OSDN Git Service
Wonsik Kim [Wed, 13 Jul 2016 04:00:37 +0000 (04:00 +0000)]
Merge \\\"DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble\\\" into klp-dev am:
b239e27433 am:
cc3c549065
am:
19ca2d2486 -s ours
Change-Id: I1fc5df6c606b357c59fca2dc90e716c5ce7d266c
Wonsik Kim [Wed, 13 Jul 2016 03:56:57 +0000 (03:56 +0000)]
Merge \\"DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble\\" into klp-dev am:
b239e27433
am:
cc3c549065
Change-Id: I772fba4484975a2f28fc947e4a16296b400f5a99
Wonsik Kim [Wed, 13 Jul 2016 03:45:39 +0000 (03:45 +0000)]
Merge \"DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble\" into klp-dev
am:
b239e27433
Change-Id: I2f3e5b3b1e4451506e7c66ced8222137d504abdb
Wonsik Kim [Wed, 13 Jul 2016 03:32:16 +0000 (03:32 +0000)]
Merge "DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble" into klp-dev
Wonsik Kim [Wed, 13 Jul 2016 03:32:08 +0000 (03:32 +0000)]
Merge "DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble" into lmp-dev
Pawin Vongmasa [Mon, 11 Jul 2016 21:09:10 +0000 (21:09 +0000)]
Impose a size bound for dynamically allocated tables in stbl. am:
583a012a9f am:
34519820bf
am:
726010eb1f
Change-Id: Id4fd4a863d083b27286e7b3abf7897ca8f20b798
Pawin Vongmasa [Mon, 11 Jul 2016 21:06:45 +0000 (21:06 +0000)]
Impose a size bound for dynamically allocated tables in stbl. am:
583a012a9f
am:
34519820bf
Change-Id: Ie338b5b5c726137d173caa97e3a1b428d04d1837
Pawin Vongmasa [Mon, 11 Jul 2016 21:03:59 +0000 (21:03 +0000)]
Impose a size bound for dynamically allocated tables in stbl.
am:
583a012a9f
Change-Id: Ide23dfb85980fe89f3b7b536894947981ccd7aaf
Wonsik Kim [Thu, 16 Jun 2016 16:24:30 +0000 (01:24 +0900)]
DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble
Additionally, remove use of variable length array which is
non-standard in C++.
Bug:
29161888
Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
Wonsik Kim [Thu, 16 Jun 2016 16:24:30 +0000 (01:24 +0900)]
DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassemble
Additionally, remove use of variable length array which is
non-standard in C++.
Bug:
29161888
Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
Pawin Vongmasa [Wed, 22 Jun 2016 02:10:21 +0000 (19:10 -0700)]
Impose a size bound for dynamically allocated tables in stbl.
Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss
boxes. Also change mTimeToSample from Vector to array.
Bug:
29367429
Change-Id: I953bea9fe0590268cf27376740f582dc88563d42
Wonsik Kim [Wed, 22 Jun 2016 18:36:14 +0000 (18:36 +0000)]
Merge \\\"Revert \\\"Impose a size bound for dynamically allocated tables in stbl.\\\"\\\" into klp-dev am:
7e6bd6a911 am:
3ad7688745
am:
9d65d13cc7
Change-Id: Ib8d8f9c58c1ffb169cf488d57fb841f80a664e97
Wonsik Kim [Wed, 22 Jun 2016 18:33:49 +0000 (18:33 +0000)]
Merge \\"Revert \\"Impose a size bound for dynamically allocated tables in stbl.\\"\\" into klp-dev am:
7e6bd6a911
am:
3ad7688745
Change-Id: I02de46ed2ce14428a45826270b557426ee2aaf47
Wonsik Kim [Wed, 22 Jun 2016 18:31:13 +0000 (18:31 +0000)]
Merge \"Revert \"Impose a size bound for dynamically allocated tables in stbl.\"\" into klp-dev
am:
7e6bd6a911
Change-Id: Id0ca80f03ee0426730951f7961ef903c29d3c6ef
Wonsik Kim [Wed, 22 Jun 2016 18:27:32 +0000 (18:27 +0000)]
Merge "Revert "Impose a size bound for dynamically allocated tables in stbl."" into klp-dev
Wonsik Kim [Wed, 22 Jun 2016 18:19:15 +0000 (18:19 +0000)]
Revert "Impose a size bound for dynamically allocated tables in stbl."
