OSDN Git Service
Marco Nelissen [Sat, 8 Aug 2015 01:17:58 +0000 (01:17 +0000)]
am
9c67741f: am
2e637bfd: Merge "Extra sanity checks on sample size and resolution" into klp-dev
* commit '
9c67741f9f7ccc1007c7ecb44b8037210c733723':
Extra sanity checks on sample size and resolution
Marco Nelissen [Sat, 8 Aug 2015 01:12:33 +0000 (01:12 +0000)]
am
2e637bfd: Merge "Extra sanity checks on sample size and resolution" into klp-dev
* commit '
2e637bfd64c59200414130671e32e3e087e9f147':
Extra sanity checks on sample size and resolution
Marco Nelissen [Sat, 8 Aug 2015 00:59:49 +0000 (00:59 +0000)]
Merge "Extra sanity checks on sample size and resolution" into klp-dev
Joshua J. Drake [Fri, 7 Aug 2015 17:44:05 +0000 (17:44 +0000)]
am
276cec63: am
4254be9a: am
9364bdc9: am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
276cec63624d198981b37a68cd969031e4f42096':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 17:44:02 +0000 (17:44 +0000)]
am
f13cc52d: am
8e0e43d2: am
3621c056: am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
f13cc52d3cab0a4dc0d0aac61507318589bd7545':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 17:44:01 +0000 (17:44 +0000)]
am
94012bc3: am
ffe509ff: am
d0af1ded: (-s ours) am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
94012bc3068816adf348bac7b1ffd477c6e34600':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 17:38:06 +0000 (17:38 +0000)]
am
4254be9a: am
9364bdc9: am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
4254be9a0d16bac995aa73d60e8e92839960bd32':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 17:38:05 +0000 (17:38 +0000)]
am
8e0e43d2: am
3621c056: am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
8e0e43d2f6cd86888c8ab58303e5163809ec8b04':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 17:38:04 +0000 (17:38 +0000)]
am
ffe509ff: am
d0af1ded: (-s ours) am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
ffe509ffb243462597eb018a623241739d032be1':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 17:19:23 +0000 (17:19 +0000)]
am
9364bdc9: am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
9364bdc9a1298a609eb825be051c393cbf3d7a38':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 17:19:22 +0000 (17:19 +0000)]
am
3621c056: am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
3621c05605c5a3f2c452668beacb71a08dc2d7c8':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 17:19:20 +0000 (17:19 +0000)]
am
d0af1ded: (-s ours) am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
d0af1dedf5d903a52fac58f694b3f8edbf20e656':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 16:29:36 +0000 (16:29 +0000)]
am
905aae46: am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
905aae465fa88d6d793c670c08c360900c6cb3f7':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:29:35 +0000 (16:29 +0000)]
am
bcc8e581: am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
bcc8e5817fa3dc624f214e58f756098053ac5682':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 16:29:34 +0000 (16:29 +0000)]
am
a421314f: am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
a421314f9cc1b061d94a79e2aa1a92916ea4b9bf':
Prevent integer overflow when processing covr MPEG4 atoms
Nick Kralevich [Mon, 3 Aug 2015 22:44:45 +0000 (15:44 -0700)]
MPEG4Extractor.cpp: Add check for size == SIZE_MAX
If size == SIZE_MAX, the line:
uint8_t *buffer = new (std::nothrow) uint8_t[size + 1];
ends up allocating zero bytes, which is obviously incorrect.
