OSDN Git Service
Mikhail Naganov [Tue, 25 Jul 2017 00:25:47 +0000 (17:25 -0700)]
Add EFFECT_CMD_SET_PARAM parameter checking to Downmix and Reverb
Bug:
63662938
Bug:
63526567
Test: Added CTS tests
Change-Id: I8ed398cd62a9f461b0590e37f593daa3d8e4dbc4
TreeHugger Robot [Fri, 4 Aug 2017 22:28:18 +0000 (22:28 +0000)]
Merge "Skip track if verification fails" into klp-dev
Marco Nelissen [Tue, 18 Jul 2017 21:57:11 +0000 (14:57 -0700)]
Skip track if verification fails
Bug:
62187433
Test: ran poc, CTS
Merged-In: Ib9b0b6de88d046d8149e9ea5073d6c40ffec7b0c
Change-Id: Ib9b0b6de88d046d8149e9ea5073d6c40ffec7b0c
Chong Zhang [Tue, 18 Jul 2017 22:14:50 +0000 (22:14 +0000)]
Merge "stagefright: check aac_frame_length to prevent infinite loop" into klp-dev
Wei Jia [Fri, 14 Jul 2017 00:47:56 +0000 (17:47 -0700)]
MediaPlayerService: fix access of mPlayer in client
Test: poc doesn't crash
Bug:
38234812
Change-Id: I6f9be046ff66d2d5bed27bd712287e4ead550830
Wei Jia [Fri, 14 Jul 2017 23:25:32 +0000 (23:25 +0000)]
Merge "DO NOT MERGE : MPEG4Extractor: ensure returned status is checked." into klp-dev
TreeHugger Robot [Mon, 10 Jul 2017 19:52:17 +0000 (19:52 +0000)]
Merge "audio effects: filter reserved effect commands" into klp-dev
Chong Zhang [Sat, 8 Jul 2017 01:25:16 +0000 (18:25 -0700)]
stagefright: check aac_frame_length to prevent infinite loop
bug:
62673179
Change-Id: I5da44822ad2ff59d396d1df42f34cd0a5620e134
Wei Jia [Wed, 15 Feb 2017 01:07:24 +0000 (17:07 -0800)]
DO NOT MERGE : MPEG4Extractor: ensure returned status is checked.
Also fix handling of zero atom size in MPEG4Source::parseChunk.
IDataSource: ensure readAt returns correct status.
Test: manually test with mediaplayer.
Bug:
34718515
Change-Id: I1219ec579aa0876dc1230e36af46b158b84c6d77
(cherry picked from commit
ff1fb4d5cdd3b2b28c69edd8cd3021e335ca381a)
Eric Laurent [Fri, 16 Jun 2017 01:43:46 +0000 (18:43 -0700)]
audio effects: filter reserved effect commands
Block effect commands reserved for framework use when
received on server side IAudioEffect. Applications have no reason
to use these commands and they present a unnecessary attack surface.
Bug:
62019992
Test: run CTS tests for audio effects
Change-Id: Ie680d5d5650f99dbabf93891703e1cde2c2e852d
Andy Hung [Tue, 13 Jun 2017 00:22:46 +0000 (17:22 -0700)]
Track: Check buffer size of static tracks
Merged-In: Ia7edd9a802905214a27961dbcec6352f6ef98f73
Merged-In: I633caf563d3607dbe4b9be10be1687efce33469c
Test: Native POC
Bug:
38340117
Change-Id: I633caf563d3607dbe4b9be10be1687efce33469c
Andy Hung [Tue, 14 Feb 2017 02:50:48 +0000 (18:50 -0800)]
AudioFlinger: Fix memory allocation for client-less tracks
Test: Ringtone with BT
Bug:
35350587
Bug:
38340117
Change-Id: If247d319d58f8f4d18b49f58ec950491871ebb2d
(cherry picked from commit
afb31487f3156a7284d2f0d06646c7bc00d99537)
Ricardo Garcia [Wed, 7 Jun 2017 13:19:48 +0000 (13:19 +0000)]
Merge "Fix security vulnerability: Equalizer setParameter memory overflow" into klp-dev
TreeHugger Robot [Wed, 7 Jun 2017 04:51:35 +0000 (04:51 +0000)]
Merge "Check the buffer index from acquireBuffer" into klp-dev
rago [Mon, 5 Jun 2017 19:15:05 +0000 (12:15 -0700)]
