OSDN Git Service
Robert Shih [Thu, 25 May 2017 21:52:55 +0000 (21:52 +0000)]
DO NOT MERGE Don't leak `this` out of GraphicBufferSource ctor
am:
ebeb47000d
Change-Id: I1ae0603aa9b798bd6c624d96c18ef6457212bfa7
Robert Shih [Tue, 23 May 2017 00:32:29 +0000 (17:32 -0700)]
DO NOT MERGE Don't leak `this` out of GraphicBufferSource ctor
Bug:
37622974
Bug:
37622987
Bug:
37623757
Test: run poc and observe no crash
Change-Id: I1e25c011f02bec26a1480ec9a217a52f15d43cf2
Marco Nelissen [Tue, 16 May 2017 15:46:30 +0000 (15:46 +0000)]
Merge "Fix memory leak in error case" into klp-dev am:
5136b7436f am:
60657857c6 am:
55057ab408 am:
a2fbd251ca am:
4bd7103388 am:
dd2f7e982f
am:
00be42f32c
Change-Id: I651a449830219d0e7513417246d0d269cf44fe88
Marco Nelissen [Tue, 16 May 2017 15:42:58 +0000 (15:42 +0000)]
Merge "Fix memory leak in error case" into klp-dev am:
5136b7436f am:
60657857c6 am:
55057ab408 am:
a2fbd251ca am:
4bd7103388
am:
dd2f7e982f
Change-Id: I4cdcb7694baea6c10980860880c4bdcf41905a8f
Marco Nelissen [Tue, 16 May 2017 15:39:56 +0000 (15:39 +0000)]
Merge "Fix memory leak in error case" into klp-dev am:
5136b7436f am:
60657857c6 am:
55057ab408 am:
a2fbd251ca
am:
4bd7103388
Change-Id: I159ed2c6b4184689517bf39d791cb516d505e4ed
Marco Nelissen [Tue, 16 May 2017 15:36:54 +0000 (15:36 +0000)]
Merge "Fix memory leak in error case" into klp-dev am:
5136b7436f am:
60657857c6 am:
55057ab408
am:
a2fbd251ca
Change-Id: I8a0e99463feb24350f02d5b5ccdc9419ebb2d71d
Marco Nelissen [Tue, 16 May 2017 15:33:25 +0000 (15:33 +0000)]
Merge "Fix memory leak in error case" into klp-dev am:
5136b7436f am:
60657857c6
am:
55057ab408
Change-Id: I5107a57def4be19aad9dca950cca06bebecad1e8
Marco Nelissen [Tue, 16 May 2017 15:30:24 +0000 (15:30 +0000)]
Merge "Fix memory leak in error case" into klp-dev am:
5136b7436f
am:
60657857c6
Change-Id: I1564d4e2626a31b7018bae301c50a268ccc79749
Marco Nelissen [Tue, 16 May 2017 15:27:25 +0000 (15:27 +0000)]
Merge "Fix memory leak in error case" into klp-dev
am:
5136b7436f
Change-Id: I479e015461fa46227c4cae49829b0f3c0d769de9
Marco Nelissen [Tue, 16 May 2017 15:20:59 +0000 (15:20 +0000)]
Merge "Fix memory leak in error case" into klp-dev
Marco Nelissen [Mon, 15 May 2017 17:07:58 +0000 (17:07 +0000)]
Limit ogg packet size am:
bf928560ac am:
f349435fcf am:
086cee9d89 am:
b65b0a8367 am:
412be4b735 am:
045c64fe94
am:
fd7cba4d0e
Change-Id: I0c11db2bb63c110732c925cfc482deee246dc720
Marco Nelissen [Mon, 15 May 2017 17:04:56 +0000 (17:04 +0000)]
Limit ogg packet size am:
bf928560ac am:
f349435fcf am:
086cee9d89 am:
b65b0a8367 am:
412be4b735
am:
045c64fe94
Change-Id: I02f221f5a4a14706c83ce12c3273df75bd23361f
Marco Nelissen [Mon, 15 May 2017 17:01:55 +0000 (17:01 +0000)]
Limit ogg packet size am:
bf928560ac am:
f349435fcf am:
086cee9d89 am:
b65b0a8367
am:
412be4b735
Change-Id: I70263d5cb5fca57353337a60686d1468692819cf
