git.osdn.net Git - android-x86/frameworks-av.git/log

OSDN Git Service

(root) / android-x86 / frameworks-av.git / log

commit | commitdiff | tree

Wei Jia [Mon, 14 Aug 2017 22:22:12 +0000 (22:22 +0000)]

[automerger] MPEG4Source: fix fragmented read. am: 5c57e911b4

Change-Id: If51ef2fb8858fa23a4503f031e9a9127c975ef36

commit | commitdiff | tree

Wei Jia [Fri, 24 Mar 2017 21:04:05 +0000 (14:04 -0700)]

MPEG4Source: fix fragmented read.

Test: passed CTS test DecoderTest#testDecodeFragmented
Bug: 64314728
Bug: 36571704
Change-Id: I71ad6aaae473b03483f8405899d3178148597bba
(cherry picked from commit ba9af7792dfed6e9b1b216aab91a97e713eec891)
(cherry picked from commit 6b401a337674f2f22b7589534700a33187899869)

commit | commitdiff | tree

Mikhail Naganov [Mon, 14 Aug 2017 19:36:51 +0000 (19:36 +0000)]

[automerger] Add EFFECT_CMD_SET_PARAM parameter checking to Downmix and Reverb am: 804632afcd

Change-Id: Ie44dd9c0d77ebcbc1b33603f06bb3fd3d86c6174

commit | commitdiff | tree

Mikhail Naganov [Tue, 25 Jul 2017 00:25:47 +0000 (17:25 -0700)]

Add EFFECT_CMD_SET_PARAM parameter checking to Downmix and Reverb

Bug: 63662938
Bug: 63526567
Test: Added CTS tests

Change-Id: I8ed398cd62a9f461b0590e37f593daa3d8e4dbc4

commit | commitdiff | tree

Marco Nelissen [Fri, 4 Aug 2017 22:33:10 +0000 (22:33 +0000)]

Merge "Skip track if verification fails" into klp-dev
am: ab2c5046ef

Change-Id: Ica76922fc399fe0e5b6af23d613a2f6e5bc7820b

commit | commitdiff | tree

TreeHugger Robot [Fri, 4 Aug 2017 22:28:18 +0000 (22:28 +0000)]

Merge "Skip track if verification fails" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Tue, 18 Jul 2017 21:57:11 +0000 (14:57 -0700)]

Skip track if verification fails

Bug: 62187433
Test: ran poc, CTS
Merged-In: Ib9b0b6de88d046d8149e9ea5073d6c40ffec7b0c
Change-Id: Ib9b0b6de88d046d8149e9ea5073d6c40ffec7b0c

commit | commitdiff | tree

Chong Zhang [Tue, 18 Jul 2017 22:20:12 +0000 (22:20 +0000)]

Merge "stagefright: check aac_frame_length to prevent infinite loop" into klp-dev
am: d371d08bcc

Change-Id: I6b7dcadbed62315968055d98dd2ffba3228016f9

commit | commitdiff | tree

Chong Zhang [Tue, 18 Jul 2017 22:14:50 +0000 (22:14 +0000)]

Merge "stagefright: check aac_frame_length to prevent infinite loop" into klp-dev

commit | commitdiff | tree

Wei Jia [Tue, 18 Jul 2017 19:01:03 +0000 (19:01 +0000)]

MediaPlayerService: fix access of mPlayer in client
am: 502c2f4053

Change-Id: Ib8920a866131f8db7bc0dce0472c257121297de6

commit | commitdiff | tree

Wei Jia [Fri, 14 Jul 2017 00:47:56 +0000 (17:47 -0700)]

MediaPlayerService: fix access of mPlayer in client

Test: poc doesn't crash
Bug: 38234812
Change-Id: I6f9be046ff66d2d5bed27bd712287e4ead550830

commit | commitdiff | tree

Wei Jia [Fri, 14 Jul 2017 23:34:32 +0000 (23:34 +0000)]

