OSDN Git Service
Robert Shih [Thu, 14 Jul 2016 01:25:30 +0000 (01:25 +0000)]
Merge \\"OMXCodec: check IMemory::pointer() before using allocation\\" into klp-dev am:
f545c72b97
am:
d89781f3be
Change-Id: Iae2cc6d8f4512e7e1f4273bbb28b292337e291b6
Robert Shih [Thu, 14 Jul 2016 01:22:56 +0000 (01:22 +0000)]
Merge \"OMXCodec: check IMemory::pointer() before using allocation\" into klp-dev
am:
f545c72b97
Change-Id: I9206ce86485cb3acc2540d135f6beacc03bb38f5
Robert Shih [Thu, 14 Jul 2016 01:16:52 +0000 (01:16 +0000)]
Merge "OMXCodec: check IMemory::pointer() before using allocation" into klp-dev
Ray Essick [Wed, 13 Jul 2016 22:41:18 +0000 (22:41 +0000)]
Merge \\"Fix corruption via buffer overflow in mediaserver\\" into klp-dev am:
b5299033ce
am:
357e0f132e
Change-Id: Ia387bc54c8d51975aa4c938616a43e47cb3338d9
Ray Essick [Wed, 13 Jul 2016 22:38:29 +0000 (22:38 +0000)]
Merge \"Fix corruption via buffer overflow in mediaserver\" into klp-dev
am:
b5299033ce
Change-Id: I774cb0256be49317851488879221a1c3602148f3
Ray Essick [Wed, 13 Jul 2016 22:12:57 +0000 (22:12 +0000)]
Merge "Fix corruption via buffer overflow in mediaserver" into klp-dev
Wonsik Kim [Wed, 13 Jul 2016 03:56:57 +0000 (03:56 +0000)]
Merge \\"DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble\\" into klp-dev am:
b239e27433
am:
cc3c549065
Change-Id: I772fba4484975a2f28fc947e4a16296b400f5a99
Wonsik Kim [Wed, 13 Jul 2016 03:45:39 +0000 (03:45 +0000)]
Merge \"DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble\" into klp-dev
am:
b239e27433
Change-Id: I2f3e5b3b1e4451506e7c66ced8222137d504abdb
Wonsik Kim [Wed, 13 Jul 2016 03:32:16 +0000 (03:32 +0000)]
Merge "DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble" into klp-dev
Robert Shih [Wed, 13 Jul 2016 01:00:53 +0000 (18:00 -0700)]
OMXCodec: check IMemory::pointer() before using allocation
Bug:
29421811
Change-Id: I0a73ba12bae4122f1d89fc92e5ea4f6a96cd1ed1
Pawin Vongmasa [Mon, 11 Jul 2016 21:06:45 +0000 (21:06 +0000)]
Impose a size bound for dynamically allocated tables in stbl. am:
583a012a9f
am:
34519820bf
Change-Id: Ie338b5b5c726137d173caa97e3a1b428d04d1837
Pawin Vongmasa [Mon, 11 Jul 2016 21:03:59 +0000 (21:03 +0000)]
Impose a size bound for dynamically allocated tables in stbl.
am:
583a012a9f
Change-Id: Ide23dfb85980fe89f3b7b536894947981ccd7aaf
Ray Essick [Wed, 6 Jul 2016 17:13:25 +0000 (10:13 -0700)]
Fix corruption via buffer overflow in mediaserver
change unbound sprintf() to snprintf() so network-provided values
can't overflow the buffers.
Applicable to all K/L/M/N branches.
Bug:
25747670
Change-Id: Id6a5120c2d08a6fbbd47deffb680ecf82015f4f6
Wonsik Kim [Thu, 16 Jun 2016 16:24:30 +0000 (01:24 +0900)]
DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble
Additionally, remove use of variable length array which is
non-standard in C++.
Bug:
29161888
Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
Pawin Vongmasa [Wed, 22 Jun 2016 02:10:21 +0000 (19:10 -0700)]
Impose a size bound for dynamically allocated tables in stbl.
Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss
boxes. Also change mTimeToSample from Vector to array.
Bug:
29367429
Change-Id: I953bea9fe0590268cf27376740f582dc88563d42
Wonsik Kim [Wed, 22 Jun 2016 18:33:49 +0000 (18:33 +0000)]
Merge \\"Revert \\"Impose a size bound for dynamically allocated tables in stbl.\\"\\" into klp-dev am:
7e6bd6a911
am:
3ad7688745
Change-Id: I02de46ed2ce14428a45826270b557426ee2aaf47
Wonsik Kim [Wed, 22 Jun 2016 18:31:13 +0000 (18:31 +0000)]
Merge \"Revert \"Impose a size bound for dynamically allocated tables in stbl.\"\" into klp-dev
am:
7e6bd6a911
Change-Id: Id0ca80f03ee0426730951f7961ef903c29d3c6ef
Wonsik Kim [Wed, 22 Jun 2016 18:27:32 +0000 (18:27 +0000)]
Merge "Revert "Impose a size bound for dynamically allocated tables in stbl."" into klp-dev
Wonsik Kim [Wed, 22 Jun 2016 18:19:15 +0000 (18:19 +0000)]
Revert "Impose a size bound for dynamically allocated tables in stbl."
This reverts commit
25e029746796fe88e82417fb01af2e27b8bbadb2.
Change-Id: I91225838a8be72a3cd413f2bcb99e7dca7e62929
Wonsik Kim [Wed, 22 Jun 2016 17:55:12 +0000 (17:55 +0000)]
Merge \\"Impose a size bound for dynamically allocated tables in stbl.\\" into klp-dev am:
8f73edb22a
am:
a263248bf0
Change-Id: I0389073f6b18450edc8fa70ed3ec72683a166915
Pawin Vongmasa [Wed, 22 Jun 2016 17:51:55 +0000 (17:51 +0000)]
Merge \"Impose a size bound for dynamically allocated tables in stbl.\" into klp-dev
am:
8f73edb22a
Change-Id: I2dfcb7ee560fdd01f6800a34d50397ac4f71798f
Wonsik Kim [Wed, 22 Jun 2016 17:38:54 +0000 (17:38 +0000)]
Merge "Impose a size bound for dynamically allocated tables in stbl." into klp-dev
Pawin Vongmasa [Wed, 22 Jun 2016 02:10:21 +0000 (19:10 -0700)]
Impose a size bound for dynamically allocated tables in stbl.
Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss
boxes. Also change Vector to std::vector for efficiency and consistency.
Bug:
29367429
Change-Id: I175da524612b9fe68496c612966af51f01a5cd5e
Eino-Ville Talvala [Tue, 21 Jun 2016 22:03:33 +0000 (22:03 +0000)]
Merge \\"DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak\\" into klp-dev am:
22d6575710
am:
4bec033ded
Change-Id: I68dd7d3ea94b10104c235007fd03230ef5ae0146
Eino-Ville Talvala [Tue, 21 Jun 2016 22:00:22 +0000 (22:00 +0000)]
Merge \"DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak\" into klp-dev
am:
22d6575710
Change-Id: I0c2a4ebf1ce1e47a819f2ea2e67ea4bb6f055526
Eino-Ville Talvala [Tue, 21 Jun 2016 21:57:34 +0000 (21:57 +0000)]
Merge "DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak" into klp-dev
Wonsik Kim [Tue, 21 Jun 2016 17:38:38 +0000 (17:38 +0000)]
Merge \\"DO NOT MERGE omx: check buffer port before using\\" into klp-dev am:
5713902f6a
am:
1410b5034f
Change-Id: Ib6d17c24784c51a7301094d69a08d13693a1dd16
Andy Hung [Tue, 21 Jun 2016 17:38:37 +0000 (17:38 +0000)]
Check effect command reply size in AudioFlinger am:
110bc9547a
am:
075c8f7713
Change-Id: I7b70873d12dc258b362c88c8a9ea47ca0e0578ca
Wonsik Kim [Tue, 21 Jun 2016 17:35:54 +0000 (17:35 +0000)]
Merge \"DO NOT MERGE omx: check buffer port before using\" into klp-dev
am:
5713902f6a
Change-Id: I8556765a98c6e381548b0b15a90ff08e7281411b
Andy Hung [Tue, 21 Jun 2016 17:35:54 +0000 (17:35 +0000)]
Check effect command reply size in AudioFlinger
am:
110bc9547a
Change-Id: I9649715366450333fab28b4f2f1510edde63fb6a
Wonsik Kim [Tue, 21 Jun 2016 17:29:39 +0000 (17:29 +0000)]
Merge "DO NOT MERGE omx: check buffer port before using" into klp-dev
Eino-Ville Talvala [Tue, 21 Jun 2016 00:00:14 +0000 (17:00 -0700)]
DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak
Subtract address of a random static object from pointers being routed
through app process.
