git.osdn.net Git - android-x86/frameworks-av.git/log

(root) / android-x86 / frameworks-av.git / log

Andy Hung [Tue, 6 Jun 2017 21:00:54 +0000 (21:00 +0000)]

Merge "EffectBundle: Check value size for get preset name" into klp-dev am: f5d6e98996 am: b401a3bf44 am: 1f44782e92
am: ea83248dfb

Change-Id: I0ceea1282ab530f228b8e6f54678edf3bb2f9d69

commit | commitdiff | tree

Andy Hung [Tue, 6 Jun 2017 20:58:23 +0000 (20:58 +0000)]

Merge "EffectBundle: Check value size for get preset name" into klp-dev am: f5d6e98996 am: b401a3bf44
am: 1f44782e92

Change-Id: Idc429c80c4058fcd2232209afd5da70128cca837

commit | commitdiff | tree

Andy Hung [Tue, 6 Jun 2017 20:56:51 +0000 (20:56 +0000)]

Merge "EffectBundle: Check value size for get preset name" into klp-dev am: f5d6e98996
am: b401a3bf44

Change-Id: Ie62820116b2250c7533975362e90ae8139933697

commit | commitdiff | tree

Andy Hung [Tue, 6 Jun 2017 20:55:13 +0000 (20:55 +0000)]

Merge "EffectBundle: Check value size for get preset name" into klp-dev
am: f5d6e98996

Change-Id: I1af8959b4866ca2e45e2ef2aeb54806ac09e5176

commit | commitdiff | tree

Andy Hung [Tue, 6 Jun 2017 20:50:11 +0000 (20:50 +0000)]

Merge "EffectBundle: Check value size for get preset name" into klp-dev

commit | commitdiff | tree

Ray Essick [Tue, 6 Jun 2017 20:37:16 +0000 (20:37 +0000)]

Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev am: 021575025c am: 5944b611e5 am: 1a419c7b2a
am: 70a63bdf27

Change-Id: If759d2cd6c4bd350ca54218c2a6ae3fd07c11548

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 20:36:49 +0000 (20:36 +0000)]

Merge "m4v_h263: update width/height only when they are valid." into klp-dev am: 2da03f40eb am: 5e9a9442a3 am: 36eb1039cf
am: 1173c884db

Change-Id: Ie070371abe02527147724cdb620547c9f1ec1b2d

commit | commitdiff | tree

Ray Essick [Tue, 6 Jun 2017 20:28:12 +0000 (20:28 +0000)]

Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev am: 021575025c am: 5944b611e5
am: 1a419c7b2a

Change-Id: Ibb5f76a8dac6cf37d4115d3c277687fa96b08660

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 20:27:45 +0000 (20:27 +0000)]

Merge "m4v_h263: update width/height only when they are valid." into klp-dev am: 2da03f40eb am: 5e9a9442a3
am: 36eb1039cf

Change-Id: I62be2937991b3d2d9fdf5c4cd543d669ba2edfab

commit | commitdiff | tree

Ray Essick [Tue, 6 Jun 2017 20:21:35 +0000 (20:21 +0000)]

Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev am: 021575025c
am: 5944b611e5

Change-Id: I7f5f93f57aa77cb87fdf5155881ed9463e50ef0f

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 20:21:13 +0000 (20:21 +0000)]

Merge "m4v_h263: update width/height only when they are valid." into klp-dev am: 2da03f40eb
am: 5e9a9442a3

Change-Id: I48abb4d5dfa84f3759dc7990b79a7495562a1376

commit | commitdiff | tree

Ray Essick [Tue, 6 Jun 2017 20:15:34 +0000 (20:15 +0000)]

Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev
am: 021575025c

Change-Id: I5a5dd6e53b177854de9121bf7650f334a4fc67e9

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 20:15:14 +0000 (20:15 +0000)]

Merge "m4v_h263: update width/height only when they are valid." into klp-dev
am: 2da03f40eb

Change-Id: I51de2fdbad57019904bcbc005e0fa85b6a8f54ed

commit | commitdiff | tree

TreeHugger Robot [Tue, 6 Jun 2017 20:10:08 +0000 (20:10 +0000)]

Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev

commit | commitdiff | tree

TreeHugger Robot [Tue, 6 Jun 2017 20:05:05 +0000 (20:05 +0000)]

Merge "m4v_h263: update width/height only when they are valid." into klp-dev

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 20:03:12 +0000 (20:03 +0000)]

Merge "m4v_h263: check header first before decoding a frame." into lmp-dev
am: 6aed93d593

Change-Id: I3fc4c73813fa895796747b63ee849988f94f671a

commit | commitdiff | tree

TreeHugger Robot [Tue, 6 Jun 2017 19:52:49 +0000 (19:52 +0000)]

Merge "m4v_h263: check header first before decoding a frame." into lmp-dev

commit | commitdiff | tree

TreeHugger Robot [Tue, 6 Jun 2017 19:24:27 +0000 (19:24 +0000)]

Merge "NuPlayerDecoder: fail gracefully when input data can't be held in allocated buffer." into lmp-mr1-dev

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 19:06:01 +0000 (19:06 +0000)]

Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev am: da924b45e1 am: fdfad5899d am: f3383881ff -s ours
am: 486e62c5dd -s ours

Change-Id: I8f9016674ff88f70bc421604c1fae0bd208979d9

commit | commitdiff | tree

Jeff Tinker [Tue, 6 Jun 2017 19:05:36 +0000 (19:05 +0000)]

Fix integer overflow in mediadrmserver
am: eb21712f81

Change-Id: I0caf94590f85f444a4705f62792c27a447fa8b69

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 18:59:39 +0000 (18:59 +0000)]

Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev am: da924b45e1 am: fdfad5899d
am: f3383881ff -s ours

Change-Id: Ida0671401c4323f61ff63c4954522171efa2bcca

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 18:54:07 +0000 (18:54 +0000)]

Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev am: da924b45e1
am: fdfad5899d

Change-Id: Ibfeec763c09ce978dd44d7cade7cb848b31aa528

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 18:48:36 +0000 (18:48 +0000)]

Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev
am: da924b45e1

Change-Id: I346cc9a7df899bb760abb7eb99f684f0d40ceced

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 18:39:58 +0000 (18:39 +0000)]

Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev

commit | commitdiff | tree

Jeff Tinker [Mon, 5 Jun 2017 21:34:48 +0000 (14:34 -0700)]

Fix integer overflow in mediadrmserver

bug:37710346
Change-Id: If18cfb5bb1d1f1b2997d2a0e1685590d674181f4

commit | commitdiff | tree

Ray Essick [Fri, 2 Jun 2017 20:07:19 +0000 (13:07 -0700)]

better manage buffer for libstagefright_soft_mpeg4enc

Existing code allocated buffer, adjusted pointer to use it, and would
adjust the pointer back when it came time to free the space. The problem
was that the adjustment was based on user-supplied values and if the
user changed those values between alloc and free (which was possible),
the code ended up free()ing the wrong address.

We fix this by keeping an extra pointer -- the unmodified allocation --
which we use for the subsequent free() calls. This makes the free()
independent of any changes to values that the user provides.

Bug: 36075363
Test: ran poc against patched nyc-mr2-dev tree
Change-Id: I7013ff5883a945c4647517b2980c76a6558f23d2

commit | commitdiff | tree

Marco Nelissen [Fri, 2 Jun 2017 04:15:32 +0000 (04:15 +0000)]

Merge "Fix potential leak" into klp-dev am: 2f9eacc3ae am: a7602f8339 am: fe7c2700ae
am: cbaad4b189

Change-Id: Ifd9897d7c631c92e756481c3f43f0b4cbca85ca0

commit | commitdiff | tree

Marco Nelissen [Fri, 2 Jun 2017 04:12:32 +0000 (04:12 +0000)]

Merge "Fix potential leak" into klp-dev am: 2f9eacc3ae am: a7602f8339
am: fe7c2700ae

Change-Id: I9c4c5dbe0682992f9e7521ed3bf6a52d8311e00f

commit | commitdiff | tree

Marco Nelissen [Fri, 2 Jun 2017 04:09:21 +0000 (04:09 +0000)]