Merge "DO NOT MERGE : MPEG4Extractor: ensure returned status is checked." into klp-dev
am: da84963c1f

Change-Id: I979beafef27724be51e567fabc64b2b49ebb1a3b

commit | commitdiff | tree

Wei Jia [Fri, 14 Jul 2017 23:25:32 +0000 (23:25 +0000)]

Merge "DO NOT MERGE : MPEG4Extractor: ensure returned status is checked." into klp-dev

commit | commitdiff | tree

Eric Laurent [Mon, 10 Jul 2017 20:00:32 +0000 (20:00 +0000)]

Merge "audio effects: filter reserved effect commands" into klp-dev
am: f57dc8b72f

Change-Id: Ia41a68044abc25ac120ad63a27281345dd959fb7

commit | commitdiff | tree

TreeHugger Robot [Mon, 10 Jul 2017 19:52:17 +0000 (19:52 +0000)]

Merge "audio effects: filter reserved effect commands" into klp-dev

commit | commitdiff | tree

Chong Zhang [Sat, 8 Jul 2017 01:25:16 +0000 (18:25 -0700)]

stagefright: check aac_frame_length to prevent infinite loop

bug: 62673179
Change-Id: I5da44822ad2ff59d396d1df42f34cd0a5620e134

commit | commitdiff | tree

Wei Jia [Wed, 15 Feb 2017 01:07:24 +0000 (17:07 -0800)]

DO NOT MERGE : MPEG4Extractor: ensure returned status is checked.

Also fix handling of zero atom size in MPEG4Source::parseChunk.
IDataSource: ensure readAt returns correct status.
Test: manually test with mediaplayer.
Bug: 34718515
Change-Id: I1219ec579aa0876dc1230e36af46b158b84c6d77

(cherry picked from commit ff1fb4d5cdd3b2b28c69edd8cd3021e335ca381a)

commit | commitdiff | tree

Andy Hung [Mon, 19 Jun 2017 16:50:40 +0000 (16:50 +0000)]

Track: Check buffer size of static tracks
am: cf39f0e67a

Change-Id: Iad9a3f69fa97d8da9db8f1fed864a2e15d5bbb2a

commit | commitdiff | tree

Eric Laurent [Fri, 16 Jun 2017 01:43:46 +0000 (18:43 -0700)]

audio effects: filter reserved effect commands

Block effect commands reserved for framework use when
received on server side IAudioEffect. Applications have no reason
to use these commands and they present a unnecessary attack surface.

Bug: 62019992
Test: run CTS tests for audio effects
Change-Id: Ie680d5d5650f99dbabf93891703e1cde2c2e852d

commit | commitdiff | tree

Andy Hung [Fri, 16 Jun 2017 23:49:37 +0000 (23:49 +0000)]

AudioFlinger: Fix memory allocation for client-less tracks
am: 1159ffd5e3

Change-Id: Id200ee51632763d8fc5d2facace4a3b7dfbeadf0

commit | commitdiff | tree

Andy Hung [Tue, 13 Jun 2017 00:22:46 +0000 (17:22 -0700)]

Track: Check buffer size of static tracks

Merged-In: Ia7edd9a802905214a27961dbcec6352f6ef98f73
Merged-In: I633caf563d3607dbe4b9be10be1687efce33469c
Test: Native POC
Bug: 38340117
Change-Id: I633caf563d3607dbe4b9be10be1687efce33469c

commit | commitdiff | tree

Andy Hung [Tue, 14 Feb 2017 02:50:48 +0000 (18:50 -0800)]

AudioFlinger: Fix memory allocation for client-less tracks

Test: Ringtone with BT
Bug: 35350587
Bug: 38340117
Change-Id: If247d319d58f8f4d18b49f58ec950491871ebb2d
(cherry picked from commit afb31487f3156a7284d2f0d06646c7bc00d99537)

commit | commitdiff | tree

Ricardo Garcia [Wed, 7 Jun 2017 13:24:12 +0000 (13:24 +0000)]