Fix security vulnerability: Equalizer setParameter memory overflow
Bug:
37563371
Test: use POC on bug or cts security test
Change-Id: I9c9453a222b53fd5ef821330a34cb9e938e4d9c5
Andy Hung [Tue, 6 Jun 2017 20:50:11 +0000 (20:50 +0000)]
Merge "EffectBundle: Check value size for get preset name" into klp-dev
TreeHugger Robot [Tue, 6 Jun 2017 20:10:08 +0000 (20:10 +0000)]
Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev
TreeHugger Robot [Tue, 6 Jun 2017 20:05:05 +0000 (20:05 +0000)]
Merge "m4v_h263: update width/height only when they are valid." into klp-dev
Wei Jia [Tue, 6 Jun 2017 18:39:58 +0000 (18:39 +0000)]
Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev
Ray Essick [Fri, 2 Jun 2017 20:07:19 +0000 (13:07 -0700)]
better manage buffer for libstagefright_soft_mpeg4enc
Existing code allocated buffer, adjusted pointer to use it, and would
adjust the pointer back when it came time to free the space. The problem
was that the adjustment was based on user-supplied values and if the
user changed those values between alloc and free (which was possible),
the code ended up free()ing the wrong address.
We fix this by keeping an extra pointer -- the unmodified allocation --
which we use for the subsequent free() calls. This makes the free()
independent of any changes to values that the user provides.
Bug:
36075363
Test: ran poc against patched nyc-mr2-dev tree
Change-Id: I7013ff5883a945c4647517b2980c76a6558f23d2
TreeHugger Robot [Fri, 2 Jun 2017 04:02:09 +0000 (04:02 +0000)]
Merge "Fix potential leak" into klp-dev
Pawin Vongmasa [Tue, 23 May 2017 01:24:30 +0000 (18:24 -0700)]
Check the buffer index from acquireBuffer
Test: Run the POC
Test: Small CtsMediaTestCases
Bug:
37563942
Merged-In: I8ddfbc91a08d96de1f732e6776d6f90997042f6b
Change-Id: I8ddfbc91a08d96de1f732e6776d6f90997042f6b
Wei Jia [Fri, 19 May 2017 21:34:10 +0000 (14:34 -0700)]
DO NOT MERGE - m4v_h263: check header first before decoding a frame.
Test: fix the file in the bug
Bug:
37660827
Change-Id: I9d6919f96c0c9f29221be1e8e852ecb21062bad9
Wei Jia [Thu, 18 May 2017 19:43:12 +0000 (12:43 -0700)]
m4v_h263: update width/height only when they are valid.
Test: the file in the bug doesn't crash
Bug:
37079296
Change-Id: Ie092971dda568119ca38ec67d65ccfc00df93185
Andy Hung [Tue, 16 May 2017 19:04:50 +0000 (12:04 -0700)]
EffectBundle: Check value size for get preset name
Test: CTS testAllEffectsEqualizer_CVE_2017_0401
Bug:
37536407
Change-Id: I347af04677fc49a01efb549f06ff81d1a00dc4d0
Marco Nelissen [Tue, 16 May 2017 15:20:59 +0000 (15:20 +0000)]
Merge "Fix memory leak in error case" into klp-dev
Marco Nelissen [Fri, 12 May 2017 22:35:30 +0000 (15:35 -0700)]
Limit ogg packet size
A malformed ogg file might lace together a very large packet, which
could lead to out of memory conditions. Limit the packet size to
avoid this.
Bug:
36592202
Change-Id: I8650b3ec54a0de9ec302a7cbac296bb85efcfb3d
Marco Nelissen [Fri, 12 May 2017 17:45:14 +0000 (10:45 -0700)]
Fix memory leak in error case
Bug:
37239013
Change-Id: Ic33e0f7ed946d0729efa46f69aff1a5d35e81b1e
Marco Nelissen [Tue, 9 May 2017 21:17:06 +0000 (14:17 -0700)]
Fix potential leak
Fix potential memory leak introduced with bugfix for bug
31449945.