Merge "Fix potential leak" into klp-dev am: 2f9eacc3ae
am: a7602f8339

Change-Id: I2883ac8221475d5fa73ed34350f199355b541b14

commit | commitdiff | tree

Marco Nelissen [Fri, 2 Jun 2017 04:05:59 +0000 (04:05 +0000)]

Merge "Fix potential leak" into klp-dev
am: 2f9eacc3ae

Change-Id: I7e3a53be249eff99dd895e500f9833ad55a184b0

commit | commitdiff | tree

TreeHugger Robot [Fri, 2 Jun 2017 04:02:09 +0000 (04:02 +0000)]

Merge "Fix potential leak" into klp-dev

commit | commitdiff | tree

Wei Jia [Fri, 19 May 2017 21:34:10 +0000 (14:34 -0700)]

m4v_h263: check header first before decoding a frame.

Test: fix the file in the bug
Bug: 37660827
Change-Id: I9d6919f96c0c9f29221be1e8e852ecb21062bad9
(cherry picked from commit db545366c2e893dbbe1a42d858c52067101beda6)

commit | commitdiff | tree

Wei Jia [Fri, 19 May 2017 21:34:10 +0000 (14:34 -0700)]

DO NOT MERGE - m4v_h263: check header first before decoding a frame.

Test: fix the file in the bug
Bug: 37660827
Change-Id: I9d6919f96c0c9f29221be1e8e852ecb21062bad9

commit | commitdiff | tree

Wei Jia [Thu, 18 May 2017 19:43:12 +0000 (12:43 -0700)]

m4v_h263: update width/height only when they are valid.

Test: the file in the bug doesn't crash
Bug: 37079296
Change-Id: Ie092971dda568119ca38ec67d65ccfc00df93185

commit | commitdiff | tree

Wei Jia [Fri, 8 Jan 2016 00:03:03 +0000 (16:03 -0800)]

NuPlayerDecoder: fail gracefully when input data can't be held in allocated buffer.

Bug: 38391487
Bug: 24145279
Change-Id: I6b99ee2dc63063557f4ee2c5856f7c848e969752
(cherry picked from commit 56097a8ecc31ec308a1caa38f92b69f99324eada)

commit | commitdiff | tree

Andy Hung [Tue, 16 May 2017 19:04:50 +0000 (12:04 -0700)]

EffectBundle: Check value size for get preset name

Test: CTS testAllEffectsEqualizer_CVE_2017_0401
Bug: 37536407
Change-Id: I347af04677fc49a01efb549f06ff81d1a00dc4d0

commit | commitdiff | tree

Marco Nelissen [Tue, 16 May 2017 15:36:54 +0000 (15:36 +0000)]

Merge "Fix memory leak in error case" into klp-dev am: 5136b7436f am: 60657857c6 am: 55057ab408
am: a2fbd251ca

Change-Id: I8a0e99463feb24350f02d5b5ccdc9419ebb2d71d

commit | commitdiff | tree

Marco Nelissen [Tue, 16 May 2017 15:33:25 +0000 (15:33 +0000)]

Merge "Fix memory leak in error case" into klp-dev am: 5136b7436f am: 60657857c6
am: 55057ab408

Change-Id: I5107a57def4be19aad9dca950cca06bebecad1e8

commit | commitdiff | tree

Marco Nelissen [Tue, 16 May 2017 15:30:24 +0000 (15:30 +0000)]

Merge "Fix memory leak in error case" into klp-dev am: 5136b7436f
am: 60657857c6

Change-Id: I1564d4e2626a31b7018bae301c50a268ccc79749

commit | commitdiff | tree

Marco Nelissen [Tue, 16 May 2017 15:27:25 +0000 (15:27 +0000)]

Merge "Fix memory leak in error case" into klp-dev
am: 5136b7436f

Change-Id: I479e015461fa46227c4cae49829b0f3c0d769de9

commit | commitdiff | tree

Marco Nelissen [Tue, 16 May 2017 15:20:59 +0000 (15:20 +0000)]

Merge "Fix memory leak in error case" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 15 May 2017 16:59:57 +0000 (16:59 +0000)]

Limit ogg packet size am: bf928560ac am: f349435fcf am: 086cee9d89
am: b65b0a8367

