OSDN Git Service
Chong Zhang [Tue, 18 Jul 2017 22:30:48 +0000 (22:30 +0000)]
Merge "stagefright: check aac_frame_length to prevent infinite loop" into klp-dev am:
d371d08bcc am:
98248c3f88
am:
5f3ac3898d
Change-Id: I22e4c53577164df13e5590d78dbd6796c1db06fe
Chong Zhang [Tue, 18 Jul 2017 22:26:46 +0000 (22:26 +0000)]
Merge "stagefright: check aac_frame_length to prevent infinite loop" into klp-dev am:
d371d08bcc
am:
98248c3f88
Change-Id: I87cf81565eefd8ed299014e7aa1e10a00daefc31
Chong Zhang [Tue, 18 Jul 2017 22:20:12 +0000 (22:20 +0000)]
Merge "stagefright: check aac_frame_length to prevent infinite loop" into klp-dev
am:
d371d08bcc
Change-Id: I6b7dcadbed62315968055d98dd2ffba3228016f9
Chong Zhang [Tue, 18 Jul 2017 22:14:50 +0000 (22:14 +0000)]
Merge "stagefright: check aac_frame_length to prevent infinite loop" into klp-dev
Wei Jia [Tue, 18 Jul 2017 19:12:37 +0000 (19:12 +0000)]
MediaPlayerService: fix access of mPlayer in client am:
502c2f4053 am:
bd7db202c6
am:
03fa67202f
Change-Id: I9336683351fa531560fadbe554eb218fc663585f
Wei Jia [Tue, 18 Jul 2017 19:05:35 +0000 (19:05 +0000)]
MediaPlayerService: fix access of mPlayer in client am:
502c2f4053
am:
bd7db202c6
Change-Id: If691af6c8d3c3849da52da943fd754ed9bd1fe0b
Wei Jia [Tue, 18 Jul 2017 19:01:03 +0000 (19:01 +0000)]
MediaPlayerService: fix access of mPlayer in client
am:
502c2f4053
Change-Id: Ib8920a866131f8db7bc0dce0472c257121297de6
Wei Jia [Fri, 14 Jul 2017 00:47:56 +0000 (17:47 -0700)]
MediaPlayerService: fix access of mPlayer in client
Test: poc doesn't crash
Bug:
38234812
Change-Id: I6f9be046ff66d2d5bed27bd712287e4ead550830
Wei Jia [Fri, 14 Jul 2017 23:42:36 +0000 (23:42 +0000)]
Merge "DO NOT MERGE : MPEG4Extractor: ensure returned status is checked." into klp-dev am:
da84963c1f am:
b8dfff52ee
am:
5445ddc983 -s ours
Change-Id: I556cccb83776d729f76b392192207637357f2292
Wei Jia [Fri, 14 Jul 2017 23:38:32 +0000 (23:38 +0000)]
Merge "DO NOT MERGE : MPEG4Extractor: ensure returned status is checked." into klp-dev am:
da84963c1f
am:
b8dfff52ee
Change-Id: I3a6b2ea30ba7b97b92eea98d80dd05db42e0dc11
Wei Jia [Fri, 14 Jul 2017 23:34:32 +0000 (23:34 +0000)]
Merge "DO NOT MERGE : MPEG4Extractor: ensure returned status is checked." into klp-dev
am:
da84963c1f
Change-Id: I979beafef27724be51e567fabc64b2b49ebb1a3b
Wei Jia [Fri, 14 Jul 2017 23:26:09 +0000 (23:26 +0000)]
Merge "DO NOT MERGE: MPEG4Extractor: ensure returned status is checked." into lmp-dev
Wei Jia [Fri, 14 Jul 2017 23:25:32 +0000 (23:25 +0000)]
Merge "DO NOT MERGE : MPEG4Extractor: ensure returned status is checked." into klp-dev
Eric Laurent [Mon, 10 Jul 2017 20:09:02 +0000 (20:09 +0000)]
Merge "audio effects: filter reserved effect commands" into klp-dev am:
f57dc8b72f am:
dc2efe3808
am:
4324bdc8f7
Change-Id: I161bc14d3059af24463cfa4f473305b516a3bcd8
Eric Laurent [Mon, 10 Jul 2017 20:04:31 +0000 (20:04 +0000)]
Merge "audio effects: filter reserved effect commands" into klp-dev am:
f57dc8b72f
am:
dc2efe3808
Change-Id: I7a613ea97315971ce0abfc34ce5f1fc4034d5ad8
Eric Laurent [Mon, 10 Jul 2017 20:00:32 +0000 (20:00 +0000)]
Merge "audio effects: filter reserved effect commands" into klp-dev
am:
f57dc8b72f
Change-Id: Ia41a68044abc25ac120ad63a27281345dd959fb7
TreeHugger Robot [Mon, 10 Jul 2017 19:52:17 +0000 (19:52 +0000)]
Merge "audio effects: filter reserved effect commands" into klp-dev
Chong Zhang [Sat, 8 Jul 2017 01:25:16 +0000 (18:25 -0700)]
stagefright: check aac_frame_length to prevent infinite loop
bug:
62673179
Change-Id: I5da44822ad2ff59d396d1df42f34cd0a5620e134
Wei Jia [Wed, 15 Feb 2017 01:07:24 +0000 (17:07 -0800)]
DO NOT MERGE : MPEG4Extractor: ensure returned status is checked.