Bug:
28466701
Change-Id: Idcbfe81e9507433769672f3dc6d67db5eeed4e04
Wonsik Kim [Wed, 25 May 2016 07:54:08 +0000 (16:54 +0900)]
DO NOT MERGE omx: check buffer port before using
Bug:
28816827
Change-Id: I3d5bad4a1ef96dec544b05bb31cc6f7109aae0a5
Andy Hung [Mon, 20 Jun 2016 22:22:52 +0000 (15:22 -0700)]
Check effect command reply size in AudioFlinger
Bug:
29251553
Change-Id: I1bcc1281f1f0542bb645f6358ce31631f2a8ffbf
Marco Nelissen [Fri, 10 Jun 2016 23:16:02 +0000 (23:16 +0000)]
Merge \\"DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer\\" into klp-dev am:
dc7357d201
am:
7e6001b97d
Change-Id: I405712eeccacfe73708b571dd7242ee9eeb96715
Marco Nelissen [Fri, 10 Jun 2016 23:12:17 +0000 (23:12 +0000)]
Merge \"DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer\" into klp-dev
am:
dc7357d201
Change-Id: Ib491eb596eca7011d82bf91338d6d56f1275222c
Marco Nelissen [Fri, 10 Jun 2016 23:02:40 +0000 (23:02 +0000)]
Merge "DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer" into klp-dev
Marco Nelissen [Wed, 8 Jun 2016 23:14:09 +0000 (23:14 +0000)]
Merge \\"Don\\'t use sp<>&\\" into klp-dev am:
598f8d3218
am:
0ee3710873
Change-Id: I95ce93c3c1975b444bd6cd2c49a3b215395d2754
Marco Nelissen [Wed, 8 Jun 2016 23:14:08 +0000 (23:14 +0000)]
Fix potential overflow am:
d0090759e7
am:
f5d9360be0
Change-Id: Ia936e59f80f6a24e449d0aee453956e3be29033a
Marco Nelissen [Wed, 8 Jun 2016 23:11:32 +0000 (23:11 +0000)]
Merge \"Don\'t use sp<>&\" into klp-dev
am:
598f8d3218
Change-Id: I25294fc199e7242dbb2a9700303e713734bbb37d
Marco Nelissen [Wed, 8 Jun 2016 23:11:31 +0000 (23:11 +0000)]
Fix potential overflow
am:
d0090759e7
Change-Id: I261e67806c6e0e6b39cdce99883574024a266c13
Marco Nelissen [Wed, 8 Jun 2016 22:56:35 +0000 (22:56 +0000)]
Merge "Don't use sp<>&" into klp-dev
Marco Nelissen [Wed, 8 Jun 2016 22:00:08 +0000 (15:00 -0700)]
DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer
Bug:
29153599
Change-Id: Ieb70a90cf31927165de7a840bfdd3ee2c76f4cbd
Marco Nelissen [Tue, 7 Jun 2016 22:48:07 +0000 (15:48 -0700)]
Fix potential overflow
Bug:
28533562
Change-Id: I798ab24caa4c81f3ba564cad7c9ee019284fb702
Marco Nelissen [Tue, 7 Jun 2016 19:26:43 +0000 (12:26 -0700)]
Don't use sp<>&
because they may end up pointing to NULL after a NULL check was performed.
