OSDN Git Service
Eric Laurent [Tue, 12 Jan 2016 01:56:51 +0000 (01:56 +0000)]
fix possible overflow in effect wrappers.
am:
9e29523b95
* commit '
9e29523b9537983b4c4b205ff868d0b3bca0383b':
fix possible overflow in effect wrappers.
Eric Laurent [Fri, 8 Jan 2016 18:52:38 +0000 (10:52 -0800)]
fix possible overflow in effect wrappers.
Add checks on parameter size field in effect command handlers
to avoid overflow leading to invalid comparison with min allowed
size for command and reply buffers.
Bug:
26347509.
Change-Id: I20e6a9b6de8e5172b957caa1ac9410b9752efa4d
(cherry picked from commit
ad1bd92a49d78df6bc6e75bee68c517c1326f3cf)
Andy Hung [Thu, 3 Dec 2015 22:55:36 +0000 (22:55 +0000)]
DO NOT MERGE SoundPool: add lock for findSample access from SoundPoolThread
am:
3d6a714980
* commit '
3d6a7149802928ecf3f58b7218b0e82699b492df':
DO NOT MERGE SoundPool: add lock for findSample access from SoundPoolThread
Andy Hung [Wed, 2 Dec 2015 23:55:23 +0000 (15:55 -0800)]
DO NOT MERGE SoundPool: add lock for findSample access from SoundPoolThread
Sample decoding still occurs in SoundPoolThread
without holding the SoundPool lock.
Bug:
25781119
Change-Id: I11fde005aa9cf5438e0390a0d2dfe0ec1dd282e8
Wei Jia [Thu, 3 Dec 2015 17:53:24 +0000 (17:53 +0000)]
DO NOT MERGE - libstagefright: check requested memory size before allocation for SoftMPEG4Encoder and SoftVPXEncoder.
am:
6afc659b00
* commit '
6afc659b00c3f4a83b9f5f3c744b7119b33340b4':
DO NOT MERGE - libstagefright: check requested memory size before allocation for SoftMPEG4Encoder and SoftVPXEncoder.
Wei Jia [Fri, 20 Nov 2015 18:34:35 +0000 (10:34 -0800)]
DO NOT MERGE - libstagefright: check requested memory size before allocation for SoftMPEG4Encoder and SoftVPXEncoder.
Bug:
25812794
Change-Id: I96dc74734380d462583f6efa33d09946f9532809
(cherry picked from commit
87f8cbb223ee516803dbb99699320c2484cbf3ba)
Jon Larimer [Tue, 20 Oct 2015 21:12:16 +0000 (21:12 +0000)]
Merge "stagefright: MPEG4Extractor: allow \'hdlr\' box before first track" into klp-dev
am:
b1a13d01dc
* commit '
b1a13d01dccbc48ea54aeb4a4ba7fce636ff1daa':
stagefright: MPEG4Extractor: allow 'hdlr' box before first track
Jon Larimer [Tue, 20 Oct 2015 20:55:20 +0000 (20:55 +0000)]
Merge "stagefright: MPEG4Extractor: allow 'hdlr' box before first track" into klp-dev
Glenn Kasten [Wed, 14 Oct 2015 20:40:42 +0000 (20:40 +0000)]
am
0f21a688: Merge "DO NOT MERGE - AudioFlinger: Clear record buffers when starting RecordThread" into klp-dev
* commit '
0f21a6880e74b56834940a131df912a49b70e82d':
DO NOT MERGE - AudioFlinger: Clear record buffers when starting RecordThread
Glenn Kasten [Wed, 14 Oct 2015 20:30:55 +0000 (20:30 +0000)]
Merge "DO NOT MERGE - AudioFlinger: Clear record buffers when starting RecordThread" into klp-dev
Wei Jia [Thu, 8 Oct 2015 16:48:33 +0000 (16:48 +0000)]
am
3b4a72ac: Merge "DO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer." into klp-dev
* commit '
3b4a72acf039c58c33807b6d6fcdd5e09eafb1df':
DO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer.
