OSDN Git Service

android-x86/frameworks-av.git
8 years agoClear allocation to avoid info leak
Marco Nelissen [Mon, 22 Feb 2016 21:05:15 +0000 (13:05 -0800)]
Clear allocation to avoid info leak

Bug: 26914474
Change-Id: Ie1a86e86d78058d041149fe599a4996e7f8185cf

8 years agoDO NOT MERGE - Remove deprecated image defines
Vignesh Venkatasubramanian [Wed, 13 Jan 2016 20:18:05 +0000 (12:18 -0800)]
DO NOT MERGE - Remove deprecated image defines

libvpx has always supported the VPX_ prefixed versions of these defines.
The unprefixed versions have been removed in the most recent release.

https://chromium.googlesource.com/webm/libvpx/+/9cdaa3d72eade9ad162ef8f78a93bd8f85c6de10

BUG=23452792

Change-Id: Ib02073f42d545e6c08f9bd4a4fc868e3be886c1b

8 years agoCamera: Disallow dumping clients directly
Eino-Ville Talvala [Wed, 13 Jan 2016 18:07:04 +0000 (10:07 -0800)]
Camera: Disallow dumping clients directly

Camera service dumps should only be initiated through
ICameraService::dump.

Bug: 26265403
Change-Id: If3ca4718ed74bf33ad8a416192689203029e2803

8 years agoFix out-of-bounds write
Marco Nelissen [Tue, 12 Jan 2016 20:37:36 +0000 (12:37 -0800)]
Fix out-of-bounds write

Bug: 26365349
Change-Id: Ia363d9f8c231cf255dea852e0bbf5ca466c7990b

8 years agofix possible overflow in effect wrappers.
Eric Laurent [Fri, 8 Jan 2016 18:52:38 +0000 (10:52 -0800)]
fix possible overflow in effect wrappers.

Add checks on parameter size field in effect command handlers
to avoid overflow leading to invalid comparison with min allowed
size for command and reply buffers.

Bug: 26347509.
Change-Id: I20e6a9b6de8e5172b957caa1ac9410b9752efa4d
(cherry picked from commit ad1bd92a49d78df6bc6e75bee68c517c1326f3cf)

8 years agoDO NOT MERGE SoundPool: add lock for findSample access from SoundPoolThread
Andy Hung [Wed, 2 Dec 2015 23:55:23 +0000 (15:55 -0800)]
DO NOT MERGE SoundPool: add lock for findSample access from SoundPoolThread

Sample decoding still occurs in SoundPoolThread
without holding the SoundPool lock.

Bug: 25781119
Change-Id: I11fde005aa9cf5438e0390a0d2dfe0ec1dd282e8

8 years agoDO NOT MERGE - libstagefright: check requested memory size before allocation for...
Wei Jia [Fri, 20 Nov 2015 18:34:35 +0000 (10:34 -0800)]
DO NOT MERGE - libstagefright: check requested memory size before allocation for SoftMPEG4Encoder and SoftVPXEncoder.

Bug: 25812794
Change-Id: I96dc74734380d462583f6efa33d09946f9532809
(cherry picked from commit 87f8cbb223ee516803dbb99699320c2484cbf3ba)

8 years agoMerge "stagefright: MPEG4Extractor: allow 'hdlr' box before first track" into klp-dev
Jon Larimer [Tue, 20 Oct 2015 20:55:20 +0000 (20:55 +0000)]
Merge "stagefright: MPEG4Extractor: allow 'hdlr' box before first track" into klp-dev

8 years agoMerge "DO NOT MERGE - AudioFlinger: Clear record buffers when starting RecordThread...
Glenn Kasten [Wed, 14 Oct 2015 20:30:55 +0000 (20:30 +0000)]
Merge "DO NOT MERGE - AudioFlinger: Clear record buffers when starting RecordThread" into klp-dev

8 years agoMerge "DO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer...
Wei Jia [Thu, 8 Oct 2015 16:37:26 +0000 (16:37 +0000)]
Merge "DO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer." into klp-dev

8 years agoDO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer.
Wei Jia [Mon, 28 Sep 2015 18:32:23 +0000 (11:32 -0700)]
DO NOT MERGE - OMX: allow only secure codec to remotely call allocateBuffer.

Bug: 24310423
Change-Id: Iebcfc58b447f925ec2134898060af2ef227266a3
(cherry picked from commit 8dde7269a5356503d2b283234b6cb46d0c3f214e)

8 years agoID3: check possible integer overflow for extendedHeaderSize and paddingSize.
Wei Jia [Mon, 5 Oct 2015 17:44:23 +0000 (10:44 -0700)]
ID3: check possible integer overflow for extendedHeaderSize and paddingSize.

