summaryrefslogtreecommitdiffstats
path: root/media/libstagefright
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'cm-13.0' of https://github.com/LineageOS/android_frameworks_av ↵HEADreplicant-6.0-0001replicant-6.0Wolfgang Wiedmeyer2017-05-023-14/+26
|\ | | | | | | into replicant-6.0
| * resolve merge conflicts of 79cf158c51 to mnc-devMarco Nelissen2017-04-051-4/+10
| | | | | | | | | | | | | | | | | | | | AOSP-Change-Id: Ied32e83215e386c801c02991a0b2fa4baa25b643 CVE-2017-0558 (cherry picked from commit 50358a80b1724f6cf1bcdf003e1abf9cc141b122) Change-Id: Ic2e40c7d6aec8427444a1fd145726e490e994d08
| * avc_utils: skip empty NALs from malformed bistreamsRobert Shih2017-03-221-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid a CHECK and make it the decoder's repsonsibility to handle a malformed bistream gracefully. Bug: 34509901 Bug: 33137046 Test: StagefrightTest#testStagefright_bug_27855419_CVE_2016_2463 CVE-2017-0483 Change-Id: I2d94f8da63d65a86a9c711c45546e4c695e0f3b4 (cherry picked from commit 91fe76a157847825601b8f7a627efd1c9cbadcae) (cherry picked from commit 5cabe32a59f9be1e913b6a07a23d4cfa55e3fb2f)
| * Don't initialize sync sample parameters until the endMarco Nelissen2017-03-221-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | to avoid leaving them in a partially initialized state. Bug: 33137046 Test: ran CTS tests CVE-2017-0483 Change-Id: I1f5c070233c5917d85da9e930e01a3fc51a0a0ec (cherry picked from commit a9660fe122ca382e1777e0c5d3c42ca67ffb0377) (cherry picked from commit bc62c086e9ba7530723dc8874b83159f4d77d976)
* | Merge branch 'cm-13.0' of https://github.com/LineageOS/android_frameworks_av ↵Wolfgang Wiedmeyer2017-02-113-29/+60
|\ \ | |/ | | | | into replicant-6.0
| * IOMX: convert ANWB to Gralloc meta if using useBuffer in the same processLajos Molnar2017-02-031-3/+5
| | | | | | | | | | | | | | | | This was disabled by a previous commit. Bug: 32436178 Change-Id: I9f9c6a372a039226d61f3651be3af207fed63e60 (cherry picked from commit 4fb1e42a16e77d7abf1d84bedbc20f901af26524)
| * stagefright: remove allottedSize equality check in IOMX::useBufferLajos Molnar2017-02-031-7/+0
| | | | | | | | | | | | | | | | | | This was meant for buffers shared cross-process, but we are not gaining anything from this check even if it was at the correct place. Bug: 32436178 Change-Id: I6919e8ac6e35092273e171f49f6711ba577ba2e6 (cherry picked from commit 58388aa7be1c6963eb4b8464d46938ba9b0a04b0)
| * Make VBRISeeker more robustMarco Nelissen2017-01-131-2/+16
| | | | | | | | | | | | | | Bug: 32577290 Change-Id: I9bcc9422ae7dd3ae4a38df330c9dcd7ac4941ec8 (cherry picked from commit 7fdd36418e945cf6a500018632dfb0ed8cb1a343) (cherry picked from commit 453b351ac5bd2b6619925dc966da60adf6b3126c)
| * DO NOT MERGE: defensive parsing of mp3 album art informationRay Essick2017-01-131-17/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | several points in stagefrights mp3 album art code used strlen() to parse user-supplied strings that may be unterminated, resulting in reading beyond the end of a buffer. This changes the code to use strnlen() for 8-bit encodings and strengthens the parsing of 16-bit encodings similarly. It also reworks how we watch for the end-of-buffer to avoid all over-reads. Bug: 32377688 Test: crafted mp3's w/ good/bad cover art. See what showed in play music Change-Id: Ia9f526d71b21ef6a61acacf616b573753cd21df6 (cherry picked from commit fa0806b594e98f1aed3ebcfc6a801b4c0056f9eb) (cherry picked from commit 7a3246b870ddd11861eda2ab458b11d723c7f62c)
* | Merge branch 'cm-13.0' of ↵Wolfgang Wiedmeyer2016-12-131-5/+18
|\ \ | |/ | | | | https://github.com/CyanogenMod/android_frameworks_av into replicant-6.0
| * DO NOT MERGE Fix divide by zeroMarco Nelissen2016-12-121-5/+18