Wei Jia [Thu, 8 Oct 2015 16:37:26 +0000 (16:37 +0000)]
Merge "DO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer." into klp-dev
Wei Jia [Mon, 28 Sep 2015 18:32:23 +0000 (11:32 -0700)]
DO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer.
Bug:
24310423
Change-Id: Iebcfc58b447f925ec2134898060af2ef227266a3
(cherry picked from commit
8dde7269a5356503d2b283234b6cb46d0c3f214e)
Wei Jia [Tue, 6 Oct 2015 22:17:52 +0000 (22:17 +0000)]
am
7ed8d1ef: ID3: check possible integer overflow for extendedHeaderSize and paddingSize.
* commit '
7ed8d1eff9b292b3c65a875b13a549e29654534b':
ID3: check possible integer overflow for extendedHeaderSize and paddingSize.
Wei Jia [Mon, 5 Oct 2015 17:44:23 +0000 (10:44 -0700)]
ID3: check possible integer overflow for extendedHeaderSize and paddingSize.
Bug:
24623447
Change-Id: Ifbc74454d6e28ad7136efe35ab638a07e46398b1
(cherry picked from commit
b3694ff5a5bcecd4b6cedca156f6effb55bbf4ca)
Marco Nelissen [Tue, 6 Oct 2015 16:45:37 +0000 (16:45 +0000)]
am
74d1927e: Merge "Check NAL size before use" into klp-dev
* commit '
74d1927e4122a1748f89ca2ef79406fc06ee94b2':
Check NAL size before use
Marco Nelissen [Tue, 6 Oct 2015 16:34:45 +0000 (16:34 +0000)]
Merge "Check NAL size before use" into klp-dev
Wei Jia [Tue, 6 Oct 2015 16:34:00 +0000 (16:34 +0000)]
am
9ab9c85e: Merge "MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData." into klp-dev
* commit '
9ab9c85e39f089f355faa9cd9db6d113dc482e61':
MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData.
Wei Jia [Tue, 6 Oct 2015 16:21:35 +0000 (16:21 +0000)]
Merge "MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData." into klp-dev
Marco Nelissen [Tue, 6 Oct 2015 15:47:51 +0000 (15:47 +0000)]
am
257b3bc5: Don\'t crash when there\'s no conceal frame
* commit '
257b3bc581bbc65318a4cc2d3c22a07a4429dc1d':
Don't crash when there's no conceal frame
Marco Nelissen [Fri, 2 Oct 2015 22:12:00 +0000 (15:12 -0700)]
Check NAL size before use
Bug:
24441553
Bug:
24445122
Change-Id: Ib7f025769adbafd5a2cb64fae5562a0a565945c2
Wei Jia [Mon, 28 Sep 2015 21:50:47 +0000 (14:50 -0700)]
MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData.
Bug:
24346430
Change-Id: I897a724e968841d9160f819d06c0ce22f6d743c4
(cherry picked from commit
5cae16bdce77b0a3ba590b55637f7d55a2f35402)
Marco Nelissen [Mon, 5 Oct 2015 17:46:11 +0000 (10:46 -0700)]
Don't crash when there's no conceal frame
Bug:
24630158
Change-Id: If042aebebb58c218eb7bbf01dcddbcbd05dca1d6
Lajos Molnar [Tue, 1 Sep 2015 00:19:52 +0000 (17:19 -0700)]
stagefright: MPEG4Extractor: allow 'hdlr' box before first track
Bug:
21725583
Change-Id: I799c1967759c7e49fb50281a1708188450caac77
(cherry picked from commit
cf75af8f76265fb2909028f5dc68c7029dbe5f49)
Flanker [Tue, 29 Sep 2015 06:28:47 +0000 (06:28 +0000)]
am
3737a3fa: DO NOT MERGE stagefright: fix AMessage::FromParcel
* commit '
3737a3fa121796131ea5b782230e65dad9ccf90f':
DO NOT MERGE stagefright: fix AMessage::FromParcel
Flanker [Fri, 11 Sep 2015 11:05:47 +0000 (19:05 +0800)]
DO NOT MERGE stagefright: fix AMessage::FromParcel
Add check for incoming mNumItems. Also add check readCString return
value.
