OSDN Git Service
Marco Nelissen [Thu, 13 Oct 2016 23:19:54 +0000 (23:19 +0000)]
Merge "DO NOT MERGE Fix divide by zero" into klp-dev
Ricardo Garcia [Thu, 13 Oct 2016 01:13:46 +0000 (01:13 +0000)]
Merge "Fix potential NULL dereference in Visualizer effect" into klp-dev
Pawin Vongmasa [Thu, 13 Oct 2016 00:47:33 +0000 (00:47 +0000)]
Merge "DO NOT MERGE - MPEG4Extractor: Check mLastTrack before dereferencing." into klp-dev
rago [Sat, 8 Oct 2016 01:16:09 +0000 (18:16 -0700)]
Fix potential NULL dereference in Visualizer effect
Bug:
30229821
Test: fixing CL. Existing unit tests still pass.
Change-Id: I6e4abd759d5d2abc3b391e92e2e18f060cab7af0
Lajos Molnar [Tue, 11 Oct 2016 15:41:51 +0000 (08:41 -0700)]
stagefright: don't fail MediaCodec.configure if clients use store-meta key
Even though storing metadata is not supported in MediaCodec.configure and
is only meant to be used by Stagefright recorder, don't fail configure.
Bug:
31986922
Change-Id: Id9f083be6e857e7a0d8d4a74159be5b8894e28be
Marco Nelissen [Thu, 6 Oct 2016 22:31:52 +0000 (15:31 -0700)]
DO NOT MERGE Fix divide by zero
and be stricter about the layout of various boxes in mp4 files.
Bug:
31318219
Change-Id: I50034d5b6b1967ca6e88aabeacf49f26ba3c0d32
Pawin Vongmasa [Fri, 30 Sep 2016 07:45:52 +0000 (00:45 -0700)]
DO NOT MERGE - MPEG4Extractor: Check mLastTrack before dereferencing.
Bug:
31449945
Change-Id: If2708b3006c22393e80a2557f93d8a71e4e7bf16
Robert Shih [Thu, 22 Sep 2016 00:25:48 +0000 (00:25 +0000)]
Merge "SampleIterator: clear members on seekTo error" into klp-dev
Marco Nelissen [Wed, 21 Sep 2016 20:35:16 +0000 (20:35 +0000)]
Merge "Limit mp4 atom size to something reasonable" into klp-dev
Marco Nelissen [Mon, 19 Sep 2016 23:22:56 +0000 (16:22 -0700)]
Limit mp4 atom size to something reasonable
Bug:
28615448
Change-Id: I5916f6839b4a9bbee4388a106e7373bcd4154f5a
Robert Shih [Wed, 21 Sep 2016 00:37:55 +0000 (17:37 -0700)]
SampleIterator: clear members on seekTo error
Bug:
31091777
Change-Id: Iddf99d0011961d0fd3d755e57db4365b6a6a1193
Marco Nelissen [Tue, 20 Sep 2016 20:36:40 +0000 (13:36 -0700)]
Check mprotect result
mprotect can theoretically fail, which could then let one exploit
a vulnerable codec if one exists on the device.
Bug:
31350239
Change-Id: I7b99c190619f0fb2eb93119596e6da0d2deb8ba5
Ricardo Garcia [Tue, 20 Sep 2016 00:27:26 +0000 (00:27 +0000)]
Merge "Fix potential overflow in Visualizer effect" into klp-dev
Chong Zhang [Mon, 19 Sep 2016 22:29:04 +0000 (15:29 -0700)]
IOMX: do not clear buffer if it's allocated by component
The component might depends on their buffers to be initialized
in certain ways to work. Don't clear unless we're allocating it.
bug:
31586647
Change-Id: Ia0a125797e414998ef0cd8ce03672f5b1e0bbf7a
Lajos Molnar [Wed, 14 Sep 2016 17:01:37 +0000 (10:01 -0700)]
IOMX: allow configuration after going to loaded state
This was disallowed recently but we still use it as MediaCodcec.stop
only goes to loaded state, and does not free component.