This reverts commit
25e029746796fe88e82417fb01af2e27b8bbadb2.
Change-Id: I91225838a8be72a3cd413f2bcb99e7dca7e62929
Pawin Vongmasa [Wed, 22 Jun 2016 17:58:26 +0000 (17:58 +0000)]
Merge \\\"Impose a size bound for dynamically allocated tables in stbl.\\\" into klp-dev am:
8f73edb22a am:
a263248bf0
am:
4c969bf93f
Change-Id: I6258bac89bbe02e47b3c912df26f26033d7b76b4
Wonsik Kim [Wed, 22 Jun 2016 17:55:12 +0000 (17:55 +0000)]
Merge \\"Impose a size bound for dynamically allocated tables in stbl.\\" into klp-dev am:
8f73edb22a
am:
a263248bf0
Change-Id: I0389073f6b18450edc8fa70ed3ec72683a166915
Pawin Vongmasa [Wed, 22 Jun 2016 17:51:55 +0000 (17:51 +0000)]
Merge \"Impose a size bound for dynamically allocated tables in stbl.\" into klp-dev
am:
8f73edb22a
Change-Id: I2dfcb7ee560fdd01f6800a34d50397ac4f71798f
Wonsik Kim [Wed, 22 Jun 2016 17:38:54 +0000 (17:38 +0000)]
Merge "Impose a size bound for dynamically allocated tables in stbl." into klp-dev
Pawin Vongmasa [Wed, 22 Jun 2016 02:10:21 +0000 (19:10 -0700)]
Impose a size bound for dynamically allocated tables in stbl.
Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss
boxes. Also change Vector to std::vector for efficiency and consistency.
Bug:
29367429
Change-Id: I175da524612b9fe68496c612966af51f01a5cd5e
Eino-Ville Talvala [Tue, 21 Jun 2016 22:06:36 +0000 (22:06 +0000)]
Merge \\\"DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak\\\" into klp-dev am:
22d6575710 am:
4bec033ded
am:
5c1f01675c -s ours
Change-Id: I9a27186dd8c57aaf4a7c0385c2c521945c6fcd1e
Eino-Ville Talvala [Tue, 21 Jun 2016 22:03:33 +0000 (22:03 +0000)]
Merge \\"DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak\\" into klp-dev am:
22d6575710
am:
4bec033ded
Change-Id: I68dd7d3ea94b10104c235007fd03230ef5ae0146
Eino-Ville Talvala [Tue, 21 Jun 2016 22:00:22 +0000 (22:00 +0000)]
Merge \"DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak\" into klp-dev
am:
22d6575710
Change-Id: I0c2a4ebf1ce1e47a819f2ea2e67ea4bb6f055526
Eino-Ville Talvala [Tue, 21 Jun 2016 21:57:34 +0000 (21:57 +0000)]
Merge "DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak" into klp-dev
Eino-Ville Talvala [Tue, 21 Jun 2016 21:57:34 +0000 (21:57 +0000)]
Merge "DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak" into lmp-dev
Wonsik Kim [Tue, 21 Jun 2016 17:41:27 +0000 (17:41 +0000)]
Merge \\\"DO NOT MERGE omx: check buffer port before using\\\" into klp-dev am:
5713902f6a am:
1410b5034f
am:
8b35cb563d -s ours
Change-Id: I40733cfbad5dac51eceb5e09ad3cad4688bea63e
Andy Hung [Tue, 21 Jun 2016 17:41:26 +0000 (17:41 +0000)]
Check effect command reply size in AudioFlinger am:
110bc9547a am:
075c8f7713
am:
c971a59f4c
Change-Id: I86d971f1a537a34e90e4f0697c9c9a43e509cfc4
Wonsik Kim [Tue, 21 Jun 2016 17:38:38 +0000 (17:38 +0000)]
Merge \\"DO NOT MERGE omx: check buffer port before using\\" into klp-dev am:
5713902f6a
am:
1410b5034f
Change-Id: Ib6d17c24784c51a7301094d69a08d13693a1dd16