Fix style & add log.
Bug:
24123723
Change-Id: If41a5312c27d868f481893eef56019b6807c39b7
Andy Hung [Thu, 24 Sep 2015 22:08:13 +0000 (15:08 -0700)]
DO NOT MERGE - AudioFlinger: Clear record buffers when starting RecordThread
Bug:
24211743
Bug:
24267152
Change-Id: I58c55e56b85067b71e4e300f947b4dfc159637ba
Jeff Tinker [Thu, 17 Sep 2015 17:28:47 +0000 (17:28 +0000)]
am
6272fa1b: Merge "DO NOT MERGE Fix vulnerability in mediaserver" into klp-dev
* commit '
6272fa1baf361a6a89607243638cc592047947b3':
DO NOT MERGE Fix vulnerability in mediaserver
Jeff Tinker [Thu, 17 Sep 2015 17:28:46 +0000 (17:28 +0000)]
am
f43125ed: Merge "Fix for security vulnerability in media server DO NOT MERGE" into klp-dev
* commit '
f43125ed08a408b02613b99f058564d97ce690cc':
Fix for security vulnerability in media server DO NOT MERGE
Jeff Tinker [Thu, 17 Sep 2015 17:04:25 +0000 (17:04 +0000)]
Merge "DO NOT MERGE Fix vulnerability in mediaserver" into klp-dev
Jeff Tinker [Thu, 17 Sep 2015 17:04:05 +0000 (17:04 +0000)]
Merge "Fix for security vulnerability in media server DO NOT MERGE" into klp-dev
Wei Jia [Thu, 17 Sep 2015 13:36:52 +0000 (13:36 +0000)]
am
ae922517: Merge "DO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info leak when writing them to Parcel." into klp-dev
* commit '
ae92251730865e0c4bc59ef2a8fe9dacb6de41b9':
DO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info leak when writing them to Parcel.
Wei Jia [Thu, 17 Sep 2015 13:19:08 +0000 (13:19 +0000)]
Merge "DO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info leak when writing them to Parcel." into klp-dev
Jeff Tinker [Wed, 16 Sep 2015 18:33:58 +0000 (18:33 +0000)]
am
d386c5be: Merge "Fix heap data leak vulnerability" into klp-dev
* commit '
d386c5be9505d2db24048a6e08ab714f2151dac2':
Fix heap data leak vulnerability
Jeff Tinker [Wed, 16 Sep 2015 18:17:46 +0000 (18:17 +0000)]
Merge "Fix heap data leak vulnerability" into klp-dev
Jeff Tinker [Wed, 16 Sep 2015 17:23:12 +0000 (10:23 -0700)]
DO NOT MERGE Fix vulnerability in mediaserver
ICrypto.cpp: ASLR bypass using DECRYPT IPC
bug:
24074485
Change-Id: I40dd0e92083c7093030393b16dbab59323306a4e
Wei Jia [Thu, 10 Sep 2015 16:47:29 +0000 (09:47 -0700)]
DO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info leak when writing them to Parcel.