Marco Nelissen [Mon, 15 May 2017 16:59:57 +0000 (16:59 +0000)]
Limit ogg packet size am:
bf928560ac am:
f349435fcf am:
086cee9d89
am:
b65b0a8367
Change-Id: I2faa1a87e934851ee2a4a865e3e3d7084381dac6
Marco Nelissen [Mon, 15 May 2017 16:56:55 +0000 (16:56 +0000)]
Limit ogg packet size am:
bf928560ac am:
f349435fcf
am:
086cee9d89
Change-Id: I9687649ed25dade9f872c83a290bbcd0abb4b5fc
Marco Nelissen [Mon, 15 May 2017 16:53:54 +0000 (16:53 +0000)]
Limit ogg packet size am:
bf928560ac
am:
f349435fcf
Change-Id: I952944295017f01b254c80c8db935e33c51337f3
Marco Nelissen [Mon, 15 May 2017 16:50:55 +0000 (16:50 +0000)]
Limit ogg packet size
am:
bf928560ac
Change-Id: I102f6e9b1b4933d043b2a3e1e3f7fc885aaf6779
Marco Nelissen [Fri, 12 May 2017 22:35:30 +0000 (15:35 -0700)]
Limit ogg packet size
A malformed ogg file might lace together a very large packet, which
could lead to out of memory conditions. Limit the packet size to
avoid this.
Bug:
36592202
Change-Id: I8650b3ec54a0de9ec302a7cbac296bb85efcfb3d
Ray Essick [Fri, 12 May 2017 17:45:57 +0000 (17:45 +0000)]
Prevent OOB write in soft_avc encoder
am:
463452a949
Change-Id: I7cad9d84093cce83b2edf09a55bb8b9a588bee43
Marco Nelissen [Fri, 12 May 2017 17:45:14 +0000 (10:45 -0700)]
Fix memory leak in error case
Bug:
37239013
Change-Id: Ic33e0f7ed946d0729efa46f69aff1a5d35e81b1e
Ray Essick [Wed, 10 May 2017 22:38:51 +0000 (15:38 -0700)]
Prevent OOB write in soft_avc encoder
Soft avc encoder cached buffer sizes across a point where the sizes
could be reset by an app, allowing crafted requests to hit outside
of the current buffer. This remedies that by forcing buffer reallocation
with new sizes whenever the encoder state at such 'reset' points.
Bug:
35421151
Test: run POC with no crash
Change-Id: I8c689846142264f7b6a277332260a6bd8a2bd92d
Roger1 Jonsson [Tue, 11 Apr 2017 17:35:50 +0000 (17:35 +0000)]
Merge "Avoid crash for stss sync sample number 0" into lmp-dev am:
d12204372f am:
6dfbcefe4b am:
85f575dc67
am:
c5bea960dc
Change-Id: I0448adf35221404dbc19c4ed14f2d0252770499e
Roger1 Jonsson [Tue, 11 Apr 2017 17:32:20 +0000 (17:32 +0000)]
Merge "Avoid crash for stss sync sample number 0" into lmp-dev am:
d12204372f am:
6dfbcefe4b
am:
85f575dc67
Change-Id: Ie8f3698b61e3f4d13383eaf1f36788186fdf3676
Roger1 Jonsson [Tue, 11 Apr 2017 17:27:19 +0000 (17:27 +0000)]
Merge "Avoid crash for stss sync sample number 0" into lmp-dev am:
d12204372f
am:
6dfbcefe4b
Change-Id: I2c528d91424183cbc31c6d8a55ec1f35c685315b
Roger1 Jonsson [Tue, 11 Apr 2017 17:22:19 +0000 (17:22 +0000)]
Merge "Avoid crash for stss sync sample number 0" into lmp-dev
am:
d12204372f
Change-Id: Ic2bca43957197cf537760826de60fcb85777cb1b
TreeHugger Robot [Tue, 11 Apr 2017 17:02:45 +0000 (17:02 +0000)]
Merge "Avoid crash for stss sync sample number 0" into lmp-dev
Marco Nelissen [Mon, 10 Apr 2017 20:55:06 +0000 (20:55 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am:
922ad6183e am:
0893c50bcf am:
59bc7f77f8 am:
82ffcbd667 am:
9edaa79f62 am:
56c520c4ca
am:
12c176066e
Change-Id: Id2207725fc2e69c8aee4a24ee605dc7fae8939e2
Marco Nelissen [Mon, 10 Apr 2017 20:50:38 +0000 (20:50 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am:
922ad6183e am:
0893c50bcf am:
59bc7f77f8 am:
82ffcbd667 am:
9edaa79f62
am:
56c520c4ca
Change-Id: I27e648ddd65325600cad22d5b0fef03aa4a9447a
Marco Nelissen [Mon, 10 Apr 2017 20:45:34 +0000 (20:45 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am:
922ad6183e am:
0893c50bcf am:
59bc7f77f8 am:
82ffcbd667
am:
9edaa79f62
Change-Id: Iad06395ed255dbd48b0a77147b6da809963e4306
Marco Nelissen [Mon, 10 Apr 2017 20:41:04 +0000 (20:41 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am:
922ad6183e am:
0893c50bcf am:
59bc7f77f8
am:
82ffcbd667
Change-Id: I1b2ea29d1c22f1714f0c0e90a56c585176742dd2
Marco Nelissen [Mon, 10 Apr 2017 20:36:33 +0000 (20:36 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am:
922ad6183e am:
0893c50bcf
am:
59bc7f77f8
Change-Id: I133f8566b649821e06cfb21a95b20f84eb839219
Marco Nelissen [Mon, 10 Apr 2017 20:32:06 +0000 (20:32 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev am:
922ad6183e
am:
0893c50bcf
Change-Id: I819b55a95ff50c51488bac50c43fea8b2244a410
Marco Nelissen [Mon, 10 Apr 2017 20:27:43 +0000 (20:27 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev
am:
922ad6183e
Change-Id: I8fbd67b5fe298d6f842d224109e2ab0b52a2b59a
Marco Nelissen [Mon, 10 Apr 2017 19:57:08 +0000 (19:57 +0000)]
Merge "Don't allow using or allocating a buffer after the first state transition" into klp-dev
Roger1 Jonsson [Wed, 5 Apr 2017 23:19:37 +0000 (23:19 +0000)]
Avoid crash for stss sync sample number 0 am:
5c364997a3 am:
e77a32bd3d am:
ab28d49e41 -s ours am:
73db408aa3 am:
0bb0a8e1e8 am:
4d86bef7f7
am:
241f5feb8a
Change-Id: I52d24edf474be0f12e7debf052e1398a56674dc8
Roger1 Jonsson [Wed, 5 Apr 2017 23:16:08 +0000 (23:16 +0000)]
Avoid crash for stss sync sample number 0 am:
5c364997a3 am:
e77a32bd3d am:
ab28d49e41 -s ours am:
73db408aa3 am:
0bb0a8e1e8
am:
4d86bef7f7
Change-Id: I53fd99fb4436b2cce7a8473a1e188cf8fcdf19eb
Roger1 Jonsson [Wed, 5 Apr 2017 23:13:37 +0000 (23:13 +0000)]
Avoid crash for stss sync sample number 0 am:
5c364997a3 am:
e77a32bd3d am:
ab28d49e41 -s ours am:
73db408aa3
am:
0bb0a8e1e8
Change-Id: Id88b6709127ad9799d63dff3c1310001142a0a2c
Roger1 Jonsson [Wed, 5 Apr 2017 23:10:38 +0000 (23:10 +0000)]
Avoid crash for stss sync sample number 0 am:
5c364997a3 am:
e77a32bd3d am:
ab28d49e41 -s ours
am:
73db408aa3
Change-Id: Ibe55680e73e9caddc3fc79883fa17a50742f393d
Roger1 Jonsson [Wed, 26 Oct 2016 07:20:00 +0000 (09:20 +0200)]
Avoid crash for stss sync sample number 0
A sample number value of 0 means that the value stored in
the mSyncSamples array, would become negative (-1),
when converted to index value. This causes a crash.