Andy Hung [Tue, 21 Jun 2016 17:38:37 +0000 (17:38 +0000)]
Check effect command reply size in AudioFlinger am:
110bc9547a
am:
075c8f7713
Change-Id: I7b70873d12dc258b362c88c8a9ea47ca0e0578ca
Wonsik Kim [Tue, 21 Jun 2016 17:35:54 +0000 (17:35 +0000)]
Merge \"DO NOT MERGE omx: check buffer port before using\" into klp-dev
am:
5713902f6a
Change-Id: I8556765a98c6e381548b0b15a90ff08e7281411b
Andy Hung [Tue, 21 Jun 2016 17:35:54 +0000 (17:35 +0000)]
Check effect command reply size in AudioFlinger
am:
110bc9547a
Change-Id: I9649715366450333fab28b4f2f1510edde63fb6a
Wonsik Kim [Tue, 21 Jun 2016 17:29:39 +0000 (17:29 +0000)]
Merge "DO NOT MERGE omx: check buffer port before using" into klp-dev
Eino-Ville Talvala [Tue, 21 Jun 2016 00:00:14 +0000 (17:00 -0700)]
DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak
Subtract address of a random static object from pointers being routed
through app process.
Bug:
28466701
Change-Id: Idcbfe81e9507433769672f3dc6d67db5eeed4e04
Eino-Ville Talvala [Tue, 21 Jun 2016 00:00:14 +0000 (17:00 -0700)]
DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleak
Subtract address of a random static object from pointers being routed
through app process.
Bug:
28466701
Change-Id: Idcbfe81e9507433769672f3dc6d67db5eeed4e04
Wonsik Kim [Wed, 25 May 2016 07:54:08 +0000 (16:54 +0900)]
DO NOT MERGE omx: check buffer port before using
Bug:
28816827
Change-Id: I3d5bad4a1ef96dec544b05bb31cc6f7109aae0a5
Wonsik Kim [Wed, 25 May 2016 07:54:08 +0000 (16:54 +0900)]
DO NOT MERGE omx: check buffer port before using
Bug:
28816827
Change-Id: I3d5bad4a1ef96dec544b05bb31cc6f7109aae0a5
Andy Hung [Mon, 20 Jun 2016 22:22:52 +0000 (15:22 -0700)]
Check effect command reply size in AudioFlinger
Bug:
29251553
Change-Id: I1bcc1281f1f0542bb645f6358ce31631f2a8ffbf
Marco Nelissen [Fri, 10 Jun 2016 23:19:51 +0000 (23:19 +0000)]
Merge \\\"DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer\\\" into klp-dev am:
dc7357d201 am:
7e6001b97d
am:
fad42aa98d -s ours
Change-Id: Ie765e262139491ab9fb60bf81277ba6563d12fa4
Marco Nelissen [Fri, 10 Jun 2016 23:16:02 +0000 (23:16 +0000)]
Merge \\"DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer\\" into klp-dev am:
dc7357d201
am:
7e6001b97d
Change-Id: I405712eeccacfe73708b571dd7242ee9eeb96715
Marco Nelissen [Fri, 10 Jun 2016 23:12:17 +0000 (23:12 +0000)]
Merge \"DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer\" into klp-dev
am:
dc7357d201
Change-Id: Ib491eb596eca7011d82bf91338d6d56f1275222c
Marco Nelissen [Fri, 10 Jun 2016 23:02:56 +0000 (23:02 +0000)]
Merge "SoftAAC2: fix crash on all-zero adts buffer" into lmp-dev
Marco Nelissen [Fri, 10 Jun 2016 23:02:40 +0000 (23:02 +0000)]
Merge "DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer" into klp-dev
Marco Nelissen [Tue, 7 Jun 2016 19:26:43 +0000 (12:26 -0700)]
Don't use sp<>&
because they may end up pointing to NULL after a NULL check was performed.