Bug:
23953967
Change-Id: Ibbe841da149038675e9e8daea76c77558bc8564b
(cherry picked from commit
983dca391a76fb45df999fc40e8766b9ddb63511)
Wonsik Kim [Wed, 16 Sep 2015 07:37:16 +0000 (07:37 +0000)]
am
b21a6420: Merge "DO NOT MERGE NuCachedSource2: fix possible erroneous early free" into klp-dev
* commit '
b21a642067477c72f419956da0ca8dafe0c04eab':
DO NOT MERGE NuCachedSource2: fix possible erroneous early free
Wonsik Kim [Wed, 16 Sep 2015 07:11:04 +0000 (07:11 +0000)]
Merge "DO NOT MERGE NuCachedSource2: fix possible erroneous early free" into klp-dev
Jeff Tinker [Mon, 14 Sep 2015 20:55:23 +0000 (13:55 -0700)]
Fix heap data leak vulnerability
bug:
23600291
Change-Id: I7979e9e25ada01c13775be8580d433a8b4ce4ffe
Jeff Tinker [Mon, 14 Sep 2015 17:18:56 +0000 (10:18 -0700)]
Fix for security vulnerability in media server DO NOT MERGE
bug:
23540426
Change-Id: I5d602f99fd82e50d0136d47ce20cfa1ac9fd7ae2
Wonsik Kim [Tue, 8 Sep 2015 08:32:28 +0000 (17:32 +0900)]
DO NOT MERGE NuCachedSource2: fix possible erroneous early free
Because the constructor of NuCachedSource2 sent a message to
AHandlerReflector object, AHandlerReflector::onMessageReceived could
have executed just before the object gets wrapped in a strong
pointer, resulting in erroneous early free. Fix the issue by using
static Create function to ensure the message is sent after the
object is wrapped in a sp.
Bug:
23882800
Change-Id: I38a9d7a3083f184b4c81d0b00ba1661721278855
Wei Jia [Fri, 11 Sep 2015 14:10:14 +0000 (14:10 +0000)]
am
741a3351: Merge "DO NOT MERGE - IAudioFlinger: clear config before reading it from parcel." into klp-dev
* commit '
741a335126a562ae8f5883cc0b02ba72f40e56f3':
DO NOT MERGE - IAudioFlinger: clear config before reading it from parcel.
Wei Jia [Fri, 11 Sep 2015 13:54:59 +0000 (13:54 +0000)]
Merge "DO NOT MERGE - IAudioFlinger: clear config before reading it from parcel." into klp-dev
Wonsik Kim [Fri, 11 Sep 2015 07:50:35 +0000 (07:50 +0000)]
am
b659b4c7: Merge "DO NOT MERGE fix build" into klp-dev
* commit '
b659b4c7e1405056d189b44bd96036b6500dd378':
DO NOT MERGE fix build
Wonsik Kim [Fri, 11 Sep 2015 07:34:53 +0000 (07:34 +0000)]
Merge "DO NOT MERGE fix build" into klp-dev
Wonsik Kim [Fri, 11 Sep 2015 07:14:18 +0000 (16:14 +0900)]
DO NOT MERGE fix build
Bug:
23707088
Change-Id: Ib0d6cbc52710f33310d21b2eae1f243f0f8e8bca
Wonsik Kim [Fri, 11 Sep 2015 07:25:22 +0000 (07:25 +0000)]
am
1784a8db: Merge "DO NOT MERGE Avoid size_t overflow in base64 decoding once again" into klp-dev
* commit '
1784a8dbbc73b3e6033340d107b6c08478b962c8':
DO NOT MERGE Avoid size_t overflow in base64 decoding once again
Wonsik Kim [Fri, 11 Sep 2015 06:49:22 +0000 (06:49 +0000)]
Merge "DO NOT MERGE Avoid size_t overflow in base64 decoding once again" into klp-dev
Wei Jia [Thu, 10 Sep 2015 21:23:55 +0000 (21:23 +0000)]
am
69ae6a87: libstagefright: fix A_Refl to return immediately when there is an error.
* commit '
69ae6a87342d5260d8d8660accc8aa1b9367dbbe':
libstagefright: fix A_Refl to return immediately when there is an error.
Wei Jia [Wed, 9 Sep 2015 16:48:34 +0000 (09:48 -0700)]
DO NOT MERGE - IAudioFlinger: clear config before reading it from parcel.
