git.osdn.net Git - android-x86/frameworks-av.git/log

Merge tag 'android-8.1.0_r69' into oreo-x86

Android 8.1.0 Release 69 (5794017)

Fix OOB access in mpeg4/h263 decoder

The decoder does not support an increase in frame width, and
would exceed its buffer if the width increased mid-stream.
There was an existing check to prevent the total frame size
(width*height) from increasing, but in fact the decoder also
does not even support a width increase, even if the height
decreases correspondingly.

Bug: 136175447
Bug: 136173699
Test: manual
Change-Id: Ic2d28bb0503635dadeb69ba3be9412d58684e910
(cherry picked from commit ef4ce157000b2b5bcbf2bcb36a228ec604803547)

m4v_h263: add a test for invalid/negative value

Test: run poc with and without the patch.
Bug: 134578122
Change-Id: I2d11826d1d9e2669aa5627065dc627729ddc823b
(cherry picked from commit 7802c68aebf7908983508fd4a52a7d53746a80eb)

AMR WB encoder: prevent OOB write in ACELP_4t64_fx

In ACELP_4t64_fx, when iterating over ind array, check index against
array size to prevent OOB write, log an error if such an access
was about to happen.

Bug: 132647222
Test: atest EncoderTest#testAMRWBEncoders
Change-Id: I33f476d94baec2feffc7bcccd0ad0481b8452518
(cherry picked from commit 82cb46d0d55a407f468023977204eb7133b7fd77)
Merged-in: I33f476d94baec2feffc7bcccd0ad0481b8452518
(cherry picked from commit 9a44849c88b306e1b4fb37bd9aa34d6ba0607b7a)

httplive: detect oom if playlist is infinite

Bug: 68399439
Test: StagefrightTest#testStagefright_cve_2017_13279
Change-Id: Icf39c2ae58d9d6ba7c74bbcfbe2154e66e6c9e40
(cherry picked from commit f3808d3a2e8c646d5edad451a80daa61a4e5d836)

Fix overflow/dos in 3gg text description parsing

Bug: 124781927
Test: run pocs
Change-Id: I8765ac9746c3de7d711ef866d4ec0e29972320c0
(cherry picked from commit 851e22d1dc89a7f708b9d2b56947f69cd1a08b94)

DO NOT MERGE: audiopolicy: Remove raw pointer references to AudioMix

AudioInputDescriptor, AudioOutputDescriptor, and AudioSession used
to reference AudioMix instances using a raw pointer. This isn't
safe as AudioMix was owned by AudioPolicyMix, which is not
referenced by descriptors.

Change AudioMix* pointers in Audio{Input|Output}Descriptor and
AudioSession to wp<AudioPolicyMix> which reflects their
relationship correctly.

To ensure that code does not operate on AudioMix instances
independently from AudioPolicyMix, and to avoid introducing
a lot of getter / setter methods into AudioPolicyMix, make
the latter to inherit AudioMix. This makes sense because
AudioPolicyMix is essentially a ref-counted version of AudioMix.

Bug: 124899895
Test: build and sanity check on marlin,
build marlin with USE_CONFIGURABLE_AUDIO_POLICY := 1
Merged-In: Ic508caedefe721ed7e7ba6ee3e9175ba9e8dc23a
Change-Id: Ic508caedefe721ed7e7ba6ee3e9175ba9e8dc23a
(cherry picked from commit 0899a9f97ba3b2835b524d5aeb11fe6d2173ec8f)

Merge tag 'android-8.1.0_r64' into oreo-x86

Android 8.1.0 Release 64 (OPM8.190505.001)

Zero-initialize HIDL structs before passing

Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice

Bug: 131267328
Bug: 131356202
Merged-In: Ie91b7946f8f4406fd06e9cb4ad883b3a2704f366
Change-Id: Ie91b7946f8f4406fd06e9cb4ad883b3a2704f366
(cherry picked from commit 56173f4146914217b4872502007e8aa02b3521dd)

Remove unused AVIExtractor source

Bug: 130651570
Test: compilation
Change-Id: I36e8221879593e0560002e404215c6efcd531ab8
(cherry picked from commit 5eaa57a5de115b50bfbe1b8d6764116c9f39a10f)

NuPlayerCCDecoder: fix memory OOB

Test: cts
Bug: 129068792
Change-Id: Id78ddc983f245feda3a81da3448196340b57f5c9
(cherry picked from commit e1c7348e1c3fed25c16ae4673101f48b1ed95b7e)
(cherry picked from commit 0f7ff70737d58abda69fa6d4524b1943d6c41461)

audio: ensure effect chain with specific session id is unique

It's possible that tracks with the same session id running on various
playback outputs, which causes effect chain being created on the same
session twice. As a result, the same effect engine will be released
twice as the same context is reused.