Bug:
31450460
Change-Id: I72e092e4e55c9f23b1baee3e950d76e84a5ef28d
Lajos Molnar [Fri, 9 Sep 2016 16:52:06 +0000 (16:52 +0000)]
Merge "DO NOT MERGE: IOMX: work against metadata buffer spoofing" into klp-dev
Wei Jia [Tue, 30 Aug 2016 20:49:06 +0000 (13:49 -0700)]
MediaPlayerService: allow next player to be NULL
Bug:
31155917
Bug:
30204103
Change-Id: I9a2a59ddb900fc942e7c19b31b53a110d790474c
rago [Tue, 23 Aug 2016 00:20:26 +0000 (17:20 -0700)]
Fix potential overflow in Visualizer effect
Bug:
30229821
Change-Id: Idd3c1563dc9d3261e6e168e945005bf133ab2cdb
(cherry picked from commit
099ab280775946e7c36c73fde47f2ee5a2579f53)
Robert Shih [Mon, 22 Aug 2016 17:53:09 +0000 (17:53 +0000)]
Merge "DO NOT MERGE MediaPlayerService: avoid invalid static cast" into klp-dev
Andy Hung [Fri, 19 Aug 2016 18:49:14 +0000 (18:49 +0000)]
Merge "Add EFFECT_CMD_SET_PARAM parameter checking" into klp-dev
Pawin Vongmasa [Fri, 19 Aug 2016 08:45:39 +0000 (01:45 -0700)]
DO NOT MERGE - Fix build breakage caused by commit
940829f69b52d6038db66a9c727534636ecc456d.
Change-Id: Ic55a9ab25ddb57f270c21d78ffcb556f3e11dd5d
Andy Hung [Wed, 17 Aug 2016 21:11:13 +0000 (14:11 -0700)]
Add EFFECT_CMD_SET_PARAM parameter checking
Bug:
30204301
Change-Id: Ib9c3ee1c2f23c96f8f7092dd9e146bc453d7a290
Lajos Molnar [Tue, 2 Aug 2016 14:07:05 +0000 (07:07 -0700)]
DO NOT MERGE: IOMX: work against metadata buffer spoofing
- Prohibit direct set/getParam/Settings for extensions meant for
OMXNodeInstance alone. This disallows enabling metadata mode
without the knowledge of OMXNodeInstance.
- Do not share metadata mode buffers cross process.
- Disallow setting up metadata mode/input surface
after first sendCommand (except to Idle for OMXCodec quirk).
- Disallow store-meta for input cross process.
- Disallow emptyBuffer for surface input (via IOMX).
- Fix checking for input surface.
[backported from L]
Bug:
29422020
Change-Id: I801c77b80e703903f62e42d76fd2e76a34e4bc8e
Robert Shih [Tue, 16 Aug 2016 23:50:54 +0000 (16:50 -0700)]
DO NOT MERGE MediaPlayerService: avoid invalid static cast
Bug:
30204103
Change-Id: Ie0dd3568a375f1e9fed8615ad3d85184bcc99028
Pawin Vongmasa [Tue, 19 Jul 2016 03:12:02 +0000 (20:12 -0700)]
DO NOT MERGE - SoftMPEG4: Check the buffer size before writing the reference frame.
Also prevent overflow in SoftMPEG4 and division by zero in SoftMPEG4Encoder.