Bug:
23905951
Bug:
23912202
Change-Id: Id13a9d3cae2c09e7381b841e67ddfb188274d74c
(cherry picked from commit
e995e477ad59b79145200c8f1e9e13c16c682d59)
Wonsik Kim [Mon, 7 Sep 2015 06:52:27 +0000 (15:52 +0900)]
DO NOT MERGE Avoid size_t overflow in base64 decoding once again
Switch to foundation base64 function in OggExtractor and fix the
issue there.
Bug:
23707088
Change-Id: I999ae911177c88dc13f9ee9796ca93c5928b20b0
Wei Jia [Fri, 4 Sep 2015 16:13:37 +0000 (09:13 -0700)]
libstagefright: fix A_Refl to return immediately when there is an error.
Bug:
23609206
Change-Id: I2ad25fb208df17f5a5b6d6b356eff2f400627f22
(cherry picked from commit
715dcb9c90d86c1a02a0da056f3cee8875ad1230)
Robert Shih [Thu, 3 Sep 2015 17:52:44 +0000 (17:52 +0000)]
am
13ff64c2: Merge "Zero out return values in media binder calls" into klp-dev
* commit '
13ff64c2db84f4e7cac3396700e333b48c42c7ee':
Zero out return values in media binder calls
Andy Hung [Thu, 3 Sep 2015 17:52:43 +0000 (17:52 +0000)]
am
ab203130: Merge "Make IEffect command more robust (second try)" into klp-dev
* commit '
ab20313074bb109f29f677c3f09d5da1a48c94e7':
Make IEffect command more robust (second try)
Marco Nelissen [Thu, 3 Sep 2015 17:52:42 +0000 (17:52 +0000)]
am
74888428: Merge "Fix timedtext parsing" into klp-dev
* commit '
74888428e51a2aa123e301912d09973bd9310c33':
Fix timedtext parsing
Robert Shih [Thu, 3 Sep 2015 17:21:20 +0000 (17:21 +0000)]
Merge "Zero out return values in media binder calls" into klp-dev
Andy Hung [Thu, 3 Sep 2015 17:16:12 +0000 (17:16 +0000)]
Merge "Make IEffect command more robust (second try)" into klp-dev
Wei Jia [Thu, 3 Sep 2015 17:14:06 +0000 (17:14 +0000)]
am
9d916c77: DO NOT MERGE - libstagefright: sanity check size before dereferencing pointer in Utils.cpp
* commit '
9d916c771ca32cb2d0df27b85ce3e17bb6b48eaf':
DO NOT MERGE - libstagefright: sanity check size before dereferencing pointer in Utils.cpp
Marco Nelissen [Thu, 3 Sep 2015 17:05:55 +0000 (17:05 +0000)]
Merge "Fix timedtext parsing" into klp-dev
Wei Jia [Tue, 1 Sep 2015 18:14:18 +0000 (11:14 -0700)]
DO NOT MERGE - libstagefright: sanity check size before dereferencing pointer in Utils.cpp
Also remove some CHECK's.
Bug:
23680780
Change-Id: I62d0941e203e40209fa6fbe3f923f3efdc5a6c23
(cherry picked from commit
7bb772e0c643ff3292599cf485b9dbf232bf39a4)
Wonsik Kim [Thu, 3 Sep 2015 07:54:01 +0000 (07:54 +0000)]
am
d2605273: Ogg: avoid size_t overflow in base64 decoding
* commit '
d26052738f7b095b7e318c8dde7f32db0a48450c':
Ogg: avoid size_t overflow in base64 decoding
Wonsik Kim [Wed, 2 Sep 2015 07:02:19 +0000 (16:02 +0900)]
Ogg: avoid size_t overflow in base64 decoding
Bug:
23707088
Change-Id: I8d32841fee3213c721cdcc57788807ea64d19d74
Robert Shih [Wed, 2 Sep 2015 23:46:59 +0000 (16:46 -0700)]
Zero out return values in media binder calls
More specifically when handling:
* GET_STREAM_VOLUME in IAudioPolicyService, and
* GET_CURRENT_POSITION and GET_DURATION in IMediaPlayer
This prevents leaking uninitialized values across binder in error cases.