| | | | | | | | | | | | | | | | | | | | and be stricter about the layout of various boxes in mp4 files. CYNGNOS-3312 Bug: 31318219 Change-Id: I50034d5b6b1967ca6e88aabeacf49f26ba3c0d32 (cherry picked from commit 2e211d38a3124849ef46376256d01e69549c422f) (cherry picked from commit d4eb1e1ca163d6ab0eaf0d80ca138f851f87c3d2)
* | Merge branch 'cm-13.0' of ↵Wolfgang Wiedmeyer2016-12-1287-867/+1591
|\ \ | |/ | | | | https://github.com/CyanogenMod/android_frameworks_av into replicant-6.0
| * Merge tag 'android-6.0.1_r74' into HEADJessica Wagantall2016-11-098-39/+217
| |\ | | | | | | | | | | | | | | | | | | | | | CYNGNOS-3303 Android 6.0.1 release 74 Change-Id: I0a14578751f4ecb8d13def26b9ffe5dcba4afd72
| | * stagefright: don't fail MediaCodec.configure if clients use store-meta keyLajos Molnar2016-10-111-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | Even though storing metadata is not supported in MediaCodec.configure and is only meant to be used by Stagefright recorder, don't fail configure. Bug: 31986922 Change-Id: Id9f083be6e857e7a0d8d4a74159be5b8894e28be (cherry picked from commit ae52fd383a43ac239f459078fd003ce8ac2efb55)
| | * IOMX: do not clear buffer if it's allocated by componentChong Zhang2016-09-301-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | The component might depends on their buffers to be initialized in certain ways to work. Don't clear unless we're allocating it. bug: 31586647 Change-Id: Ia0a125797e414998ef0cd8ce03672f5b1e0bbf7a (cherry picked from commit ea76573aa276f51950007217a97903c4fe64f685)
| | * IOMX: allow configuration after going to loaded stateLajos Molnar2016-09-301-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | This was disallowed recently but we still use it as MediaCodcec.stop only goes to loaded state, and does not free component. Bug: 31450460 Change-Id: I72e092e4e55c9f23b1baee3e950d76e84a5ef28d (cherry picked from commit e03b22839d78c841ce0a1a0a1ee1960932188b0b)
| | * IOMX: restrict conversion of ANWB to gralloc source in emptyBufferLajos Molnar2016-09-301-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is only allowed in-process (if backup and codec buffers are connected.) Bug: 29422020 Bug: 31412859 Change-Id: If48e3e0b6f1af99a459fdc3f6f03744bbf0dc375 (cherry picked from commit 087ff38490016f4a0b6a1e717ae8af781d9b750c)
| | * Limit mp4 atom size to something reasonableMarco Nelissen2016-09-271-0/+13
| | | | | | | | | | | | | | | | | | Bug: 28615448 Change-Id: I5916f6839b4a9bbee4388a106e7373bcd4154f5a (cherry picked from commit cb898dca47ac03738db91ddc371207435d2a1526)
| | * SampleIterator: clear members on seekTo errorRobert Shih2016-09-271-3/+4
| | | | | | | | | | | | | | | | | | Bug: 31091777 Change-Id: Iddf99d0011961d0fd3d755e57db4365b6a6a1193 (cherry picked from commit 03237ce0f9584c98ccda76c2474a4ae84c763f5b)
| | * IOMX: work against metadata buffer spoofingLajos Molnar2016-09-275-34/+185
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Prohibit direct set/getParam/Settings for extensions meant for OMXNodeInstance alone. This disallows enabling metadata mode without the knowledge of OMXNodeInstance. - Do not share metadata mode buffers cross process. - Disallow setting up metadata mode/tunneling/input surface after first sendCommand. - Disallow store-meta for input cross process. - Disallow emptyBuffer for surface input (via IOMX). - Fix checking for input surface. Bug: 29422020 Change-Id: I801c77b80e703903f62e42d76fd2e76a34e4bc8e (cherry picked from commit f8a4cb410115045278f534e54b41ac78d6bf6c07)
| | * Fix build breakage caused by commitPawin Vongmasa2016-08-251-2/+2
| | | | | | | | | | | | | | | | | | | | | 940829f69b52d6038db66a9c727534636ecc456d. Change-Id: I4776db4a26fb3c31bb994d48788373fe569c812a (cherry picked from commit baa9146401e28c5acf54dea21ddd197f0d3a8fcd)
