:13:39 +0000 (16:13 +0000)]
Merge "Fix integer overflow when handling MPEG4 tx3g atom" into klp-dev
Joshua J. Drake [Mon, 4 May 2015 23:36:35 +0000 (18:36 -0500)]
Prevent integer overflow when processing covr MPEG4 atoms
If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.
Bug:
20923261
Change-Id: I75cce323aec04a612e5a230ecd7c2077ce06035f
Joshua J. Drake [Mon, 4 May 2015 23:29:08 +0000 (18:29 -0500)]
Fix integer overflow when handling MPEG4 tx3g atom
When the sum of the 'size' and 'chunk_size' variables is larger than 2^32,
an integer overflow occurs. Using the result value to allocate memory
leads to an undersized buffer allocation and later a potentially
exploitable heap corruption condition. Ensure that integer overflow does
not occur.
Bug:
20923261
Change-Id: Id050a36b33196864bdd98b5ea24241f95a0b5d1f
Joshua J. Drake [Mon, 4 May 2015 22:14:11 +0000 (17:14 -0500)]
Fix integer underflow in covr MPEG4 processing
When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an
integer underflow can occur. This causes an extraordinarily large value to
be passed to MetaData::setData, leading to a buffer overflow.
Bug:
20923261
Change-Id: Icd28f63594ad941eabb3a12c750a4a2d5d2bf94b
Andy Hung [Wed, 27 May 2015 02:10:59 +0000 (02:10 +0000)]
am
0e27e080: DO NOT MERGE - IOMX: Add buffer range check to emptyBuffer
* commit '
0e27e080c255b23b4b0e19cb3bc9519cc162b73f':
DO NOT MERGE - IOMX: Add buffer range check to emptyBuffer
Andy Hung [Tue, 26 May 2015 18:14:36 +0000 (11:14 -0700)]
DO NOT MERGE - IOMX: Add buffer range check to emptyBuffer
Bug:
20634516
Change-Id: If351dbd573bb4aeb6968bfa33f6d407225bc752c
Chong Zhang [Thu, 14 May 2015 23:17:08 +0000 (23:17 +0000)]
am
dbe6c320: HDCP: buffer over flow check -- DO NOT MERGE
* commit '
dbe6c320b414d8139c46aaf880d5f154ef4f9af8':
HDCP: buffer over flow check -- DO NOT MERGE
Chong Zhang [Tue, 28 Apr 2015 01:38:17 +0000 (18:38 -0700)]
HDCP: buffer over flow check -- DO NOT MERGE
bug:
20222489
Change-Id: I3a64a5999d68ea243d187f12ec7717b7f26d93a3
(cherry picked from commit
532cd7b86a5fdc7b9a30a45d8ae2d16ef7660a72)
Robert Shih [Mon, 11 May 2015 11:10:36 +0000 (11:10 +0000)]
am
7acac10a: Merge "DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes" into klp-dev
* commit '
7acac10aae34da5ae4d628c5a270e7e3e94f7598':
DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes
Robert Shih [Mon, 11 May 2015 03:00:49 +0000 (03:00 +0000)]
Merge "DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes" into klp-dev
Marco Nelissen [Thu, 7 May 2015 15:02:30 +0000 (15:02 +0000)]
am
30d77e2c: Fix potential buffer overrun
* commit '
30d77e2c75c1973f9fb363717af92cf640685da3':
Fix potential buffer overrun
Marco Nelissen [Fri, 1 May 2015 23:18:26 +0000 (16:18 -0700)]
Fix potential buffer overrun
The "samples" parameter indicates the max number of sample tuples, not
the max number of samples.
Bug:
16183063
Change-Id: I5347497bbbe65910b8489d354e985ebc90d65516
Lajos Molnar [Thu, 2 Apr 2015 02:32:25 +0000 (19:32 -0700)]
DO NOT MERGE: Add AUtils::isInRange, and use it to detect malformed MPEG4 nal sizes
Bug:
19641538
Change-Id: I5aae3f100846c125decc61eec7cd6563e3f33777