Bug:
23756261
Change-Id: I0ffd900ab12b685b0611259ade4a3efb1ec5defe
Andy Hung [Tue, 1 Sep 2015 20:07:56 +0000 (20:07 +0000)]
Make IEffect command more robust (second try)
Bug:
23540907
Change-Id: If30cfa535ad51521053706fc40fc98d893db5bc7
(cherry picked from commit
10e6660cc5da65b027c90489ba7ac55d1504e012)
Marco Nelissen [Thu, 27 Aug 2015 20:49:32 +0000 (13:49 -0700)]
Fix timedtext parsing
Add bounds checking and fix other bugs.
Bug:
23284974
Bug:
23541506
Bug:
23542351
Bug:
23542352
Change-Id: I53551efdf109ce1833e0c361efaf4cee7a851023
Andy Hung [Fri, 28 Aug 2015 21:08:45 +0000 (21:08 +0000)]
am
f394f121: Merge "libmedia: clear reply data for IEffect command" into klp-dev
* commit '
f394f12167fddbc755855d06b615509517c99f14':
libmedia: clear reply data for IEffect command
Andy Hung [Fri, 28 Aug 2015 20:49:57 +0000 (20:49 +0000)]
Merge "libmedia: clear reply data for IEffect command" into klp-dev
Nick Kralevich [Thu, 27 Aug 2015 21:45:45 +0000 (21:45 +0000)]
am
0981df6e: IMediaPlayer.cpp: make sure structures are initialized to 0
* commit '
0981df6e3db106bfb7a56a2b668c012fcc34dd2c':
IMediaPlayer.cpp: make sure structures are initialized to 0
Nick Kralevich [Thu, 20 Aug 2015 16:56:39 +0000 (09:56 -0700)]
IMediaPlayer.cpp: make sure structures are initialized to 0
Credit https://code.google.com/p/android/issues/detail?id=183310
Bug:
23515142
Change-Id: Idbd66fb148bd0ac1dd78f8651d0164f2a41e2427
(cherry picked from commit
b73b826cc16291b33649402497efbe0f946413bd)
Andy Hung [Wed, 26 Aug 2015 23:34:33 +0000 (16:34 -0700)]
libmedia: clear reply data for IEffect command
Bug:
23540907
Change-Id: Ib89afc6b273b0eb310bbc5a1bd92b1e3d407c249
Abhishek Arya [Tue, 25 Aug 2015 05:23:24 +0000 (05:23 +0000)]
am
9a2be5d4: Merge "DO NOT MERGE - Fix software video decoder buffer size calculation" into klp-dev
* commit '
9a2be5d49d57b239bf6345f033eab01ba98f3889':
DO NOT MERGE - Fix software video decoder buffer size calculation
Wei Jia [Tue, 25 Aug 2015 05:23:23 +0000 (05:23 +0000)]
am
a5f50e98: DO NOT MERGE - SoftwareRenderer: sanity check buffer size before copying data.
* commit '
a5f50e98d1408addcaaac27e4d13981163d12a15':
DO NOT MERGE - SoftwareRenderer: sanity check buffer size before copying data.
Abhishek Arya [Tue, 25 Aug 2015 04:00:04 +0000 (04:00 +0000)]
Merge "DO NOT MERGE - Fix software video decoder buffer size calculation" into klp-dev
Marco Nelissen [Tue, 16 Jun 2015 21:50:36 +0000 (14:50 -0700)]
DO NOT MERGE - Fix software video decoder buffer size calculation
Various software video decoders would specify the buffer size as if it were
fully cropped, which then failed a sanity check in SoftwareRenderer.