| | * better validation lengths of strings in ID3 tagsRay Essick2016-08-251-15/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Validate lengths on strings in ID3 tags, particularly around 0. Also added code to handle cases when we can't get memory for copies of strings we want to extract from these tags. Affects L/M/N/master, same patch for all of them. Bug: 30744884 Change-Id: I2675a817a39f0927ec1f7e9f9c09f2e61020311e Test: play mp3 file which caused a <0 length. (cherry picked from commit d23c01546c4f82840a01a380def76ab6cae5d43f)
| | * SoftMPEG4: Check the buffer size before writing the reference frame.Pawin Vongmasa2016-08-252-2/+24
| | | | | | | | | | | | | | | | | | | | | | | | Also prevent overflow in SoftMPEG4 and division by zero in SoftMPEG4Encoder. Bug: 30033990 Change-Id: I7701f5fc54c2670587d122330e5dc851f64ed3c2 (cherry picked from commit 695123195034402ca76169b195069c28c30342d3)
| * | Allow to use baseline profile for AVC recordingAndreas Blaesius2016-11-082-1/+5
| | | | | | | | | | | | | | | | | | - some encoder seem to crash using higher h264 profiles Change-Id: I2beb881e76519f872e3e99957f8b981eeaa53b56
| * | libstagefright: wfd: don't use intra macroblock refresh mode on omap4Ziyan2016-11-062-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most, if not all OMAP4 Ducatis doesn't support intra macroblock refresh mode, causing the encoder to fail initializing. This patch disables intra macroblock refresh mode for wifi display on omap4. Note: Ideally, the decoder shouldn't fail if intra macroblock refresh mode can't be configured. However, that would trick higher layers into thinking that it's on, because they set that parameter. As of now, this mode seems to only ever be used for wifi display. Change-Id: I9696af8f22db82cc436a351e4d93bf7323588f43
| * | Merge tag 'android-6.0.1_r72' into HEADJessica Wagantall2016-10-063-17/+66
| |\ \ | | | | | | | | | | | | | | | | | | | | Android 6.0.1 Release 72 (M4B30X) Change-Id: I617426a3fbf7a8d013c5be838ad4c80a00b61a5f
| | * | Fix build breakage caused by commitPawin Vongmasa2016-08-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | 940829f69b52d6038db66a9c727534636ecc456d. Change-Id: I4776db4a26fb3c31bb994d48788373fe569c812a (cherry picked from commit baa9146401e28c5acf54dea21ddd197f0d3a8fcd)
| | * | better validation lengths of strings in ID3 tagsRay Essick2016-08-261-15/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Validate lengths on strings in ID3 tags, particularly around 0. Also added code to handle cases when we can't get memory for copies of strings we want to extract from these tags. Affects L/M/N/master, same patch for all of them. Bug: 30744884 Change-Id: I2675a817a39f0927ec1f7e9f9c09f2e61020311e Test: play mp3 file which caused a <0 length. (cherry picked from commit d23c01546c4f82840a01a380def76ab6cae5d43f)
| | * | SoftMPEG4: Check the buffer size before writing the reference frame.Pawin Vongmasa2016-08-262-2/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also prevent overflow in SoftMPEG4 and division by zero in SoftMPEG4Encoder. Bug: 30033990 Change-Id: I7701f5fc54c2670587d122330e5dc851f64ed3c2 (cherry picked from commit 695123195034402ca76169b195069c28c30342d3)
| | * | DO NOT MERGE - stagefright: fix integer overflow errorWonsik Kim2016-08-161-14/+15
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 30103394 Change-Id: If449d3e30a0bf2ebea5317f41813bfed094f7408 (cherry picked from commit 2c74a3cd5d1d66b9a35424b9c4443dafa6db5bef)
| | * | Impose a size bound for dynamically allocated tables in stbl.Pawin Vongmasa2016-08-162-26/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss boxes. Also change mTimeToSample from Vector to array. Bug: 29367429 Change-Id: I953bea9fe0590268cf27376740f582dc88563d42 Merge conflict resolution of ag/1170200 to mnc-mr2-release
| | * | omx: prevent input port enable/disable for software codecsWonsik Kim2016-08-161-0/+7