Bug:
30033990
Change-Id: I7701f5fc54c2670587d122330e5dc851f64ed3c2
(cherry picked from commit
695123195034402ca76169b195069c28c30342d3)
Wonsik Kim [Thu, 21 Jul 2016 05:43:38 +0000 (14:43 +0900)]
DO NOT MERGE - stagefright: fix integer overflow error
Bug:
30103394
Change-Id: If449d3e30a0bf2ebea5317f41813bfed094f7408
(cherry picked from commit
2c74a3cd5d1d66b9a35424b9c4443dafa6db5bef)
Wonsik Kim [Thu, 7 Jul 2016 03:57:02 +0000 (12:57 +0900)]
omx: prevent input port enable/disable for software codecs
Bug:
29421804
Change-Id: Iba1011e9af942a6dff7f659af769a51e3f5ba66f
Robert Shih [Thu, 14 Jul 2016 22:32:08 +0000 (15:32 -0700)]
DO NOT MERGE - Fix build
Change-Id: Iff47bb735778fb275abeee573c636856b839feb5
Robert Shih [Thu, 14 Jul 2016 01:26:14 +0000 (01:26 +0000)]
Merge "DO NOT MERGE - SoftMP3: memset safely" into klp-dev
Robert Shih [Thu, 14 Jul 2016 01:18:10 +0000 (01:18 +0000)]
Merge "DO NOT MERGE - SoftVPX: fix nFilledLen overflow" into klp-dev
Robert Shih [Thu, 14 Jul 2016 01:16:52 +0000 (01:16 +0000)]
Merge "OMXCodec: check IMemory::pointer() before using allocation" into klp-dev
Robert Shih [Mon, 27 Jun 2016 20:55:14 +0000 (13:55 -0700)]
DO NOT MERGE - SoftMP3: memset safely
Bug:
29422022
Change-Id: I70c9e33269d16bf8c163815706ac24e18e34fe97
Robert Shih [Fri, 24 Jun 2016 19:37:45 +0000 (12:37 -0700)]
DO NOT MERGE - SoftVPX: fix nFilledLen overflow
Bug:
29421675
Change-Id: I25d4cf54a5df22c2130c37e95c7c7f75063111f3
Ray Essick [Wed, 13 Jul 2016 22:12:57 +0000 (22:12 +0000)]
Merge "Fix corruption via buffer overflow in mediaserver" into klp-dev
Wonsik Kim [Wed, 13 Jul 2016 03:32:16 +0000 (03:32 +0000)]
Merge "DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble" into klp-dev
Robert Shih [Wed, 13 Jul 2016 01:00:53 +0000 (18:00 -0700)]
OMXCodec: check IMemory::pointer() before using allocation
Bug:
29421811
Change-Id: I0a73ba12bae4122f1d89fc92e5ea4f6a96cd1ed1
Ray Essick [Wed, 6 Jul 2016 17:13:25 +0000 (10:13 -0700)]
Fix corruption via buffer overflow in mediaserver
change unbound sprintf() to snprintf() so network-provided values
can't overflow the buffers.
Applicable to all K/L/M/N branches.
Bug:
25747670
Change-Id: Id6a5120c2d08a6fbbd47deffb680ecf82015f4f6
Wonsik Kim [Thu, 16 Jun 2016 16:24:30 +0000 (01:24 +0900)]
DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble
Additionally, remove use of variable length array which is
non-standard in C++.
Bug:
29161888
Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
Pawin Vongmasa [Wed, 22 Jun 2016 02:10:21 +0000 (19:10 -0700)]
Impose a size bound for dynamically allocated tables in stbl.
Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss
boxes. Also change mTimeToSample from Vector to array.
Bug:
29367429
Change-Id: I953bea9fe0590268cf27376740f582dc88563d42
Wonsik Kim [Wed, 22 Jun 2016 18:27:32 +0000 (18:27 +0000)]
Merge "Revert "Impose a size bound for dynamically allocated tables in stbl."" into klp-dev
Wonsik Kim [Wed, 22 Jun 2016 18:19:15 +0000 (18:19 +0000)]
Revert "Impose a size bound for dynamically allocated tables in stbl."
This reverts commit
25e029746796fe88e82417fb01af2e27b8bbadb2.
Change-Id: I91225838a8be72a3cd413f2bcb99e7dca7e62929
Wonsik Kim [Wed, 22 Jun 2016 17:38:54 +0000 (17:38 +0000)]
Merge "Impose a size bound for dynamically allocated tables in stbl." into klp-dev
Pawin Vongmasa [Wed, 22 Jun 2016 02:10:21 +0000 (19:10 -0700)]
Impose a size bound for dynamically allocated tables in stbl.
Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss
boxes. Also change Vector to std::vector for efficiency and consistency.
Bug:
29367429
Change-Id: I175da524612b9fe68496c612966af51f01a5cd5e
Eino-Ville Talvala [Tue, 21 Jun 2016 21:57:34 +0000 (21:57 +0000)]
Merge "DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak" into klp-dev
Wonsik Kim [Tue, 21 Jun 2016 17:29:39 +0000 (17:29 +0000)]
Merge "DO NOT MERGE omx: check buffer port before using" into klp-dev
Eino-Ville Talvala [Tue, 21 Jun 2016 00:00:14 +0000 (17:00 -0700)]
DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak
Subtract address of a random static object from pointers being routed
through app process.
Bug:
28466701
Change-Id: Idcbfe81e9507433769672f3dc6d67db5eeed4e04
Wonsik Kim [Wed, 25 May 2016 07:54:08 +0000 (16:54 +0900)]
DO NOT MERGE omx: check buffer port before using
Bug:
28816827
Change-Id: I3d5bad4a1ef96dec544b05bb31cc6f7109aae0a5
Andy Hung [Mon, 20 Jun 2016 22:22:52 +0000 (15:22 -0700)]
Check effect command reply size in AudioFlinger
Bug:
29251553
Change-Id: I1bcc1281f1f0542bb645f6358ce31631f2a8ffbf
Marco Nelissen [Fri, 10 Jun 2016 23:02:40 +0000 (23:02 +0000)]
Merge "DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer" into klp-dev
Marco Nelissen [Wed, 8 Jun 2016 22:56:35 +0000 (22:56 +0000)]
Merge "Don't use sp<>&" into klp-dev
Marco Nelissen [Wed, 8 Jun 2016 22:00:08 +0000 (15:00 -0700)]
DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer
Bug:
29153599
Change-Id: Ieb70a90cf31927165de7a840bfdd3ee2c76f4cbd
Marco Nelissen [Tue, 7 Jun 2016 22:48:07 +0000 (15:48 -0700)]
Fix potential overflow
Bug:
28533562
Change-Id: I798ab24caa4c81f3ba564cad7c9ee019284fb702
Marco Nelissen [Tue, 7 Jun 2016 19:26:43 +0000 (12:26 -0700)]
Don't use sp<>&
because they may end up pointing to NULL after a NULL check was performed.
Bug:
28166152
Change-Id: Iab2ea30395b620628cc6f3d067dd4f6fcda824fe
Wei Jia [Fri, 28 Aug 2015 17:35:35 +0000 (10:35 -0700)]
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
GenericSource: return error when no track exists.
SampleIterator: make sure mSamplesPerChunk is not zero before using it as divisor.
Bug:
21657957
Bug:
23705695
Bug:
22802344
Bug:
28799341
Change-Id: I7664992ade90b935d3f255dcd43ecc2898f30b04
(cherry picked from commit
0386c91b8a910a134e5898ffa924c1b6c7560b13)
Marco Nelissen [Mon, 23 May 2016 22:35:11 +0000 (22:35 +0000)]
Merge "DO NOT MERGE limit mediaserver memory" into klp-dev
Marco Nelissen [Fri, 13 May 2016 17:43:19 +0000 (10:43 -0700)]
DO NOT MERGE limit mediaserver memory
Limit mediaserver using rlimit, to prevent it from bringing down the system
via the low memory killer.
Default max is 65% of total RAM, but can be customized via system property.