Bug:
28166152
Change-Id: Iab2ea30395b620628cc6f3d067dd4f6fcda824fe
Wei Jia [Wed, 25 May 2016 18:37:08 +0000 (18:37 +0000)]
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track. am:
b016207fc2
am:
e2ca751723
* commit '
e2ca7517232e2df2dc16d358809d7e4723827c42':
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
Change-Id: Ia1dd264fc19f8c82a59a5e2656375f2c2c4403ff
Wei Jia [Wed, 25 May 2016 18:29:43 +0000 (18:29 +0000)]
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
am:
b016207fc2
* commit '
b016207fc2442420e8d3a8633575ffe4fc29fef3':
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
Change-Id: I81cdae1a917cfcd712e800cf3edfd168b1c89c32
Wei Jia [Fri, 28 Aug 2015 17:35:35 +0000 (10:35 -0700)]
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
GenericSource: return error when no track exists.
SampleIterator: make sure mSamplesPerChunk is not zero before using it as divisor.
Bug:
21657957
Bug:
23705695
Bug:
22802344
Bug:
28799341
Change-Id: I7664992ade90b935d3f255dcd43ecc2898f30b04
(cherry picked from commit
0386c91b8a910a134e5898ffa924c1b6c7560b13)
Marco Nelissen [Mon, 23 May 2016 22:50:37 +0000 (22:50 +0000)]
Merge "DO NOT MERGE limit mediaserver memory" into klp-dev am:
f8429c0c14
am:
38ab87c3e3
* commit '
38ab87c3e3cd4868958fcec4d1591ebc4a9e8d1a':
DO NOT MERGE limit mediaserver memory
Change-Id: I053031830618e20ff830ae3c097abba10ae73cfc
Marco Nelissen [Mon, 23 May 2016 22:46:23 +0000 (22:46 +0000)]
Merge "DO NOT MERGE limit mediaserver memory" into klp-dev
am:
f8429c0c14
* commit '
f8429c0c147b081ff6f06f55f8fa2f36fc60063e':
DO NOT MERGE limit mediaserver memory
Change-Id: Ia88648ff82be88a90c98ded3061a6f04db74c03b
Marco Nelissen [Mon, 23 May 2016 22:35:11 +0000 (22:35 +0000)]
Merge "DO NOT MERGE limit mediaserver memory" into klp-dev
Marco Nelissen [Fri, 13 May 2016 17:43:19 +0000 (10:43 -0700)]
DO NOT MERGE limit mediaserver memory
Limit mediaserver using rlimit, to prevent it from bringing down the system
via the low memory killer.
Default max is 65% of total RAM, but can be customized via system property.