Bug:
36389123
Change-Id: I5a9a3551692d6cba385b45c4c7a465aa377a62b1
Marco Nelissen [Mon, 10 Apr 2017 19:57:08 +0000 (19:57 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev
Roger1 Jonsson [Wed, 26 Oct 2016 07:20:00 +0000 (09:20 +0200)]
Avoid crash for stss sync sample number 0
A sample number value of 0 means that the value stored in
the mSyncSamples array, would become negative (-1),
when converted to index value. This causes a crash.
Make sure that stss sample numbers are bigger
than 0 before converting sample number to index value.
Bug:
32423862
bug:
35645051
Test: Playback video that triggers stss sync sample number 0
Change-Id: I35bee7c718e01b086d7e05deda13b38083f509f5
Marco Nelissen [Mon, 27 Mar 2017 22:04:25 +0000 (15:04 -0700)]
Don't allow using or allocating a buffer after the first state transition
Bug:
35467458
Change-Id: Ia76c8cec8ad2abb95ca29b2a89075f7acab4b174
Robert Shih [Mon, 24 Oct 2016 18:38:31 +0000 (11:38 -0700)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
Bug:
30895578
Bug:
34970788
Change-Id: I4cba36bbe3502678210e5925181683df9726b431
Ray Essick [Mon, 13 Mar 2017 22:38:40 +0000 (22:38 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev
Ray Essick [Mon, 13 Mar 2017 22:35:43 +0000 (22:35 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev
Marco Nelissen [Mon, 13 Mar 2017 22:31:24 +0000 (22:31 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev
Marco Nelissen [Mon, 13 Mar 2017 22:30:25 +0000 (22:30 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev
Marco Nelissen [Mon, 13 Mar 2017 22:28:40 +0000 (22:28 +0000)]
Merge "Fix out of bounds access" into klp-dev
Ray Essick [Mon, 13 Mar 2017 18:59:57 +0000 (11:59 -0700)]
Add bounds check in SoftAACEncoder2::onQueueFilled()
Original code blindly copied some header information into the
user-supplied buffer without checking for sufficient space.
The code does check when it gets to filling the data -- it's
just the header copies that weren't checked.
Bug:
34617444
Test: ran POC before/after
Change-Id: I6e80ec90616f6cd02bb8316cd2d6e309b7e4729d
Marco Nelissen [Fri, 3 Mar 2017 21:37:27 +0000 (13:37 -0800)]
Fix NPDs in h263 decoder
Bug:
35269635
Test: decoded PoC with and without patch
Change-Id: I636a14360c7801cc5bca63c9cb44d1d235df8fd8
Ray Essick [Sat, 11 Mar 2017 00:03:40 +0000 (16:03 -0800)]
Fix TOCTOU problem in libstagefright_soft_aacenc
Fixes a configuration error where we sized a buffer initially based
on the configuration at the time and held onto the buffer through the
rest of our lifetime. If the configuration was changed in a way that
resulted in needing a different size buffer, the code did not make
this happen.
Patch keeps the buffer around but also stores the 'current allocation
size'. This allows the later code that preps the buffer to query if
the buffer size is same or changed. If changed, we discard the old
buffer and allocate a new one of the appropriate size.
safetynet logging added so we can tell how often this happens in the
field.
Testing was done on nyc-mr2 (where poc was built). Patch applies
without change to k/l/m/n/master.
Bug:
34621073
Test: run POC, saw new diagnostics saying it caught the size change.