| | | | | | | | | | | | | | | | | | | | Bug: 29421804 Change-Id: Iba1011e9af942a6dff7f659af769a51e3f5ba66f
| | * | Fix buildRobert Shih2016-08-161-1/+1
| | | | | | | | | | | | | | | | Change-Id: I48ba34b3df9c9a896d4b18c3f48e41744b7dab54
| | * | Fix buildRobert Shih2016-08-161-1/+1
| | | | | | | | | | | | | | | | Change-Id: I96a9c437eec53a285ac96794cc1ad0c8954b27e0
| | * | fix buildLajos Molnar2016-08-161-1/+2
| | | | | | | | | | | | | | | | Change-Id: I9bb8c659d3fc97a8e748451d82d0f3448faa242b
| | * | SoftVPX: fix nFilledLen overflowRobert Shih2016-08-162-3/+20
| | | | | | | | | | | | | | | | | | | | Bug: 29421675 Change-Id: I25d4cf54a5df22c2130c37e95c7c7f75063111f3
| | * | OMXCodec: check IMemory::pointer() before using allocationRobert Shih2016-08-161-1/+3
| | | | | | | | | | | | | | | | | | | | Bug: 29421811 Change-Id: I0a73ba12bae4122f1d89fc92e5ea4f6a96cd1ed1
| | * | Fix corruption via buffer overflow in mediaserverRay Essick2016-08-161-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change unbound sprintf() to snprintf() so network-provided values can't overflow the buffers. Applicable to all K/L/M/N branches. Bug: 25747670 Change-Id: Id6a5120c2d08a6fbbd47deffb680ecf82015f4f6
| | * | DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassembleWonsik Kim2016-08-161-9/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Additionally, remove use of variable length array which is non-standard in C++. Bug: 29161888 Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
| | * | SoftMP3: memset safelyRobert Shih2016-08-162-4/+19
| | | | | | | | | | | | | | | | | | | | Bug: 29422022 Change-Id: I70c9e33269d16bf8c163815706ac24e18e34fe97
| * | | Merge tag 'android-6.0.1_r66' into HEADJessica Wagantall2016-09-0710-61/+222
| |\ \ \ | | | |/ | | |/| | | | | | | | | | | | | Android 6.0.1 release 66 Change-Id: I1d3eb6b66b7482149fe93647c278065fa46dc518
| | * | DO NOT MERGE - stagefright: fix integer overflow errorWonsik Kim2016-08-011-14/+15
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 30103394 Change-Id: If449d3e30a0bf2ebea5317f41813bfed094f7408 (cherry picked from commit 2c74a3cd5d1d66b9a35424b9c4443dafa6db5bef)
| | * | omx: prevent input port enable/disable for software codecsWonsik Kim2016-07-211-0/+7
| | | | | | | | | | | | | | | | | | | | Bug: 29421804 Change-Id: Iba1011e9af942a6dff7f659af769a51e3f5ba66f
| | * | Fix buildRobert Shih2016-07-211-1/+1
| | | | | | | | | | | | | | | | Change-Id: I48ba34b3df9c9a896d4b18c3f48e41744b7dab54
| | * | Fix buildRobert Shih2016-07-211-1/+1
| | | | | | | | | | | | | | | | Change-Id: I96a9c437eec53a285ac96794cc1ad0c8954b27e0
| | * | fix buildLajos Molnar2016-07-211-1/+2
| | | | | | | | | | | | | | | | Change-Id: I9bb8c659d3fc97a8e748451d82d0f3448faa242b
| | * | SoftVPX: fix nFilledLen overflowRobert Shih2016-07-212-3/+20
| | | | | | | | | | | | | | | | | | | | Bug: 29421675 Change-Id: I25d4cf54a5df22c2130c37e95c7c7f75063111f3
| | * | OMXCodec: check IMemory::pointer() before using allocationRobert Shih2016-07-211-1/+3
| | | | | | | | | | | | | | | | | | | | Bug: 29421811 Change-Id: I0a73ba12bae4122f1d89fc92e5ea4f6a96cd1ed1
| | * | Fix corruption via buffer overflow in mediaserverRay Essick2016-07-211-5/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change unbound sprintf() to snprintf() so network-provided values can't overflow the buffers. Applicable to all K/L/M/N branches. Bug: 25747670 Change-Id: Id6a5120c2d08a6fbbd47deffb680ecf82015f4f6
| | * | DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassembleWonsik Kim2016-07-211-9/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Additionally, remove use of variable length array which is non-standard in C++. Bug: 29161888 Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
generated by cgit v1.1 at 2024-04-19 17:57:44 +0000