(cherry picked from commit
b2d33aee5122c91a59c2a676c0b89ad340232450)
Bug:
23031033
Change-Id: I8027247a4e24d2c8a8b4eac88c3643eccda108b9
Joshua J. Drake [Fri, 7 Aug 2015 16:17:11 +0000 (16:17 +0000)]
am
11c88f66: am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
11c88f66205dd9095cbe87f3486ef7262e4d2e22':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:17:10 +0000 (16:17 +0000)]
am
bb99a362: am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
bb99a362dc76f9bf040f6256369fabf27ad1c2f5':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 16:13:44 +0000 (16:13 +0000)]
am
430475da: resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
* commit '
430475da7f0edb86ee6a85378d1583ab07f7f93d':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Fri, 7 Aug 2015 16:11:07 +0000 (16:11 +0000)]
am
2796ba1c: am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
2796ba1c511517a4904d10d1fdc830c86d161342':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Fri, 7 Aug 2015 16:11:05 +0000 (16:11 +0000)]
am
8d60fc3e: am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
8d60fc3e3ecd4d7c2b18f25962f0ea42f3644ebd':
Fix integer overflow when handling MPEG4 tx3g atom
Nick Kralevich [Fri, 7 Aug 2015 15:50:46 +0000 (08:50 -0700)]
resolved conflicts for merge of
0b3eca88 to jb-mr1-dev-plus-aosp
Bug:
20923261
Change-Id: I6fe12a7c5768f77454bd0391b07f4c3181607d14
Marco Nelissen [Fri, 7 Aug 2015 14:32:40 +0000 (14:32 +0000)]
am
d6ea7f65: am
f26400c9: Fix crash on malformed id3
* commit '
d6ea7f65dd31d5dacf497cc3c494d4fa3910f7c3':
Fix crash on malformed id3
Marco Nelissen [Fri, 7 Aug 2015 14:25:10 +0000 (14:25 +0000)]
am
f26400c9: Fix crash on malformed id3
* commit '
f26400c9d01a0e2f71690d5ebc644270f098d590':
Fix crash on malformed id3
Marco Nelissen [Tue, 4 Aug 2015 15:38:24 +0000 (08:38 -0700)]
Extra sanity checks on sample size and resolution
Instead of rejecting the samples later when they don't fit in the
buffer, reject the entire file early.
Bug:
22882938
Change-Id: I748153b0e9e827e3f2526468756295b4b5000de6
(cherry picked from commit
beef7e58c1f1837bdaed6ac37414d8c48a133813)
Marco Nelissen [Tue, 4 Aug 2015 23:49:28 +0000 (16:49 -0700)]
Fix crash on malformed id3
Bug:
22954006
Change-Id: I488cb1e2c69fc7043b6040481b30fa866000515d
Joshua J. Drake [Tue, 4 Aug 2015 21:42:34 +0000 (21:42 +0000)]
am
a555788d: am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
a555788d9cd4a22a8f5d7dccd288f7d185cef209':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:42:34 +0000 (21:42 +0000)]
am
338bbf53: am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
338bbf53be077a99f532e813d4cf14a192c55f74':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:42:33 +0000 (21:42 +0000)]
am
cd5cf679: am
df1ecfe3: am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
cd5cf6797c26ca7d3ce2f9a379bdef099dae2aae':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:37:01 +0000 (21:37 +0000)]
am
0e33cb2d: am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
0e33cb2dd5ccf6f4db8c694cb2c233bb1d2a2d0b':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:37:00 +0000 (21:37 +0000)]
am
fd334e34: am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
fd334e346bd0fc9b11756539d1635eabdb6b04cb':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:36:59 +0000 (21:36 +0000)]
am
df1ecfe3: am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
df1ecfe3913b9c3bce17947d877498093a42a56f':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:31:51 +0000 (21:31 +0000)]
am
e4ccf3a1: am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
e4ccf3a14beabfeeb6c7df47ae118f3db999c1ce':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:31:40 +0000 (21:31 +0000)]
am
03d539a7: am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
03d539a7a9c8ae7aef9cb8bda9042187327566a2':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:31:38 +0000 (21:31 +0000)]
am
52d1defc: am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
52d1defcfe51bd3b5f4e191fb70a0a0a406c33dc':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:25:41 +0000 (21:25 +0000)]
am
3329a19b: am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
3329a19b4d11d3c1310bbe9aa54b6a66488ab862':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:25:40 +0000 (21:25 +0000)]
am
a5b9055d: am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