Change-Id: Ia95aadc8c727434b7ba9628deeae327c405336d3
Marco Nelissen [Fri, 10 Mar 2017 19:28:44 +0000 (11:28 -0800)]
Fix out of bounds access
Bug:
34618607
Change-Id: I84f0ef948414d0b2d54e8948b6c30b8ae4da2b36
Andy Hung [Fri, 10 Mar 2017 22:29:51 +0000 (22:29 +0000)]
Merge "DO NOT MERGE AudioFlinger: Check framecount overflow when creating track" into klp-dev
Marco Nelissen [Thu, 9 Mar 2017 23:01:55 +0000 (15:01 -0800)]
Fix integer overflow and divide-by-zero
Bug:
35763994
Test: ran CTS with and without fix
Change-Id: If835e97ce578d4fa567e33e349e48fb7b2559e0e
Wonsik Kim [Fri, 10 Feb 2017 05:29:40 +0000 (14:29 +0900)]
DO NOT MERGE codecs: handle onReset() for a few encoders
Test: Run PoC binaries
Bug:
34749392
Bug:
34705519
Change-Id: I3356eb615b0e79272d71d72578d363671038c6dd
Andy Hung [Tue, 14 Feb 2017 02:48:39 +0000 (18:48 -0800)]
DO NOT MERGE AudioFlinger: Check framecount overflow when creating track
Test: Native POC
Bug:
34749571
Change-Id: I7529658e52ac7e64d162eb5338f10fb25eaa8fe7
Marco Nelissen [Mon, 13 Feb 2017 21:36:48 +0000 (21:36 +0000)]
Merge "Fix overflow check and check read result" into klp-dev
Marco Nelissen [Mon, 13 Feb 2017 21:35:18 +0000 (21:35 +0000)]
Merge "stagefright: parseApp check data boundary conditions" into klp-dev
Marco Nelissen [Mon, 6 Feb 2017 22:12:30 +0000 (14:12 -0800)]
Fix overflow check and check read result
Bug:
33861560
Test: build
Change-Id: Ia85519766e19a6e37237166f309750b3e8323c4e
Eino-Ville Talvala [Thu, 2 Feb 2017 23:42:07 +0000 (23:42 +0000)]
Merge "CameraBase: Don't return an sp<> by reference" into klp-dev
Marco Nelissen [Thu, 2 Feb 2017 20:53:17 +0000 (20:53 +0000)]
Revert "Turn off overflow protection for various math functions"
This reverts commit
cbf5e6915c42c691a6ccb9a5d249e450f9e67467.
Change-Id: I0a81c26d22fee36485b21c285dcc91fbd518e1dd
Eino-Ville Talvala [Wed, 1 Feb 2017 23:27:41 +0000 (15:27 -0800)]
CameraBase: Don't return an sp<> by reference
If the server dies, the binder death callback clears out
the global camera service sp<>, and any current references to it
will become quite unhappy.
Test: Camera CTS passes
Bug:
31992879
Change-Id: I2966bed35d0319e3f26e3d4b1b8dc08006a22348
Marco Nelissen [Wed, 1 Feb 2017 23:35:35 +0000 (15:35 -0800)]
Turn off overflow protection for various math functions
These functions also exist as arm assembly files, where the overflows
just wrap around, and this makes their plain C equivalents behave
the same.
Bug:
32577290
Bug:
33071964
Test: ran PoC for bug
32577290 using plain C source code
Change-Id: I73c2609589e7a89d36f6c44391548312259daf14
Mark Salyzyn [Mon, 23 Jun 2014 21:13:22 +0000 (14:13 -0700)]
stagefright: parseApp check data boundary conditions
Test: compile, no poc for boundary violation.
Bug:
34056274
Change-Id: I23f5ccba8f211e01d9a3a741c8ea537b55aab4e2
Marco Nelissen [Fri, 6 Jan 2017 21:57:51 +0000 (13:57 -0800)]
Don't CHECK when buffer is too large
Bug:
31647370
Test: ran CTS test with and without patch
Change-Id: I4e3a37aabc9387432671c1c0c469241142612cc4
Eric Laurent [Thu, 1 Dec 2016 23:28:29 +0000 (15:28 -0800)]
DO NOT MERGE - improve audio effect framwework thread safety
- Reorganize handle effect creation code to make sure the effect engine
is created with both thread and effect chain mutex held.
- Reorganize handle disconnect code to make sure the effect engine
is released with both thread and effect chain mutex held.
- Protect IEffect interface methods in EffectHande with a Mutex.
- Only pin effect if the session was acquired first.
- Do not use strong pointer to EffectModule in EffectHandles:
only the EffectChain has a single strong reference to the EffectModule.