Make sure that stss sample numbers are bigger
than 0 before converting sample number to index value.
Bug:
32423862
bug:
35645051
Test: Playback video that triggers stss sync sample number 0
Change-Id: I35bee7c718e01b086d7e05deda13b38083f509f5
Roger1 Jonsson [Wed, 5 Apr 2017 23:07:37 +0000 (23:07 +0000)]
Avoid crash for stss sync sample number 0 am:
5c364997a3 am:
e77a32bd3d
am:
ab28d49e41 -s ours
Change-Id: I63e6f4ea65dda85e5d779f6aaf1fbd4ca5806f8c
Roger1 Jonsson [Wed, 5 Apr 2017 22:52:35 +0000 (22:52 +0000)]
Avoid crash for stss sync sample number 0 am:
5c364997a3
am:
e77a32bd3d
Change-Id: If61ba19bc937c6b7c7227296ddba5a1797072f9d
Roger1 Jonsson [Wed, 5 Apr 2017 22:49:34 +0000 (22:49 +0000)]
Avoid crash for stss sync sample number 0
am:
5c364997a3
Change-Id: Ia97daf543c65b52db1c5d09471ed8d00a434364d
Roger1 Jonsson [Wed, 26 Oct 2016 07:20:00 +0000 (09:20 +0200)]
Avoid crash for stss sync sample number 0
A sample number value of 0 means that the value stored in
the mSyncSamples array, would become negative (-1),
when converted to index value. This causes a crash.
Make sure that stss sample numbers are bigger
than 0 before converting sample number to index value.
Bug:
32423862
bug:
35645051
Test: Playback video that triggers stss sync sample number 0
Change-Id: I35bee7c718e01b086d7e05deda13b38083f509f5
Marco Nelissen [Mon, 27 Mar 2017 22:04:25 +0000 (15:04 -0700)]
Don't allow using or allocating a buffer after the first state transition
Bug:
35467458
Change-Id: Ia76c8cec8ad2abb95ca29b2a89075f7acab4b174
Robert Shih [Wed, 15 Mar 2017 00:15:30 +0000 (00:15 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am:
13c77f4fe0 am:
761abda1bd am:
aca26c9d45 -s ours am:
1e4d8d67bc -s ours am:
413ad04890 am:
27ba2d85d6 -s ours
am:
4066f0e808
Change-Id: Icaa568c50688db3157c524978deda0a52ca87e37
Robert Shih [Wed, 15 Mar 2017 00:10:00 +0000 (00:10 +0000)]
FLACExtractor: copy protect mWriteBuffer am:
8ee699977c am:
038fd6e5ec am:
4eea0b3aa4
am:
b06f7c6e15
Change-Id: I9b5601e129a7162aa125feef425bdc93de4e4471
Robert Shih [Wed, 15 Mar 2017 00:09:59 +0000 (00:09 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am:
13c77f4fe0 am:
761abda1bd am:
aca26c9d45 -s ours am:
1e4d8d67bc -s ours am:
413ad04890
am:
27ba2d85d6 -s ours
Change-Id: Ib80a0800bbcbb4033081ff9052681dbaf5406ab8
Robert Shih [Wed, 15 Mar 2017 00:04:31 +0000 (00:04 +0000)]
FLACExtractor: copy protect mWriteBuffer am:
8ee699977c am:
038fd6e5ec
am:
4eea0b3aa4
Change-Id: I4f3b1e4a100374da2e412082564fc6fb54dc122a
Robert Shih [Wed, 15 Mar 2017 00:04:30 +0000 (00:04 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am:
13c77f4fe0 am:
761abda1bd am:
aca26c9d45 -s ours am:
1e4d8d67bc -s ours
am:
413ad04890
Change-Id: I160f5893987b330ae73e6675ffb2dc2fed2d1304
Robert Shih [Tue, 14 Mar 2017 23:58:59 +0000 (23:58 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am:
13c77f4fe0 am:
761abda1bd am:
aca26c9d45 -s ours
am:
1e4d8d67bc -s ours
Change-Id: Iab0b678707ea31ad02f0f9be5f02f5638c601826
Robert Shih [Tue, 14 Mar 2017 23:58:59 +0000 (23:58 +0000)]
FLACExtractor: copy protect mWriteBuffer am:
8ee699977c
am:
038fd6e5ec
Change-Id: I475073171089f82eac7816d479f9b720a887a0c9
Robert Shih [Tue, 14 Mar 2017 23:55:10 +0000 (23:55 +0000)]
FLACExtractor: copy protect mWriteBuffer
am:
8ee699977c
Change-Id: Icdfd99c85fb0f76cc607f8bb29430913cf72bad1
Robert Shih [Tue, 14 Mar 2017 23:54:28 +0000 (23:54 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am:
13c77f4fe0 am:
761abda1bd
am:
aca26c9d45 -s ours
Change-Id: Id436554a36de729ccd7a3220e32e155c423d0531
Robert Shih [Tue, 14 Mar 2017 23:49:57 +0000 (23:49 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer am:
13c77f4fe0
am:
761abda1bd
Change-Id: I30bf5233b69619d260edb952248865adf5c55c83
Robert Shih [Tue, 14 Mar 2017 23:45:27 +0000 (23:45 +0000)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
am:
13c77f4fe0
Change-Id: Ib7f8b77b3ba27fcd8e61e540eb39259cb287185c
Robert Shih [Mon, 24 Oct 2016 18:38:31 +0000 (11:38 -0700)]
FLACExtractor: copy protect mWriteBuffer
Bug:
30895578
Bug:
34970788
Change-Id: I4cba36bbe3502678210e5925181683df9726b431
(cherry picked from commit
328cd66cc72ba7bc5452ed5a93f29ddcd73aa9f9)
Robert Shih [Mon, 24 Oct 2016 18:38:31 +0000 (11:38 -0700)]
DO NOT MERGE FLACExtractor: copy protect mWriteBuffer
Bug:
30895578
Bug:
34970788
Change-Id: I4cba36bbe3502678210e5925181683df9726b431
Ray Essick [Mon, 13 Mar 2017 23:09:43 +0000 (23:09 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am:
19b91af752 am:
8e3cf4d841 am:
5b1bfc1f43 am:
8abf11b512 am:
4bc4f78933 am:
7f2592fe4a
am:
dbdf026f76
Change-Id: I4d2bba1d77108acad20a8886d79a99f8b521ede3
Ray Essick [Mon, 13 Mar 2017 23:09:29 +0000 (23:09 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am:
2076915c5f am:
dcda2ec2fe am:
f5c7784dbd am:
c3de266a99 am:
8655d4fc01 am:
b05be00f56
am:
eb58ce5bb0
Change-Id: Id8ea82f6504b70d8a448a8d00063b1b393a2f336
Ray Essick [Mon, 13 Mar 2017 23:05:46 +0000 (23:05 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am:
19b91af752 am:
8e3cf4d841 am:
5b1bfc1f43 am:
8abf11b512 am:
4bc4f78933
am:
7f2592fe4a
Change-Id: Ie8c0fadcf5c424e8a4627030c04cbac96442ebf4
Ray Essick [Mon, 13 Mar 2017 23:05:29 +0000 (23:05 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am:
2076915c5f am:
dcda2ec2fe am:
f5c7784dbd am:
c3de266a99 am:
8655d4fc01
am:
b05be00f56
Change-Id: I79378b8fa75e6912f49a9af3c4f46bd711494314
Marco Nelissen [Mon, 13 Mar 2017 23:01:30 +0000 (23:01 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev am:
b264ece2c0 am:
bbca2719c6 am:
c2e69851ea am:
3285770d37 am:
d935c7f16e am:
98ee832c7e
am:
1db2ee3dbd
Change-Id: Ia7e87aa7baaf9bbff299ff70af5c77b90a922229
Marco Nelissen [Mon, 13 Mar 2017 23:01:14 +0000 (23:01 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev am:
012e5fd39e am:
9e8dfb5938 am:
9e4a0e1fab am:
3c4401fce8 am:
8867ca40df am:
4ba3934ec3
am:
89349b8d29
Change-Id: I156d984af4dc64fa69d3b07661e8f2e7e86ca7e5
Ray Essick [Mon, 13 Mar 2017 23:01:13 +0000 (23:01 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am:
19b91af752 am:
8e3cf4d841 am:
5b1bfc1f43 am:
8abf11b512
am:
4bc4f78933
Change-Id: I53212f1bdf2491a6b20ec9713adec169ef0d08c1
Marco Nelissen [Mon, 13 Mar 2017 23:00:59 +0000 (23:00 +0000)]
Merge "Fix out of bounds access" into klp-dev am:
360cbbd72c am:
f71b76cae8 am:
36c2e14da3 am:
8a3cc1963e am:
5b0ca6a92c am:
d270a899c2
am:
8f2b91f0a1
Change-Id: Ib43ba6aeba921b0d2c5b8649ac1e7015c48a7884
Ray Essick [Mon, 13 Mar 2017 23:00:58 +0000 (23:00 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am:
2076915c5f am:
dcda2ec2fe am:
f5c7784dbd am:
c3de266a99
am:
8655d4fc01
Change-Id: Ia8696372f4015580ca91bed1f1c373a68d2ea196
Marco Nelissen [Mon, 13 Mar 2017 22:57:31 +0000 (22:57 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev am:
b264ece2c0 am:
bbca2719c6 am:
c2e69851ea am:
3285770d37 am:
d935c7f16e
am:
98ee832c7e
Change-Id: Ie82d1dfa473886b9b166804da985bce439c90900
Marco Nelissen [Mon, 13 Mar 2017 22:57:14 +0000 (22:57 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev am:
012e5fd39e am:
9e8dfb5938 am:
9e4a0e1fab am:
3c4401fce8 am:
8867ca40df
am:
4ba3934ec3
Change-Id: I6babc4703d1462a30d3075cfb6a3fbfdffac5724
Ray Essick [Mon, 13 Mar 2017 22:57:12 +0000 (22:57 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am:
19b91af752 am:
8e3cf4d841 am:
5b1bfc1f43
am:
8abf11b512
Change-Id: I1cdf8344d8ca41cf5c4b6622ec743bb094c3dff0
Marco Nelissen [Mon, 13 Mar 2017 22:56:58 +0000 (22:56 +0000)]
Merge "Fix out of bounds access" into klp-dev am:
360cbbd72c am:
f71b76cae8 am:
36c2e14da3 am:
8a3cc1963e am:
5b0ca6a92c
am:
d270a899c2
Change-Id: I64b30e83c6825a83ff628477a58d607eded0ec7d
Ray Essick [Mon, 13 Mar 2017 22:56:57 +0000 (22:56 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am:
2076915c5f am:
dcda2ec2fe am:
f5c7784dbd
am:
c3de266a99
Change-Id: I38701178a3fd7632fc8717472338d60d4cb0de2e
Marco Nelissen [Mon, 13 Mar 2017 22:52:57 +0000 (22:52 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev am:
b264ece2c0 am:
bbca2719c6 am:
c2e69851ea am:
3285770d37
am:
d935c7f16e
Change-Id: I272acb1f5178ccaf43fa12ed096bb4bb03834213
Ray Essick [Mon, 13 Mar 2017 22:52:42 +0000 (22:52 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am:
19b91af752 am:
8e3cf4d841
am:
5b1bfc1f43
Change-Id: I32327162d3e69259656f0b3a82800f45572527fd
Marco Nelissen [Mon, 13 Mar 2017 22:52:42 +0000 (22:52 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev am:
012e5fd39e am:
9e8dfb5938 am:
9e4a0e1fab am:
3c4401fce8
am:
8867ca40df
Change-Id: Id8e824b0411c463ee4278a8a8e61ea4be4053046
Ray Essick [Mon, 13 Mar 2017 22:52:28 +0000 (22:52 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am:
2076915c5f am:
dcda2ec2fe
am:
f5c7784dbd
Change-Id: Ic1901b3fa14a1e1c7f582e5b7862e777489e7314
Marco Nelissen [Mon, 13 Mar 2017 22:52:27 +0000 (22:52 +0000)]
Merge "Fix out of bounds access" into klp-dev am:
360cbbd72c am:
f71b76cae8 am:
36c2e14da3 am:
8a3cc1963e
am:
5b0ca6a92c
Change-Id: I2da6bc9ff1d3503c62042391fce0a0957f11433b
Marco Nelissen [Mon, 13 Mar 2017 22:48:27 +0000 (22:48 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev am:
b264ece2c0 am:
bbca2719c6 am:
c2e69851ea
am:
3285770d37
Change-Id: Id82c89fed96d3cfa11d68ba5d791d5a360aa243c
Marco Nelissen [Mon, 13 Mar 2017 22:48:12 +0000 (22:48 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev am:
012e5fd39e am:
9e8dfb5938 am:
9e4a0e1fab
am:
3c4401fce8
Change-Id: Ib6bd99193a44fbd801906d234c42b3fa3d33fb9a
Ray Essick [Mon, 13 Mar 2017 22:48:10 +0000 (22:48 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev am:
19b91af752
am:
8e3cf4d841
Change-Id: I804c61a21202d3c5aef3edac5872f56cef67753b
Marco Nelissen [Mon, 13 Mar 2017 22:47:58 +0000 (22:47 +0000)]
Merge "Fix out of bounds access" into klp-dev am:
360cbbd72c am:
f71b76cae8 am:
36c2e14da3
am:
8a3cc1963e
Change-Id: I72dd260e2ee0f9560c9322c3aaf7b93c8008607e
Ray Essick [Mon, 13 Mar 2017 22:47:56 +0000 (22:47 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev am:
2076915c5f
am:
dcda2ec2fe
Change-Id: I6759f0d478dd70baf59c3e006cb904d26793c1d4
Marco Nelissen [Mon, 13 Mar 2017 22:43:54 +0000 (22:43 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev am:
b264ece2c0 am:
bbca2719c6
am:
c2e69851ea
Change-Id: I2720c4439848f9aab8d7fa4f93b548793d129a4f
Marco Nelissen [Mon, 13 Mar 2017 22:43:40 +0000 (22:43 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev am:
012e5fd39e am:
9e8dfb5938
am:
9e4a0e1fab
Change-Id: I17a5c0765c31c92a25e7c89a330aa656adc03baf
Ray Essick [Mon, 13 Mar 2017 22:43:39 +0000 (22:43 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev
am:
19b91af752
Change-Id: I83ad1fa809b82d1b4a6158b66ebffc5ae1d35590
Ray Essick [Mon, 13 Mar 2017 22:43:27 +0000 (22:43 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev
am:
2076915c5f
Change-Id: Ib9bc5c92218231acefda2800df84a8bffe2da92f
Marco Nelissen [Mon, 13 Mar 2017 22:43:26 +0000 (22:43 +0000)]
Merge "Fix out of bounds access" into klp-dev am:
360cbbd72c am:
f71b76cae8
am:
36c2e14da3
Change-Id: Ie6d46a6979bc89e2485fa4d2a25b21fc601e9783
Marco Nelissen [Mon, 13 Mar 2017 22:39:25 +0000 (22:39 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev am:
b264ece2c0
am:
bbca2719c6
Change-Id: If5ae485e1be0df3d4f61edf689d5b4c1520077b8
Marco Nelissen [Mon, 13 Mar 2017 22:39:10 +0000 (22:39 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev am:
012e5fd39e
am:
9e8dfb5938
Change-Id: I875cb7bba1bc6f6f443923a04629ae44a9d41140
Marco Nelissen [Mon, 13 Mar 2017 22:38:56 +0000 (22:38 +0000)]