Output that has effect chain with same session id is more preferable.

Test: No regression with Play Music and Effects
Bug: 123082420
Bug: 123237974
Merged-In: I690ea3cb942d1fdc96b46048e271557d48000f43
Change-Id: I690ea3cb942d1fdc96b46048e271557d48000f43
(cherry picked from commit 9aeb1770d49bab13ea5c6454c969a713641fe686)
(cherry picked from commit 5945746bcabff8d833229a6c230cbe873474087f)

AudioFlinger: Prevent multiple effect chains with same sessionId

Allow at most one effect chain with same sessionId on mPlaybackThreads.

Test: poc, CTS effect tests
Bug: 123237974
Merged-In: Ide46cd23b0a9f4295f0dca2fea23379a76b836ee
Change-Id: Ide46cd23b0a9f4295f0dca2fea23379a76b836ee
(cherry picked from commit 1631f06feb36df5406ad00e850dcca9394f67772)
(cherry picked from commit f963b2bfdaf406b42d371322402172b4380bbba5)

Merge cherrypicks of [6714499, 6716593, 6716594, 6716595, 6716596, 6716597, 6716977, 6718226, 6717773, 6716978, 6717663] into oc-m8-release

Change-Id: Ieb4c3a0b3350852b8db4c4638b35fc2c6f6ec362

Reserve enough space for RTSP CSD

make parameters to GetSizeWidth() reflect values being used in
corresponding EncodeSize() invocations so we won't overflow the buffer.

Bug: 123701862
Test: y
Change-Id: I78596176e6042c95582494a8ae1b9c3160bf5955
(cherry picked from commit c025be8ce5f1b34bdf293ac367685c969bd430ba)

Merge cherrypicks of [6072696, 6072074, 6072757, 6072120, 6072121, 6072122, 6072123, 6072575, 6072576, 6072577, 6072578, 6072579, 6072193, 6072131, 6072194, 6072076, 6072210, 6072759, 6072760, 6072698, 6072699, 6072700, 6072701, 6072702, 6072703, 6072704, 6072905, 6072906, 6072907, 6072761] into oc-m8-release

Change-Id: Ia2c2924ff42d1a800a482b1d492124ba45ad5368

AudioFlinger: put effect desc lookup under mutex for createEffect

Test: native poc
Bug: 122309228
Change-Id: I48333c69f5c1b1bf1b98f57eb813ec39e074f3a7
Merged-In: I9d339a7d6d81161065e1adaf427dd2d3430436c2
(cherry picked from commit a41770b682117fdfc20236fbc45d975099f9147a)

RESTRICT AUTOMERGE: aaudio: improve test_atomic_fifo

Check for the effects of setting a bogus counter.
Check for writes to memory surrounding the FIFO.
Check for negative array indices.

Bug: 120789744
Test: this is a test
Change-Id: Ia30cdef7f9d60f0a98b9af964cb3b3159df37dc9
(cherry picked from commit 31a8d44075f37f75d5912d79a43d777587b2d695)

RESTRICT AUTOMERGE: aaudio: Fix converting negative FIFO counters to index

The index into the FIFO is calculated by using:

counter % capacity

But the counter is signed and when it is negative the
modulo can have a negative result. That can cause
a negative array index and an access out of bounds.

This is not normally a problem because the counter
is 64 bits and it will not overflow until the audio
has run for a few million years. But a hacker might
be able to modify this internal counter and force
an error.

The solution involves casting to a uint64_t before doing
the modulo.

Note that there may still be a discontinuity when the
counter wraps from -1 to 0. But that will not result
in an out-of-bounds access. It may cause a noise but
an app could simply create a noise directly. So that is
not considered an exploit.