Also fix handling of zero atom size in MPEG4Source::parseChunk.
IDataSource: ensure readAt returns correct status.
Test: manually test with mediaplayer.
Bug:
34718515
Change-Id: I1219ec579aa0876dc1230e36af46b158b84c6d77
(cherry picked from commit
ff1fb4d5cdd3b2b28c69edd8cd3021e335ca381a)
Wei Jia [Wed, 15 Feb 2017 01:07:24 +0000 (17:07 -0800)]
DO NOT MERGE: MPEG4Extractor: ensure returned status is checked.
Also fix handling of zero atom size in MPEG4Source::parseChunk.
IDataSource: ensure readAt returns correct status.
Test: manually test with mediaplayer.
Bug:
34718515
Change-Id: I1219ec579aa0876dc1230e36af46b158b84c6d77
(cherry picked from commit
ff1fb4d5cdd3b2b28c69edd8cd3021e335ca381a)
Andy Hung [Mon, 19 Jun 2017 17:02:13 +0000 (17:02 +0000)]
Track: Check buffer size of static tracks am:
cf39f0e67a am:
6790e790ef
am:
6235afe24e -s ours
Change-Id: I950a142a05c0ff60026502078b95ca27b66f1fdd
Andy Hung [Mon, 19 Jun 2017 16:56:43 +0000 (16:56 +0000)]
Track: Check buffer size of static tracks am:
cf39f0e67a
am:
6790e790ef
Change-Id: I2cb0ce9e086e15b037f6de6086072d107fbaf571
Andy Hung [Mon, 19 Jun 2017 16:50:40 +0000 (16:50 +0000)]
Track: Check buffer size of static tracks
am:
cf39f0e67a
Change-Id: Iad9a3f69fa97d8da9db8f1fed864a2e15d5bbb2a
Andy Hung [Mon, 19 Jun 2017 16:35:00 +0000 (16:35 +0000)]
Merge "Track: Check buffer size of static tracks" into lmp-dev
Eric Laurent [Fri, 16 Jun 2017 01:43:46 +0000 (18:43 -0700)]
audio effects: filter reserved effect commands
Block effect commands reserved for framework use when
received on server side IAudioEffect. Applications have no reason
to use these commands and they present a unnecessary attack surface.