Merge "Fix security vulnerability: Equalizer setParameter memory overflow" into klp-dev
am: ef3a4aead0

Change-Id: I31e26961aaf4ca49c8c4bfa3c4dccd03bab63286

commit | commitdiff | tree

Ricardo Garcia [Wed, 7 Jun 2017 13:19:48 +0000 (13:19 +0000)]

Merge "Fix security vulnerability: Equalizer setParameter memory overflow" into klp-dev

commit | commitdiff | tree

Pawin Vongmasa [Wed, 7 Jun 2017 04:56:39 +0000 (04:56 +0000)]

Merge "Check the buffer index from acquireBuffer" into klp-dev
am: d050902155

Change-Id: I45700eef5e0a9eec1bcfdc4d810f20d2a5668531

commit | commitdiff | tree

TreeHugger Robot [Wed, 7 Jun 2017 04:51:35 +0000 (04:51 +0000)]

Merge "Check the buffer index from acquireBuffer" into klp-dev

commit | commitdiff | tree

rago [Mon, 5 Jun 2017 19:15:05 +0000 (12:15 -0700)]

Fix security vulnerability: Equalizer setParameter memory overflow

Bug: 37563371

Test: use POC on bug or cts security test
Change-Id: I9c9453a222b53fd5ef821330a34cb9e938e4d9c5

commit | commitdiff | tree

Andy Hung [Tue, 6 Jun 2017 20:55:13 +0000 (20:55 +0000)]

Merge "EffectBundle: Check value size for get preset name" into klp-dev
am: f5d6e98996

Change-Id: I1af8959b4866ca2e45e2ef2aeb54806ac09e5176

commit | commitdiff | tree

Andy Hung [Tue, 6 Jun 2017 20:50:11 +0000 (20:50 +0000)]

Merge "EffectBundle: Check value size for get preset name" into klp-dev

commit | commitdiff | tree

Ray Essick [Tue, 6 Jun 2017 20:15:34 +0000 (20:15 +0000)]

Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev
am: 021575025c

Change-Id: I5a5dd6e53b177854de9121bf7650f334a4fc67e9

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 20:15:14 +0000 (20:15 +0000)]

Merge "m4v_h263: update width/height only when they are valid." into klp-dev
am: 2da03f40eb

Change-Id: I51de2fdbad57019904bcbc005e0fa85b6a8f54ed

commit | commitdiff | tree

TreeHugger Robot [Tue, 6 Jun 2017 20:10:08 +0000 (20:10 +0000)]

Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev

commit | commitdiff | tree

TreeHugger Robot [Tue, 6 Jun 2017 20:05:05 +0000 (20:05 +0000)]

Merge "m4v_h263: update width/height only when they are valid." into klp-dev

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 18:48:36 +0000 (18:48 +0000)]

Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev
am: da924b45e1

Change-Id: I346cc9a7df899bb760abb7eb99f684f0d40ceced

commit | commitdiff | tree

Wei Jia [Tue, 6 Jun 2017 18:39:58 +0000 (18:39 +0000)]

Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev

commit | commitdiff | tree

Ray Essick [Fri, 2 Jun 2017 20:07:19 +0000 (13:07 -0700)]

better manage buffer for libstagefright_soft_mpeg4enc

Existing code allocated buffer, adjusted pointer to use it, and would
adjust the pointer back when it came time to free the space. The problem
was that the adjustment was based on user-supplied values and if the
user changed those values between alloc and free (which was possible),
the code ended up free()ing the wrong address.

We fix this by keeping an extra pointer -- the unmodified allocation --
which we use for the subsequent free() calls. This makes the free()
independent of any changes to values that the user provides.