Bug:
28166152
Change-Id: Iab2ea30395b620628cc6f3d067dd4f6fcda824fe
Marco Nelissen [Thu, 9 Jun 2016 00:06:26 +0000 (00:06 +0000)]
Merge \\\"Don\\\'t use sp<>&\\\" into klp-dev am:
598f8d3218 am:
0ee3710873
am:
e66381758d -s ours
Change-Id: Ie7422768422714cd1c88d2c9c52d7d682157bb4a
Marco Nelissen [Wed, 8 Jun 2016 23:16:48 +0000 (23:16 +0000)]
Fix potential overflow am:
d0090759e7 am:
f5d9360be0
am:
08cb85206a
Change-Id: I200011cb9c9c4a71ec71e856bc3d4dd7fdd971b6
Marco Nelissen [Wed, 8 Jun 2016 23:14:09 +0000 (23:14 +0000)]
Merge \\"Don\\'t use sp<>&\\" into klp-dev am:
598f8d3218
am:
0ee3710873
Change-Id: I95ce93c3c1975b444bd6cd2c49a3b215395d2754
Marco Nelissen [Wed, 8 Jun 2016 23:14:08 +0000 (23:14 +0000)]
Fix potential overflow am:
d0090759e7
am:
f5d9360be0
Change-Id: Ia936e59f80f6a24e449d0aee453956e3be29033a
Marco Nelissen [Wed, 8 Jun 2016 23:11:32 +0000 (23:11 +0000)]
Merge \"Don\'t use sp<>&\" into klp-dev
am:
598f8d3218
Change-Id: I25294fc199e7242dbb2a9700303e713734bbb37d
Marco Nelissen [Wed, 8 Jun 2016 23:11:31 +0000 (23:11 +0000)]
Fix potential overflow
am:
d0090759e7
Change-Id: I261e67806c6e0e6b39cdce99883574024a266c13
Marco Nelissen [Wed, 8 Jun 2016 22:56:35 +0000 (22:56 +0000)]
Merge "Don't use sp<>&" into klp-dev
Marco Nelissen [Wed, 8 Jun 2016 22:00:08 +0000 (15:00 -0700)]
DO NOT MERGE SoftAAC2: fix crash on all-zero adts buffer
Bug:
29153599
Change-Id: Ieb70a90cf31927165de7a840bfdd3ee2c76f4cbd
Marco Nelissen [Wed, 8 Jun 2016 21:31:42 +0000 (14:31 -0700)]
SoftAAC2: fix crash on all-zero adts buffer
Bug:
29153599
Change-Id: I1cb81c054098b86cf24f024f8479909ca7bc85a6
Marco Nelissen [Tue, 7 Jun 2016 22:48:07 +0000 (15:48 -0700)]
Fix potential overflow
Bug:
28533562
Change-Id: I798ab24caa4c81f3ba564cad7c9ee019284fb702
Marco Nelissen [Tue, 7 Jun 2016 19:26:43 +0000 (12:26 -0700)]
Don't use sp<>&
because they may end up pointing to NULL after a NULL check was performed.
