summaryrefslogtreecommitdiffstats
path: root/media
Commit message (Collapse)AuthorAgeFilesLines
* Fix potential overflow in Visualizer effectrago2016-09-271-0/+9
| | | | | | | Bug: 30229821 Change-Id: Idd3c1563dc9d3261e6e168e945005bf133ab2cdb (cherry picked from commit 099ab280775946e7c36c73fde47f2ee5a2579f53) (cherry picked from commit 46dc714d523a41a4f886eecbe5b9947a4c900510)
* IOMX: work against metadata buffer spoofingLajos Molnar2016-09-276-39/+194
| | | | | | | | | | | | | | | | - Prohibit direct set/getParam/Settings for extensions meant for OMXNodeInstance alone. This disallows enabling metadata mode without the knowledge of OMXNodeInstance. - Do not share metadata mode buffers cross process. - Disallow setting up metadata mode/tunneling/input surface after first sendCommand. - Disallow store-meta for input cross process. - Disallow emptyBuffer for surface input (via IOMX). - Fix checking for input surface. Bug: 29422020 Change-Id: I801c77b80e703903f62e42d76fd2e76a34e4bc8e (cherry picked from commit f8a4cb410115045278f534e54b41ac78d6bf6c07)
* MediaPlayerService: allow next player to be NULLWei Jia2016-08-301-1/+1
| | | | | | | Bug: 31155917 Bug: 30204103 Change-Id: I9a2a59ddb900fc942e7c19b31b53a110d790474c (cherry picked from commit 282841278723166e74039329ca56e444ad472daf)
* Fix build breakage caused by commitPawin Vongmasa2016-08-251-2/+2
| | | | | | | 940829f69b52d6038db66a9c727534636ecc456d. Change-Id: I4776db4a26fb3c31bb994d48788373fe569c812a (cherry picked from commit baa9146401e28c5acf54dea21ddd197f0d3a8fcd)
* MediaPlayerService: avoid invalid static castRobert Shih2016-08-252-0/+11
| | | | | | Bug: 30204103 Change-Id: Ie0dd3568a375f1e9fed8615ad3d85184bcc99028 (cherry picked from commit ee0a0e39acdcf8f97e0d6945c31ff36a06a36e9d)
* better validation lengths of strings in ID3 tagsRay Essick2016-08-251-15/+42
| | | | | | | | | | | | | Validate lengths on strings in ID3 tags, particularly around 0. Also added code to handle cases when we can't get memory for copies of strings we want to extract from these tags. Affects L/M/N/master, same patch for all of them. Bug: 30744884 Change-Id: I2675a817a39f0927ec1f7e9f9c09f2e61020311e Test: play mp3 file which caused a <0 length. (cherry picked from commit d23c01546c4f82840a01a380def76ab6cae5d43f)
* SoftMPEG4: Check the buffer size before writing the reference frame.Pawin Vongmasa2016-08-252-2/+24
| | | | | | | | Also prevent overflow in SoftMPEG4 and division by zero in SoftMPEG4Encoder. Bug: 30033990 Change-Id: I7701f5fc54c2670587d122330e5dc851f64ed3c2 (cherry picked from commit 695123195034402ca76169b195069c28c30342d3)
* DO NOT MERGE - stagefright: fix integer overflow errorWonsik Kim2016-08-011-14/+15
| | | | | | Bug: 30103394 Change-Id: If449d3e30a0bf2ebea5317f41813bfed094f7408 (cherry picked from commit 2c74a3cd5d1d66b9a35424b9c4443dafa6db5bef)
* omx: prevent input port enable/disable for software codecsWonsik Kim2016-07-211-0/+7
| | | | | Bug: 29421804 Change-Id: Iba1011e9af942a6dff7f659af769a51e3f5ba66f
* Fix buildRobert Shih2016-07-211-1/+1
| | | | Change-Id: I48ba34b3df9c9a896d4b18c3f48e41744b7dab54
* Fix buildRobert Shih2016-07-211-1/+1
| | | | Change-Id: I96a9c437eec53a285ac96794cc1ad0c8954b27e0
* Add bound checks to utf16_to_utf8Sergio Giro2016-07-211-1/+2
| | | | | | Bug: 29250543 Change-Id: I3518416e89ed901021970958fb6005fd69129f7c (cherry picked from commit 1d3f4278b2666d1a145af2f54782c993aa07d1d9)
* fix buildLajos Molnar2016-07-211-1/+2
| | | | Change-Id: I9bb8c659d3fc97a8e748451d82d0f3448faa242b
* SoftVPX: fix nFilledLen overflowRobert Shih2016-07-212-3/+20
| | | | | Bug: 29421675 Change-Id: I25d4cf54a5df22c2130c37e95c7c7f75063111f3
* OMXCodec: check IMemory::pointer() before using allocationRobert Shih2016-07-211-1/+3
| | | | | Bug: 29421811 Change-Id: I0a73ba12bae4122f1d89fc92e5ea4f6a96cd1ed1