Bug: 36075363
Test: ran poc against patched nyc-mr2-dev tree
Change-Id: I7013ff5883a945c4647517b2980c76a6558f23d2

commit | commitdiff | tree

Marco Nelissen [Fri, 2 Jun 2017 04:05:59 +0000 (04:05 +0000)]

Merge "Fix potential leak" into klp-dev
am: 2f9eacc3ae

Change-Id: I7e3a53be249eff99dd895e500f9833ad55a184b0

commit | commitdiff | tree

TreeHugger Robot [Fri, 2 Jun 2017 04:02:09 +0000 (04:02 +0000)]

Merge "Fix potential leak" into klp-dev

commit | commitdiff | tree

Pawin Vongmasa [Tue, 23 May 2017 01:24:30 +0000 (18:24 -0700)]

Check the buffer index from acquireBuffer

Test: Run the POC
Test: Small CtsMediaTestCases
Bug: 37563942
Merged-In: I8ddfbc91a08d96de1f732e6776d6f90997042f6b
Change-Id: I8ddfbc91a08d96de1f732e6776d6f90997042f6b

commit | commitdiff | tree

Wei Jia [Fri, 19 May 2017 21:34:10 +0000 (14:34 -0700)]

DO NOT MERGE - m4v_h263: check header first before decoding a frame.

Test: fix the file in the bug
Bug: 37660827
Change-Id: I9d6919f96c0c9f29221be1e8e852ecb21062bad9

commit | commitdiff | tree

Wei Jia [Thu, 18 May 2017 19:43:12 +0000 (12:43 -0700)]

m4v_h263: update width/height only when they are valid.

Test: the file in the bug doesn't crash
Bug: 37079296
Change-Id: Ie092971dda568119ca38ec67d65ccfc00df93185

commit | commitdiff | tree

Andy Hung [Tue, 16 May 2017 19:04:50 +0000 (12:04 -0700)]

EffectBundle: Check value size for get preset name

Test: CTS testAllEffectsEqualizer_CVE_2017_0401
Bug: 37536407
Change-Id: I347af04677fc49a01efb549f06ff81d1a00dc4d0

commit | commitdiff | tree

Marco Nelissen [Tue, 16 May 2017 15:27:25 +0000 (15:27 +0000)]

Merge "Fix memory leak in error case" into klp-dev
am: 5136b7436f

Change-Id: I479e015461fa46227c4cae49829b0f3c0d769de9

commit | commitdiff | tree

Marco Nelissen [Tue, 16 May 2017 15:20:59 +0000 (15:20 +0000)]

Merge "Fix memory leak in error case" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 15 May 2017 16:50:55 +0000 (16:50 +0000)]

Limit ogg packet size
am: bf928560ac

Change-Id: I102f6e9b1b4933d043b2a3e1e3f7fc885aaf6779

commit | commitdiff | tree

Marco Nelissen [Fri, 12 May 2017 22:35:30 +0000 (15:35 -0700)]

Limit ogg packet size

A malformed ogg file might lace together a very large packet, which
could lead to out of memory conditions. Limit the packet size to
avoid this.

Bug: 36592202
Change-Id: I8650b3ec54a0de9ec302a7cbac296bb85efcfb3d

commit | commitdiff | tree

Marco Nelissen [Fri, 12 May 2017 17:45:14 +0000 (10:45 -0700)]

Fix memory leak in error case

Bug: 37239013
Change-Id: Ic33e0f7ed946d0729efa46f69aff1a5d35e81b1e

commit | commitdiff | tree

Marco Nelissen [Tue, 9 May 2017 21:17:06 +0000 (14:17 -0700)]

Fix potential leak

Fix potential memory leak introduced with bugfix for bug 31449945.