Bug: 120789744
Test: test_atomic_fifo.cpp
Change-Id: I6fe57bcb44528d29b5edb817c592e5e9a8aaf8eb
(cherry picked from commit d1fc53ca84b3d8d074fb27e192dea8204c1fb221)

RESTRICT AUTOMERGE: aaudio: fix FIFO wrapround frame counts

The number of frames in the second part was incorrect
when it wrapped past the end of the FIFO.

Bug: 78139448
Bug: 120789744
Test: adb shell aaudio_loopback -c2 -C2 -tm -m2 -Pl -pn
Change-Id: Ib6a22f30f0ee5321444c6d6137d9488943c34f3d
(cherry picked from commit 685607be811e6d5fffc407d71a2703de9c351969)

AudioFlinger: put effect desc lookup under mutex for createEffect

Test: native poc
Bug: 122309228
Change-Id: I48333c69f5c1b1bf1b98f57eb813ec39e074f3a7
Merged-In: I9d339a7d6d81161065e1adaf427dd2d3430436c2
(cherry picked from commit a41770b682117fdfc20236fbc45d975099f9147a)

RESTRICT AUTOMERGE: aaudio: improve test_atomic_fifo

Check for the effects of setting a bogus counter.
Check for writes to memory surrounding the FIFO.
Check for negative array indices.

Bug: 120789744
Test: this is a test
Change-Id: Ia30cdef7f9d60f0a98b9af964cb3b3159df37dc9
(cherry picked from commit 31a8d44075f37f75d5912d79a43d777587b2d695)

RESTRICT AUTOMERGE: aaudio: Fix converting negative FIFO counters to index

The index into the FIFO is calculated by using:

counter % capacity

But the counter is signed and when it is negative the
modulo can have a negative result. That can cause
a negative array index and an access out of bounds.

This is not normally a problem because the counter
is 64 bits and it will not overflow until the audio
has run for a few million years. But a hacker might
be able to modify this internal counter and force
an error.

The solution involves casting to a uint64_t before doing
the modulo.

Note that there may still be a discontinuity when the
counter wraps from -1 to 0. But that will not result
in an out-of-bounds access. It may cause a noise but
an app could simply create a noise directly. So that is
not considered an exploit.

Bug: 120789744
Test: test_atomic_fifo.cpp
Change-Id: I6fe57bcb44528d29b5edb817c592e5e9a8aaf8eb
(cherry picked from commit d1fc53ca84b3d8d074fb27e192dea8204c1fb221)

RESTRICT AUTOMERGE: aaudio: fix FIFO wrapround frame counts

The number of frames in the second part was incorrect
when it wrapped past the end of the FIFO.

Bug: 78139448
Bug: 120789744
Test: adb shell aaudio_loopback -c2 -C2 -tm -m2 -Pl -pn
Change-Id: Ib6a22f30f0ee5321444c6d6137d9488943c34f3d
(cherry picked from commit 685607be811e6d5fffc407d71a2703de9c351969)

Merge tag 'android-8.1.0_r53' into oreo-x86

Android 8.1.0 release 53

Merge cherrypicks of [5313290, 5313323, 5313343, 5313415, 5313291, 5313441, 5313557, 5313344, 5313383, 5313384, 5313324, 5313325, 5313326, 5313294, 5313295, 5313296, 5313498] into oc-m8-release

Change-Id: If45233ec1637604dcb769efb42ed3acb1b2857a0

CTS error while media dump()

MediaExtractor should not dump information. CTS is
checking and failing due to the dump.

Bug: 114770654
Change-Id: Ie5bae5de39545dede6da4198240b4f38c50050b7
(cherry picked from commit c20825bd3b751cffcd8d7e66e97c3b1a91ef21e0)

Merge tag 'android-8.1.0_r48' into oreo-x86

Android 8.1.0 release 48

Merge cherrypicks of [4995494, 4995495, 4995496, 4995497, 4997652, 4997881, 4997052, 4997883, 4995518, 4997653, 4997654] into oc-m8-release

Change-Id: Ifeba25ced72566a9a3c9d67c288a8e23e4709187

Fix race condition for cas sessions -- DO NOT MERGE

Change the session to shared_ptr and use atomic_load/store.