* Fix corruption via buffer overflow in mediaserverRay Essick2016-07-211-5/+9
| | | | | | | | | | change unbound sprintf() to snprintf() so network-provided values can't overflow the buffers. Applicable to all K/L/M/N branches. Bug: 25747670 Change-Id: Id6a5120c2d08a6fbbd47deffb680ecf82015f4f6
* DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassembleWonsik Kim2016-07-211-9/+19
| | | | | | | | Additionally, remove use of variable length array which is non-standard in C++. Bug: 29161888 Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
* SoftMP3: memset safelyRobert Shih2016-07-212-4/+19
| | | | | Bug: 29422022 Change-Id: I70c9e33269d16bf8c163815706ac24e18e34fe97
* Impose a size bound for dynamically allocated tables in stbl.Pawin Vongmasa2016-07-202-26/+133
| | | | | | | | | | Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss boxes. Also change mTimeToSample from Vector to array. Bug: 29367429 Change-Id: I953bea9fe0590268cf27376740f582dc88563d42 Merge conflict resolution of ag/1170200 to mnc-mr2-release
* DO NOT MERGE: Camera: Adjust pointers to ANW buffers to avoid infoleakEino-Ville Talvala2016-06-231-0/+29
| | | | | | | | Subtract address of a random static object from pointers being routed through app process. Bug: 28466701 Change-Id: Idcbfe81e9507433769672f3dc6d67db5eeed4e04
* DO NOT MERGE omx: check buffer port before usingWonsik Kim2016-06-232-20/+55
| | | | | Bug: 28816827 Change-Id: I3d5bad4a1ef96dec544b05bb31cc6f7109aae0a5
* SoftHEVC: Exit gracefully in case of decoder errorsHarish Mahendrakar2016-06-231-0/+22
| | | | | | | | Exit for error in allocation and unsupported resolutions Bug: 28816956 Change-Id: Ieb830bedeb3a7431d1d21a024927df630f7eda1e
* Don't use sp<>&Marco Nelissen2016-06-233-5/+5
| | | | | | | because they may end up pointing to NULL after a NULL check was performed. Bug: 28166152 Change-Id: Iab2ea30395b620628cc6f3d067dd4f6fcda824fe
* SoftAAC2: fix crash on all-zero adts bufferMarco Nelissen2016-06-231-6/+9
| | | | | Bug: 29153599 Change-Id: I1cb81c054098b86cf24f024f8479909ca7bc85a6
* Fix potential overflowMarco Nelissen2016-06-231-0/+8
| | | | | Bug: 28533562 Change-Id: I798ab24caa4c81f3ba564cad7c9ee019284fb702
* Resolve a merge issue between lmp and lmp-mr1+Dave Weinstein2016-06-141-1/+1
| | | | | | Change-Id: I336cb003fb7f50fd7d95c30ca47e45530a7ad503 (cherry picked from commit 33f6da1092834f1e4be199cfa3b6310d66b521c0) (cherry picked from commit bb3a0338b58fafb01ac5b34efc450b80747e71e4)
* MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as ↵Wei Jia2016-05-273-14/+33
| | | | | | | | | | | | | | | track. GenericSource: return error when no track exists. SampleIterator: make sure mSamplesPerChunk is not zero before using it as divisor. Bug: 21657957 Bug: 23705695 Bug: 22802344 Bug: 28799341 Change-Id: I7664992ade90b935d3f255dcd43ecc2898f30b04 (cherry picked from commit 0386c91b8a910a134e5898ffa924c1b6c7560b13)
* limit mediaserver memoryMarco Nelissen2016-05-275-0/+117
| | | | | | | | | | Limit mediaserver using rlimit, to prevent it from bringing down the system via the low memory killer. Default max is 65% of total RAM, but can be customized via system property. Bug: 28471206 Bug: 28615448 Change-Id: Ic84137435d1ef0a6883e9789a4b4f399e4283f05
* Check malloc result to avoid NPDMarco Nelissen2016-05-271-0/+18
| | | | | Bug: 28471206 Change-Id: Id5d055d76893d6f53a2e524ff5f282d1ddca3345
* Fix security vulnerability in libstagefrightJeff Tinker2016-05-271-1/+11
| | | | | bug: 28175045 Change-Id: Icee6c7eb5b761da4aa3e412fb71825508d74d38f
* h264bsdActivateParamSets: Prevent multiplication overflow.Pawin Vongmasa2016-05-271-3/+21
| | | | | | | | Report MEMORY_ALLOCATION_ERROR if pStorage->picSizeInMbs would exceed UINT32_MAX bytes. Bug: 28532266 Change-Id: Ia6f11efb18818afcdb5fa2a38a14f2a2d8c8447a