Bug: 24623447
Change-Id: Ifbc74454d6e28ad7136efe35ab638a07e46398b1
(cherry picked from commit b3694ff5a5bcecd4b6cedca156f6effb55bbf4ca)

8 years agoMerge "Check NAL size before use" into klp-dev
Marco Nelissen [Tue, 6 Oct 2015 16:34:45 +0000 (16:34 +0000)]
Merge "Check NAL size before use" into klp-dev

8 years agoMerge "MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData...
Wei Jia [Tue, 6 Oct 2015 16:21:35 +0000 (16:21 +0000)]
Merge "MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData." into klp-dev

8 years agoCheck NAL size before use
Marco Nelissen [Fri, 2 Oct 2015 22:12:00 +0000 (15:12 -0700)]
Check NAL size before use

Bug: 24441553
Bug: 24445122
Change-Id: Ib7f025769adbafd5a2cb64fae5562a0a565945c2

8 years agoMPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData.
Wei Jia [Mon, 28 Sep 2015 21:50:47 +0000 (14:50 -0700)]
MPEG4Extractor: ensure buffer size is not less than 8 for LastCommentData.

Bug: 24346430
Change-Id: I897a724e968841d9160f819d06c0ce22f6d743c4
(cherry picked from commit 5cae16bdce77b0a3ba590b55637f7d55a2f35402)

8 years agoDon't crash when there's no conceal frame
Marco Nelissen [Mon, 5 Oct 2015 17:46:11 +0000 (10:46 -0700)]
Don't crash when there's no conceal frame

Bug: 24630158
Change-Id: If042aebebb58c218eb7bbf01dcddbcbd05dca1d6

8 years agostagefright: MPEG4Extractor: allow 'hdlr' box before first track
Lajos Molnar [Tue, 1 Sep 2015 00:19:52 +0000 (17:19 -0700)]
stagefright: MPEG4Extractor: allow 'hdlr' box before first track

Bug: 21725583
Change-Id: I799c1967759c7e49fb50281a1708188450caac77
(cherry picked from commit cf75af8f76265fb2909028f5dc68c7029dbe5f49)

8 years agoDO NOT MERGE stagefright: fix AMessage::FromParcel
Flanker [Fri, 11 Sep 2015 11:05:47 +0000 (19:05 +0800)]
DO NOT MERGE stagefright: fix AMessage::FromParcel

Add check for incoming mNumItems. Also add check readCString return
value.

Fix style & add log.

Bug: 24123723

Change-Id: If41a5312c27d868f481893eef56019b6807c39b7

8 years agoDO NOT MERGE - AudioFlinger: Clear record buffers when starting RecordThread
Andy Hung [Thu, 24 Sep 2015 22:08:13 +0000 (15:08 -0700)]
DO NOT MERGE - AudioFlinger: Clear record buffers when starting RecordThread

Bug: 24211743
Bug: 24267152
Change-Id: I58c55e56b85067b71e4e300f947b4dfc159637ba

8 years agoMerge "DO NOT MERGE Fix vulnerability in mediaserver" into klp-dev
Jeff Tinker [Thu, 17 Sep 2015 17:04:25 +0000 (17:04 +0000)]
Merge "DO NOT MERGE Fix vulnerability in mediaserver" into klp-dev

8 years agoMerge "Fix for security vulnerability in media server DO NOT MERGE" into klp-dev
Jeff Tinker [Thu, 17 Sep 2015 17:04:05 +0000 (17:04 +0000)]
Merge "Fix for security vulnerability in media server DO NOT MERGE" into klp-dev

8 years agoMerge "DO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info...
Wei Jia [Thu, 17 Sep 2015 13:19:08 +0000 (13:19 +0000)]
Merge "DO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info leak when writing them to Parcel." into klp-dev

8 years agoMerge "Fix heap data leak vulnerability" into klp-dev
Jeff Tinker [Wed, 16 Sep 2015 18:17:46 +0000 (18:17 +0000)]
Merge "Fix heap data leak vulnerability" into klp-dev

8 years agoDO NOT MERGE Fix vulnerability in mediaserver
Jeff Tinker [Wed, 16 Sep 2015 17:23:12 +0000 (10:23 -0700)]
DO NOT MERGE Fix vulnerability in mediaserver

ICrypto.cpp: ASLR bypass using DECRYPT IPC

bug: 24074485
Change-Id: I40dd0e92083c7093030393b16dbab59323306a4e

8 years agoDO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info leak...
Wei Jia [Thu, 10 Sep 2015 16:47:29 +0000 (09:47 -0700)]
DO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info leak when writing them to Parcel.