Bug: 36389123
Change-Id: I5a9a3551692d6cba385b45c4c7a465aa377a62b1

commit | commitdiff | tree

Marco Nelissen [Mon, 10 Apr 2017 20:27:43 +0000 (20:27 +0000)]

Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev
am: 922ad6183e

Change-Id: I8fbd67b5fe298d6f842d224109e2ab0b52a2b59a

commit | commitdiff | tree

Marco Nelissen [Mon, 10 Apr 2017 19:57:08 +0000 (19:57 +0000)]

Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev

commit | commitdiff | tree

Roger1 Jonsson [Wed, 5 Apr 2017 22:49:34 +0000 (22:49 +0000)]

Avoid crash for stss sync sample number 0
am: 5c364997a3

Change-Id: Ia97daf543c65b52db1c5d09471ed8d00a434364d

commit | commitdiff | tree

Roger1 Jonsson [Wed, 26 Oct 2016 07:20:00 +0000 (09:20 +0200)]

Avoid crash for stss sync sample number 0

A sample number value of 0 means that the value stored in
the mSyncSamples array, would become negative (-1),
when converted to index value. This causes a crash.

Make sure that stss sample numbers are bigger
than 0 before converting sample number to index value.

Bug: 32423862
bug: 35645051
Test: Playback video that triggers stss sync sample number 0
Change-Id: I35bee7c718e01b086d7e05deda13b38083f509f5

commit | commitdiff | tree

Marco Nelissen [Mon, 27 Mar 2017 22:04:25 +0000 (15:04 -0700)]

Don't allow using or allocating a buffer after the first state transition

Bug: 35467458
Change-Id: Ia76c8cec8ad2abb95ca29b2a89075f7acab4b174

commit | commitdiff | tree

Robert Shih [Tue, 14 Mar 2017 23:45:27 +0000 (23:45 +0000)]

DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
am: 13c77f4fe0

Change-Id: Ib7f8b77b3ba27fcd8e61e540eb39259cb287185c

commit | commitdiff | tree

Robert Shih [Mon, 24 Oct 2016 18:38:31 +0000 (11:38 -0700)]

DO NOT MERGE FLACExtractor: copy protect mWriteBuffer

Bug: 30895578
Bug: 34970788
Change-Id: I4cba36bbe3502678210e5925181683df9726b431

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:43:39 +0000 (22:43 +0000)]

Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev
am: 19b91af752

Change-Id: I83ad1fa809b82d1b4a6158b66ebffc5ae1d35590

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:43:27 +0000 (22:43 +0000)]

Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev
am: 2076915c5f

Change-Id: Ib9bc5c92218231acefda2800df84a8bffe2da92f

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:38:40 +0000 (22:38 +0000)]

Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 22:35:43 +0000 (22:35 +0000)]

Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:34:54 +0000 (22:34 +0000)]

Merge "Fix integer overflow and divide-by-zero" into klp-dev
am: b264ece2c0

Change-Id: Id65ef33cb965b6fbdec95d9429ee05b134fd14f3

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:34:40 +0000 (22:34 +0000)]

Merge "Fix NPDs in h263 decoder" into klp-dev
am: 012e5fd39e

Change-Id: I2ad3e1364472558cf48c51fb3e2a08002d74c32d

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:34:26 +0000 (22:34 +0000)]

Merge "Fix out of bounds access" into klp-dev
am: 360cbbd72c

Change-Id: I9ea32d31b1281689c4b5997a6c328630031c1795

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:31:24 +0000 (22:31 +0000)]

Merge "Fix integer overflow and divide-by-zero" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:30:25 +0000 (22:30 +0000)]

Merge "Fix NPDs in h263 decoder" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Mar 2017 22:28:40 +0000 (22:28 +0000)]

Merge "Fix out of bounds access" into klp-dev

commit | commitdiff | tree

Ray Essick [Mon, 13 Mar 2017 18:59:57 +0000 (11:59 -0700)]

Add bounds check in SoftAACEncoder2::onQueueFilled()

Original code blindly copied some header information into the
user-supplied buffer without checking for sufficient space.
The code does check when it gets to filling the data -- it's
just the header copies that weren't checked.