Bug:
28166152
Change-Id: Iab2ea30395b620628cc6f3d067dd4f6fcda824fe
Wei Jia [Wed, 25 May 2016 20:49:45 +0000 (20:49 +0000)]
Merge "MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track." into lmp-dev
Wei Jia [Wed, 25 May 2016 18:45:07 +0000 (18:45 +0000)]
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track. am:
b016207fc2 am:
e2ca751723
am:
3d1df4f411 -s ours
* commit '
3d1df4f411a531fb30cc8563cb39e732041d22ad':
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
Change-Id: Id6ce35c59190c3d94129e8ec4c1f2aef108fa71a
Wei Jia [Wed, 25 May 2016 18:37:08 +0000 (18:37 +0000)]
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track. am:
b016207fc2
am:
e2ca751723
* commit '
e2ca7517232e2df2dc16d358809d7e4723827c42':
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
Change-Id: Ia1dd264fc19f8c82a59a5e2656375f2c2c4403ff
Wei Jia [Wed, 25 May 2016 18:29:43 +0000 (18:29 +0000)]
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
am:
b016207fc2
* commit '
b016207fc2442420e8d3a8633575ffe4fc29fef3':
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
Change-Id: I81cdae1a917cfcd712e800cf3edfd168b1c89c32
Wei Jia [Fri, 28 Aug 2015 17:35:35 +0000 (10:35 -0700)]
MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
GenericSource: return error when no track exists.
SampleIterator: make sure mSamplesPerChunk is not zero before using it as divisor.
Bug:
21657957
Bug:
23705695
Bug:
22802344
Bug:
28799341
Change-Id: I7664992ade90b935d3f255dcd43ecc2898f30b04
(cherry picked from commit
0386c91b8a910a134e5898ffa924c1b6c7560b13)
Wei Jia [Fri, 28 Aug 2015 17:35:35 +0000 (10:35 -0700)]
DO NOT MERGE MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as track.
GenericSource: return error when no track exists.
SampleIterator: make sure mSamplesPerChunk is not zero before using it as divisor.
Bug:
21657957
Bug:
23705695
Bug:
22802344
Bug:
28799341
Change-Id: I7664992ade90b935d3f255dcd43ecc2898f30b04
(cherry picked from commit
0386c91b8a910a134e5898ffa924c1b6c7560b13)
Marco Nelissen [Mon, 23 May 2016 22:54:45 +0000 (22:54 +0000)]
Merge "DO NOT MERGE limit mediaserver memory" into klp-dev am:
f8429c0c14 am:
38ab87c3e3
am:
e816dcc0b3 -s ours
* commit '
e816dcc0b3ea6d5cee3b0b4ff230a20ab85b5996':
DO NOT MERGE limit mediaserver memory
Change-Id: Ia2bb13dbcbe30984d86c1a625ded2db5ddbbca2d
Marco Nelissen [Mon, 23 May 2016 22:50:37 +0000 (22:50 +0000)]
Merge "DO NOT MERGE limit mediaserver memory" into klp-dev am:
f8429c0c14
am:
38ab87c3e3
* commit '
38ab87c3e3cd4868958fcec4d1591ebc4a9e8d1a':
DO NOT MERGE limit mediaserver memory
Change-Id: I053031830618e20ff830ae3c097abba10ae73cfc
Marco Nelissen [Mon, 23 May 2016 22:46:23 +0000 (22:46 +0000)]
Merge "DO NOT MERGE limit mediaserver memory" into klp-dev
am:
f8429c0c14
* commit '
f8429c0c147b081ff6f06f55f8fa2f36fc60063e':
DO NOT MERGE limit mediaserver memory
Change-Id: Ia88648ff82be88a90c98ded3061a6f04db74c03b
Marco Nelissen [Mon, 23 May 2016 22:36:20 +0000 (22:36 +0000)]
Merge "limit mediaserver memory" into lmp-dev
Marco Nelissen [Mon, 23 May 2016 22:35:11 +0000 (22:35 +0000)]
Merge "DO NOT MERGE limit mediaserver memory" into klp-dev
Marco Nelissen [Fri, 13 May 2016 17:43:19 +0000 (10:43 -0700)]
DO NOT MERGE limit mediaserver memory
Limit mediaserver using rlimit, to prevent it from bringing down the system
via the low memory killer.
Default max is 65% of total RAM, but can be customized via system property.