Bug: 23953967
Change-Id: Ibbe841da149038675e9e8daea76c77558bc8564b
(cherry picked from commit 983dca391a76fb45df999fc40e8766b9ddb63511)

8 years agoMerge "DO NOT MERGE NuCachedSource2: fix possible erroneous early free" into klp-dev
Wonsik Kim [Wed, 16 Sep 2015 07:11:04 +0000 (07:11 +0000)]
Merge "DO NOT MERGE NuCachedSource2: fix possible erroneous early free" into klp-dev

8 years agoFix heap data leak vulnerability
Jeff Tinker [Mon, 14 Sep 2015 20:55:23 +0000 (13:55 -0700)]
Fix heap data leak vulnerability

bug: 23600291
Change-Id: I7979e9e25ada01c13775be8580d433a8b4ce4ffe

8 years agoFix for security vulnerability in media server DO NOT MERGE
Jeff Tinker [Mon, 14 Sep 2015 17:18:56 +0000 (10:18 -0700)]
Fix for security vulnerability in media server DO NOT MERGE

bug: 23540426
Change-Id: I5d602f99fd82e50d0136d47ce20cfa1ac9fd7ae2

8 years agoDO NOT MERGE NuCachedSource2: fix possible erroneous early free
Wonsik Kim [Tue, 8 Sep 2015 08:32:28 +0000 (17:32 +0900)]
DO NOT MERGE NuCachedSource2: fix possible erroneous early free

Because the constructor of NuCachedSource2 sent a message to
AHandlerReflector object, AHandlerReflector::onMessageReceived could
have executed just before the object gets wrapped in a strong
pointer, resulting in erroneous early free. Fix the issue by using
static Create function to ensure the message is sent after the
object is wrapped in a sp.

Bug: 23882800
Change-Id: I38a9d7a3083f184b4c81d0b00ba1661721278855

8 years agoMerge "DO NOT MERGE - IAudioFlinger: clear config before reading it from parcel....
Wei Jia [Fri, 11 Sep 2015 13:54:59 +0000 (13:54 +0000)]
Merge "DO NOT MERGE - IAudioFlinger: clear config before reading it from parcel." into klp-dev

8 years agoMerge "DO NOT MERGE fix build" into klp-dev
Wonsik Kim [Fri, 11 Sep 2015 07:34:53 +0000 (07:34 +0000)]
Merge "DO NOT MERGE fix build" into klp-dev

8 years agoDO NOT MERGE fix build
Wonsik Kim [Fri, 11 Sep 2015 07:14:18 +0000 (16:14 +0900)]
DO NOT MERGE fix build

Bug: 23707088

Change-Id: Ib0d6cbc52710f33310d21b2eae1f243f0f8e8bca

8 years agoMerge "DO NOT MERGE Avoid size_t overflow in base64 decoding once again" into klp-dev
Wonsik Kim [Fri, 11 Sep 2015 06:49:22 +0000 (06:49 +0000)]
Merge "DO NOT MERGE Avoid size_t overflow in base64 decoding once again" into klp-dev

8 years agoDO NOT MERGE - IAudioFlinger: clear config before reading it from parcel.
Wei Jia [Wed, 9 Sep 2015 16:48:34 +0000 (09:48 -0700)]
DO NOT MERGE - IAudioFlinger: clear config before reading it from parcel.

Bug: 23905951
Bug: 23912202
Change-Id: Id13a9d3cae2c09e7381b841e67ddfb188274d74c
(cherry picked from commit e995e477ad59b79145200c8f1e9e13c16c682d59)

8 years agoDO NOT MERGE Avoid size_t overflow in base64 decoding once again
Wonsik Kim [Mon, 7 Sep 2015 06:52:27 +0000 (15:52 +0900)]
DO NOT MERGE Avoid size_t overflow in base64 decoding once again

Switch to foundation base64 function in OggExtractor and fix the
issue there.

Bug: 23707088
Change-Id: I999ae911177c88dc13f9ee9796ca93c5928b20b0

8 years agolibstagefright: fix A_Refl to return immediately when there is an error.
Wei Jia [Fri, 4 Sep 2015 16:13:37 +0000 (09:13 -0700)]
libstagefright: fix A_Refl to return immediately when there is an error.

