summaryrefslogtreecommitdiffstats
path: root/media
Commit message (Collapse)AuthorAgeFilesLines
* DO NOT MERGE stagefright: fix possible stack overflow in AVCC reassembleWonsik Kim2016-08-161-9/+19
| | | | | | | | Additionally, remove use of variable length array which is non-standard in C++. Bug: 29161888 Change-Id: Ifdc3e7435f2225214c053b13f3bfe71c7d0ff506
* SoftMP3: memset safelyRobert Shih2016-08-162-4/+19
| | | | | Bug: 29422022 Change-Id: I70c9e33269d16bf8c163815706ac24e18e34fe97
* MPEG4Extractor: ensure kKeyTrackID exists before creating an MPEG4Source as ↵Wei Jia2016-05-273-14/+33
| | | | | | | | | | | | | | | track. GenericSource: return error when no track exists. SampleIterator: make sure mSamplesPerChunk is not zero before using it as divisor. Bug: 21657957 Bug: 23705695 Bug: 22802344 Bug: 28799341 Change-Id: I7664992ade90b935d3f255dcd43ecc2898f30b04 (cherry picked from commit 0386c91b8a910a134e5898ffa924c1b6c7560b13)
* limit mediaserver memoryMarco Nelissen2016-05-275-0/+117
| | | | | | | | | | Limit mediaserver using rlimit, to prevent it from bringing down the system via the low memory killer. Default max is 65% of total RAM, but can be customized via system property. Bug: 28471206 Bug: 28615448 Change-Id: Ic84137435d1ef0a6883e9789a4b4f399e4283f05
* Check malloc result to avoid NPDMarco Nelissen2016-05-271-0/+18
| | | | | Bug: 28471206 Change-Id: Id5d055d76893d6f53a2e524ff5f282d1ddca3345
* Fix security vulnerability in libstagefrightJeff Tinker2016-05-271-1/+11
| | | | | bug: 28175045 Change-Id: Icee6c7eb5b761da4aa3e412fb71825508d74d38f
* h264bsdActivateParamSets: Prevent multiplication overflow.Pawin Vongmasa2016-05-271-3/+21
| | | | | | | | Report MEMORY_ALLOCATION_ERROR if pStorage->picSizeInMbs would exceed UINT32_MAX bytes. Bug: 28532266 Change-Id: Ia6f11efb18818afcdb5fa2a38a14f2a2d8c8447a
* Clear unused pointer field when sending across binderMarco Nelissen2016-05-271-0/+1
| | | | | Bug: 28377502 Change-Id: Iad5ebfb0a9ef89f09755bb332579dbd3534f9c98
* Check section size when verifying CRCMarco Nelissen2016-05-271-0/+7
| | | | | Bug: 28333006 Change-Id: Ief7a2da848face78f0edde21e2f2009316076679
* SampleTable.cpp: Fixed a regression caused by a fix for bugPawin Vongmasa2016-04-212-2/+6
| | | | | | | | | | | | | | | 28076789. Detail: Before the original fix (Id207f369ab7b27787d83f5d8fc48dc53ed9fcdc9) for 28076789, the code allowed a time-to-sample table size to be 0. The change made in that fix disallowed such situation, which in fact should be allowed. This current patch allows it again while maintaining the security of the previous fix. Bug: 28288202 Bug: 28076789 Change-Id: I1c9a60c7f0cfcbd3d908f24998dde15d5136a295
* Resolve merge conflict when cp'ing ag/931301 to mnc-mr1-releaseZach Jang2016-04-212-18/+22
| | | | Change-Id: I079d1db2d30d126f8aed348bd62451acf741037d
* h264dec: check for overflows when calculating allocation size.Marco Nelissen2016-04-217-14/+30
| | | | | Bug: 27855419 Change-Id: Idabedca52913ec31ea5cb6a6109ab94e3fb2badd
* codecs: check OMX buffer size before use in (avc|hevc|mpeg2)decWonsik Kim2016-04-216-33/+62
| | | | | | Bug: 27833616 Change-Id: Ic4045a3f56f53b08d0b1264b2a91b8f43e91b738 (cherry picked from commit 87fdee0bc9e3ac4d2a88ef0a8e150cfdf08c161d)
* codecs: check OMX buffer size before use in (gsm|g711)decWonsik Kim2016-04-212-0/+17
| | | | | | Bug: 27793163 Bug: 27793367 Change-Id: Iec3de8a237ee2379d87a8371c13e543878c6652c
* AudioSource: initialize variablesMarco Nelissen2016-04-211-0/+4
| | | | | | | to prevent info leak Bug: 27855172 Change-Id: I3d33e0a9cc5cf8a758d7b0794590b09c43a24561