Bug:
28471206
Bug:
28615448
Change-Id: I14fac1e12b5f3983be08a21bfbfc54feedbf3f16
Marco Nelissen [Mon, 23 May 2016 14:32:45 +0000 (14:32 +0000)]
Merge "DO NOT MERGE Check malloc result to avoid NPD" into klp-dev
Jeff Tinker [Fri, 13 May 2016 21:08:15 +0000 (21:08 +0000)]
Merge "Fix security vulnerability in libstagefright" into klp-dev
Marco Nelissen [Wed, 11 May 2016 18:11:20 +0000 (11:11 -0700)]
DO NOT MERGE Check malloc result to avoid NPD
Bug:
28471206
Change-Id: Id5d055d76893d6f53a2e524ff5f282d1ddca3345
Jeff Tinker [Fri, 13 May 2016 18:48:11 +0000 (11:48 -0700)]
Fix security vulnerability in libstagefright
bug:
28175045
Change-Id: Icee6c7eb5b761da4aa3e412fb71825508d74d38f
Pawin Vongmasa [Wed, 11 May 2016 23:08:21 +0000 (16:08 -0700)]
h264bsdActivateParamSets: Prevent multiplication overflow.
Report MEMORY_ALLOCATION_ERROR if pStorage->picSizeInMbs would
exceed UINT32_MAX bytes.
Bug:
28532266
Change-Id: Ia6f11efb18818afcdb5fa2a38a14f2a2d8c8447a
Marco Nelissen [Tue, 3 May 2016 23:15:43 +0000 (23:15 +0000)]
Merge "Clear unused pointer field when sending across binder" into klp-dev
Marco Nelissen [Mon, 2 May 2016 21:12:34 +0000 (14:12 -0700)]
Clear unused pointer field when sending across binder
Bug:
28377502
Change-Id: Iad5ebfb0a9ef89f09755bb332579dbd3534f9c98
Marco Nelissen [Fri, 22 Apr 2016 17:45:56 +0000 (17:45 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into klp-dev
Marco Nelissen [Fri, 22 Apr 2016 14:54:04 +0000 (07:54 -0700)]
DO NOT MERGE More OMX struct checking
These were lost due to bad merges.
Bug:
27207275
Change-Id: Ia0f403d7aef79a8e0ac618eb49b34dbf9faa25c2
Pawin Vongmasa [Wed, 20 Apr 2016 22:51:48 +0000 (15:51 -0700)]
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
Detail: Before the original fix
(Id207f369ab7b27787d83f5d8fc48dc53ed9fcdc9) for
28076789, the
code allowed a time-to-sample table size to be 0. The change
made in that fix disallowed such situation, which in fact should
be allowed. This current patch allows it again while maintaining
the security of the previous fix.
Bug:
28288202
Bug:
28076789
Change-Id: I1c9a60c7f0cfcbd3d908f24998dde15d5136a295
Wonsik Kim [Mon, 18 Apr 2016 04:39:54 +0000 (04:39 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec" into klp-dev
Pawin Vongmasa [Sat, 16 Apr 2016 00:01:22 +0000 (00:01 +0000)]
Merge "SampleTable.cpp: Prevent corrupted stts block from causing excessive memory allocation." into klp-dev
Pawin Vongmasa [Wed, 13 Apr 2016 23:25:12 +0000 (16:25 -0700)]
SampleTable.cpp: Prevent corrupted stts block from causing
excessive memory allocation.
Details:
DataSource.h
- Added function getVector() for reading from a data source into
a Vector object, whose capacity grows only as much as needed
(in case of EOS or reading error).
SampleTable.h
- Changed the type of mTimeToSample from uint32_t* to
Vector<uint32_t>.
SampleTable.cpp
- In setTimeToSample, modified the code to use getVector()
instead of readAt(). If the input source has a corrupt
time-to-sample table size that is too big, EOS will be reached
before the whole table is read, and the return value from
getVector() will be false.
- Also, tightened the bound for the provided time-to-sample table
size to guarantee that the table does not take more than
UINT_MAX32 bytes in memory.
Bug:
28076789
Change-Id: Id207f369ab7b27787d83f5d8fc48dc53ed9fcdc9
Marco Nelissen [Fri, 8 Apr 2016 17:04:48 +0000 (10:04 -0700)]
h264dec: check for overflows when calculating allocation size.