Bug: 23609206
Change-Id: I2ad25fb208df17f5a5b6d6b356eff2f400627f22
(cherry picked from commit 715dcb9c90d86c1a02a0da056f3cee8875ad1230)

8 years agoMerge "Zero out return values in media binder calls" into klp-dev
Robert Shih [Thu, 3 Sep 2015 17:21:20 +0000 (17:21 +0000)]
Merge "Zero out return values in media binder calls" into klp-dev

8 years agoMerge "Make IEffect command more robust (second try)" into klp-dev
Andy Hung [Thu, 3 Sep 2015 17:16:12 +0000 (17:16 +0000)]
Merge "Make IEffect command more robust (second try)" into klp-dev

8 years agoMerge "Fix timedtext parsing" into klp-dev
Marco Nelissen [Thu, 3 Sep 2015 17:05:55 +0000 (17:05 +0000)]
Merge "Fix timedtext parsing" into klp-dev

8 years agoDO NOT MERGE - libstagefright: sanity check size before dereferencing pointer in...
Wei Jia [Tue, 1 Sep 2015 18:14:18 +0000 (11:14 -0700)]
DO NOT MERGE - libstagefright: sanity check size before dereferencing pointer in Utils.cpp

Also remove some CHECK's.

Bug: 23680780
Change-Id: I62d0941e203e40209fa6fbe3f923f3efdc5a6c23
(cherry picked from commit 7bb772e0c643ff3292599cf485b9dbf232bf39a4)

8 years agoOgg: avoid size_t overflow in base64 decoding
Wonsik Kim [Wed, 2 Sep 2015 07:02:19 +0000 (16:02 +0900)]
Ogg: avoid size_t overflow in base64 decoding

Bug: 23707088
Change-Id: I8d32841fee3213c721cdcc57788807ea64d19d74

8 years agoZero out return values in media binder calls
Robert Shih [Wed, 2 Sep 2015 23:46:59 +0000 (16:46 -0700)]
Zero out return values in media binder calls

More specifically when handling:
* GET_STREAM_VOLUME in IAudioPolicyService, and
* GET_CURRENT_POSITION and GET_DURATION in IMediaPlayer

This prevents leaking uninitialized values across binder in error cases.

Bug: 23756261
Change-Id: I0ffd900ab12b685b0611259ade4a3efb1ec5defe

8 years agoMake IEffect command more robust (second try)
Andy Hung [Tue, 1 Sep 2015 20:07:56 +0000 (20:07 +0000)]
Make IEffect command more robust (second try)

Bug: 23540907
Change-Id: If30cfa535ad51521053706fc40fc98d893db5bc7
(cherry picked from commit 10e6660cc5da65b027c90489ba7ac55d1504e012)

8 years agoFix timedtext parsing
Marco Nelissen [Thu, 27 Aug 2015 20:49:32 +0000 (13:49 -0700)]
Fix timedtext parsing

Add bounds checking and fix other bugs.

Bug: 23284974
Bug: 23541506
Bug: 23542351
Bug: 23542352
Change-Id: I53551efdf109ce1833e0c361efaf4cee7a851023

8 years agoMerge "libmedia: clear reply data for IEffect command" into klp-dev
Andy Hung [Fri, 28 Aug 2015 20:49:57 +0000 (20:49 +0000)]
Merge "libmedia: clear reply data for IEffect command" into klp-dev

8 years agoIMediaPlayer.cpp: make sure structures are initialized to 0
Nick Kralevich [Thu, 20 Aug 2015 16:56:39 +0000 (09:56 -0700)]
IMediaPlayer.cpp: make sure structures are initialized to 0

Credit https://code.google.com/p/android/issues/detail?id=183310

Bug: 23515142
Change-Id: Idbd66fb148bd0ac1dd78f8651d0164f2a41e2427
(cherry picked from commit b73b826cc16291b33649402497efbe0f946413bd)

8 years agolibmedia: clear reply data for IEffect command
Andy Hung [Wed, 26 Aug 2015 23:34:33 +0000 (16:34 -0700)]
libmedia: clear reply data for IEffect command

Bug: 23540907
Change-Id: Ib89afc6b273b0eb310bbc5a1bd92b1e3d407c249

8 years agoMerge "DO NOT MERGE - Fix software video decoder buffer size calculation" into klp-dev
Abhishek Arya [Tue, 25 Aug 2015 04:00:04 +0000 (04:00 +0000)]
Merge "DO NOT MERGE - Fix software video decoder buffer size calculation" into klp-dev

8 years agoDO NOT MERGE - Fix software video decoder buffer size calculation
Marco Nelissen [Tue, 16 Jun 2015 21:50:36 +0000 (14:50 -0700)]
DO NOT MERGE - Fix software video decoder buffer size calculation

Various software video decoders would specify the buffer size as if it were
fully cropped, which then failed a sanity check in SoftwareRenderer.
They now return the full buffer size.