Test: POC; CTS MediaCasTest; CTS MediaDrmClearkeyTest#
testClearKeyPlaybackMpeg2ts
bug: 113027383

Change-Id: I75f4cb33a022f28d45918442d64c5c46df2640ef
(cherry picked from commit 58b9e7d73c9e2a7a7ff11a4584fd1e1105669831)

Merge tag 'android-8.1.0_r46' into oreo-x86

Android 8.1.0 Release 46 (OPM6.171019.030.K1)

MediaExtractor: stop rendering when an error occurs

Bug: 68664359
Bug: 110435401

Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.StagefrightTest#testStagefright_bug_68664359
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.StagefrightTest#testStagefright_bug_110435401

Change-Id: Icff96fcaa76a5871e7f175b0384d47d5dca7313f
Merged-In: If1322524fcfebc6c5f139288f044b0189da66c1b
(cherry picked from commit 9bc021a323873091ea98f77b3b3dc4732d1c92e6)

Fix race condition for cas sessions -- DO NOT MERGE

Change the session to shared_ptr and use atomic_load/store.

Test: POC; CTS MediaCasTest; CTS MediaDrmClearkeyTest#
testClearKeyPlaybackMpeg2ts
bug: 113027383

Change-Id: I75f4cb33a022f28d45918442d64c5c46df2640ef
(cherry picked from commit 58b9e7d73c9e2a7a7ff11a4584fd1e1105669831)

Check for overflow of crypto size

Bug: 111603051
Test: CTS
Change-Id: Ib5b1802b9b35769a25c16e2b977308cf7a810606
(cherry picked from commit d1fd02761236b35a336434367131f71bef7405c9)

Fix information disclosure in mediadrmserver

Test:POC provided in bug
Bug:79218474
Change-Id: Iba12c07a5e615f8ed234b01ac53e3559ba9ac12e
(cherry picked from commit c1bf68a8d1321d7cdf7da6933f0b89b171d251c6)

Revert "MediaExtractor: stop rendering when an error occurs"

This reverts commit f3239784597d0dfd0d8405c9407180d282990806.

Merge cherrypicks of [4787660, 4787680, 4787071, 4787700, 4787592, 4787701, 4787720, 4787721, 4787072, 4787073, 4787074, 4787075, 4787076, 4787077, 4787740, 4787760, 4787722, 4787723, 4787724, 4787725, 4787726, 4787727, 4787728, 4787729, 4787730, 4787731] into oc-m8-release

Change-Id: Ib832d8162af176e40f54cc889d1872cd6b88990b

Fix information disclosure in mediadrmserver

Test:POC provided in bug
Bug:79218474
Change-Id: Iba12c07a5e615f8ed234b01ac53e3559ba9ac12e
(cherry picked from commit c1bf68a8d1321d7cdf7da6933f0b89b171d251c6)

Check for overflow of crypto size

Bug: 111603051
Test: CTS
Change-Id: Ib5b1802b9b35769a25c16e2b977308cf7a810606
(cherry picked from commit d1fd02761236b35a336434367131f71bef7405c9)

Merge cherrypicks of [4741663, 4741664, 4741665, 4741666, 4743080, 4743081, 4743082, 4743083, 4741262, 4741263, 4741264, 4741265, 4741266, 4741667, 4743084, 4741242, 4741243, 4741741, 4741742, 4741743, 4741744, 4741822, 4743085, 4741668, 4741338, 4743055, 4743056, 4743070, 4743073, 4743075, 4743076, 4743078, 4743079, 4743161, 4743162, 4743164, 4743165, 4743167, 4743168, 4743169, 4743170, 4741681, 4741682, 4741683, 4741684, 4741685, 4741686, 4741687, 4741688, 4741689, 4741690, 4741691, 4741692, 4741693, 4741694, 4741695, 4741696, 4741697, 4741698, 4741699, 4743240, 4743241, 4743242, 4743243, 4741745, 4741823, 4741824, 4741825, 4741267, 4741268, 4743244, 4743280, 4743281, 4743224, 4743203, 4743204, 4743205, 4741746, 4741747, 4743245, 4741826, 4741827, 4741828, 4741829, 4741748, 4741749, 4741750, 4743233, 4743282, 4741244, 4741245, 4741246, 4741247, 4743206, 4743207, 4743208, 4743209, 4743210, 4743211, 4743212, 4743213, 4743214, 4743215, 4743216, 4743217, 4743218, 4743219, 4743360, 4743361, 4743362, 4743363, 4743364, 4743365, 4743366, 4743367, 4743368, 4743369, 4743370, 4743371, 4743372, 4743373, 4743374, 4743375, 4743376, 4743377, 4743283, 4743284, 4741830, 4742501, 4743246, 4743086, 4743087, 4743378, 4743379, 4741751] into sparse-4749909-L04200000199131547