Bug:
62019992
Test: run CTS tests for audio effects
Change-Id: Ie680d5d5650f99dbabf93891703e1cde2c2e852d
TreeHugger Robot [Sat, 17 Jun 2017 04:46:30 +0000 (04:46 +0000)]
Merge "MPEG4Extractor: check size for yrrc box" into lmp-dev
Andy Hung [Fri, 16 Jun 2017 23:54:39 +0000 (23:54 +0000)]
AudioFlinger: Fix memory allocation for client-less tracks am:
1159ffd5e3 am:
f242b890c4
am:
24ef54ecb8
Change-Id: I0b413afa5c0e41fadcd0320f7481172cc2398018
Andy Hung [Fri, 16 Jun 2017 23:51:37 +0000 (23:51 +0000)]
AudioFlinger: Fix memory allocation for client-less tracks am:
1159ffd5e3
am:
f242b890c4
Change-Id: I5bd38c33b13de93e641e50c39cdfe37dbae59923
Andy Hung [Fri, 16 Jun 2017 23:49:37 +0000 (23:49 +0000)]
AudioFlinger: Fix memory allocation for client-less tracks
am:
1159ffd5e3
Change-Id: Id200ee51632763d8fc5d2facace4a3b7dfbeadf0
Andy Hung [Tue, 13 Jun 2017 00:22:46 +0000 (17:22 -0700)]
Track: Check buffer size of static tracks
Merged-In: Ia7edd9a802905214a27961dbcec6352f6ef98f73
Merged-In: I633caf563d3607dbe4b9be10be1687efce33469c
Test: Native POC
Bug:
38340117
Change-Id: I633caf563d3607dbe4b9be10be1687efce33469c
Andy Hung [Tue, 13 Jun 2017 00:22:46 +0000 (17:22 -0700)]
Track: Check buffer size of static tracks
Merged-In: Ia7edd9a802905214a27961dbcec6352f6ef98f73
Test: Native POC
Bug:
38340117
Change-Id: I633caf563d3607dbe4b9be10be1687efce33469c
Andy Hung [Tue, 14 Feb 2017 02:50:48 +0000 (18:50 -0800)]
AudioFlinger: Fix memory allocation for client-less tracks
Test: Ringtone with BT
Bug:
35350587
Bug:
38340117
Change-Id: If247d319d58f8f4d18b49f58ec950491871ebb2d
(cherry picked from commit
afb31487f3156a7284d2f0d06646c7bc00d99537)
Dongwon Kang [Mon, 12 Jun 2017 19:58:58 +0000 (12:58 -0700)]
MPEG4Extractor: check size for yrrc box
Test: stagefright -s poc_file
Bug:
62133227
Change-Id: Iafefac39764ce01b4dde414b9f152c9ea71810e9
Wei Jia [Fri, 8 Jan 2016 00:03:03 +0000 (16:03 -0800)]
DO NOT MERGE -- NuPlayerDecoder: fail gracefully when input data can't be held in allocated buffer.
Bug:
38391487
Bug:
24145279
Change-Id: I6b99ee2dc63063557f4ee2c5856f7c848e969752
(cherry picked from commit
56097a8ecc31ec308a1caa38f92b69f99324eada)
Ricardo Garcia [Wed, 7 Jun 2017 13:30:13 +0000 (13:30 +0000)]
Merge "Fix security vulnerability: Equalizer setParameter memory overflow" into klp-dev am:
ef3a4aead0 am:
0ef6d9c121
am:
966e572c69
Change-Id: Ida849f8cad82a997a108ad472b150c7be29baf42
Ricardo Garcia [Wed, 7 Jun 2017 13:27:12 +0000 (13:27 +0000)]
Merge "Fix security vulnerability: Equalizer setParameter memory overflow" into klp-dev am:
ef3a4aead0
am:
0ef6d9c121
Change-Id: I420ab9888c2b542ca66fbb65fd2bf7ea7ff3bb16
Ricardo Garcia [Wed, 7 Jun 2017 13:24:12 +0000 (13:24 +0000)]
Merge "Fix security vulnerability: Equalizer setParameter memory overflow" into klp-dev
am:
ef3a4aead0
Change-Id: I31e26961aaf4ca49c8c4bfa3c4dccd03bab63286
Ricardo Garcia [Wed, 7 Jun 2017 13:19:48 +0000 (13:19 +0000)]
Merge "Fix security vulnerability: Equalizer setParameter memory overflow" into klp-dev
Pawin Vongmasa [Wed, 7 Jun 2017 05:01:37 +0000 (05:01 +0000)]
Merge "Check the buffer index from acquireBuffer" into klp-dev am:
d050902155 am:
668b7f4b8f
am:
54f81e8fe7
Change-Id: Ic1ee69858d27b8d695f075bd436faa04795f058f