Change-Id: I2faa1a87e934851ee2a4a865e3e3d7084381dac6

commit | commitdiff | tree

Marco Nelissen [Mon, 15 May 2017 16:56:55 +0000 (16:56 +0000)]

Limit ogg packet size am: bf928560ac am: f349435fcf
am: 086cee9d89

Change-Id: I9687649ed25dade9f872c83a290bbcd0abb4b5fc

commit | commitdiff | tree

Marco Nelissen [Mon, 15 May 2017 16:53:54 +0000 (16:53 +0000)]

Limit ogg packet size am: bf928560ac
am: f349435fcf

Change-Id: I952944295017f01b254c80c8db935e33c51337f3

commit | commitdiff | tree

Marco Nelissen [Mon, 15 May 2017 16:50:55 +0000 (16:50 +0000)]

Limit ogg packet size
am: bf928560ac

Change-Id: I102f6e9b1b4933d043b2a3e1e3f7fc885aaf6779

commit | commitdiff | tree

Marco Nelissen [Fri, 12 May 2017 22:35:30 +0000 (15:35 -0700)]

Limit ogg packet size

A malformed ogg file might lace together a very large packet, which
could lead to out of memory conditions. Limit the packet size to
avoid this.

Bug: 36592202
Change-Id: I8650b3ec54a0de9ec302a7cbac296bb85efcfb3d

commit | commitdiff | tree

Marco Nelissen [Fri, 12 May 2017 17:45:14 +0000 (10:45 -0700)]

Fix memory leak in error case

Bug: 37239013
Change-Id: Ic33e0f7ed946d0729efa46f69aff1a5d35e81b1e

commit | commitdiff | tree

Marco Nelissen [Tue, 9 May 2017 21:17:06 +0000 (14:17 -0700)]

Fix potential leak

Fix potential memory leak introduced with bugfix for bug 31449945.

Bug: 36389123
Change-Id: I5a9a3551692d6cba385b45c4c7a465aa377a62b1

commit | commitdiff | tree

Roger1 Jonsson [Tue, 11 Apr 2017 17:22:19 +0000 (17:22 +0000)]

Merge "Avoid crash for stss sync sample number 0" into lmp-dev
am: d12204372f

Change-Id: Ic2bca43957197cf537760826de60fcb85777cb1b

commit | commitdiff | tree

TreeHugger Robot [Tue, 11 Apr 2017 17:02:45 +0000 (17:02 +0000)]

Merge "Avoid crash for stss sync sample number 0" into lmp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 10 Apr 2017 20:41:04 +0000 (20:41 +0000)]

Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am: 922ad6183e am: 0893c50bcf am: 59bc7f77f8
am: 82ffcbd667

Change-Id: I1b2ea29d1c22f1714f0c0e90a56c585176742dd2

commit | commitdiff | tree

Marco Nelissen [Mon, 10 Apr 2017 20:36:33 +0000 (20:36 +0000)]

Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am: 922ad6183e am: 0893c50bcf
am: 59bc7f77f8

Change-Id: I133f8566b649821e06cfb21a95b20f84eb839219

commit | commitdiff | tree

Marco Nelissen [Mon, 10 Apr 2017 20:32:06 +0000 (20:32 +0000)]

Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am: 922ad6183e
am: 0893c50bcf

Change-Id: I819b55a95ff50c51488bac50c43fea8b2244a410

commit | commitdiff | tree

Marco Nelissen [Mon, 10 Apr 2017 20:27:43 +0000 (20:27 +0000)]

Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev
am: 922ad6183e

Change-Id: I8fbd67b5fe298d6f842d224109e2ab0b52a2b59a

commit | commitdiff | tree

Marco Nelissen [Mon, 10 Apr 2017 19:57:08 +0000 (19:57 +0000)]

Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev

commit | commitdiff | tree

Roger1 Jonsson [Wed, 5 Apr 2017 23:10:38 +0000 (23:10 +0000)]

Avoid crash for stss sync sample number 0 am: 5c364997a3 am: e77a32bd3d am: ab28d49e41 -s ours
am: 73db408aa3

Change-Id: Ibe55680e73e9caddc3fc79883fa17a50742f393d

commit | commitdiff | tree

Roger1 Jonsson [Wed, 26 Oct 2016 07:20:00 +0000 (09:20 +0200)]

Avoid crash for stss sync sample number 0

A sample number value of 0 means that the value stored in
the mSyncSamples array, would become negative (-1),
when converted to index value. This causes a crash.