Bug: 21717327
Bug: 21443020
Change-Id: I19fcd091827ebd52a95a5509281a07ccc156e0e5
(cherry picked from commit 3ecc9db40b1fb9c7f807a5892e5c9625aac1fb06)

8 years agoDO NOT MERGE - SoftwareRenderer: sanity check buffer size before copying data.
Wei Jia [Mon, 8 Jun 2015 21:01:42 +0000 (14:01 -0700)]
DO NOT MERGE - SoftwareRenderer: sanity check buffer size before copying data.

Bug: 21443020
Change-Id: I63cf86217b8201fb41809c23e4b752b845a93ee2
(cherry picked from commit 760f92f8b6da9c9cf128cb18fe3c09402fdde6cd)

8 years agolibstagefright: check overflow before memory allocation in OMXCodec.cpp
Wei Jia [Fri, 21 Aug 2015 23:49:51 +0000 (16:49 -0700)]
libstagefright: check overflow before memory allocation in OMXCodec.cpp

Bug: 23416608
Change-Id: I4dacd38ed42db8f4887c3ee386dc909451f4346f

8 years agoLimit allocations to avoid out-of-memory
Marco Nelissen [Thu, 4 Jun 2015 18:01:15 +0000 (11:01 -0700)]
Limit allocations to avoid out-of-memory

Corrupt files could cause very large allocations, limit them to something
more reasonable.

Bug: 17769851
Change-Id: Ib0f722fd6fddff873bd7a547aac456e608c34c84

8 years agoMerge "Prevent integer issues in ID3::Iterator::findFrame" into klp-dev
Robert Shih [Sat, 22 Aug 2015 00:54:32 +0000 (00:54 +0000)]
Merge "Prevent integer issues in ID3::Iterator::findFrame" into klp-dev

8 years agoPrevent integer issues in ID3::Iterator::findFrame
Joshua J. Drake [Sat, 15 Aug 2015 13:17:03 +0000 (08:17 -0500)]
Prevent integer issues in ID3::Iterator::findFrame

Integer overflows could occur a few places within findFrame. These can lead to
out-of-bounds reads and potentially infinite loops. Ensure that arithmetic does
not wrap around to prevent these behaviors.

Bug: 23285192
Change-Id: I72a61df7d5719d1d3f2bd0b37fba86f0f4bbedee

8 years agoDO NOT MERGE libstagefright: Fix crash in convertMetaDataToMessage
Wei Jia [Thu, 25 Jun 2015 18:46:54 +0000 (11:46 -0700)]
DO NOT MERGE libstagefright: Fix crash in convertMetaDataToMessage

- The ABuffer used for the Message has a preset value of 1024, if
  flattening the meta data exceeds this value, a check fails hence
  the crash.
- This change creates a new ABuffer if the buffer size would exceed
  the buffer capacity.

Bug: 22771132

CRs-Fixed: 857850

(cherry picked from commit 4bce636865bdf0e2a79fc9a5d9a69107649c850d)

Change-Id: Ia0a963e9872f646791e75b710ff9e227a66af4f9

8 years agoFix build break DO NOT MERGE
Jeff Tinker [Fri, 21 Aug 2015 16:58:12 +0000 (09:58 -0700)]
Fix build break DO NOT MERGE

related-to-bug: 23223325

Change-Id: I7b09712b5f18912abddd50b75f6edaf860e894c1

8 years agoDO NOT MERGE Part of fix for libmedia OOB write anywhere
Jeff Tinker [Tue, 18 Aug 2015 00:57:47 +0000 (17:57 -0700)]
DO NOT MERGE Part of fix for libmedia OOB write anywhere

Clarify that decrypt destination is not a pointer for
secure case.

b/23223325

Change-Id: I642dcf790a9eb9e32175f3e0d8f040c82228e3ac
(cherry picked from commit ed555d70d80964f40563d89a4e6d6a80f83f4b89)