Pawin Vongmasa [Wed, 7 Jun 2017 04:59:38 +0000 (04:59 +0000)]
Merge "Check the buffer index from acquireBuffer" into klp-dev am:
d050902155
am:
668b7f4b8f
Change-Id: I9d59a91f2a63115978bc48087a721cd7e6d8facb
Pawin Vongmasa [Wed, 7 Jun 2017 04:56:39 +0000 (04:56 +0000)]
Merge "Check the buffer index from acquireBuffer" into klp-dev
am:
d050902155
Change-Id: I45700eef5e0a9eec1bcfdc4d810f20d2a5668531
TreeHugger Robot [Wed, 7 Jun 2017 04:51:35 +0000 (04:51 +0000)]
Merge "Check the buffer index from acquireBuffer" into klp-dev
rago [Mon, 5 Jun 2017 19:15:05 +0000 (12:15 -0700)]
Fix security vulnerability: Equalizer setParameter memory overflow
Bug:
37563371
Test: use POC on bug or cts security test
Change-Id: I9c9453a222b53fd5ef821330a34cb9e938e4d9c5
Andy Hung [Tue, 6 Jun 2017 20:58:23 +0000 (20:58 +0000)]
Merge "EffectBundle: Check value size for get preset name" into klp-dev am:
f5d6e98996 am:
b401a3bf44
am:
1f44782e92
Change-Id: Idc429c80c4058fcd2232209afd5da70128cca837
Andy Hung [Tue, 6 Jun 2017 20:56:51 +0000 (20:56 +0000)]
Merge "EffectBundle: Check value size for get preset name" into klp-dev am:
f5d6e98996
am:
b401a3bf44
Change-Id: Ie62820116b2250c7533975362e90ae8139933697
Andy Hung [Tue, 6 Jun 2017 20:55:13 +0000 (20:55 +0000)]
Merge "EffectBundle: Check value size for get preset name" into klp-dev
am:
f5d6e98996
Change-Id: I1af8959b4866ca2e45e2ef2aeb54806ac09e5176
Andy Hung [Tue, 6 Jun 2017 20:50:11 +0000 (20:50 +0000)]
Merge "EffectBundle: Check value size for get preset name" into klp-dev
Ray Essick [Tue, 6 Jun 2017 20:28:12 +0000 (20:28 +0000)]
Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev am:
021575025c am:
5944b611e5
am:
1a419c7b2a
Change-Id: Ibb5f76a8dac6cf37d4115d3c277687fa96b08660
Wei Jia [Tue, 6 Jun 2017 20:27:45 +0000 (20:27 +0000)]
Merge "m4v_h263: update width/height only when they are valid." into klp-dev am:
2da03f40eb am:
5e9a9442a3
am:
36eb1039cf
Change-Id: I62be2937991b3d2d9fdf5c4cd543d669ba2edfab
Ray Essick [Tue, 6 Jun 2017 20:21:35 +0000 (20:21 +0000)]
Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev am:
021575025c
am:
5944b611e5
Change-Id: I7f5f93f57aa77cb87fdf5155881ed9463e50ef0f
Wei Jia [Tue, 6 Jun 2017 20:21:13 +0000 (20:21 +0000)]
Merge "m4v_h263: update width/height only when they are valid." into klp-dev am:
2da03f40eb
am:
5e9a9442a3
Change-Id: I48abb4d5dfa84f3759dc7990b79a7495562a1376
Ray Essick [Tue, 6 Jun 2017 20:15:34 +0000 (20:15 +0000)]
Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev
am:
021575025c
Change-Id: I5a5dd6e53b177854de9121bf7650f334a4fc67e9
Wei Jia [Tue, 6 Jun 2017 20:15:14 +0000 (20:15 +0000)]
Merge "m4v_h263: update width/height only when they are valid." into klp-dev
am:
2da03f40eb
Change-Id: I51de2fdbad57019904bcbc005e0fa85b6a8f54ed
TreeHugger Robot [Tue, 6 Jun 2017 20:10:08 +0000 (20:10 +0000)]
Merge "better manage buffer for libstagefright_soft_mpeg4enc" into klp-dev
TreeHugger Robot [Tue, 6 Jun 2017 20:05:05 +0000 (20:05 +0000)]
Merge "m4v_h263: update width/height only when they are valid." into klp-dev
TreeHugger Robot [Tue, 6 Jun 2017 19:52:49 +0000 (19:52 +0000)]
Merge "m4v_h263: check header first before decoding a frame." into lmp-dev