- Check reply size before writing status in EffectHandle::command()
Bug:
32707507
Bug:
32095713
Change-Id: Ia1098cba2cd32cc2d1c9dfdff4adc2388dfed80e
Andy Hung [Sat, 3 Dec 2016 00:32:27 +0000 (00:32 +0000)]
Merge "Effect: Use local cached data for Effect commit" into klp-dev
rago [Wed, 23 Nov 2016 02:02:48 +0000 (18:02 -0800)]
Fix security vulnerability: potential OOB write in audioserver
Bug:
32705438
Bug:
32703959
Test: cts security test
Change-Id: I8900c92fa55b56c4c2c9d721efdbabe6bfc8a4a4
Andy Hung [Wed, 16 Nov 2016 01:19:58 +0000 (17:19 -0800)]
Effect: Use local cached data for Effect commit
Test: POC, Cts Effect, BassBoost, EnvReverb, Equalizer,
Test: LoudnessEnhancer, PresetReverb, Virtualizer, Visualizer
Bug:
32220769
Change-Id: Iea96ba0daf71691ee8954cca4ba1c10fe827626e
Ricardo Garcia [Tue, 15 Nov 2016 23:19:20 +0000 (23:19 +0000)]
Merge "Fix security vulnerability: Effect command might allow negative indexes" into klp-dev
rago [Mon, 14 Nov 2016 22:58:34 +0000 (14:58 -0800)]
Fix security vulnerability: Effect command might allow negative indexes
Bug:
32448258
Bug:
32095626
Test: Use POC bug or cts security test
Change-Id: I69f24eac5866f8d9090fc4c0ebe58c2c297b63df
Marco Nelissen [Fri, 11 Nov 2016 17:20:00 +0000 (09:20 -0800)]
Make VBRISeeker more robust
Bug:
32577290
Change-Id: I9bcc9422ae7dd3ae4a38df330c9dcd7ac4941ec8
Andy Hung [Thu, 10 Nov 2016 19:16:40 +0000 (19:16 +0000)]
Merge "Effects: Check get parameter command size" into klp-dev
Andy Hung [Thu, 10 Nov 2016 19:13:24 +0000 (19:13 +0000)]
Merge "DO NOT MERGE: Visualizer: Check capture size and latency parameters" into klp-dev
Ricardo Garcia [Wed, 9 Nov 2016 19:14:34 +0000 (19:14 +0000)]
Merge "Fix security vulnerability: Equalizer command might allow negative indexes" into klp-dev
Andy Hung [Sat, 5 Nov 2016 02:40:53 +0000 (19:40 -0700)]
Effects: Check get parameter command size
Test: Custom test.
Bug:
32438594
Bug:
32624850
Bug:
32635664
Change-Id: I9b1315e2c02f11bea395bfdcf5c1ccddccbad8a6
Ray Essick [Wed, 2 Nov 2016 21:15:43 +0000 (14:15 -0700)]
DO NOT MERGE: defensive parsing of mp3 album art information
several points in stagefrights mp3 album art code
used strlen() to parse user-supplied strings that may be
unterminated, resulting in reading beyond the end of a buffer.
This changes the code to use strnlen() for 8-bit encodings and
strengthens the parsing of 16-bit encodings similarly. It also
reworks how we watch for the end-of-buffer to avoid all over-reads.
Bug:
32377688
Test: crafted mp3's w/ good/bad cover art. See what showed in play music
Change-Id: Idbaf221fa2283b33e83f399562a3323dd095cc2c
rago [Mon, 31 Oct 2016 19:50:20 +0000 (12:50 -0700)]
Fix security vulnerability: Equalizer command might allow negative indexes
Bug:
32247948
Bug:
32438598
Bug:
32436341
Test: use POC on bug or cts security test
Change-Id: I91bd6aadb6c7410163e03101f365db767f4cd2a3
(cherry picked from commit
0872b65cff9129633471945431b9a5a28418049c)
Andy Hung [Wed, 19 Oct 2016 00:13:09 +0000 (17:13 -0700)]
DO NOT MERGE: Visualizer: Check capture size and latency parameters
Bug:
31781965
Change-Id: I1c439a0d0f6aa0057b3c651499f28426e1e1f5e4
Marco Nelissen [Thu, 13 Oct 2016 23:19:54 +0000 (23:19 +0000)]
Merge "DO NOT MERGE Fix divide by zero" into klp-dev
Ricardo Garcia [Thu, 13 Oct 2016 01:13:46 +0000 (01:13 +0000)]
Merge "Fix potential NULL dereference in Visualizer effect" into klp-dev
Pawin Vongmasa [Thu, 13 Oct 2016 00:47:33 +0000 (00:47 +0000)]
Merge "DO NOT MERGE - MPEG4Extractor: Check mLastTrack before dereferencing." into klp-dev
rago [Sat, 8 Oct 2016 01:16:09 +0000 (18:16 -0700)]
Fix potential NULL dereference in Visualizer effect
Bug:
30229821
Test: fixing CL. Existing unit tests still pass.