Merge "Fix out of bounds access" into klp-dev am:
360cbbd72c
am:
f71b76cae8
Change-Id: I3306be5d7bb3867287732757dd14170527488b68
Ray Essick [Mon, 13 Mar 2017 22:38:40 +0000 (22:38 +0000)]
Merge "Add bounds check in SoftAACEncoder2::onQueueFilled()" into klp-dev
Ray Essick [Mon, 13 Mar 2017 22:35:43 +0000 (22:35 +0000)]
Merge "Fix TOCTOU problem in libstagefright_soft_aacenc" into klp-dev
Marco Nelissen [Mon, 13 Mar 2017 22:34:54 +0000 (22:34 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev
am:
b264ece2c0
Change-Id: Id65ef33cb965b6fbdec95d9429ee05b134fd14f3
Marco Nelissen [Mon, 13 Mar 2017 22:34:40 +0000 (22:34 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev
am:
012e5fd39e
Change-Id: I2ad3e1364472558cf48c51fb3e2a08002d74c32d
Marco Nelissen [Mon, 13 Mar 2017 22:34:26 +0000 (22:34 +0000)]
Merge "Fix out of bounds access" into klp-dev
am:
360cbbd72c
Change-Id: I9ea32d31b1281689c4b5997a6c328630031c1795
Marco Nelissen [Mon, 13 Mar 2017 22:31:24 +0000 (22:31 +0000)]
Merge "Fix integer overflow and divide-by-zero" into klp-dev
Marco Nelissen [Mon, 13 Mar 2017 22:30:25 +0000 (22:30 +0000)]
Merge "Fix NPDs in h263 decoder" into klp-dev
Marco Nelissen [Mon, 13 Mar 2017 22:28:40 +0000 (22:28 +0000)]
Merge "Fix out of bounds access" into klp-dev
Ray Essick [Mon, 13 Mar 2017 18:59:57 +0000 (11:59 -0700)]
Add bounds check in SoftAACEncoder2::onQueueFilled()
Original code blindly copied some header information into the
user-supplied buffer without checking for sufficient space.
The code does check when it gets to filling the data -- it's
just the header copies that weren't checked.
Bug:
34617444
Test: ran POC before/after
Change-Id: I6e80ec90616f6cd02bb8316cd2d6e309b7e4729d
Marco Nelissen [Fri, 3 Mar 2017 21:37:27 +0000 (13:37 -0800)]
Fix NPDs in h263 decoder
Bug:
35269635
Test: decoded PoC with and without patch
Change-Id: I636a14360c7801cc5bca63c9cb44d1d235df8fd8
Ray Essick [Sat, 11 Mar 2017 00:03:40 +0000 (16:03 -0800)]
Fix TOCTOU problem in libstagefright_soft_aacenc
Fixes a configuration error where we sized a buffer initially based
on the configuration at the time and held onto the buffer through the
rest of our lifetime. If the configuration was changed in a way that
resulted in needing a different size buffer, the code did not make
this happen.
Patch keeps the buffer around but also stores the 'current allocation
size'. This allows the later code that preps the buffer to query if
the buffer size is same or changed. If changed, we discard the old
buffer and allocate a new one of the appropriate size.
safetynet logging added so we can tell how often this happens in the
field.
Testing was done on nyc-mr2 (where poc was built). Patch applies
without change to k/l/m/n/master.
Bug:
34621073
Test: run POC, saw new diagnostics saying it caught the size change.
Change-Id: Ia95aadc8c727434b7ba9628deeae327c405336d3