8 years agoam 59bfb7aa: (-s ours) am 18a8124f: am da0a48d2: (-s ours) am 6020f066: am b294a97a...
Marco Nelissen [Thu, 20 Aug 2015 20:17:34 +0000 (20:17 +0000)]
am 59bfb7aa: (-s ours) am 18a8124f: am da0a48d2: (-s ours) am 6020f066: am b294a97a: am 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit '59bfb7aa42ce2404da2547e7852e1a1215c6af22':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoam 18a8124f: am da0a48d2: (-s ours) am 6020f066: am b294a97a: am 6cba5819: am 51bfaf6...
Marco Nelissen [Thu, 20 Aug 2015 20:11:03 +0000 (20:11 +0000)]
am 18a8124f: am da0a48d2: (-s ours) am 6020f066: am b294a97a: am 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit '18a8124f582e9d763670e3bcc6ef6b2b00c4d394':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoam da0a48d2: (-s ours) am 6020f066: am b294a97a: am 6cba5819: am 51bfaf6c: am 1afea55...
Marco Nelissen [Thu, 20 Aug 2015 19:53:55 +0000 (19:53 +0000)]
am da0a48d2: (-s ours) am 6020f066: am b294a97a: am 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit 'da0a48d2704b231f13dbdb28cc4c4d12b08e3faf':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoam 6020f066: am b294a97a: am 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO...
Marco Nelissen [Thu, 20 Aug 2015 19:46:41 +0000 (19:46 +0000)]
am 6020f066: am b294a97a: am 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit '6020f06633f8cac09f47e561cc389c5b9b152464':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoam b294a97a: am 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail...
Marco Nelissen [Thu, 20 Aug 2015 19:41:14 +0000 (19:41 +0000)]
am b294a97a: am 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit 'b294a97a6fed15d379ce11084166780e7d9dd883':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoam 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully...
Marco Nelissen [Thu, 20 Aug 2015 19:32:06 +0000 (19:32 +0000)]
am 6cba5819: am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit '6cba5819ab84cc58a8273428dcf9ae98c0c9bc42':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoam 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocatio...
Marco Nelissen [Thu, 20 Aug 2015 19:25:42 +0000 (19:25 +0000)]
am 51bfaf6c: am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit '51bfaf6cf74498f92cd400e4d5b3d55b04fc7a06':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoam 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:18:30 +0000 (19:18 +0000)]
am 1afea551: am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit '1afea5517477554f452396c29db375e34d108f89':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoam ce73af07: DO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Thu, 20 Aug 2015 19:12:29 +0000 (19:12 +0000)]
am ce73af07: DO NOT MERGE Fail more gracefully on allocation failure

* commit 'ce73af077199122e0e5a80b019f949d0f181410f':
  DO NOT MERGE Fail more gracefully on allocation failure

8 years agoMerge "Fail more gracefully on allocation failure" into klp-dev
Marco Nelissen [Thu, 20 Aug 2015 18:05:08 +0000 (18:05 +0000)]
Merge "Fail more gracefully on allocation failure" into klp-dev

8 years agoDO NOT MERGE Fail more gracefully on allocation failure
Marco Nelissen [Fri, 13 Jun 2014 21:13:44 +0000 (14:13 -0700)]
DO NOT MERGE Fail more gracefully on allocation failure

Check allocations when the size is read from a file and might therefore
be invalid.

b/14388161

Change-Id: Ia08cc0a6107f275a70e793ef3b50c0ce16ceeee0

8 years agoMerge "libstagefright: fix handling of mSampleTimeEntries and mNumSampleSizes in...
Wei Jia [Thu, 20 Aug 2015 04:27:23 +0000 (04:27 +0000)]
Merge "libstagefright: fix handling of mSampleTimeEntries and mNumSampleSizes in SampleTable." into klp-dev

8 years agoMerge "Check RTSP payload length" into klp-dev
Abhishek Arya [Thu, 20 Aug 2015 04:10:51 +0000 (04:10 +0000)]
Merge "Check RTSP payload length" into klp-dev

8 years agoMerge "Sanity check padding/delay values for gapless playback" into klp-dev
Abhishek Arya [Thu, 20 Aug 2015 04:06:25 +0000 (04:06 +0000)]
Merge "Sanity check padding/delay values for gapless playback" into klp-dev

8 years agoMerge "libstagefright: fix overflow in MPEG4Source::parseSampleAuxiliaryInformationOf...
Wei Jia [Thu, 20 Aug 2015 04:01:18 +0000 (04:01 +0000)]
Merge "libstagefright: fix overflow in MPEG4Source::parseSampleAuxiliaryInformationOffsets." into klp-dev

8 years agolibstagefright: fix overflow in MPEG4Source::parseSampleAuxiliaryInformationOffsets.
Wei Jia [Tue, 18 Aug 2015 21:32:16 +0000 (14:32 -0700)]
libstagefright: fix overflow in MPEG4Source::parseSampleAuxiliaryInformationOffsets.