Change-Id: I53c14677624d9d0302c5cd665640b43ff1334333

M3UParser: handle missing EXT-X-MEDIA URIs

Bug: 111381540
Test: http://devimages.apple.com.edgekey.net/streaming/examples/bipbop_16x9/bipbop_16x9_variant.m3u8
Change-Id: I57f6cea59ce4c25267385289ab805eefe74b04ac
(cherry picked from commit b8c3a74de55a76e2ee21c731828a8afca7aa4ae0)

Allow kPortModeDynamicANWBuffer for kBufferTypeANWBuffer in useBuffer

Test: play contents
Bug: 77486542
Change-Id: I422d49a137889c417d855ebef954f882f67821ed
(cherry picked from commit d8cbab144398d0e9b3cdc2f8c42b4ea0c921e355)

MediaExtractor: stop rendering when an error occurs

Bug: 68664359
Bug: 110435401

Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.StagefrightTest#testStagefright_bug_68664359
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.StagefrightTest#testStagefright_bug_110435401

Change-Id: Icff96fcaa76a5871e7f175b0384d47d5dca7313f
Merged-In: If1322524fcfebc6c5f139288f044b0189da66c1b
(cherry picked from commit 9bc021a323873091ea98f77b3b3dc4732d1c92e6)

Fix possible out of bounds read

Bug: 78656554
Test: manual
Change-Id: I677f827483dcc80afac57fd7ef6807e633542252
(cherry picked from commit 3762e0615273f25b059556d5b5f65102e9c55c35)

OMXNodeInstance: Allow dynamic native handle mode for input buffers

Some camera implementation uses Dynamic native handle to send input
buffers to OMX HAL. Therefore, these buffers should be allowed.

Bug: 77486542
Bug: 80174666
Bug: 80210572
Bug: 80252747
Test: sts-tradefed run sts -m StsHostTestCases -t android.security.sts.Poc18_06#testPocBug_77486542
Test: adb shell am instrument -e size small -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: adb shell am instrument -e class android.hardware.cts.CameraTest -w 'android.camera.cts/android.support.test.runner.AndroidJUnitRunner'
Test: adb shell am instrument -e class android.hardware.multiprocess.camera.cts.CameraEvictionTest -w 'android.camera.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Exercise secure playback with Play Movies app.
Test: Record video with Camera app and play it back with Photos app

Change-Id: I1e4eb72e070f4e60ff4df94f9b9d161361828477
(cherry picked from commit bda339098d273066fe50d4cb77503bac5ea4ede0)

M3UParser: make url on demand

Bug: 77823362
Test: adb shell am start -a android.intent.action.VIEW -d http://10.42.0.1:8080
Change-Id: Ieaf8a13985277eee5b085ed243205a597627cf5e
(cherry picked from commit 26e236bd426770869644a9962778dedea7bf59be)

Speed up id3v2 unsynchronization

Instead of doing many overlapping memmoves, do a single copy pass
that skips over the inserted unsynchronization bytes. For some
files this reduces parsing time from minutes to milliseconds.

Similar to commit 72a43b68da but for v2.2 and v2.3.

Bug: 78029004
Test: poc
Change-Id: I735b7051e77a093d86fb7a3e46209875946225ed
(cherry picked from commit f9d87cc850a589b9b0cc3658cf222187822bcc00)

Fix security vulnerability in CryptoHal

CryptoHal was not checking that the memory heap set by setHeap
was the same one that was actually used for the decrypt call, allowing
the caller to spoof the decrypt call into accessing arbitrary memory.

bug:76221123
test: mediadrmserverpoc included in the bug & GTS media tests
Change-Id: I35214a1a6d0a4b864123e147d1a1adc2377bfbc5
Merged-in: I4ae6d1080be406bf53e3617c59c75206cc5066c6
(cherry picked from commit 9a9c3ab4d76f03f3abb3756bca9cdfe55c74326a)

omx: restrict useBuffer according to buffer type and port mode

Bug: 77486542
Test: sts-tradefed run sts -m StsHostTestCases -t android.security.sts.Poc18_06#testPocBug_77486542
Test: adb shell am instrument -e size small -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Exercise secure playback with Play Movies app.
Test: Record video with Camera app and play it back with Photos app

Change-Id: Ief2d2d4d0445074c0ecdc723b1b25997a7631389
(cherry picked from commit 7d54e8f905784fddcc4c37fd094d4e18a73767bc)

aaudio: use weak pointer to prevent UAF

Avoid using the mServiceEndpoint smart pointer
from multiple threads.