Bug:
28471206
Bug:
28615448
Change-Id: I14fac1e12b5f3983be08a21bfbfc54feedbf3f16
Marco Nelissen [Mon, 23 May 2016 14:40:27 +0000 (14:40 +0000)]
Merge "DO NOT MERGE Check malloc result to avoid NPD" into klp-dev am:
fddbb1a791
am:
9897bd43a6
* commit '
9897bd43a614c28e6c52dcbce817d9ef6f201ccc':
DO NOT MERGE Check malloc result to avoid NPD
Change-Id: Ia9f97994af54fff11644f7d59821e8ddf6fb54f1
Marco Nelissen [Mon, 23 May 2016 14:37:29 +0000 (14:37 +0000)]
Merge "DO NOT MERGE Check malloc result to avoid NPD" into klp-dev
am:
fddbb1a791
* commit '
fddbb1a791975adfa1323377b09606ad44122ff2':
DO NOT MERGE Check malloc result to avoid NPD
Change-Id: Idf65c8e5520e1c2a4571ea434f0114ae13334e7b
Marco Nelissen [Mon, 23 May 2016 14:32:45 +0000 (14:32 +0000)]
Merge "DO NOT MERGE Check malloc result to avoid NPD" into klp-dev
Jeff Tinker [Fri, 13 May 2016 21:17:31 +0000 (21:17 +0000)]
Merge "Fix security vulnerability in libstagefright" into klp-dev am:
eb37c37c59
am:
883b244f45
* commit '
883b244f4567fe0cd099f0583940e531eb0e2af4':
Fix security vulnerability in libstagefright
Change-Id: Idd0798f74590e2546c4f0d1b0940ccf7e42f5a17
Jeff Tinker [Fri, 13 May 2016 21:14:44 +0000 (21:14 +0000)]
Merge "Fix security vulnerability in libstagefright" into klp-dev
am:
eb37c37c59
* commit '
eb37c37c594604d0e6acbf14be6e04e065fab226':
Fix security vulnerability in libstagefright
Change-Id: Icaecc46c13c06e6eff0167bbc1af4c580d161f62
Jeff Tinker [Fri, 13 May 2016 21:08:15 +0000 (21:08 +0000)]
Merge "Fix security vulnerability in libstagefright" into klp-dev
Marco Nelissen [Wed, 11 May 2016 18:11:20 +0000 (11:11 -0700)]
DO NOT MERGE Check malloc result to avoid NPD
Bug:
28471206
Change-Id: Id5d055d76893d6f53a2e524ff5f282d1ddca3345
Pawin Vongmasa [Fri, 13 May 2016 19:46:20 +0000 (19:46 +0000)]
h264bsdActivateParamSets: Prevent multiplication overflow. am:
87277aac64
am:
2a68d5279d
* commit '
2a68d5279d714188c50a32819ae0d0ed2535a763':
h264bsdActivateParamSets: Prevent multiplication overflow.
Change-Id: I00c30eb03aab08cb86afa34ab3e7a86a176b4dda
Pawin Vongmasa [Fri, 13 May 2016 19:43:42 +0000 (19:43 +0000)]
h264bsdActivateParamSets: Prevent multiplication overflow.
am:
87277aac64
* commit '
87277aac64a21461b657298dcdcb809737347980':
h264bsdActivateParamSets: Prevent multiplication overflow.
Change-Id: I87166daa0493721d44a10531466b59080b65f153
Jeff Tinker [Fri, 13 May 2016 18:48:11 +0000 (11:48 -0700)]
Fix security vulnerability in libstagefright
bug:
28175045
Change-Id: Icee6c7eb5b761da4aa3e412fb71825508d74d38f
Pawin Vongmasa [Wed, 11 May 2016 23:08:21 +0000 (16:08 -0700)]
h264bsdActivateParamSets: Prevent multiplication overflow.
Report MEMORY_ALLOCATION_ERROR if pStorage->picSizeInMbs would
exceed UINT32_MAX bytes.
Bug:
28532266
Change-Id: Ia6f11efb18818afcdb5fa2a38a14f2a2d8c8447a
Marco Nelissen [Tue, 3 May 2016 23:23:01 +0000 (23:23 +0000)]
Merge "Clear unused pointer field when sending across binder" into klp-dev am:
71095f174e
am:
4b817b51e2
* commit '
4b817b51e2998719037f362c7b70ee71c76abeb8':
Clear unused pointer field when sending across binder
Change-Id: I6d09ecb88cf32f2c720dd0ec66964ec94ad210da
Marco Nelissen [Tue, 3 May 2016 23:20:38 +0000 (23:20 +0000)]
Merge "Clear unused pointer field when sending across binder" into klp-dev
am:
71095f174e
* commit '
71095f174e8b88e008623b4cacd4ec0581b9015c':
Clear unused pointer field when sending across binder
Change-Id: I5d6dee2901dca6c63ed41abf5d1165ac85a69d7e