Make sure that stss sample numbers are bigger
than 0 before converting sample number to index value.

Bug: 32423862
bug: 35645051
Test: Playback video that triggers stss sync sample number 0
Change-Id: I35bee7c718e01b086d7e05deda13b38083f509f5

commit | commitdiff | tree

Roger1 Jonsson [Wed, 5 Apr 2017 23:07:37 +0000 (23:07 +0000)]

Avoid crash for stss sync sample number 0 am: 5c364997a3 am: e77a32bd3d
am: ab28d49e41 -s ours

Change-Id: I63e6f4ea65dda85e5d779f6aaf1fbd4ca5806f8c

commit | commitdiff | tree

Roger1 Jonsson [Wed, 5 Apr 2017 22:52:35 +0000 (22:52 +0000)]

Avoid crash for stss sync sample number 0 am: 5c364997a3
am: e77a32bd3d

Change-Id: If61ba19bc937c6b7c7227296ddba5a1797072f9d

commit | commitdiff | tree

Roger1 Jonsson [Wed, 5 Apr 2017 22:49:34 +0000 (22:49 +0000)]

Avoid crash for stss sync sample number 0
am: 5c364997a3

Change-Id: Ia97daf543c65b52db1c5d09471ed8d00a434364d

commit | commitdiff | tree

Roger1 Jonsson [Wed, 26 Oct 2016 07:20:00 +0000 (09:20 +0200)]

commit | commitdiff | tree

Marco Nelissen [Mon, 27 Mar 2017 22:04:25 +0000 (15:04 -0700)]

Don't allow using or allocating a buffer after the first state transition

Bug: 35467458
Change-Id: Ia76c8cec8ad2abb95ca29b2a89075f7acab4b174

commit | commitdiff | tree

Robert Shih [Tue, 14 Mar 2017 23:58:59 +0000 (23:58 +0000)]

DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am: 13c77f4fe0 am: 761abda1bd am: aca26c9d45 -s ours
am: 1e4d8d67bc -s ours

Change-Id: Iab0b678707ea31ad02f0f9be5f02f5638c601826

commit | commitdiff | tree

Robert Shih [Tue, 14 Mar 2017 23:55:10 +0000 (23:55 +0000)]

FLACExtractor: copy protect mWriteBuffer
am: 8ee699977c

Change-Id: Icdfd99c85fb0f76cc607f8bb29430913cf72bad1

commit | commitdiff | tree

Robert Shih [Tue, 14 Mar 2017 23:54:28 +0000 (23:54 +0000)]

DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am: 13c77f4fe0 am: 761abda1bd
am: aca26c9d45 -s ours

Change-Id: Id436554a36de729ccd7a3220e32e155c423d0531

commit | commitdiff | tree

Robert Shih [Tue, 14 Mar 2017 23:49:57 +0000 (23:49 +0000)]

DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am: 13c77f4fe0
am: 761abda1bd

Change-Id: I30bf5233b69619d260edb952248865adf5c55c83

commit | commitdiff | tree

Robert Shih [Tue, 14 Mar 2017 23:45:27 +0000 (23:45 +0000)]

DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
am: 13c77f4fe0

Change-Id: Ib7f8b77b3ba27fcd8e61e540eb39259cb287185c

commit | commitdiff | tree

Robert Shih [Mon, 24 Oct 2016 18:38:31 +0000 (11:38 -0700)]

FLACExtractor: copy protect mWriteBuffer

Bug: 30895578
Bug: 34970788
Change-Id: I4cba36bbe3502678210e5925181683df9726b431
(cherry picked from commit 328cd66cc72ba7bc5452ed5a93f29ddcd73aa9f9)

commit | commitdiff | tree

Robert Shih [Mon, 24 Oct 2016 18:38:31 +0000 (11:38 -0700)]