Bug: 34617444
Test: ran POC before/after
Change-Id: I6e80ec90616f6cd02bb8316cd2d6e309b7e4729d

commit | commitdiff | tree

Marco Nelissen [Fri, 3 Mar 2017 21:37:27 +0000 (13:37 -0800)]

Fix NPDs in h263 decoder

Bug: 35269635
Test: decoded PoC with and without patch
Change-Id: I636a14360c7801cc5bca63c9cb44d1d235df8fd8

commit | commitdiff | tree

Ray Essick [Sat, 11 Mar 2017 00:03:40 +0000 (16:03 -0800)]

Fix TOCTOU problem in libstagefright_soft_aacenc

Fixes a configuration error where we sized a buffer initially based
on the configuration at the time and held onto the buffer through the
rest of our lifetime. If the configuration was changed in a way that
resulted in needing a different size buffer, the code did not make
this happen.

Patch keeps the buffer around but also stores the 'current allocation
size'. This allows the later code that preps the buffer to query if
the buffer size is same or changed. If changed, we discard the old
buffer and allocate a new one of the appropriate size.

safetynet logging added so we can tell how often this happens in the
field.

Testing was done on nyc-mr2 (where poc was built). Patch applies
without change to k/l/m/n/master.

Bug: 34621073
Test: run POC, saw new diagnostics saying it caught the size change.
Change-Id: Ia95aadc8c727434b7ba9628deeae327c405336d3

commit | commitdiff | tree

Marco Nelissen [Fri, 10 Mar 2017 19:28:44 +0000 (11:28 -0800)]

Fix out of bounds access

Bug: 34618607
Change-Id: I84f0ef948414d0b2d54e8948b6c30b8ae4da2b36

commit | commitdiff | tree

Andy Hung [Fri, 10 Mar 2017 22:32:59 +0000 (22:32 +0000)]

Merge "DO NOT MERGE AudioFlinger: Check framecount overflow when creating track" into klp-dev
am: e0da30dc57

Change-Id: Ia8aee821949f27b81e5c0ddca2e39aa9e478a432

commit | commitdiff | tree

Andy Hung [Fri, 10 Mar 2017 22:29:51 +0000 (22:29 +0000)]

Merge "DO NOT MERGE AudioFlinger: Check framecount overflow when creating track" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Thu, 9 Mar 2017 23:01:55 +0000 (15:01 -0800)]

Fix integer overflow and divide-by-zero

Bug: 35763994
Test: ran CTS with and without fix
Change-Id: If835e97ce578d4fa567e33e349e48fb7b2559e0e

commit | commitdiff | tree

Wonsik Kim [Thu, 16 Feb 2017 01:28:51 +0000 (01:28 +0000)]

DO NOT MERGE codecs: handle onReset() for a few encoders
am: dd447c354e

Change-Id: I0f2bde22c3e3b19d364ffce46f2e7c67f4016d75

commit | commitdiff | tree

Wonsik Kim [Fri, 10 Feb 2017 05:29:40 +0000 (14:29 +0900)]

DO NOT MERGE codecs: handle onReset() for a few encoders

Test: Run PoC binaries
Bug: 34749392
Bug: 34705519
Change-Id: I3356eb615b0e79272d71d72578d363671038c6dd

commit | commitdiff | tree

Andy Hung [Tue, 14 Feb 2017 02:48:39 +0000 (18:48 -0800)]

DO NOT MERGE AudioFlinger: Check framecount overflow when creating track

Test: Native POC
Bug: 34749571
Change-Id: I7529658e52ac7e64d162eb5338f10fb25eaa8fe7

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Feb 2017 21:41:14 +0000 (21:41 +0000)]

Merge "Fix overflow check and check read result" into klp-dev
am: b6aa3901ce

Change-Id: I80ef33d8f0593fa723077e91a5ca406f27b0b746

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Feb 2017 21:40:59 +0000 (21:40 +0000)]

Merge "stagefright: parseApp check data boundary conditions" into klp-dev
am: 65433ff04d