Bug:
28471206
Bug:
28615448
Change-Id: I14fac1e12b5f3983be08a21bfbfc54feedbf3f16
Marco Nelissen [Mon, 23 May 2016 14:43:28 +0000 (14:43 +0000)]
Merge "DO NOT MERGE Check malloc result to avoid NPD" into klp-dev am:
fddbb1a791 am:
9897bd43a6
am:
8fd8bfdfbd -s ours
* commit '
8fd8bfdfbd930cdc669c4fc33d7d251f12ec7e5e':
DO NOT MERGE Check malloc result to avoid NPD
Change-Id: I97bc664b28a9e96051d0bc63c4cc4501bd2f901b
Marco Nelissen [Mon, 23 May 2016 14:40:27 +0000 (14:40 +0000)]
Merge "DO NOT MERGE Check malloc result to avoid NPD" into klp-dev am:
fddbb1a791
am:
9897bd43a6
* commit '
9897bd43a614c28e6c52dcbce817d9ef6f201ccc':
DO NOT MERGE Check malloc result to avoid NPD
Change-Id: Ia9f97994af54fff11644f7d59821e8ddf6fb54f1
Marco Nelissen [Mon, 23 May 2016 14:37:29 +0000 (14:37 +0000)]
Merge "DO NOT MERGE Check malloc result to avoid NPD" into klp-dev
am:
fddbb1a791
* commit '
fddbb1a791975adfa1323377b09606ad44122ff2':
DO NOT MERGE Check malloc result to avoid NPD
Change-Id: Idf65c8e5520e1c2a4571ea434f0114ae13334e7b
Marco Nelissen [Mon, 23 May 2016 14:32:55 +0000 (14:32 +0000)]
Merge "Check malloc result to avoid NPD" into lmp-dev
Marco Nelissen [Mon, 23 May 2016 14:32:45 +0000 (14:32 +0000)]
Merge "DO NOT MERGE Check malloc result to avoid NPD" into klp-dev
Marco Nelissen [Fri, 13 May 2016 17:39:23 +0000 (10:39 -0700)]
limit mediaserver memory
Limit mediaserver using rlimit, to prevent it from bringing down the system
via the low memory killer.
Default max is 65% of total RAM, but can be customized via system property.
Bug:
28471206
Bug:
28615448
Change-Id: Ic84137435d1ef0a6883e9789a4b4f399e4283f05
Jeff Tinker [Fri, 13 May 2016 21:20:29 +0000 (21:20 +0000)]
Merge "Fix security vulnerability in libstagefright" into klp-dev am:
eb37c37c59 am:
883b244f45
am:
31a3aa5628
* commit '
31a3aa56287d63aaf1ac804cc04154ed779032ff':
Fix security vulnerability in libstagefright
Change-Id: I4d666e42bfc64e384b9fd8c8fad07d645be6a19a
Jeff Tinker [Fri, 13 May 2016 21:17:31 +0000 (21:17 +0000)]
Merge "Fix security vulnerability in libstagefright" into klp-dev am:
eb37c37c59
am:
883b244f45
* commit '
883b244f4567fe0cd099f0583940e531eb0e2af4':
Fix security vulnerability in libstagefright
Change-Id: Idd0798f74590e2546c4f0d1b0940ccf7e42f5a17
Jeff Tinker [Fri, 13 May 2016 21:14:44 +0000 (21:14 +0000)]
Merge "Fix security vulnerability in libstagefright" into klp-dev
am:
eb37c37c59
* commit '
eb37c37c594604d0e6acbf14be6e04e065fab226':
Fix security vulnerability in libstagefright
Change-Id: Icaecc46c13c06e6eff0167bbc1af4c580d161f62
Jeff Tinker [Fri, 13 May 2016 21:08:15 +0000 (21:08 +0000)]
Merge "Fix security vulnerability in libstagefright" into klp-dev
Marco Nelissen [Wed, 11 May 2016 18:11:20 +0000 (11:11 -0700)]
Check malloc result to avoid NPD
Bug:
28471206
Change-Id: Id5d055d76893d6f53a2e524ff5f282d1ddca3345
Marco Nelissen [Wed, 11 May 2016 18:11:20 +0000 (11:11 -0700)]
DO NOT MERGE Check malloc result to avoid NPD
Bug:
28471206
Change-Id: Id5d055d76893d6f53a2e524ff5f282d1ddca3345
Pawin Vongmasa [Fri, 13 May 2016 19:48:56 +0000 (19:48 +0000)]
h264bsdActivateParamSets: Prevent multiplication overflow. am:
87277aac64 am:
2a68d5279d
am:
5dfa5f268e
* commit '
5dfa5f268e97d862744ffddc4596577495022bea':
h264bsdActivateParamSets: Prevent multiplication overflow.