Change-Id: I6e4abd759d5d2abc3b391e92e2e18f060cab7af0
Lajos Molnar [Tue, 11 Oct 2016 15:41:51 +0000 (08:41 -0700)]
stagefright: don't fail MediaCodec.configure if clients use store-meta key
Even though storing metadata is not supported in MediaCodec.configure and
is only meant to be used by Stagefright recorder, don't fail configure.
Bug:
31986922
Change-Id: Id9f083be6e857e7a0d8d4a74159be5b8894e28be
Marco Nelissen [Thu, 6 Oct 2016 22:31:52 +0000 (15:31 -0700)]
DO NOT MERGE Fix divide by zero
and be stricter about the layout of various boxes in mp4 files.
Bug:
31318219
Change-Id: I50034d5b6b1967ca6e88aabeacf49f26ba3c0d32
Pawin Vongmasa [Fri, 30 Sep 2016 07:45:52 +0000 (00:45 -0700)]
DO NOT MERGE - MPEG4Extractor: Check mLastTrack before dereferencing.
Bug:
31449945
Change-Id: If2708b3006c22393e80a2557f93d8a71e4e7bf16
Robert Shih [Thu, 22 Sep 2016 00:25:48 +0000 (00:25 +0000)]
Merge "SampleIterator: clear members on seekTo error" into klp-dev
Marco Nelissen [Wed, 21 Sep 2016 20:35:16 +0000 (20:35 +0000)]
Merge "Limit mp4 atom size to something reasonable" into klp-dev
Marco Nelissen [Mon, 19 Sep 2016 23:22:56 +0000 (16:22 -0700)]
Limit mp4 atom size to something reasonable
Bug:
28615448
Change-Id: I5916f6839b4a9bbee4388a106e7373bcd4154f5a
Robert Shih [Wed, 21 Sep 2016 00:37:55 +0000 (17:37 -0700)]
SampleIterator: clear members on seekTo error
Bug:
31091777
Change-Id: Iddf99d0011961d0fd3d755e57db4365b6a6a1193
Marco Nelissen [Tue, 20 Sep 2016 20:36:40 +0000 (13:36 -0700)]
Check mprotect result
mprotect can theoretically fail, which could then let one exploit
a vulnerable codec if one exists on the device.
Bug:
31350239
Change-Id: I7b99c190619f0fb2eb93119596e6da0d2deb8ba5
Ricardo Garcia [Tue, 20 Sep 2016 00:27:26 +0000 (00:27 +0000)]
Merge "Fix potential overflow in Visualizer effect" into klp-dev
Chong Zhang [Mon, 19 Sep 2016 22:29:04 +0000 (15:29 -0700)]
IOMX: do not clear buffer if it's allocated by component
The component might depends on their buffers to be initialized
in certain ways to work. Don't clear unless we're allocating it.
bug:
31586647
Change-Id: Ia0a125797e414998ef0cd8ce03672f5b1e0bbf7a
Lajos Molnar [Wed, 14 Sep 2016 17:01:37 +0000 (10:01 -0700)]
IOMX: allow configuration after going to loaded state
This was disallowed recently but we still use it as MediaCodcec.stop
only goes to loaded state, and does not free component.