Change-Id: I6be526b6ed9df22c9699445efaa4f0ed2ae266b4

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Feb 2017 21:36:48 +0000 (21:36 +0000)]

Merge "Fix overflow check and check read result" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 13 Feb 2017 21:35:18 +0000 (21:35 +0000)]

Merge "stagefright: parseApp check data boundary conditions" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Mon, 6 Feb 2017 22:12:30 +0000 (14:12 -0800)]

Fix overflow check and check read result

Bug: 33861560
Test: build
Change-Id: Ia85519766e19a6e37237166f309750b3e8323c4e

commit | commitdiff | tree

Eino-Ville Talvala [Thu, 2 Feb 2017 23:47:02 +0000 (23:47 +0000)]

Merge "CameraBase: Don't return an sp<> by reference" into klp-dev
am: fdf64bab96

Change-Id: Ied7016c8cfaaa0d7ed714f753b8827cf0179cb1a

commit | commitdiff | tree

Eino-Ville Talvala [Thu, 2 Feb 2017 23:47:01 +0000 (23:47 +0000)]

CameraBase: Don't return an sp<> by reference
am: 4b49489c12

Change-Id: I4befb08a206d22e71a6ab2bfd44fb90ddbd62915

commit | commitdiff | tree

Eino-Ville Talvala [Thu, 2 Feb 2017 23:42:07 +0000 (23:42 +0000)]

Merge "CameraBase: Don't return an sp<> by reference" into klp-dev

commit | commitdiff | tree

Marco Nelissen [Thu, 2 Feb 2017 21:24:19 +0000 (21:24 +0000)]

Revert "Turn off overflow protection for various math functions"
am: 2dd1d5e02e

Change-Id: I37734de98f269e6886be0578b4ff9db31229c8de

commit | commitdiff | tree

Marco Nelissen [Thu, 2 Feb 2017 20:53:17 +0000 (20:53 +0000)]

Revert "Turn off overflow protection for various math functions"

This reverts commit cbf5e6915c42c691a6ccb9a5d249e450f9e67467.

Change-Id: I0a81c26d22fee36485b21c285dcc91fbd518e1dd

commit | commitdiff | tree

Eino-Ville Talvala [Wed, 1 Feb 2017 23:27:41 +0000 (15:27 -0800)]

CameraBase: Don't return an sp<> by reference

If the server dies, the binder death callback clears out
the global camera service sp<>, and any current references to it
will become quite unhappy.

Test: Camera CTS passes
Bug: 31992879
Change-Id: I2966bed35d0319e3f26e3d4b1b8dc08006a22348

commit | commitdiff | tree

Marco Nelissen [Thu, 2 Feb 2017 19:31:52 +0000 (19:31 +0000)]

Turn off overflow protection for various math functions
am: cbf5e6915c

Change-Id: Iee62ce7ef71208e30d9ee7b98342163bfc997779

commit | commitdiff | tree

Marco Nelissen [Wed, 1 Feb 2017 23:35:35 +0000 (15:35 -0800)]

Turn off overflow protection for various math functions

These functions also exist as arm assembly files, where the overflows
just wrap around, and this makes their plain C equivalents behave
the same.

Bug: 32577290
Bug: 33071964
Test: ran PoC for bug 32577290 using plain C source code
Change-Id: I73c2609589e7a89d36f6c44391548312259daf14

commit | commitdiff | tree

Mark Salyzyn [Mon, 23 Jun 2014 21:13:22 +0000 (14:13 -0700)]

stagefright: parseApp check data boundary conditions

Test: compile, no poc for boundary violation.
Bug: 34056274
Change-Id: I23f5ccba8f211e01d9a3a741c8ea537b55aab4e2

commit | commitdiff | tree

Marco Nelissen [Tue, 17 Jan 2017 18:27:32 +0000 (18:27 +0000)]