a5b9055d7ce1d82ee29ed2f45aa4f8a82ccc76f2':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:25:38 +0000 (21:25 +0000)]
am
9481a101: am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
9481a101f8246263d969af66a7b39fad7346772e':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Tue, 4 Aug 2015 21:18:33 +0000 (21:18 +0000)]
am
c87faed6: Fix integer underflow in covr MPEG4 processing
* commit '
c87faed60483afb2466e03892bda80b72e5822c7':
Fix integer underflow in covr MPEG4 processing
Joshua J. Drake [Tue, 4 Aug 2015 21:18:32 +0000 (21:18 +0000)]
am
f1ce97dd: Fix integer overflow when handling MPEG4 tx3g atom
* commit '
f1ce97ddc2f82d844a6fb8341585eb7b2e655f44':
Fix integer overflow when handling MPEG4 tx3g atom
Joshua J. Drake [Tue, 4 Aug 2015 21:18:30 +0000 (21:18 +0000)]
am
a81b3779: Prevent integer overflow when processing covr MPEG4 atoms
* commit '
a81b3779cc6f6046c8a9149bf544e9d726c9b2b2':
Prevent integer overflow when processing covr MPEG4 atoms
Joshua J. Drake [Mon, 4 May 2015 22:14:11 +0000 (17:14 -0500)]
Fix integer underflow in covr MPEG4 processing
When the 'chunk_data_size' variable is less than 'kSkipBytesOfDataBox', an
integer underflow can occur. This causes an extraordinarily large value to
be passed to MetaData::setData, leading to a buffer overflow.
Bug:
20923261
(cherry picked from commit
4a492bf2ac47b9844d2527e1fcdf0064c3d8d52e)
Change-Id: I83490cbaf5b368073fcd8668a9241dfc90bebd90
Joshua J. Drake [Mon, 4 May 2015 23:29:08 +0000 (18:29 -0500)]
Fix integer overflow when handling MPEG4 tx3g atom
When the sum of the 'size' and 'chunk_size' variables is larger than 2^32,
an integer overflow occurs. Using the result value to allocate memory
leads to an undersized buffer allocation and later a potentially
exploitable heap corruption condition. Ensure that integer overflow does
not occur.
Bug:
20923261
(cherry picked from commit
e5f0966c76bd0a7e81e4205c8d8b55e6b34c833e)
Change-Id: I3f240f75fd681becbf89cb7e7554388471c28059
Joshua J. Drake [Mon, 4 May 2015 23:36:35 +0000 (18:36 -0500)]
Prevent integer overflow when processing covr MPEG4 atoms
If the 'chunk_data_size' value is SIZE_MAX, an integer overflow will occur
and cause an undersized buffer to be allocated. The following processing
then overfills the resulting memory and creates a potentially exploitable
condition. Ensure that integer overflow does not occur.
(cherrypicked from commit
05ddc499b9d50c90f552ed1333110f28a1406e7c)
Bug:
20923261
Change-Id: If09a02738759acdff8d95149bb9cb5f18a0a123e
Wei Jia [Tue, 4 Aug 2015 18:28:58 +0000 (18:28 +0000)]
am
42bd61d7: am
d9a9a324: am
10ef7f75: am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
42bd61d73e8b4d0b1101e73324a59fde51077112':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 18:19:37 +0000 (18:19 +0000)]
am
d9a9a324: am
10ef7f75: am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
d9a9a324766b26be2ff0d10537ea0b215b0261e3':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 18:00:56 +0000 (18:00 +0000)]
am
10ef7f75: am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
10ef7f7514bdf6d9c38c93d9bb0194c0920d152f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:51:22 +0000 (17:51 +0000)]
am
b0924c63: am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
b0924c631cfccd10c1f95d6ae44c8cd852e14a9f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:29:31 +0000 (17:29 +0000)]
am
7af634e1: am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
7af634e131361862d2e47fb344278e31ed05be4f':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:20:14 +0000 (17:20 +0000)]
am
8ec119d2: am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
8ec119d2f033221e4cb0fd2b2948e780581b3d35':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 17:09:44 +0000 (17:09 +0000)]
am
d138024f: am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
d138024f94fe01934be700ce16aa84418fbe1827':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 16:59:31 +0000 (16:59 +0000)]
am
b32957db: am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
b32957dbf4527251ad3b2bbda4ccc5fff4df0718':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 16:54:23 +0000 (16:54 +0000)]
am
a9d7c917: am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
a9d7c917d3a76d0bef9b8afe7ade206534be68a4':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 16:47:48 +0000 (16:47 +0000)]
am
a99d3d83: am
738a753a: SampleTable: fix integer overflow checks.