They now return the full buffer size.
Bug:
21717327
Bug:
21443020
Change-Id: I19fcd091827ebd52a95a5509281a07ccc156e0e5
(cherry picked from commit
3ecc9db40b1fb9c7f807a5892e5c9625aac1fb06)
Wei Jia [Mon, 8 Jun 2015 21:01:42 +0000 (14:01 -0700)]
DO NOT MERGE - SoftwareRenderer: sanity check buffer size before copying data.
Bug:
21443020
Change-Id: I63cf86217b8201fb41809c23e4b752b845a93ee2
(cherry picked from commit
760f92f8b6da9c9cf128cb18fe3c09402fdde6cd)
Wei Jia [Sun, 23 Aug 2015 19:08:27 +0000 (19:08 +0000)]
am
af7e33f6: libstagefright: check overflow before memory allocation in OMXCodec.cpp
* commit '
af7e33f6043c0be1c0310d675884e3b263ca2438':
libstagefright: check overflow before memory allocation in OMXCodec.cpp
Marco Nelissen [Sun, 23 Aug 2015 19:08:25 +0000 (19:08 +0000)]
am
dedaca6f: Limit allocations to avoid out-of-memory
* commit '
dedaca6f04ac9f95fabe3b64d44cd1a2050f079e':
Limit allocations to avoid out-of-memory
Wei Jia [Fri, 21 Aug 2015 23:49:51 +0000 (16:49 -0700)]
libstagefright: check overflow before memory allocation in OMXCodec.cpp
Bug:
23416608
Change-Id: I4dacd38ed42db8f4887c3ee386dc909451f4346f
Marco Nelissen [Thu, 4 Jun 2015 18:01:15 +0000 (11:01 -0700)]
Limit allocations to avoid out-of-memory
Corrupt files could cause very large allocations, limit them to something
more reasonable.
Bug:
17769851
Change-Id: Ib0f722fd6fddff873bd7a547aac456e608c34c84
Robert Shih [Sat, 22 Aug 2015 01:08:44 +0000 (01:08 +0000)]
am
3b42241a: Merge "Prevent integer issues in ID3::Iterator::findFrame" into klp-dev
* commit '
3b42241aab5855964d1bd60268ae21c2d9cc6065':
Prevent integer issues in ID3::Iterator::findFrame
Robert Shih [Sat, 22 Aug 2015 00:54:32 +0000 (00:54 +0000)]
Merge "Prevent integer issues in ID3::Iterator::findFrame" into klp-dev
Joshua J. Drake [Sat, 15 Aug 2015 13:17:03 +0000 (08:17 -0500)]
Prevent integer issues in ID3::Iterator::findFrame
Integer overflows could occur a few places within findFrame. These can lead to
out-of-bounds reads and potentially infinite loops. Ensure that arithmetic does
not wrap around to prevent these behaviors.
Bug:
23285192
Change-Id: I72a61df7d5719d1d3f2bd0b37fba86f0f4bbedee
Wei Jia [Fri, 21 Aug 2015 19:57:30 +0000 (19:57 +0000)]
am
d8816a13: DO NOT MERGE libstagefright: Fix crash in convertMetaDataToMessage
* commit '
d8816a13dbcafd5d61d26a8a6b2e892452bca1a7':
DO NOT MERGE libstagefright: Fix crash in convertMetaDataToMessage
Wei Jia [Thu, 25 Jun 2015 18:46:54 +0000 (11:46 -0700)]
DO NOT MERGE libstagefright: Fix crash in convertMetaDataToMessage
- The ABuffer used for the Message has a preset value of 1024, if
flattening the meta data exceeds this value, a check fails hence
the crash.
- This change creates a new ABuffer if the buffer size would exceed
the buffer capacity.