Wei Jia [Tue, 6 Jun 2017 18:59:39 +0000 (18:59 +0000)]
Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev am:
da924b45e1 am:
fdfad5899d
am:
f3383881ff -s ours
Change-Id: Ida0671401c4323f61ff63c4954522171efa2bcca
Wei Jia [Tue, 6 Jun 2017 18:54:07 +0000 (18:54 +0000)]
Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev am:
da924b45e1
am:
fdfad5899d
Change-Id: Ibfeec763c09ce978dd44d7cade7cb848b31aa528
Wei Jia [Tue, 6 Jun 2017 18:48:36 +0000 (18:48 +0000)]
Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev
am:
da924b45e1
Change-Id: I346cc9a7df899bb760abb7eb99f684f0d40ceced
Wei Jia [Tue, 6 Jun 2017 18:39:58 +0000 (18:39 +0000)]
Merge "DO NOT MERGE - m4v_h263: check header first before decoding a frame." into klp-dev
Jeff Tinker [Mon, 5 Jun 2017 21:34:48 +0000 (14:34 -0700)]
Fix integer overflow in mediadrmserver
bug:
37710346
Change-Id: If18cfb5bb1d1f1b2997d2a0e1685590d674181f4
Ray Essick [Fri, 2 Jun 2017 20:07:19 +0000 (13:07 -0700)]
better manage buffer for libstagefright_soft_mpeg4enc
Existing code allocated buffer, adjusted pointer to use it, and would
adjust the pointer back when it came time to free the space. The problem
was that the adjustment was based on user-supplied values and if the
user changed those values between alloc and free (which was possible),
the code ended up free()ing the wrong address.
We fix this by keeping an extra pointer -- the unmodified allocation --
which we use for the subsequent free() calls. This makes the free()
independent of any changes to values that the user provides.
Bug:
36075363
Test: ran poc against patched nyc-mr2-dev tree
Change-Id: I7013ff5883a945c4647517b2980c76a6558f23d2
Marco Nelissen [Fri, 2 Jun 2017 04:12:32 +0000 (04:12 +0000)]
Merge "Fix potential leak" into klp-dev am:
2f9eacc3ae am:
a7602f8339
am:
fe7c2700ae
Change-Id: I9c4c5dbe0682992f9e7521ed3bf6a52d8311e00f
Marco Nelissen [Fri, 2 Jun 2017 04:09:21 +0000 (04:09 +0000)]
Merge "Fix potential leak" into klp-dev am:
2f9eacc3ae
am:
a7602f8339
Change-Id: I2883ac8221475d5fa73ed34350f199355b541b14
Marco Nelissen [Fri, 2 Jun 2017 04:05:59 +0000 (04:05 +0000)]
Merge "Fix potential leak" into klp-dev
am:
2f9eacc3ae
Change-Id: I7e3a53be249eff99dd895e500f9833ad55a184b0
TreeHugger Robot [Fri, 2 Jun 2017 04:02:09 +0000 (04:02 +0000)]
Merge "Fix potential leak" into klp-dev
Wei Jia [Fri, 19 May 2017 21:34:10 +0000 (14:34 -0700)]
m4v_h263: check header first before decoding a frame.
Test: fix the file in the bug
Bug:
37660827
Change-Id: I9d6919f96c0c9f29221be1e8e852ecb21062bad9
(cherry picked from commit
db545366c2e893dbbe1a42d858c52067101beda6)
Pawin Vongmasa [Tue, 23 May 2017 01:24:30 +0000 (18:24 -0700)]
Check the buffer index from acquireBuffer
Test: Run the POC
Test: Small CtsMediaTestCases
Bug:
37563942
Merged-In: I8ddfbc91a08d96de1f732e6776d6f90997042f6b
Change-Id: I8ddfbc91a08d96de1f732e6776d6f90997042f6b
Wei Jia [Fri, 19 May 2017 21:34:10 +0000 (14:34 -0700)]
DO NOT MERGE - m4v_h263: check header first before decoding a frame.
Test: fix the file in the bug
Bug:
37660827
Change-Id: I9d6919f96c0c9f29221be1e8e852ecb21062bad9
Wei Jia [Thu, 18 May 2017 19:43:12 +0000 (12:43 -0700)]
m4v_h263: update width/height only when they are valid.