Marco Nelissen [Tue, 3 May 2016 23:15:43 +0000 (23:15 +0000)]
Merge "Clear unused pointer field when sending across binder" into klp-dev
Marco Nelissen [Mon, 2 May 2016 21:12:34 +0000 (14:12 -0700)]
Clear unused pointer field when sending across binder
Bug:
28377502
Change-Id: Iad5ebfb0a9ef89f09755bb332579dbd3534f9c98
Marco Nelissen [Fri, 22 Apr 2016 18:15:07 +0000 (18:15 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into klp-dev am:
c002126cb0
am:
e25ff0130e
* commit '
e25ff0130ef9fa184afb87e92c184172c8a96f71':
DO NOT MERGE More OMX struct checking
Change-Id: Ia9767e906a247c330031837c3b0b6415e319c836
Marco Nelissen [Fri, 22 Apr 2016 18:12:58 +0000 (18:12 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into klp-dev
am:
c002126cb0
* commit '
c002126cb05b1d640c0a0b51bc0de810a62ab2b1':
DO NOT MERGE More OMX struct checking
Change-Id: I206ad72ac3ed1da96b417dd9cbe170e0a0dd1d66
Marco Nelissen [Fri, 22 Apr 2016 17:45:56 +0000 (17:45 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into klp-dev
Marco Nelissen [Fri, 22 Apr 2016 14:54:04 +0000 (07:54 -0700)]
DO NOT MERGE More OMX struct checking
These were lost due to bad merges.
Bug:
27207275
Change-Id: Ia0f403d7aef79a8e0ac618eb49b34dbf9faa25c2
Pawin Vongmasa [Thu, 21 Apr 2016 18:57:16 +0000 (18:57 +0000)]
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789. am:
70dec4dc7d
am:
a1e309beb9
* commit '
a1e309beb98e8fb35422102717af4f973ef1f34b':
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
Change-Id: I1dd3ffd9a489453d0f66c0344f52c6efecf31b2e
Pawin Vongmasa [Thu, 21 Apr 2016 18:55:02 +0000 (18:55 +0000)]
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
am:
70dec4dc7d
* commit '
70dec4dc7d1d813afaff58fb26b0fd7127e897bf':
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
Change-Id: Ie3a265ed0dc34c544b0793dce06434ec64f9bacf
Pawin Vongmasa [Wed, 20 Apr 2016 22:51:48 +0000 (15:51 -0700)]
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
Detail: Before the original fix
(Id207f369ab7b27787d83f5d8fc48dc53ed9fcdc9) for
28076789, the
code allowed a time-to-sample table size to be 0. The change
made in that fix disallowed such situation, which in fact should
be allowed. This current patch allows it again while maintaining
the security of the previous fix.
Bug:
28288202
Bug:
28076789
Change-Id: I1c9a60c7f0cfcbd3d908f24998dde15d5136a295
Wonsik Kim [Mon, 18 Apr 2016 04:56:57 +0000 (04:56 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec" into klp-dev am:
7cab953
am:
f249b0f
* commit '
f249b0fe1d2602d07da8bfeb64bc64518a0ec46a':
DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec
Change-Id: I87ec36dcfaccae4fa8d7cb247651704c7ef0e4d3
Wonsik Kim [Mon, 18 Apr 2016 04:52:07 +0000 (04:52 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec" into klp-dev
am:
7cab953
* commit '
7cab953629b615cfe5fec8f56266996bc17307b5':
DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec
Change-Id: Icbd07fb9f62bb4f1381f6573188d32c8f126dc90
Wonsik Kim [Mon, 18 Apr 2016 04:39:54 +0000 (04:39 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec" into klp-dev
Pawin Vongmasa [Sat, 16 Apr 2016 00:09:00 +0000 (00:09 +0000)]
Merge "SampleTable.cpp: Prevent corrupted stts block from causing excessive memory allocation." into klp-dev am:
5964527
am:
e896c41
* commit '
e896c41d85a15de06c74885fe040f3f57b63cd5d':
SampleTable.cpp: Prevent corrupted stts block from causing excessive memory allocation.