Don't CHECK when buffer is too large
am: c2f0c73bfc

Change-Id: Ibcc5b7a28092fdcba5082b956e3bbdb0fc2d3f4a

commit | commitdiff | tree

Marco Nelissen [Fri, 6 Jan 2017 21:57:51 +0000 (13:57 -0800)]

Don't CHECK when buffer is too large

Bug: 31647370
Test: ran CTS test with and without patch
Change-Id: I4e3a37aabc9387432671c1c0c469241142612cc4

commit | commitdiff | tree

Eric Laurent [Wed, 4 Jan 2017 22:15:29 +0000 (22:15 +0000)]

DO NOT MERGE - improve audio effect framwework thread safety
am: b47a5ab107

Change-Id: I46af7560653784852e771a2eefd581989aac0644

commit | commitdiff | tree

Eric Laurent [Thu, 1 Dec 2016 23:28:29 +0000 (15:28 -0800)]

DO NOT MERGE - improve audio effect framwework thread safety

- Reorganize handle effect creation code to make sure the effect engine
is created with both thread and effect chain mutex held.
- Reorganize handle disconnect code to make sure the effect engine
is released with both thread and effect chain mutex held.
- Protect IEffect interface methods in EffectHande with a Mutex.
- Only pin effect if the session was acquired first.
- Do not use strong pointer to EffectModule in EffectHandles:
only the EffectChain has a single strong reference to the EffectModule.
- Check reply size before writing status in EffectHandle::command()

Bug: 32707507
Bug: 32095713

Change-Id: Ia1098cba2cd32cc2d1c9dfdff4adc2388dfed80e

commit | commitdiff | tree

Andy Hung [Sat, 3 Dec 2016 00:36:02 +0000 (00:36 +0000)]

Merge "Effect: Use local cached data for Effect commit" into klp-dev
am: 1576f5968c

Change-Id: I3310e7efeb0bcd1826d112e94e13f46ce5234755

commit | commitdiff | tree

Andy Hung [Sat, 3 Dec 2016 00:36:01 +0000 (00:36 +0000)]

Effect: Use local cached data for Effect commit
am: dd79ccda92

Change-Id: Ide8165907e03b9d400eaa33a222ceeae782d6509

commit | commitdiff | tree

Andy Hung [Sat, 3 Dec 2016 00:32:27 +0000 (00:32 +0000)]

Merge "Effect: Use local cached data for Effect commit" into klp-dev

commit | commitdiff | tree

rago [Wed, 30 Nov 2016 19:12:17 +0000 (19:12 +0000)]

Fix security vulnerability: potential OOB write in audioserver
am: e275907e57

Change-Id: I38086dbaeeef1c068887cc20aca9d557bb159372

commit | commitdiff | tree

rago [Wed, 23 Nov 2016 02:02:48 +0000 (18:02 -0800)]

Fix security vulnerability: potential OOB write in audioserver

Bug: 32705438
Bug: 32703959
Test: cts security test
Change-Id: I8900c92fa55b56c4c2c9d721efdbabe6bfc8a4a4

commit | commitdiff | tree

Andy Hung [Wed, 16 Nov 2016 01:19:58 +0000 (17:19 -0800)]

Effect: Use local cached data for Effect commit

Test: POC, Cts Effect, BassBoost, EnvReverb, Equalizer,
Test: LoudnessEnhancer, PresetReverb, Virtualizer, Visualizer
Bug: 32220769
Change-Id: Iea96ba0daf71691ee8954cca4ba1c10fe827626e

commit | commitdiff | tree

Ricardo Garcia [Tue, 15 Nov 2016 23:28:07 +0000 (23:28 +0000)]

Merge "Fix security vulnerability: Effect command might allow negative indexes" into klp-dev
am: 501aee7a54

Change-Id: I7386c90f91d41d2b6df3efc28cfa6e4b4f79608a

frameworks/av

RSS Atom

About OSDN

Find Software

Develop Software

Help