Bug:
27855419
Change-Id: Idabedca52913ec31ea5cb6a6109ab94e3fb2badd
Wonsik Kim [Fri, 8 Apr 2016 01:05:03 +0000 (01:05 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in vorbisdec" into klp-dev
Wonsik Kim [Fri, 8 Apr 2016 01:03:55 +0000 (01:03 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in (h263|h264)dec" into klp-dev
Wonsik Kim [Thu, 7 Apr 2016 08:45:02 +0000 (17:45 +0900)]
DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec
Bug:
27793163
Bug:
27793367
Change-Id: Iec3de8a237ee2379d87a8371c13e543878c6652c
Marco Nelissen [Thu, 7 Apr 2016 21:24:52 +0000 (21:24 +0000)]
Merge "Check mp3 output buffer size" into klp-dev
Marco Nelissen [Tue, 5 Apr 2016 21:20:11 +0000 (14:20 -0700)]
AudioSource: initialize variables
to prevent info leak
Bug:
27855172
Change-Id: I3d33e0a9cc5cf8a758d7b0794590b09c43a24561
Marco Nelissen [Wed, 23 Mar 2016 22:36:36 +0000 (15:36 -0700)]
Check mp3 output buffer size
Bug:
27793371
Change-Id: I0fe40a4cfd0a5b488f93d3f3ba6f9495235926ac
Wonsik Kim [Sun, 20 Mar 2016 01:44:44 +0000 (10:44 +0900)]
DO NOT MERGE codecs: check OMX buffer size before use in (h263|h264)dec
Bug:
27833616
Change-Id: I0fd599b3da431425d89236ffdd9df423c11947c0
Wonsik Kim [Wed, 30 Mar 2016 08:13:00 +0000 (17:13 +0900)]
DO NOT MERGE codecs: check OMX buffer size before use in vorbisdec
Bug:
27833616
Change-Id: I1ccdd16a00741da072527a6d13e87fd7c7fe8c54
Wei Jia [Fri, 25 Mar 2016 21:22:40 +0000 (21:22 +0000)]
Merge "SampleTable: reduce unnecessary logging message." into klp-dev
Marco Nelissen [Fri, 25 Mar 2016 15:26:18 +0000 (08:26 -0700)]
Fix AMR decoder
Previous change caused EOS to be ignored.
Bug:
27843673
Related-to-bug:
27662364
Change-Id: Ia148a88abc861a9b393f42bc7cd63d8d3ae349bc
Wei Jia [Thu, 24 Mar 2016 17:58:04 +0000 (10:58 -0700)]
SampleTable: reduce unnecessary logging message.
Bug:
23247055
Change-Id: Ida0021160532623c6e72bd5bb0bb2a24332d1c34
Wei Jia [Thu, 24 Mar 2016 16:41:24 +0000 (09:41 -0700)]
SampleTable: add logging.
Bug:
23247055
Change-Id: Id45f9815c1b3cdfaae664508204a6ce1c1da4532
Wonsik Kim [Tue, 22 Mar 2016 22:31:01 +0000 (22:31 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in VP8 encoder." into klp-dev
Marco Nelissen [Tue, 22 Mar 2016 20:43:54 +0000 (20:43 +0000)]
Merge "NuPlayerStreamListener: NULL and bounds check before memcpy" into klp-dev
Wei Jia [Sat, 19 Mar 2016 01:17:14 +0000 (18:17 -0700)]
SoftAMR: check input buffer size to avoid overflow.
Bug:
27662364
Change-Id: I47380545ea7d85845e141e722b0d84f498d27145
Wei Jia [Thu, 17 Mar 2016 18:15:02 +0000 (11:15 -0700)]
SoftAMR: check output buffer size to avoid overflow.
Bug:
27662364
Change-Id: I7b26892c41d6f2e690e77478ab855c2fed1ff6b0
Wonsik Kim [Sun, 20 Mar 2016 01:44:44 +0000 (10:44 +0900)]
DO NOT MERGE codecs: check OMX buffer size before use in VP8 encoder.