DO NOT MERGE FLACExtractor: copy protect mWriteBuffer

Bug: 30895578
Bug: 34970788
Change-Id: I4cba36bbe3502678210e5925181683df9726b431

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:57:12 +0000 (22:57 +0000)]

Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am: 19b91af752 am: 8e3cf4d841 am: 5b1bfc1f43
am: 8abf11b512

Change-Id: I1cdf8344d8ca41cf5c4b6622ec743bb094c3dff0

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:56:57 +0000 (22:56 +0000)]

Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am: 2076915c5f am: dcda2ec2fe am: f5c7784dbd
am: c3de266a99

Change-Id: I38701178a3fd7632fc8717472338d60d4cb0de2e

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:52:42 +0000 (22:52 +0000)]

Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am: 19b91af752 am: 8e3cf4d841
am: 5b1bfc1f43

Change-Id: I32327162d3e69259656f0b3a82800f45572527fd

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:52:28 +0000 (22:52 +0000)]

Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am: 2076915c5f am: dcda2ec2fe
am: f5c7784dbd

Change-Id: Ic1901b3fa14a1e1c7f582e5b7862e777489e7314

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:48:27 +0000 (22:48 +0000)]

Merge "Fix integer overflow and divide-by-zero" into klp-dev am: b264ece2c0 am: bbca2719c6 am: c2e69851ea
am: 3285770d37

Change-Id: Id82c89fed96d3cfa11d68ba5d791d5a360aa243c

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:48:12 +0000 (22:48 +0000)]

Merge "Fix NPDs in h263 decoder" into klp-dev am: 012e5fd39e am: 9e8dfb5938 am: 9e4a0e1fab
am: 3c4401fce8

Change-Id: Ib6bd99193a44fbd801906d234c42b3fa3d33fb9a

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:48:10 +0000 (22:48 +0000)]

Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am: 19b91af752
am: 8e3cf4d841

Change-Id: I804c61a21202d3c5aef3edac5872f56cef67753b

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:47:58 +0000 (22:47 +0000)]

Merge "Fix out of bounds access" into klp-dev am: 360cbbd72c am: f71b76cae8 am: 36c2e14da3
am: 8a3cc1963e

Change-Id: I72dd260e2ee0f9560c9322c3aaf7b93c8008607e

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:47:56 +0000 (22:47 +0000)]

Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am: 2076915c5f
am: dcda2ec2fe

Change-Id: I6759f0d478dd70baf59c3e006cb904d26793c1d4

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:43:54 +0000 (22:43 +0000)]

Merge "Fix integer overflow and divide-by-zero" into klp-dev am: b264ece2c0 am: bbca2719c6
am: c2e69851ea

Change-Id: I2720c4439848f9aab8d7fa4f93b548793d129a4f

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:43:40 +0000 (22:43 +0000)]

Merge "Fix NPDs in h263 decoder" into klp-dev am: 012e5fd39e am: 9e8dfb5938
am: 9e4a0e1fab

Change-Id: I17a5c0765c31c92a25e7c89a330aa656adc03baf

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:43:39 +0000 (22:43 +0000)]

Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev
am: 19b91af752

Change-Id: I83ad1fa809b82d1b4a6158b66ebffc5ae1d35590

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:43:27 +0000 (22:43 +0000)]

Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev
am: 2076915c5f

Change-Id: Ib9bc5c92218231acefda2800df84a8bffe2da92f

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:43:26 +0000 (22:43 +0000)]

Merge "Fix out of bounds access" into klp-dev am: 360cbbd72c am: f71b76cae8
am: 36c2e14da3

Change-Id: Ie6d46a6979bc89e2485fa4d2a25b21fc601e9783

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:39:25 +0000 (22:39 +0000)]

Merge "Fix integer overflow and divide-by-zero" into klp-dev am: b264ece2c0
am: bbca2719c6

Change-Id: If5ae485e1be0df3d4f61edf689d5b4c1520077b8

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:39:10 +0000 (22:39 +0000)]

Merge "Fix NPDs in h263 decoder" into klp-dev am: 012e5fd39e
am: 9e8dfb5938

Change-Id: I875cb7bba1bc6f6f443923a04629ae44a9d41140

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:38:56 +0000 (22:38 +0000)]