Bug: 23270724
Change-Id: Id7ba55c7bf6860fbfc892bbb6378aac644c82da4
(cherry picked from commit c51ab7dd82bf4e24666fc72a55e03e2f530204d5)

8 years agolibstagefright: fix overflow in pvdec_api.cpp.
Wei Jia [Thu, 20 Aug 2015 00:31:51 +0000 (17:31 -0700)]
libstagefright: fix overflow in pvdec_api.cpp.

Bug: 20674086
Change-Id: Ie2c711865c3b92f3fa2f3c7a436fa0e3687eb8b3
(cherry picked from commit d7bb1cd786e5ea4ac61119cc1a08082474f7787b)

8 years agoCheck RTSP payload length
Marco Nelissen [Wed, 19 Aug 2015 22:36:12 +0000 (15:36 -0700)]
Check RTSP payload length

Bug: 23346388
Change-Id: Ifd918cefc90527c2f52177c3ce0da7a13259ad08

8 years agolibstagefright: fix handling of mSampleTimeEntries and mNumSampleSizes in SampleTable.
Wei Jia [Tue, 18 Aug 2015 18:17:24 +0000 (11:17 -0700)]
libstagefright: fix handling of mSampleTimeEntries and mNumSampleSizes in SampleTable.

Bug: 23247055
Change-Id: I29ef59c7ff09248063714e5013f7c33f66c5eebd
(cherry picked from commit 3564c4562f46bede6ef1ea716c4fd4f77e470ae8)

8 years agoFail more gracefully on allocation failure
Marco Nelissen [Fri, 13 Jun 2014 21:13:44 +0000 (14:13 -0700)]
Fail more gracefully on allocation failure

Check allocations when the size is read from a file and might therefore
be invalid.

b/14388161

Change-Id: Ia08cc0a6107f275a70e793ef3b50c0ce16ceeee0

8 years agoMerge "DO NOT MERGE - audio flinger: fix fuzz test crash" into klp-dev
Eric Laurent [Tue, 18 Aug 2015 21:33:46 +0000 (21:33 +0000)]
Merge "DO NOT MERGE - audio flinger: fix fuzz test crash" into klp-dev

8 years agoMerge "stagefright: check IMemory::pointer() before using the allocation" into klp-dev
Chong Zhang [Tue, 18 Aug 2015 16:55:38 +0000 (16:55 +0000)]
Merge "stagefright: check IMemory::pointer() before using the allocation" into klp-dev

8 years agoSanity check padding/delay values for gapless playback
Marco Nelissen [Tue, 18 Aug 2015 16:55:24 +0000 (09:55 -0700)]
Sanity check padding/delay values for gapless playback

Bug: 23306638
Change-Id: I2b5160e0f58f90d3f67c3964f41f5734ec0da053

8 years agoMerge "Check integer overflow to prevent memory corruption" into klp-dev
Jon Larimer [Tue, 18 Aug 2015 15:04:20 +0000 (15:04 +0000)]
Merge "Check integer overflow to prevent memory corruption" into klp-dev

8 years agoMerge "do not dequeue from native window after we hit fatal error -- DO NOT MERGE...
Jon Larimer [Tue, 18 Aug 2015 15:00:42 +0000 (15:00 +0000)]
Merge "do not dequeue from native window after we hit fatal error -- DO NOT MERGE" into klp-dev

8 years agoMerge "MPEG4Source::fragmentedRead: check range before writing into buffers" into...
Jon Larimer [Tue, 18 Aug 2015 14:25:45 +0000 (14:25 +0000)]
Merge "MPEG4Source::fragmentedRead: check range before writing into buffers" into klp-dev

8 years agoMerge "Check buffer size before using it" into klp-dev
Jon Larimer [Tue, 18 Aug 2015 14:24:26 +0000 (14:24 +0000)]
Merge "Check buffer size before using it" into klp-dev

8 years agoMerge "Check vector size before accessing" into klp-dev
Abhishek Arya [Tue, 18 Aug 2015 13:28:34 +0000 (13:28 +0000)]
Merge "Check vector size before accessing" into klp-dev

8 years agoMerge "MatroskaExtractor: detect infinite loop when parsing NALs" into klp-dev
Abhishek Arya [Tue, 18 Aug 2015 13:24:21 +0000 (13:24 +0000)]
Merge "MatroskaExtractor: detect infinite loop when parsing NALs" into klp-dev

8 years agoMatroskaExtractor: detect infinite loop when parsing NALs
Robert Shih [Thu, 16 Jul 2015 22:04:12 +0000 (15:04 -0700)]
MatroskaExtractor: detect infinite loop when parsing NALs