* commit '
a99d3d8327d60c8f8ef3e34fc4b81ef382e9e6d2':
SampleTable: fix integer overflow checks.
Wei Jia [Tue, 4 Aug 2015 16:40:31 +0000 (16:40 +0000)]
am
738a753a: SampleTable: fix integer overflow checks.
* commit '
738a753a3ca7bf8f9f608ca941575626265294e4':
SampleTable: fix integer overflow checks.
Joshua J. Drake [Tue, 4 Aug 2015 05:38:27 +0000 (05:38 +0000)]
am
98ee4c01: am
712090a6: am
cfc12112: am
ac7cb990: am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
98ee4c01d3843c1973c399404b7166431eadedb9':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 05:38:25 +0000 (05:38 +0000)]
am
10f6b17a: am
d053da7b: am
a9f1e993: am
134dc311: am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
10f6b17a29f7d39303b4779929d15c540ee87290':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 05:38:23 +0000 (05:38 +0000)]
am
63e7ae97: am
45c12368: am
b77a6189: am
4837e90f: am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
63e7ae97369bf8b06337c51f8287654a94d11076':
Fix several ineffective integer overflow checks
Wei Jia [Thu, 4 Jun 2015 17:40:23 +0000 (10:40 -0700)]
SampleTable: fix integer overflow checks.
Bug:
20139950
Bug:
22935234
(cherry picked from commit
a105482ae577852ffd08ce88ae5d1ba81db875ac)
Change-Id: I408d261de1a6dd5c4343bcf3a7dfd8a259e0e2f3
Joshua J. Drake [Tue, 4 Aug 2015 05:30:59 +0000 (05:30 +0000)]
am
712090a6: am
cfc12112: am
ac7cb990: am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
712090a60253a2879e0c7d21a33f43534ffb51fc':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 05:30:58 +0000 (05:30 +0000)]
am
d053da7b: am
a9f1e993: am
134dc311: am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
d053da7b4bb60290bf51052cc7abe070fd819479':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 05:30:57 +0000 (05:30 +0000)]
am
45c12368: am
b77a6189: am
4837e90f: am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
45c12368f1ced4c6783195432fdffdc7a3e36cca':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 04:55:58 +0000 (04:55 +0000)]
am
cfc12112: am
ac7cb990: am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
cfc121128aef10a98e5ad9162f43e3f368abd103':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 04:55:55 +0000 (04:55 +0000)]
am
a9f1e993: am
134dc311: am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
a9f1e993fa7849bc658d89a2faa58344faa88a5f':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 04:55:50 +0000 (04:55 +0000)]
am
b77a6189: am
4837e90f: am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
b77a6189a468a90fe74fafca862a31c3bf899ceb':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 04:45:44 +0000 (04:45 +0000)]
am
ac7cb990: am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
ac7cb990cc4c8a59a945ce36e5702e0adb213db4':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 04:45:42 +0000 (04:45 +0000)]
am
134dc311: am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
134dc3110c401544e4d3a3a1deab1c131fb77720':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 04:45:41 +0000 (04:45 +0000)]
am
4837e90f: am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
4837e90fd1d3fa127ef99652d314ad70f4776221':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 03:35:37 +0000 (03:35 +0000)]
am
b417986c: am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
b417986c3a3a6bb9ca33657385a3433ff54090b2':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 03:35:36 +0000 (03:35 +0000)]
am
80a6d9f3: am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
80a6d9f37571c89905b8ae4074529a960a5f2194':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 03:35:34 +0000 (03:35 +0000)]
am
9c5578c1: am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
9c5578c1a3bb00623d6ee99340ce0ce290e6c5a1':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 03:25:53 +0000 (03:25 +0000)]
am