Merge "Fix out of bounds access" into klp-dev am: 360cbbd72c
am: f71b76cae8

Change-Id: I3306be5d7bb3867287732757dd14170527488b68

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:38:40 +0000 (22:38 +0000)]

Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:35:43 +0000 (22:35 +0000)]

Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:34:54 +0000 (22:34 +0000)]

Merge "Fix integer overflow and divide-by-zero" into klp-dev
am: b264ece2c0

Change-Id: Id65ef33cb965b6fbdec95d9429ee05b134fd14f3

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:34:40 +0000 (22:34 +0000)]

Merge "Fix NPDs in h263 decoder" into klp-dev
am: 012e5fd39e

Change-Id: I2ad3e1364472558cf48c51fb3e2a08002d74c32d

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:34:26 +0000 (22:34 +0000)]

Merge "Fix out of bounds access" into klp-dev
am: 360cbbd72c

Change-Id: I9ea32d31b1281689c4b5997a6c328630031c1795

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:31:24 +0000 (22:31 +0000)]

Merge "Fix integer overflow and divide-by-zero" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:30:25 +0000 (22:30 +0000)]

Merge "Fix NPDs in h263 decoder" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:28:40 +0000 (22:28 +0000)]

Merge "Fix out of bounds access" into klp-dev

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 18:59:57 +0000 (11:59 -0700)]

Add bounds check in SoftAACEncoder2::onQueueFilled()

Original code blindly copied some header information into the
user-supplied buffer without checking for sufficient space.
The code does check when it gets to filling the data -- it's
just the header copies that weren't checked.

Bug: 34617444
Test: ran POC before/after
Change-Id: I6e80ec90616f6cd02bb8316cd2d6e309b7e4729d

commit | commitdiff | tree

Marco Nelissen [Fri, 3 Mar 2017 21:37:27 +0000 (13:37 -0800)]

Fix NPDs in h263 decoder

Bug: 35269635
Test: decoded PoC with and without patch
Change-Id: I636a14360c7801cc5bca63c9cb44d1d235df8fd8

commit | commitdiff | tree

Ray Essick [Sat, 11 Mar 2017 00:03:40 +0000 (16:03 -0800)]

Fix TOCTOU problem in libstagefright_soft_aacenc

Fixes a configuration error where we sized a buffer initially based
on the configuration at the time and held onto the buffer through the
rest of our lifetime. If the configuration was changed in a way that
resulted in needing a different size buffer, the code did not make
this happen.

Patch keeps the buffer around but also stores the 'current allocation
size'. This allows the later code that preps the buffer to query if
the buffer size is same or changed. If changed, we discard the old
buffer and allocate a new one of the appropriate size.

safetynet logging added so we can tell how often this happens in the
field.

Testing was done on nyc-mr2 (where poc was built). Patch applies
without change to k/l/m/n/master.

Bug: 34621073
Test: run POC, saw new diagnostics saying it caught the size change.
Change-Id: Ia95aadc8c727434b7ba9628deeae327c405336d3

commit | commitdiff | tree

Marco Nelissen [Fri, 10 Mar 2017 19:28:44 +0000 (11:28 -0800)]

Fix out of bounds access

Bug: 34618607
Change-Id: I84f0ef948414d0b2d54e8948b6c30b8ae4da2b36

commit | commitdiff | tree

Andy Hung [Fri, 10 Mar 2017 22:42:59 +0000 (22:42 +0000)]

Merge "DO NOT MERGE AudioFlinger: Check framecount overflow when creating track" into klp-dev am: e0da30dc57 am: 737754e97a am: de6072164a -s ours
am: 9fe1d60957 -s ours

Change-Id: I06683878d8e39e9d9dcae9f897124c36f6b968bf

commit | commitdiff | tree

Andy Hung [Fri, 10 Mar 2017 22:39:58 +0000 (22:39 +0000)]

Merge "DO NOT MERGE AudioFlinger: Check framecount overflow when creating track" into klp-dev am: e0da30dc57 am: 737754e97a
am: de6072164a -s ours

Change-Id: I33a81bea7f8e210dbadade3f9bd63a3decbfb478

frameworks/av

RSS Atom

About OSDN

Find Software

Develop Software

Help