Change-Id: I30bba39d44061c72485419ac8686fba2427e3328
Pawin Vongmasa [Fri, 13 May 2016 19:46:20 +0000 (19:46 +0000)]
h264bsdActivateParamSets: Prevent multiplication overflow. am:
87277aac64
am:
2a68d5279d
* commit '
2a68d5279d714188c50a32819ae0d0ed2535a763':
h264bsdActivateParamSets: Prevent multiplication overflow.
Change-Id: I00c30eb03aab08cb86afa34ab3e7a86a176b4dda
Pawin Vongmasa [Fri, 13 May 2016 19:43:42 +0000 (19:43 +0000)]
h264bsdActivateParamSets: Prevent multiplication overflow.
am:
87277aac64
* commit '
87277aac64a21461b657298dcdcb809737347980':
h264bsdActivateParamSets: Prevent multiplication overflow.
Change-Id: I87166daa0493721d44a10531466b59080b65f153
Jeff Tinker [Fri, 13 May 2016 18:48:11 +0000 (11:48 -0700)]
Fix security vulnerability in libstagefright
bug:
28175045
Change-Id: Icee6c7eb5b761da4aa3e412fb71825508d74d38f
Pawin Vongmasa [Wed, 11 May 2016 23:08:21 +0000 (16:08 -0700)]
h264bsdActivateParamSets: Prevent multiplication overflow.
Report MEMORY_ALLOCATION_ERROR if pStorage->picSizeInMbs would
exceed UINT32_MAX bytes.
Bug:
28532266
Change-Id: Ia6f11efb18818afcdb5fa2a38a14f2a2d8c8447a
Marco Nelissen [Tue, 3 May 2016 23:25:22 +0000 (23:25 +0000)]
Merge "Clear unused pointer field when sending across binder" into klp-dev am:
71095f174e am:
4b817b51e2
am:
2d4cf313fa
* commit '
2d4cf313fa141d11cfae7c31797da114598d8ed7':
Clear unused pointer field when sending across binder
Change-Id: I0d1569e886ff40a43423cdbf83ed5d04e35f2d07
Marco Nelissen [Tue, 3 May 2016 23:23:01 +0000 (23:23 +0000)]
Merge "Clear unused pointer field when sending across binder" into klp-dev am:
71095f174e
am:
4b817b51e2
* commit '
4b817b51e2998719037f362c7b70ee71c76abeb8':
Clear unused pointer field when sending across binder
Change-Id: I6d09ecb88cf32f2c720dd0ec66964ec94ad210da
Marco Nelissen [Tue, 3 May 2016 23:20:38 +0000 (23:20 +0000)]
Merge "Clear unused pointer field when sending across binder" into klp-dev
am:
71095f174e
* commit '
71095f174e8b88e008623b4cacd4ec0581b9015c':
Clear unused pointer field when sending across binder
Change-Id: I5d6dee2901dca6c63ed41abf5d1165ac85a69d7e
Marco Nelissen [Tue, 3 May 2016 23:15:43 +0000 (23:15 +0000)]
Merge "Clear unused pointer field when sending across binder" into klp-dev
Marco Nelissen [Mon, 2 May 2016 21:12:34 +0000 (14:12 -0700)]
Clear unused pointer field when sending across binder
Bug:
28377502
Change-Id: Iad5ebfb0a9ef89f09755bb332579dbd3534f9c98
Marco Nelissen [Fri, 22 Apr 2016 19:01:04 +0000 (19:01 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into lmp-dev
Marco Nelissen [Fri, 22 Apr 2016 18:17:18 +0000 (18:17 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into klp-dev am:
c002126cb0 am:
e25ff0130e
am:
f54f5b54bd -s ours
