| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
several points in stagefrights mp3 album art code
used strlen() to parse user-supplied strings that may be
unterminated, resulting in reading beyond the end of a buffer.
This changes the code to use strnlen() for 8-bit encodings and
strengthens the parsing of 16-bit encodings similarly. It also
reworks how we watch for the end-of-buffer to avoid all over-reads.
Bug: 32377688
Test: crafted mp3's w/ good/bad cover art. See what showed in play music
Change-Id: Ia9f526d71b21ef6a61acacf616b573753cd21df6
(cherry picked from commit fa0806b594e98f1aed3ebcfc6a801b4c0056f9eb)
(cherry picked from commit 7a3246b870ddd11861eda2ab458b11d723c7f62c)
|
|\
| |
| |
| |
| |
| | |
Android 6.0.1 Release 72 (M4B30X)
Change-Id: I617426a3fbf7a8d013c5be838ad4c80a00b61a5f
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Validate lengths on strings in ID3 tags, particularly around 0.
Also added code to handle cases when we can't get memory for
copies of strings we want to extract from these tags.
Affects L/M/N/master, same patch for all of them.
Bug: 30744884
Change-Id: I2675a817a39f0927ec1f7e9f9c09f2e61020311e
Test: play mp3 file which caused a <0 length.
(cherry picked from commit d23c01546c4f82840a01a380def76ab6cae5d43f)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If mFrameSize is less than or equal to getHeaderLength(), an integer underflow
will occur. This typically leads to a crash reading out of bounds in the
following code. Prevent this from happening by validating mFrameSize.
Also add NULL checks after references to ID3::Iterator::getData.
Bug: 23285887
Change-Id: I35eeda3c5349ebbd9ffb3ea49b79af6a940d1395
|
|\ \
| |/
| |
| |
| |
| | |
Android 6.0.0 release 26
Change-Id: I8a57007bf6efcd8b95c3cebf5e0444345bdd4cda
|
| |
| |
| |
| |
| | |
Bug: 24623447
Change-Id: Ifbc74454d6e28ad7136efe35ab638a07e46398b1
|
|/
|
|
|
|
|
|
| |
Specific clip contains corrupt ID3v2 header where size field is zero. This
corner case isn't handled properly and leads to crash.
Change-Id: Ic7e97b9de84b0cb3ce3716db95ab05f8f0db336f
CRs-Fixed: 815025
|
|\
| |
| |
| |
| | |
* commit 'fa11fd5bb2e9c5e00f7fecbbe76c279193182cee':
Prevent integer issues in ID3::Iterator::findFrame
|
| |\
| | |
| | |
| | | |
Change-Id: I6c1369f05bbeb83e2152b8dae35f7a53328f7239
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
ID3::Iterator::findFrame" into klp-dev
* commit 'eecc406f462ef2b3a73cd6bf3c05f7cb45382276':
Prevent integer issues in ID3::Iterator::findFrame
|
| | | |\
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
klp-dev
* commit '3b42241aab5855964d1bd60268ae21c2d9cc6065':
Prevent integer issues in ID3::Iterator::findFrame
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Integer overflows could occur a few places within findFrame. These can lead to
out-of-bounds reads and potentially infinite loops. Ensure that arithmetic does
not wrap around to prevent these behaviors.
Bug: 23285192
Change-Id: I72a61df7d5719d1d3f2bd0b37fba86f0f4bbedee
|
|\ \ \ \ \
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
a2a68264: am c37f7f6f: Fix for memory corruption in ID3::removeUnsynchronizationV2_4(). Bug: 23227354
* commit '0cc0d158694b20f210ba4ad41fe4adc5bda57402':
Fix for memory corruption in ID3::removeUnsynchronizationV2_4(). Bug: 23227354
|
| |\ \ \ \
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
c37f7f6f: Fix for memory corruption in ID3::removeUnsynchronizationV2_4(). Bug: 23227354
* commit '06682f94d84f97df0d826f9b15d4c2e861ba4045':
Fix for memory corruption in ID3::removeUnsynchronizationV2_4(). Bug: 23227354
|
| | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
ID3::removeUnsynchronizationV2_4(). Bug: 23227354
* commit 'a2a6826494dec4a8fab6bd6828828fae886e516a':
Fix for memory corruption in ID3::removeUnsynchronizationV2_4(). Bug: 23227354
|
| | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
ID3::removeUnsynchronizationV2_4(). Bug: 23227354
* commit 'c37f7f6fa0cb7f55cdc5b2d4ccbf2c87c3bc6c3b':
Fix for memory corruption in ID3::removeUnsynchronizationV2_4(). Bug: 23227354
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 23227354
Change-Id: Iaa36cfda4fd84ca7e039f56086fd61b4118020db
(cherry picked from commit 77e23413a539df16503e356bd4df4a952f3abc47)
|
| |\ \ \ \
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
1a09d352: Merge "libstagefright: check remaining data size before parsing it." into klp-dev
* commit 'f153ecd2c1b503a404bbb7d1db0fcc19b7bcda0e':
libstagefright: check remaining data size before parsing it.
|
| | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
before parsing it." into klp-dev
* commit '431312997856ce689e683ee0639cf1f4bedab7f0':
libstagefright: check remaining data size before parsing it.
|
| | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
it." into klp-dev
* commit '1a09d3521e8849dcb1090ecb50393f6e9ee140ec':
libstagefright: check remaining data size before parsing it.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 23248776
Change-Id: I45cf53e58e4375afcf260b122264c968ec0ff6c8
(cherry picked from commit 3bf1e0fdf27e1188b8d3574ed073595b8eacb114)
|
| |\ \ \ \
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
f51115bd: libstagefright: fix possible overflow in ID3.