Change-Id: I5f23c14d155ea5a64b00d877a329c77cfc5b55f7
Pawin Vongmasa [Sat, 16 Apr 2016 00:06:36 +0000 (00:06 +0000)]
Merge "SampleTable.cpp: Prevent corrupted stts block from causing excessive memory allocation." into klp-dev
am:
5964527
* commit '
59645279f48b3ae83ab42445148ea236c5dc72c4':
SampleTable.cpp: Prevent corrupted stts block from causing excessive memory allocation.
Change-Id: I37ea7cd16f1e0fcf2ce14d6687de080a7c0931c1
Pawin Vongmasa [Sat, 16 Apr 2016 00:01:22 +0000 (00:01 +0000)]
Merge "SampleTable.cpp: Prevent corrupted stts block from causing excessive memory allocation." into klp-dev
Pawin Vongmasa [Wed, 13 Apr 2016 23:25:12 +0000 (16:25 -0700)]
SampleTable.cpp: Prevent corrupted stts block from causing
excessive memory allocation.
Details:
DataSource.h
- Added function getVector() for reading from a data source into
a Vector object, whose capacity grows only as much as needed
(in case of EOS or reading error).
SampleTable.h
- Changed the type of mTimeToSample from uint32_t* to
Vector<uint32_t>.
SampleTable.cpp
- In setTimeToSample, modified the code to use getVector()
instead of readAt(). If the input source has a corrupt
time-to-sample table size that is too big, EOS will be reached
before the whole table is read, and the return value from
getVector() will be false.
- Also, tightened the bound for the provided time-to-sample table
size to guarantee that the table does not take more than
UINT_MAX32 bytes in memory.
Bug:
28076789
Change-Id: Id207f369ab7b27787d83f5d8fc48dc53ed9fcdc9
Marco Nelissen [Wed, 13 Apr 2016 22:21:11 +0000 (22:21 +0000)]
h264dec: check for overflows when calculating allocation size. am:
a3dd713
am:
d504c68
* commit '
d504c68310bf86e24321a7260c2ecdd9962c8b3b':
h264dec: check for overflows when calculating allocation size.
Change-Id: Iabbe0fcaf14241d1aa01184c61f1ecb134c16fe8
Marco Nelissen [Wed, 13 Apr 2016 22:17:37 +0000 (22:17 +0000)]
h264dec: check for overflows when calculating allocation size.
am:
a3dd713
* commit '
a3dd713893658baf50df88b261aba83bb0c40687':
h264dec: check for overflows when calculating allocation size.
Change-Id: Ie1acdd0ddaddce72f9072abf288db29ab3d75fc1
Marco Nelissen [Fri, 8 Apr 2016 17:04:48 +0000 (10:04 -0700)]
h264dec: check for overflows when calculating allocation size.
Bug:
27855419
Change-Id: Idabedca52913ec31ea5cb6a6109ab94e3fb2badd
Wonsik Kim [Fri, 8 Apr 2016 01:17:12 +0000 (01:17 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in vorbisdec" into klp-dev am:
52636f8
am:
9f83485
* commit '
9f834853a28d20ee9b218b0c8e68ff38b48f5743':
DO NOT MERGE codecs: check OMX buffer size before use in vorbisdec
Change-Id: I6cd36d4986fb6c96b7e01d9cdff3e7cd77f0f951
Wonsik Kim [Fri, 8 Apr 2016 01:17:11 +0000 (01:17 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in (h263|h264)dec" into klp-dev am:
f81eab3
am:
eec4dd5
* commit '
eec4dd5f859d6e8d0d77f03c1ad27ba720bf2e04':
DO NOT MERGE codecs: check OMX buffer size before use in (h263|h264)dec
Change-Id: I85cbc2e7d30332bf163599b36a518387796658c6