d1c08d6b: am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
d1c08d6bff6d1936cf0e9cbfa5054128f5280ef3':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 03:25:52 +0000 (03:25 +0000)]
am
e10c2e62: am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
e10c2e621a0a49618c9d69a7dd09400c23464ced':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 03:25:51 +0000 (03:25 +0000)]
am
36617c67: am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
36617c67a9c29d7f9798972b6514086b22b731f8':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 03:15:46 +0000 (03:15 +0000)]
am
efa73c2e: am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
efa73c2e5f5a4eb7c420b5920e00de5a69f525af':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 03:15:45 +0000 (03:15 +0000)]
am
74ebcd65: am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
74ebcd65d1833879944a496739da6983b1d18235':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 03:15:44 +0000 (03:15 +0000)]
am
7374360f: am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
7374360f60999bfeabe0fb24e985073b7d8f47e8':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 03:03:53 +0000 (03:03 +0000)]
am
2e24d091: am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
2e24d0911ee585cbd447efe6150bafaaf8f9ef66':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 03:03:52 +0000 (03:03 +0000)]
am
272f4056: am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
272f4056162e119db61fb304b01f0152c07b8e02':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 03:03:51 +0000 (03:03 +0000)]
am
4e44b2ee: am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
4e44b2ee286bd993210aa81ad20ebbf1d1a816c6':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 02:56:01 +0000 (02:56 +0000)]
am
a59d5e66: am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
a59d5e6692d0b0dc0924144f596d09e7dd2b193c':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 02:55:59 +0000 (02:55 +0000)]
am
52302d91: am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
52302d917b06b11625b9de686153d1e2520f42cd':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 02:55:56 +0000 (02:55 +0000)]
am
4534ec1a: am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
4534ec1a552c125ef7eea0990a84fcefb58335b9':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 02:50:52 +0000 (02:50 +0000)]
am
8ef5da3d: am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
8ef5da3ddddd1bb4356d9cc6df4d52ad8afc4459':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 02:50:51 +0000 (02:50 +0000)]
am
f354c48e: am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
f354c48e386d1405d67882c382e26e3e4598e797':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 02:50:45 +0000 (02:50 +0000)]
am
4a5fbf74: am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
4a5fbf74b493eb293918c41a5b5f60dd7b8ebb58':
Fix several ineffective integer overflow checks
Joshua J. Drake [Tue, 4 Aug 2015 02:41:32 +0000 (02:41 +0000)]
am
4dd7cb69: Fix integer underflow in ESDS processing
* commit '
4dd7cb699f49b56f94a32080fdac7f0ec8237ff4':
Fix integer underflow in ESDS processing
Joshua J. Drake [Tue, 4 Aug 2015 02:41:31 +0000 (02:41 +0000)]
am
5c4428f6: Fix integer overflow during MP4 atom processing
* commit '
5c4428f6391478ae983e1fcf7c42c832aa1a5e69':
Fix integer overflow during MP4 atom processing
Joshua J. Drake [Tue, 4 Aug 2015 02:41:30 +0000 (02:41 +0000)]
am
3cc11bfc: Fix several ineffective integer overflow checks
* commit '
3cc11bfc00cbb3ed87a4464777a75606b4973b51':
Fix several ineffective integer overflow checks
Joshua J. Drake [Thu, 9 Apr 2015 04:53:10 +0000 (23:53 -0500)]
Fix integer underflow in ESDS processing
Several arithmetic operations within parseESDescriptor could underflow, leading
to an out-of-bounds read operation. Ensure that subtractions from 'size' do not
cause it to wrap around.