* commit 'f66b81e7c05f62105e7a8deefeaf395b28cb4bb3':
libstagefright: fix possible overflow in ID3.
|
| | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | | |
* commit '4e86a483a12b0139a8babf4754e5de340eaccd40':
libstagefright: fix possible overflow in ID3.
|
| | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | | |
* commit 'f51115bd8e44c2779b74477277c6f6046916e7cf':
libstagefright: fix possible overflow in ID3.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 23129786
Change-Id: I2e6b7a6927aa4362ab49dd6824bbb1abf7b4e661
(cherry picked from commit 09da86913ca97d7a818a8917b6601527e5e18a24)
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 23248776
Change-Id: I45cf53e58e4375afcf260b122264c968ec0ff6c8
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 23129786
Change-Id: I2e6b7a6927aa4362ab49dd6824bbb1abf7b4e661
|
|\ \ \ \ \
| |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
d6ea7f65: am f26400c9: Fix crash on malformed id3
* commit '48192b84db39879e7d83a2f4e7023048fb81ee8e':
Fix crash on malformed id3
|
| |\ \ \ \
| | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
f26400c9: Fix crash on malformed id3
* commit '0625841daae5bb1351034909ce705aab517eea2d':
Fix crash on malformed id3
|
| | |\ \ \
| | | |/ /
| | | | |
| | | | |
| | | | | |
* commit 'd6ea7f65dd31d5dacf497cc3c494d4fa3910f7c3':
Fix crash on malformed id3
|
| | | |\ \
| | | | |/
| | | | |
| | | | |
| | | | | |
* commit 'f26400c9d01a0e2f71690d5ebc644270f098d590':
Fix crash on malformed id3
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 22954006
Change-Id: I488cb1e2c69fc7043b6040481b30fa866000515d
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Bug: 18872896
Change-Id: I953f58f35a76590701234d5707e060499acfc069
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I9b1ad60fbfb866dbf9c00843e06553c3eb25c113
|
| | | | |
| | | | |
| | | | |
| | | | | |
Change-Id: I81f438ae444f04c12ae27ae4ef6d073033de172c
|
|/ / / /
| | | |
| | | |
| | | |
| | | | |
Bug: 18872896
Change-Id: I953f58f35a76590701234d5707e060499acfc069
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | | |
For build-system CFLAGS clean-up, remove unused functions and
variables.
Change-Id: Ic3dee56b589ea9a693efa1d72ba394036efff168
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
%lld -> %" PRId64 " for int64_t
%d -> %zu for size_t
Also fixes some casts from void* to integer types, and some comparisons
between signed and unsigned.
Change-Id: I9c52f76240e39399da252c66459042a6fc626a90
|
|\ \ \
| | | |
| | | |
| | | | |
Change-Id: I254d456e8cb6c580dd77d602b391bed09110454e
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: I88d5fcfc005a2c2acd0246cdd9c08b6c00b6c39b
Signed-off-by: Glenn Kasten <gkasten@android.com>
|
|\ \ \ \
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | | |
libstagefright/ subdirectories"
* commit '098b28fc88b3d96eada2f9db318d9c38c70cf674':
More precise 32-bit only for libstagefright/ subdirectories
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ie4e8f9ccd834b902287d3452cc9fa739809ddb68
|
| | | |
| | | |
| | | |
| | | | |
Change-Id: Ie3bae3f037730e316d7fca12e7a3527973f752ef
|
|\ \ \ \
| |/ / /
| | | |
| | | | |
Change-Id: I7b1cc71057b2bd4f771e7bcf508a8c3abd6017ce
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Contains the necessary changes to make frameworks/av build and work
on a 64-bit machine.
Signed-off-by: Craig Barber <craig.barber@arm.com>
Signed-off-by: Kévin PETIT <kevin.petit@arm.com>
Signed-off-by: Ashok Bhat <ashok.bhat@arm.com>
Signed-off-by: Marcus Oakland <marcus.oakland@arm.com>
Change-Id: I725feaae50ed8eee25ca2c947cf15aee1f395c43
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
data in 3gp files"
* commit '6146f60c87a8a9c66036325c66dea826d2e98f6f':
Added support for ID3v2 meta data in 3gp files
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Added support for parsing ID3v2 meta data from
the ID32 chunk in 3gp files. The priority will be
3gpp -> ID3v2 -> iTunes per field.
Change-Id: I0282ecab58e3e5fa6bd738078d562c8bb8ce00ed
|
|/
|
|
|
|
|
|
|
|
| |
Id3 tags are supposed to be ISO-8859-1 or unicode, but often aren't.
To better detect the real encoding we now use ICU to detect possible
encodings for a given byte sequence, then apply additional heuristics
to determine the most likely one.
b/5564857
Change-Id: I53bc83b006433da5c2f2ccfcd770ddb3a26b64d0
|
|
|
|
|
|
|
|
|
|
| |
Instead of doing many overlapping memmoves, do a single copy pass
that skips over the inserted unsynchronization bytes. For some
files this reduces parsing time from minutes to milliseconds.
b/9463262
Change-Id: I735b7051e77a093d86fb7a3e46209875946225ed
|
|
|
|
|
|
| |
and more.
Change-Id: Icfc45a0100243b2f7a14a9e65696be45b67d6495
|