Test: the file in the bug doesn't crash
Bug:
37079296
Change-Id: Ie092971dda568119ca38ec67d65ccfc00df93185
Andy Hung [Tue, 16 May 2017 19:04:50 +0000 (12:04 -0700)]
EffectBundle: Check value size for get preset name
Test: CTS testAllEffectsEqualizer_CVE_2017_0401
Bug:
37536407
Change-Id: I347af04677fc49a01efb549f06ff81d1a00dc4d0
Marco Nelissen [Tue, 16 May 2017 15:33:25 +0000 (15:33 +0000)]
Merge "Fix memory leak in error case" into klp-dev am:
5136b7436f am:
60657857c6
am:
55057ab408
Change-Id: I5107a57def4be19aad9dca950cca06bebecad1e8
Marco Nelissen [Tue, 16 May 2017 15:30:24 +0000 (15:30 +0000)]
Merge "Fix memory leak in error case" into klp-dev am:
5136b7436f
am:
60657857c6
Change-Id: I1564d4e2626a31b7018bae301c50a268ccc79749
Marco Nelissen [Tue, 16 May 2017 15:27:25 +0000 (15:27 +0000)]
Merge "Fix memory leak in error case" into klp-dev
am:
5136b7436f
Change-Id: I479e015461fa46227c4cae49829b0f3c0d769de9
Marco Nelissen [Tue, 16 May 2017 15:20:59 +0000 (15:20 +0000)]
Merge "Fix memory leak in error case" into klp-dev
Marco Nelissen [Mon, 15 May 2017 16:56:55 +0000 (16:56 +0000)]
Limit ogg packet size am:
bf928560ac am:
f349435fcf
am:
086cee9d89
Change-Id: I9687649ed25dade9f872c83a290bbcd0abb4b5fc
Marco Nelissen [Mon, 15 May 2017 16:53:54 +0000 (16:53 +0000)]
Limit ogg packet size am:
bf928560ac
am:
f349435fcf
Change-Id: I952944295017f01b254c80c8db935e33c51337f3
Marco Nelissen [Mon, 15 May 2017 16:50:55 +0000 (16:50 +0000)]
Limit ogg packet size
am:
bf928560ac
Change-Id: I102f6e9b1b4933d043b2a3e1e3f7fc885aaf6779
Marco Nelissen [Fri, 12 May 2017 22:35:30 +0000 (15:35 -0700)]
Limit ogg packet size
A malformed ogg file might lace together a very large packet, which
could lead to out of memory conditions. Limit the packet size to
avoid this.
Bug:
36592202
Change-Id: I8650b3ec54a0de9ec302a7cbac296bb85efcfb3d
Marco Nelissen [Fri, 12 May 2017 17:45:14 +0000 (10:45 -0700)]
Fix memory leak in error case
Bug:
37239013
Change-Id: Ic33e0f7ed946d0729efa46f69aff1a5d35e81b1e
Marco Nelissen [Tue, 9 May 2017 21:17:06 +0000 (14:17 -0700)]
Fix potential leak
Fix potential memory leak introduced with bugfix for bug
31449945.
Bug:
36389123
Change-Id: I5a9a3551692d6cba385b45c4c7a465aa377a62b1
TreeHugger Robot [Tue, 11 Apr 2017 17:02:45 +0000 (17:02 +0000)]
Merge "Avoid crash for stss sync sample number 0" into lmp-dev
Marco Nelissen [Mon, 10 Apr 2017 20:36:33 +0000 (20:36 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am:
922ad6183e am:
0893c50bcf
am:
59bc7f77f8
Change-Id: I133f8566b649821e06cfb21a95b20f84eb839219
Marco Nelissen [Mon, 10 Apr 2017 20:32:06 +0000 (20:32 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am:
922ad6183e
am:
0893c50bcf
Change-Id: I819b55a95ff50c51488bac50c43fea8b2244a410
Marco Nelissen [Mon, 10 Apr 2017 20:27:43 +0000 (20:27 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev
am:
922ad6183e
Change-Id: I8fbd67b5fe298d6f842d224109e2ab0b52a2b59a
Marco Nelissen [Mon, 10 Apr 2017 19:57:08 +0000 (19:57 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev
Roger1 Jonsson [Wed, 26 Oct 2016 07:20:00 +0000 (09:20 +0200)]
Avoid crash for stss sync sample number 0
A sample number value of 0 means that the value stored in
the mSyncSamples array, would become negative (-1),
when converted to index value. This causes a crash.