Wonsik Kim [Fri, 8 Apr 2016 01:13:27 +0000 (01:13 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in vorbisdec" into klp-dev
am:
52636f8
* commit '
52636f8462b2a24f77524ca912e3579c33ac113e':
DO NOT MERGE codecs: check OMX buffer size before use in vorbisdec
Change-Id: I63431cdcbe2903ca51b43ce4cddc13a0c62f6bae
Wonsik Kim [Fri, 8 Apr 2016 01:13:26 +0000 (01:13 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in (h263|h264)dec" into klp-dev
am:
f81eab3
* commit '
f81eab31874a6cf40e1f265b0c47cbe6b137d407':
DO NOT MERGE codecs: check OMX buffer size before use in (h263|h264)dec
Change-Id: Ie9c95c1847cc3e2a1a9ef3aeafbeb0aedf262a42
Wonsik Kim [Fri, 8 Apr 2016 01:05:03 +0000 (01:05 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in vorbisdec" into klp-dev
Wonsik Kim [Fri, 8 Apr 2016 01:03:55 +0000 (01:03 +0000)]
Merge "DO NOT MERGE codecs: check OMX buffer size before use in (h263|h264)dec" into klp-dev
Wonsik Kim [Thu, 7 Apr 2016 08:45:02 +0000 (17:45 +0900)]
DO NOT MERGE codecs: check OMX buffer size before use in (gsm|g711)dec
Bug:
27793163
Bug:
27793367
Change-Id: Iec3de8a237ee2379d87a8371c13e543878c6652c
Marco Nelissen [Thu, 7 Apr 2016 21:34:42 +0000 (21:34 +0000)]
Merge "Check mp3 output buffer size" into klp-dev am:
bc736f6
am:
44ef399
* commit '
44ef399573ddf6be54f4ab1c049a9d022a44bb60':
Check mp3 output buffer size
Change-Id: Ie3514d66b68a9add1e4c24b940f41df9cf31fb6e
Marco Nelissen [Thu, 7 Apr 2016 21:30:22 +0000 (21:30 +0000)]
Merge "Check mp3 output buffer size" into klp-dev
am:
bc736f6
* commit '
bc736f650daeacce241c1f1e9c1b3ac28b5befe1':
Check mp3 output buffer size
Change-Id: Iecf266fb05e72b245db1acf3bdc380c771ccabf8
Marco Nelissen [Thu, 7 Apr 2016 21:24:52 +0000 (21:24 +0000)]
Merge "Check mp3 output buffer size" into klp-dev
Marco Nelissen [Thu, 7 Apr 2016 20:32:12 +0000 (20:32 +0000)]
AudioSource: initialize variables am:
a2f5b80
am:
67e0eb7
* commit '
67e0eb763d50b7811176f97553934dcc8dca4328':
AudioSource: initialize variables
Change-Id: Ia3456efeff3fa722b93510a2428ec88e86394bce
Marco Nelissen [Thu, 7 Apr 2016 20:28:42 +0000 (20:28 +0000)]
AudioSource: initialize variables
am:
a2f5b80
* commit '
a2f5b80a54ac3cd0f7dcfbb4d87eaf2f5ab99557':
AudioSource: initialize variables
Change-Id: I8038fc4d98c868070139d8d26832cbc32af7144a
Marco Nelissen [Tue, 5 Apr 2016 21:20:11 +0000 (14:20 -0700)]
AudioSource: initialize variables
to prevent info leak
Bug:
27855172
Change-Id: I3d33e0a9cc5cf8a758d7b0794590b09c43a24561
Marco Nelissen [Wed, 23 Mar 2016 22:36:36 +0000 (15:36 -0700)]
Check mp3 output buffer size
Bug:
27793371
Change-Id: I0fe40a4cfd0a5b488f93d3f3ba6f9495235926ac
Wonsik Kim [Sun, 20 Mar 2016 01:44:44 +0000 (10:44 +0900)]
DO NOT MERGE codecs: check OMX buffer size before use in (h263|h264)dec
Bug:
27833616
Change-Id: I0fd599b3da431425d89236ffdd9df423c11947c0
Wonsik Kim [Wed, 30 Mar 2016 08:13:00 +0000 (17:13 +0900)]
DO NOT MERGE codecs: check OMX buffer size before use in vorbisdec
Bug:
27833616
Change-Id: I1ccdd16a00741da072527a6d13e87fd7c7fe8c54