* commit '
f54f5b54bd5bd78e045fbf9dbc6462d0720f1ff6':
DO NOT MERGE More OMX struct checking
Change-Id: I4c079e3f5ac920005dcbba2af992312fbf35f5bc
Marco Nelissen [Fri, 22 Apr 2016 18:15:07 +0000 (18:15 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into klp-dev am:
c002126cb0
am:
e25ff0130e
* commit '
e25ff0130ef9fa184afb87e92c184172c8a96f71':
DO NOT MERGE More OMX struct checking
Change-Id: Ia9767e906a247c330031837c3b0b6415e319c836
Marco Nelissen [Fri, 22 Apr 2016 18:12:58 +0000 (18:12 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into klp-dev
am:
c002126cb0
* commit '
c002126cb05b1d640c0a0b51bc0de810a62ab2b1':
DO NOT MERGE More OMX struct checking
Change-Id: I206ad72ac3ed1da96b417dd9cbe170e0a0dd1d66
Marco Nelissen [Fri, 22 Apr 2016 17:45:56 +0000 (17:45 +0000)]
Merge "DO NOT MERGE More OMX struct checking" into klp-dev
Marco Nelissen [Fri, 22 Apr 2016 14:54:04 +0000 (07:54 -0700)]
DO NOT MERGE More OMX struct checking
These were lost due to bad merges.
Bug:
27207275
Change-Id: Ia0f403d7aef79a8e0ac618eb49b34dbf9faa25c2
Marco Nelissen [Fri, 22 Apr 2016 14:55:10 +0000 (07:55 -0700)]
DO NOT MERGE More OMX struct checking
These were lost due to bad merges.
Bug:
27207275
Change-Id: Idc7a9fc75376a88b91e9e259d664d6ee54c77330
Pawin Vongmasa [Thu, 21 Apr 2016 18:59:33 +0000 (18:59 +0000)]
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789. am:
70dec4dc7d am:
a1e309beb9
am:
63e9b57353
* commit '
63e9b573530837702e42e00900407bbe9fdae952':
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
Change-Id: Idcf74c810152b7160cf99aa25fe664c6b40f0750
Pawin Vongmasa [Thu, 21 Apr 2016 18:57:16 +0000 (18:57 +0000)]
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789. am:
70dec4dc7d
am:
a1e309beb9
* commit '
a1e309beb98e8fb35422102717af4f973ef1f34b':
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
Change-Id: I1dd3ffd9a489453d0f66c0344f52c6efecf31b2e
Pawin Vongmasa [Thu, 21 Apr 2016 18:55:02 +0000 (18:55 +0000)]
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
am:
70dec4dc7d
* commit '
70dec4dc7d1d813afaff58fb26b0fd7127e897bf':
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
Change-Id: Ie3a265ed0dc34c544b0793dce06434ec64f9bacf
Pawin Vongmasa [Wed, 20 Apr 2016 22:51:48 +0000 (15:51 -0700)]
SampleTable.cpp: Fixed a regression caused by a fix for bug
28076789.
Detail: Before the original fix
(Id207f369ab7b27787d83f5d8fc48dc53ed9fcdc9) for
28076789, the
code allowed a time-to-sample table size to be 0. The change
made in that fix disallowed such situation, which in fact should
be allowed. This current patch allows it again while maintaining
the security of the previous fix.
Bug:
28288202
Bug:
28076789
Change-Id: I1c9a60c7f0cfcbd3d908f24998dde15d5136a295