Bug:
27569635
Change-Id: I469573f40e21dc9f4c200749d4f220e3a2d31761
Chien-Yu Chen [Mon, 21 Mar 2016 18:15:07 +0000 (18:15 +0000)]
Merge "Camera3Device: Validate template ID" into klp-dev
Robert Shih [Fri, 18 Mar 2016 21:34:57 +0000 (14:34 -0700)]
NuPlayerStreamListener: NULL and bounds check before memcpy
Bug:
27533704
Change-Id: I992a7709b92b1cbc3114c97bec48a3fc5b22ba6e
Chien-Yu Chen [Wed, 9 Mar 2016 20:21:01 +0000 (12:21 -0800)]
Camera3Device: Validate template ID
Validate template ID before creating a default request.
Bug:
26866110
Bug:
27568958
Change-Id: Ifda457024f1d5c2b1382f189c1a8d5fda852d30d
Marco Nelissen [Wed, 16 Mar 2016 17:32:05 +0000 (10:32 -0700)]
DO NOT MERGE Add VPX output buffer size check
and handle dead observers more gracefully
Bug:
27597103
Change-Id: Id7acb25d5ef69b197da15ec200a9e4f9e7b03518
Marco Nelissen [Fri, 11 Mar 2016 22:40:17 +0000 (14:40 -0800)]
DO NOT MERGE Don't reject "thumbnail mode" setConfig
Bug:
27207275
Change-Id: I35f6bf5b407869a9479feaf1b5beef7b68d04509
Marco Nelissen [Fri, 4 Mar 2016 23:22:59 +0000 (23:22 +0000)]
Merge "DO NOT MERGE Verify OMX buffer sizes prior to access" into klp-dev
Marco Nelissen [Mon, 29 Feb 2016 20:47:20 +0000 (12:47 -0800)]
DO NOT MERGE Verify OMX buffer sizes prior to access
Bug:
27207275
Change-Id: I4412825d1ee233d993af0a67708bea54304ff62d
Marco Nelissen [Wed, 24 Feb 2016 21:05:22 +0000 (21:05 +0000)]
Merge "Also fix out of bounds access for normal read" into klp-dev
Marco Nelissen [Thu, 18 Feb 2016 16:25:47 +0000 (08:25 -0800)]
Get service by value instead of reference
to prevent a cleared service binder from being used.
Bug:
26040840
Change-Id: Ifb5483c55b172d3553deb80dbe27f2204b86ecdb
Marco Nelissen [Tue, 23 Feb 2016 22:48:46 +0000 (14:48 -0800)]
Also fix out of bounds access for normal read
Previous fix accidentally only fixed the fragmented read case.
Bug:
27208621
Change-Id: Ie16f1920b84c8aba613842659238fcd5925694ad
Marco Nelissen [Mon, 22 Feb 2016 21:05:15 +0000 (13:05 -0800)]
Clear allocation to avoid info leak
Bug:
26914474
Change-Id: Ie1a86e86d78058d041149fe599a4996e7f8185cf
Vignesh Venkatasubramanian [Wed, 13 Jan 2016 20:18:05 +0000 (12:18 -0800)]
DO NOT MERGE - Remove deprecated image defines
libvpx has always supported the VPX_ prefixed versions of these defines.
The unprefixed versions have been removed in the most recent release.
https://chromium.googlesource.com/webm/libvpx/+/
9cdaa3d72eade9ad162ef8f78a93bd8f85c6de10
BUG=
23452792
Change-Id: Ib02073f42d545e6c08f9bd4a4fc868e3be886c1b
Eino-Ville Talvala [Wed, 13 Jan 2016 18:07:04 +0000 (10:07 -0800)]
Camera: Disallow dumping clients directly
Camera service dumps should only be initiated through
ICameraService::dump.
Bug:
26265403
Change-Id: If3ca4718ed74bf33ad8a416192689203029e2803