Bug:
22771132
CRs-Fixed: 857850
(cherry picked from commit
4bce636865bdf0e2a79fc9a5d9a69107649c850d)
Change-Id: Ia0a963e9872f646791e75b710ff9e227a66af4f9
Jeff Tinker [Fri, 21 Aug 2015 18:51:27 +0000 (18:51 +0000)]
am
8de6d690: Fix build break DO NOT MERGE
* commit '
8de6d690ae5843bd8e005deedea571596f79bbd3':
Fix build break DO NOT MERGE
Jeff Tinker [Fri, 21 Aug 2015 16:58:12 +0000 (09:58 -0700)]
Fix build break DO NOT MERGE
related-to-bug:
23223325
Change-Id: I7b09712b5f18912abddd50b75f6edaf860e894c1
Jeff Tinker [Fri, 21 Aug 2015 15:36:21 +0000 (15:36 +0000)]
am
c2153d0d: DO NOT MERGE Part of fix for libmedia OOB write anywhere
* commit '
c2153d0dc800d0718788dccd0f2a2d29f4647c03':
DO NOT MERGE Part of fix for libmedia OOB write anywhere
Jeff Tinker [Tue, 18 Aug 2015 00:57:47 +0000 (17:57 -0700)]
DO NOT MERGE Part of fix for libmedia OOB write anywhere
Clarify that decrypt destination is not a pointer for
secure case.
b/
23223325
Change-Id: I642dcf790a9eb9e32175f3e0d8f040c82228e3ac
(cherry picked from commit
ed555d70d80964f40563d89a4e6d6a80f83f4b89)
Marco Nelissen [Thu, 20 Aug 2015 20:30:04 +0000 (20:30 +0000)]
am
5aa887ef: am
59bfb7aa: (-s ours) am
18a8124f: am
da0a48d2: (-s ours) am
6020f066: am
b294a97a: am
6cba5819: am
51bfaf6c: am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
5aa887ef44238e9a727564fe9051933f8b42e399':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 20:17:34 +0000 (20:17 +0000)]
am
59bfb7aa: (-s ours) am
18a8124f: am
da0a48d2: (-s ours) am
6020f066: am
b294a97a: am
6cba5819: am
51bfaf6c: am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
59bfb7aa42ce2404da2547e7852e1a1215c6af22':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 20:11:03 +0000 (20:11 +0000)]
am
18a8124f: am
da0a48d2: (-s ours) am
6020f066: am
b294a97a: am
6cba5819: am
51bfaf6c: am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
18a8124f582e9d763670e3bcc6ef6b2b00c4d394':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:53:55 +0000 (19:53 +0000)]
am
da0a48d2: (-s ours) am
6020f066: am
b294a97a: am
6cba5819: am
51bfaf6c: am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
da0a48d2704b231f13dbdb28cc4c4d12b08e3faf':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:46:41 +0000 (19:46 +0000)]
am
6020f066: am
b294a97a: am
6cba5819: am
51bfaf6c: am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
6020f06633f8cac09f47e561cc389c5b9b152464':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:41:14 +0000 (19:41 +0000)]
am
b294a97a: am
6cba5819: am
51bfaf6c: am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
b294a97a6fed15d379ce11084166780e7d9dd883':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:32:06 +0000 (19:32 +0000)]
am
6cba5819: am
51bfaf6c: am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
6cba5819ab84cc58a8273428dcf9ae98c0c9bc42':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:25:42 +0000 (19:25 +0000)]
am
51bfaf6c: am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
51bfaf6cf74498f92cd400e4d5b3d55b04fc7a06':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:18:30 +0000 (19:18 +0000)]
am
1afea551: am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
1afea5517477554f452396c29db375e34d108f89':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:12:29 +0000 (19:12 +0000)]
am
ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
* commit '
ce73af077199122e0e5a80b019f949d0f181410f':
DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 18:29:58 +0000 (11:29 -0700)]
resolved conflicts for merge of
8a064aa8 to klp-modular-dev
Change-Id: If031955c9edca657401831fbfa5a128f0b4c6d86
OSDN Git Service