Bug:
20139950
Change-Id: I0d1b136ce68fd7c6f606ce66714bf644cfb2961c
(cherry picked from commit
07c0f59d6c48874982d2b5c713487612e5af465a)
Joshua J. Drake [Thu, 9 Apr 2015 04:44:57 +0000 (23:44 -0500)]
Fix integer overflow during MP4 atom processing
A few sample table related FourCC values are handled by the
setSampleToChunkParams function. An integer overflow exists within this
function. Validate that mNumSampleToChunkOffets will not cause an integer
overflow.
Bug:
20139950
Change-Id: I1972cc185fce5e058afa143ad5eabcc269ad324d
(cherry picked from commit
c24607c29c96f939aed9e33bfa702b1dd79da4b7)
Joshua J. Drake [Thu, 9 Apr 2015 04:23:55 +0000 (23:23 -0500)]
Fix several ineffective integer overflow checks
Commit
edd4a76 (which addressed bugs
15328708,
15342615,
15342751) added
several integer overflow checks. Unfortunately, those checks fail to take into
account integer promotion rules and are thus themselves subject to an integer
overflow. Cast the sizeof() operator to a uint64_t to force promotion while
multiplying.
Bug:
20139950
Change-Id: Ieb29a170edb805c722fc5658935f2390003e5260
(cherry picked from commit
e2e812e58e8d2716b00d7d82db99b08d3afb4b32)
Marco Nelissen [Mon, 3 Aug 2015 20:12:12 +0000 (20:12 +0000)]
am
e6ca5b2d: am
566c70ca: Guard against codecinfo overflow
* commit '
e6ca5b2d97f61e96af35fabed8c2ba352b8b5b99':
Guard against codecinfo overflow
Marco Nelissen [Mon, 3 Aug 2015 20:03:38 +0000 (20:03 +0000)]
am
566c70ca: Guard against codecinfo overflow
* commit '
566c70caff87c710e659c5aaad0692e031d93ded':
Guard against codecinfo overflow
Marco Nelissen [Wed, 29 Jul 2015 23:15:55 +0000 (16:15 -0700)]
Guard against codecinfo overflow
Bug:
21296336
Change-Id: I78be5141b3108142f12d7cb94839fa50f776d84a
Eric Laurent [Tue, 30 Jun 2015 18:21:44 +0000 (18:21 +0000)]
am
c655561b: (-s ours) am
29b83cbb: DO NOT MERGE - audio effects: fix heap overflow
* commit '
c655561b3580ae7ba3a721e69ac240606e11fab8':
DO NOT MERGE - audio effects: fix heap overflow
Wei Jia [Tue, 30 Jun 2015 18:21:32 +0000 (18:21 +0000)]
am
13c925ca: am
6ff53b96: Merge "Prevent integer overflow when processing covr MPEG4 atoms" into klp-dev
* commit '
13c925cab2decaed6786b0642f2b5a9f8516e71a':
Prevent integer overflow when processing covr MPEG4 atoms
Eric Laurent [Tue, 23 Jun 2015 01:32:08 +0000 (01:32 +0000)]
am
29b83cbb: DO NOT MERGE - audio effects: fix heap overflow
* commit '
29b83cbb9018e53a18cf6e0fb34893f9774dcb96':
DO NOT MERGE - audio effects: fix heap overflow
Eric Laurent [Fri, 19 Jun 2015 22:33:57 +0000 (15:33 -0700)]
DO NOT MERGE - audio effects: fix heap overflow
Check consistency of effect command reply sizes before
copying to reply address.
Also add null pointer check on reply size.
Also remove unused parameter warning.
Bug:
21953516.
Change-Id: I4cf00c12eaed696af28f3b7613f7e36f47a160c4
Eric Laurent [Fri, 19 Jun 2015 22:33:57 +0000 (15:33 -0700)]
audio effects: fix heap overflow
Check consistency of effect command reply sizes before
copying to reply address.
Also add null pointer check on reply size.
Also remove unused parameter warning.
Bug:
21953516.
Change-Id: I4cf00c12eaed696af28f3b7613f7e36f47a160c4
(cherry picked from commit
0f714a464d2425afe00d6450535e763131b40844)