Bug: 21335999
Change-Id: I76bd34610e52048ffcf16e41aa6175afc8a14ee4
(cherry picked from commit 2dcf6138ebc9c5688aeae151d2fbde55a2826128)

8 years agoFix for memory corruption in ID3::removeUnsynchronizationV2_4().
Neel Mehta [Sat, 15 Aug 2015 00:38:48 +0000 (17:38 -0700)]
Fix for memory corruption in ID3::removeUnsynchronizationV2_4().
Bug: 23227354

Change-Id: Iaa36cfda4fd84ca7e039f56086fd61b4118020db
(cherry picked from commit 77e23413a539df16503e356bd4df4a952f3abc47)

8 years agoMerge "Revert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"" into...
Abhishek Arya [Tue, 18 Aug 2015 01:31:42 +0000 (01:31 +0000)]
Merge "Revert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"" into klp-dev

8 years agoFix compile failure after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
Abhishek Arya [Tue, 18 Aug 2015 01:24:11 +0000 (18:24 -0700)]
Fix compile failure after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4

Bug: 20674086
Change-Id: I2ee6b7e0eabbf696c0986d08b2d759d48cb9eb7b

8 years agoDO NOT MERGE - audio flinger: fix fuzz test crash
Eric Laurent [Fri, 8 May 2015 17:50:03 +0000 (10:50 -0700)]
DO NOT MERGE - audio flinger: fix fuzz test crash

Clear output stream pointer in duplicating thread
when the main output to which it is attached is closed.

Also do not forward master mute and volume commands to
duplicating threads as this is not applicable.

Also fix logic in AudioFlinger::primaryPlaybackThread_l()
that could accidentally return a duplicating thread.
This never happens because the primary thread is always
first in the list.

Bug: 20731946.
Change-Id: Ic8869699836920351b23d09544c50a258d3fb585

8 years agoMerge "libstagefright: check remaining data size before parsing it." into klp-dev
Wei Jia [Tue, 18 Aug 2015 00:48:01 +0000 (00:48 +0000)]
Merge "libstagefright: check remaining data size before parsing it." into klp-dev

8 years agoRevert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"
Abhishek Arya [Mon, 17 Aug 2015 22:34:16 +0000 (22:34 +0000)]
Revert "Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4"

This reverts commit c23e3dd8af7397f023aae040c4a03dd14091cbed.

This speculative fix didn't fix the compile failure, do checking locally.

Change-Id: I1598f7208c8232ca38c0fcad17f211598591594e

8 years agoMPEG4Source::fragmentedRead: check range before writing into buffers
Robert Shih [Tue, 23 Jun 2015 00:58:27 +0000 (17:58 -0700)]
MPEG4Source::fragmentedRead: check range before writing into buffers

Bug: 22008959
Change-Id: I5f6e188adcc593796455bdaf7b0b8aba672b106e

8 years agoFix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4
Abhishek Arya [Mon, 17 Aug 2015 21:50:02 +0000 (14:50 -0700)]
Fix compile after rI431aa2b7d30a942350ab6d105451c6b77e2f99d4

BUG: 20674086
Change-Id: Idaff17975b327adea65c39bdba1ab4e88789c0cd

8 years agoMerge "SoftAVCEnc: check requested memory size before allocation." into klp-dev
Wei Jia [Mon, 17 Aug 2015 19:49:39 +0000 (19:49 +0000)]
Merge "SoftAVCEnc: check requested memory size before allocation." into klp-dev

8 years agoMerge "libstagefright: check memory size for overflow before allocation." into klp-dev
Abhishek Arya [Mon, 17 Aug 2015 18:39:11 +0000 (18:39 +0000)]
Merge "libstagefright: check memory size for overflow before allocation." into klp-dev

8 years agostagefright: check IMemory::pointer() before using the allocation
Chong Zhang [Fri, 15 May 2015 20:40:15 +0000 (13:40 -0700)]
stagefright: check IMemory::pointer() before using the allocation

bug: 19779574
Change-Id: I4ffe8c3fadc07da211f421e75ee83010b01d9cbb

8 years agodo not dequeue from native window after we hit fatal error -- DO NOT MERGE
Chong Zhang [Fri, 14 Aug 2015 20:50:02 +0000 (13:50 -0700)]
do not dequeue from native window after we hit fatal error -- DO NOT MERGE

bug: 22845824
Change-Id: I8c375790c697e02b6ab3ea54b84d3f70d5e78141
(cherry picked from commit 346de3c26a8fbd0fa0c8102f4a21ea4dcee4432a)