Bug: 74122779
Test: see bug for test instructions
Merged-In: Idaf9e32a163b25e51bde35d6f5ea10a372b5d916
Change-Id: Idaf9e32a163b25e51bde35d6f5ea10a372b5d916
(cherry picked from commit 92c3e26338637a7ddac54988187c89fb0fe49430)

Add minimum size check for ImageGrid atom

bug: 73927042
Change-Id: I25dc3aeabe95bd907a418b12b2d06f3691cb1b42
(cherry picked from commit ef75163eb891b5259c0f5c2fc20fca2a5a47b7b7)

Sanitize effect descriptors for AudioPolicyService binder calls.

Zero initialize structs before parcel read, if status is not checked.
Sanitize parcel read audio_port_config.

Test: Audio CTS, See bug for POC
Bug: 73126106
Merged-in: Iece43eb463385927e6babcf93654eea8aaebc29c
Change-Id: Iece43eb463385927e6babcf93654eea8aaebc29c
(cherry picked from commit 498bdcc90bc470a79bf8943cbac64502f7c1c091)

Add check preventing div0 issue

There might be a scenario while period is zero or after including
precision would be zero, prevent from division in that case and
return false (to use previously used period).

Bug: 73898703
bug: 74067957
Test: run playback as stability test

Change-Id: I3fad1060b095b7b5ea4c1f9cb3f9d42a4c503560
(cherry picked from commit 27e47ce3c3bbc0b4dc629163de7ebbba7e80b149)

Init gain config to prevent uninit leak.

In AudioPortConfig, we only initialize index for audio_gain_config, but
not other fields. That may cause uninit leak at listAudioPorts and
listAudioPatches.

Bug: 77238250
Bug: 77238762
Test: try repo steps at the bug description.
Change-Id: I57e3bd0598f9aa698a6fa3d3c0218b046de34e2f
(cherry picked from commit ebe0777edcf3b9c6bde9771d65399e2363dc6e40)

Merge cherrypicks of [4691111, 4689862, 4690575, 4690576, 4690577, 4690578, 4689866, 4689868, 4689869, 4689870, 4691132, 4689456, 4689963, 4691133, 4691134, 4691156, 4691157, 4691159, 4691161, 4690581, 4689964, 4689460, 4691112, 4690582, 4690583, 4691165, 4691166, 4691167, 4691168, 4691169, 4691170, 4691211, 4691212, 4691213, 4691214, 4691215, 4691216, 4691217, 4691218, 4691219, 4691232, 4691233, 4691234, 4691235, 4691236, 4691237, 4691238, 4691239, 4691240, 4691241, 4691243, 4691245, 4691247, 4691249, 4691250, 4691291, 4691292, 4691293, 4691294, 4691295, 4691296, 4691255, 4689476, 4689477, 4689478, 4691223, 4691224, 4691136, 4689479, 4689480, 4691137, 4691225, 4691226, 4691227, 4691371, 4691228, 4691328, 4689967, 4691138, 4691139, 4691140, 4691433, 4689968, 4689969, 4691395, 4691230, 4691297, 4691298, 4691299, 4691300, 4691396, 4691397, 4691398, 4691399, 4691400, 4691401, 4691402, 4691403, 4691404, 4691405, 4691406, 4691407, 4691408, 4691409, 4691410, 4691471, 4691472, 4691473, 4691474, 4691475, 4691476, 4691477, 4691478, 4691479, 4691480, 4691481, 4691482, 4691483, 4691484, 4691485, 4691486, 4691487, 4691488, 4691143, 4691144, 4691511, 4691113, 4689482, 4691533, 4691145, 4691146, 4691147, 4691148, 4691536] into sparse-4732991-L01200000196794104

Change-Id: I066b69b810f0a1acd43176472ac2a3f87c429873