Make sure that stss sample numbers are bigger
than 0 before converting sample number to index value.
Bug:
32423862
bug:
35645051
Test: Playback video that triggers stss sync sample number 0
Change-Id: I35bee7c718e01b086d7e05deda13b38083f509f5
Roger1 Jonsson [Wed, 5 Apr 2017 23:07:37 +0000 (23:07 +0000)]
Avoid crash for stss sync sample number 0 am:
5c364997a3 am:
e77a32bd3d
am:
ab28d49e41 -s ours
Change-Id: I63e6f4ea65dda85e5d779f6aaf1fbd4ca5806f8c
Roger1 Jonsson [Wed, 5 Apr 2017 22:52:35 +0000 (22:52 +0000)]
Avoid crash for stss sync sample number 0 am:
5c364997a3
am:
e77a32bd3d
Change-Id: If61ba19bc937c6b7c7227296ddba5a1797072f9d
Roger1 Jonsson [Wed, 5 Apr 2017 22:49:34 +0000 (22:49 +0000)]
Avoid crash for stss sync sample number 0
am:
5c364997a3
Change-Id: Ia97daf543c65b52db1c5d09471ed8d00a434364d
Roger1 Jonsson [Wed, 26 Oct 2016 07:20:00 +0000 (09:20 +0200)]
Avoid crash for stss sync sample number 0
A sample number value of 0 means that the value stored in
the mSyncSamples array, would become negative (-1),
when converted to index value. This causes a crash.
Make sure that stss sample numbers are bigger
than 0 before converting sample number to index value.
Bug:
32423862
bug:
35645051
Test: Playback video that triggers stss sync sample number 0
Change-Id: I35bee7c718e01b086d7e05deda13b38083f509f5
Marco Nelissen [Mon, 27 Mar 2017 22:04:25 +0000 (15:04 -0700)]
Don't allow using or allocating a buffer after the first state transition
Bug:
35467458
Change-Id: Ia76c8cec8ad2abb95ca29b2a89075f7acab4b174
Robert Shih [Tue, 14 Mar 2017 23:54:28 +0000 (23:54 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am:
13c77f4fe0 am:
761abda1bd
am:
aca26c9d45 -s ours
Change-Id: Id436554a36de729ccd7a3220e32e155c423d0531
Robert Shih [Tue, 14 Mar 2017 23:49:57 +0000 (23:49 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am:
13c77f4fe0
am:
761abda1bd
Change-Id: I30bf5233b69619d260edb952248865adf5c55c83
Robert Shih [Tue, 14 Mar 2017 23:45:27 +0000 (23:45 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
am:
13c77f4fe0
Change-Id: Ib7f8b77b3ba27fcd8e61e540eb39259cb287185c
Robert Shih [Mon, 24 Oct 2016 18:38:31 +0000 (11:38 -0700)]
FLACExtractor: copy protect mWriteBuffer
Bug:
30895578
Bug:
34970788
Change-Id: I4cba36bbe3502678210e5925181683df9726b431
(cherry picked from commit
328cd66cc72ba7bc5452ed5a93f29ddcd73aa9f9)
Robert Shih [Mon, 24 Oct 2016 18:38:31 +0000 (11:38 -0700)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
Bug:
30895578
Bug:
34970788
Change-Id: I4cba36bbe3502678210e5925181683df9726b431
Ray Essick [Mon, 13 Mar 2017 22:52:42 +0000 (22:52 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am:
19b91af752 am:
8e3cf4d841
am:
5b1bfc1f43
Change-Id: I32327162d3e69259656f0b3a82800f45572527fd
Ray Essick [Mon, 13 Mar 2017 22:52:28 +0000 (22:52 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am:
2076915c5f am:
dcda2ec2fe
am:
f5c7784dbd
Change-Id: Ic1901b3fa14a1e1c7f582e5b7862e777489e7314
Ray Essick [Mon, 13 Mar 2017 22:48:10 +0000 (22:48 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am:
19b91af752
am:
8e3cf4d841
Change-Id: I804c61a21202d3c5aef3edac5872f56cef67753b