* Clear unused pointer field when sending across binderMarco Nelissen2016-05-271-0/+1
| | | | | Bug: 28377502 Change-Id: Iad5ebfb0a9ef89f09755bb332579dbd3534f9c98
* Check section size when verifying CRCMarco Nelissen2016-05-271-0/+7
| | | | | Bug: 28333006 Change-Id: Ief7a2da848face78f0edde21e2f2009316076679
* SampleTable.cpp: Fixed a regression caused by a fix for bugPawin Vongmasa2016-04-212-2/+6
| | | | | | | | | | | | | | | 28076789. Detail: Before the original fix (Id207f369ab7b27787d83f5d8fc48dc53ed9fcdc9) for 28076789, the code allowed a time-to-sample table size to be 0. The change made in that fix disallowed such situation, which in fact should be allowed. This current patch allows it again while maintaining the security of the previous fix. Bug: 28288202 Bug: 28076789 Change-Id: I1c9a60c7f0cfcbd3d908f24998dde15d5136a295
* Resolve merge conflict when cp'ing ag/931301 to mnc-mr1-releaseZach Jang2016-04-212-18/+22
| | | | Change-Id: I079d1db2d30d126f8aed348bd62451acf741037d
* h264dec: check for overflows when calculating allocation size.Marco Nelissen2016-04-217-14/+30
| | | | | Bug: 27855419 Change-Id: Idabedca52913ec31ea5cb6a6109ab94e3fb2badd
* codecs: check OMX buffer size before use in (avc|hevc|mpeg2)decWonsik Kim2016-04-216-33/+62
| | | | | | Bug: 27833616 Change-Id: Ic4045a3f56f53b08d0b1264b2a91b8f43e91b738 (cherry picked from commit 87fdee0bc9e3ac4d2a88ef0a8e150cfdf08c161d)
* codecs: check OMX buffer size before use in (gsm|g711)decWonsik Kim2016-04-212-0/+17
| | | | | | Bug: 27793163 Bug: 27793367 Change-Id: Iec3de8a237ee2379d87a8371c13e543878c6652c
* AudioSource: initialize variablesMarco Nelissen2016-04-211-0/+4
| | | | | | | to prevent info leak Bug: 27855172 Change-Id: I3d33e0a9cc5cf8a758d7b0794590b09c43a24561
* Check mp3 output buffer sizeMarco Nelissen2016-04-211-0/+8
| | | | | Bug: 27793371 Change-Id: I0fe40a4cfd0a5b488f93d3f3ba6f9495235926ac
* codecs: check OMX buffer size before use in (h263|h264)decWonsik Kim2016-04-213-7/+31
| | | | | Bug: 27833616 Change-Id: I0fd599b3da431425d89236ffdd9df423c11947c0
* DO NOT MERGE codecs: check OMX buffer size before use in (vorbis|opus)decWonsik Kim2016-04-212-2/+18
| | | | | Bug: 27833616 Change-Id: I1ccdd16a00741da072527a6d13e87fd7c7fe8c54
* Fix OMX_IndexParamConsumerUsageBits size checkMarco Nelissen2016-04-211-3/+4
| | | | | Bug: 27207275 Change-Id: I9a7c9fb22a0e84a490ff09c151bd2f88141fdbc0
* Fix size check for OMX_IndexParamConsumerUsageBitsMarco Nelissen2016-04-212-46/+6
| | | | | | | | since it doesn't follow the OMX convention. And remove support for the kClientNeedsFrameBuffer flag. Bug: 27207275 Change-Id: Ia2c119e2456ebf9e2f4e1de5104ef9032a212255
* Fix initialization of AAC presentation structMarco Nelissen2016-04-211-0/+1
| | | | | | | Otherwise the new size checks trip on this. Bug: 27207275 Change-Id: I1f8f01097e3a88ff041b69279a6121be842f1766
* DO NOT MERGE Verify OMX buffer sizes prior to accessMarco Nelissen2016-04-2121-72/+536
| | | | | Bug: 27207275 Change-Id: I4412825d1ee233d993af0a67708bea54304ff62d
* Fix AMR decoderMarco Nelissen2016-03-251-7/+7
| | | | | | | | Previous change caused EOS to be ignored. Bug: 27843673 Related-to-bug: 27662364 Change-Id: Ia148a88abc861a9b393f42bc7cd63d8d3ae349bc
* SoftAMR: check input buffer size to avoid overflow.Wei Jia2016-03-253-15/+25
| | | | | Bug: 27662364 Change-Id: I47380545ea7d85845e141e722b0d84f498d27145
* SoftAMR: check output buffer size to avoid overflow.Wei Jia2016-03-251-0/+18
| | | | | Bug: 27662364 Change-Id: I7b26892c41d6f2e690e77478ab855c2fed1ff6b0
* codecs: check OMX buffer size before use in VP8 encoder.Wonsik Kim2016-03-251-6/+22
| | | | | Bug: 27569635 Change-Id: I469573f40e21dc9f4c200749d4f220e3a2d31761
generated by cgit v1.1 at 2024-05-02 02:49:58 +0000