Bug:
31450460
Change-Id: I72e092e4e55c9f23b1baee3e950d76e84a5ef28d
Lajos Molnar [Fri, 9 Sep 2016 16:52:06 +0000 (16:52 +0000)]
Merge "DO NOT MERGE: IOMX: work against metadata buffer spoofing" into klp-dev
Wei Jia [Tue, 30 Aug 2016 20:49:06 +0000 (13:49 -0700)]
MediaPlayerService: allow next player to be NULL
Bug:
31155917
Bug:
30204103
Change-Id: I9a2a59ddb900fc942e7c19b31b53a110d790474c
rago [Tue, 23 Aug 2016 00:20:26 +0000 (17:20 -0700)]
Fix potential overflow in Visualizer effect
Bug:
30229821
Change-Id: Idd3c1563dc9d3261e6e168e945005bf133ab2cdb
(cherry picked from commit
099ab280775946e7c36c73fde47f2ee5a2579f53)
Robert Shih [Mon, 22 Aug 2016 17:53:09 +0000 (17:53 +0000)]
Merge "DO NOT MERGE MediaPlayerService: avoid invalid static cast" into klp-dev
Andy Hung [Fri, 19 Aug 2016 18:49:14 +0000 (18:49 +0000)]
Merge "Add EFFECT_CMD_SET_PARAM parameter checking" into klp-dev
Pawin Vongmasa [Fri, 19 Aug 2016 08:45:39 +0000 (01:45 -0700)]
DO NOT MERGE - Fix build breakage caused by commit
940829f69b52d6038db66a9c727534636ecc456d.
Change-Id: Ic55a9ab25ddb57f270c21d78ffcb556f3e11dd5d
Andy Hung [Wed, 17 Aug 2016 21:11:13 +0000 (14:11 -0700)]
Add EFFECT_CMD_SET_PARAM parameter checking
Bug:
30204301
Change-Id: Ib9c3ee1c2f23c96f8f7092dd9e146bc453d7a290
Lajos Molnar [Tue, 2 Aug 2016 14:07:05 +0000 (07:07 -0700)]
DO NOT MERGE: IOMX: work against metadata buffer spoofing
- Prohibit direct set/getParam/Settings for extensions meant for
OMXNodeInstance alone. This disallows enabling metadata mode
without the knowledge of OMXNodeInstance.
- Do not share metadata mode buffers cross process.
- Disallow setting up metadata mode/input surface
after first sendCommand (except to Idle for OMXCodec quirk).
- Disallow store-meta for input cross process.
- Disallow emptyBuffer for surface input (via IOMX).
- Fix checking for input surface.
[backported from L]
Bug:
29422020
Change-Id: I801c77b80e703903f62e42d76fd2e76a34e4bc8e
Robert Shih [Tue, 16 Aug 2016 23:50:54 +0000 (16:50 -0700)]
DO NOT MERGE MediaPlayerService: avoid invalid static cast
Bug:
30204103
Change-Id: Ie0dd3568a375f1e9fed8615ad3d85184bcc99028
Pawin Vongmasa [Tue, 19 Jul 2016 03:12:02 +0000 (20:12 -0700)]
DO NOT MERGE - SoftMPEG4: Check the buffer size before writing the reference frame.
Also prevent overflow in SoftMPEG4 and division by zero in SoftMPEG4Encoder.
Bug:
30033990
Change-Id: I7701f5fc54c2670587d122330e5dc851f64ed3c2
(cherry picked from commit
695123195034402ca76169b195069c28c30342d3)
Wonsik Kim [Thu, 21 Jul 2016 05:43:38 +0000 (14:43 +0900)]
DO NOT MERGE - stagefright: fix integer overflow error
Bug:
30103394
Change-Id: If449d3e30a0bf2ebea5317f41813bfed094f7408
(cherry picked from commit
2c74a3cd5d1d66b9a35424b9c4443dafa6db5bef)
Wonsik Kim [Thu, 7 Jul 2016 03:57:02 +0000 (12:57 +0900)]
omx: prevent input port enable/disable for software codecs
Bug:
29421804
Change-Id: Iba1011e9af942a6dff7f659af769a51e3f5ba66f
Robert Shih [Thu, 14 Jul 2016 22:32:08 +0000 (15:32 -0700)]
DO NOT MERGE - Fix build
Change-Id: Iff47bb735778fb275abeee573c636856b839feb5
Robert Shih [Thu, 14 Jul 2016 01:26:14 +0000 (01:26 +0000)]
Merge "DO NOT MERGE - SoftMP3: memset safely" into klp-dev
Robert Shih [Thu, 14 Jul 2016 01:18:10 +0000 (01:18 +0000)]
Merge "DO NOT MERGE - SoftVPX: fix nFilledLen overflow" into klp-dev
Robert Shih [Thu, 14 Jul 2016 01:16:52 +0000 (01:16 +0000)]
Merge "OMXCodec: check IMemory::pointer() before using allocation" into klp-dev