* Check mp3 output buffer sizeMarco Nelissen2016-04-211-0/+8
| | | | | Bug: 27793371 Change-Id: I0fe40a4cfd0a5b488f93d3f3ba6f9495235926ac
* codecs: check OMX buffer size before use in (h263|h264)decWonsik Kim2016-04-213-7/+31
| | | | | Bug: 27833616 Change-Id: I0fd599b3da431425d89236ffdd9df423c11947c0
* DO NOT MERGE codecs: check OMX buffer size before use in (vorbis|opus)decWonsik Kim2016-04-212-2/+18
| | | | | Bug: 27833616 Change-Id: I1ccdd16a00741da072527a6d13e87fd7c7fe8c54
* Fix OMX_IndexParamConsumerUsageBits size checkMarco Nelissen2016-04-211-3/+4
| | | | | Bug: 27207275 Change-Id: I9a7c9fb22a0e84a490ff09c151bd2f88141fdbc0
* Fix size check for OMX_IndexParamConsumerUsageBitsMarco Nelissen2016-04-212-46/+6
| | | | | | | | since it doesn't follow the OMX convention. And remove support for the kClientNeedsFrameBuffer flag. Bug: 27207275 Change-Id: Ia2c119e2456ebf9e2f4e1de5104ef9032a212255
* Fix initialization of AAC presentation structMarco Nelissen2016-04-211-0/+1
| | | | | | | Otherwise the new size checks trip on this. Bug: 27207275 Change-Id: I1f8f01097e3a88ff041b69279a6121be842f1766
* DO NOT MERGE Verify OMX buffer sizes prior to accessMarco Nelissen2016-04-2121-72/+536
| | | | | Bug: 27207275 Change-Id: I4412825d1ee233d993af0a67708bea54304ff62d
* Fix AMR decoderMarco Nelissen2016-03-251-7/+7
| | | | | | | | Previous change caused EOS to be ignored. Bug: 27843673 Related-to-bug: 27662364 Change-Id: Ia148a88abc861a9b393f42bc7cd63d8d3ae349bc
* SoftAMR: check input buffer size to avoid overflow.Wei Jia2016-03-253-15/+25
| | | | | Bug: 27662364 Change-Id: I47380545ea7d85845e141e722b0d84f498d27145
* SoftAMR: check output buffer size to avoid overflow.Wei Jia2016-03-251-0/+18
| | | | | Bug: 27662364 Change-Id: I7b26892c41d6f2e690e77478ab855c2fed1ff6b0
* codecs: check OMX buffer size before use in VP8 encoder.Wonsik Kim2016-03-251-6/+22
| | | | | Bug: 27569635 Change-Id: I469573f40e21dc9f4c200749d4f220e3a2d31761
* NuPlayerStreamListener: NULL and bounds check before memcpyRobert Shih2016-03-251-1/+10
| | | | | Bug: 27533704 Change-Id: I992a7709b92b1cbc3114c97bec48a3fc5b22ba6e
* Add VPX output buffer size checkMarco Nelissen2016-03-252-10/+20
| | | | | | | and handle dead observers more gracefully Bug: 27597103 Change-Id: Id7acb25d5ef69b197da15ec200a9e4f9e7b03518
* Get service by value instead of referenceMarco Nelissen2016-02-261-2/+2
| | | | | | | to prevent a cleared service binder from being used. Bug: 26040840 Change-Id: Ifb5483c55b172d3553deb80dbe27f2204b86ecdb
* Also fix out of bounds access for normal readMarco Nelissen2016-02-261-1/+9
| | | | | | | Previous fix accidentally only fixed the fragmented read case. Bug: 27208621 Change-Id: Ie16f1920b84c8aba613842659238fcd5925694ad
* Clear allocation to avoid info leakMarco Nelissen2016-02-261-27/+32
| | | | | Bug: 26914474 Change-Id: Ie1a86e86d78058d041149fe599a4996e7f8185cf
* Fixing safteynet logging bug introduced in ag/862848mspector@google.com2016-02-262-4/+1
| | | | | | We moved the safteynet logging into storeMetaDataInBuffers_l Bug: 26324358 Change-Id: I2171742b53192ebb71d546bcb8970bb3c68f366f
* 3 uninitialized variables in IOMX.cppmspector@google.com2016-02-261-3/+16
| | | | | | | | | | | | Uninitialized MetadataBufferType pointer in case: SET_INPUT_SURFACE STORE_META_DATA_IN_BUFFERS CREATE_INPUT_SURFACE Fix: initialize them to kMetadataBufferTypeInvalid Bug: 26324358 Change-Id: Ib3bcac9bedc98bc65efa39f67cdbffbd90b374c9
* Fix info leak vulnerability of IDrmJeff Tinker2016-02-261-1/+1
| | | | | bug: 26323455 Change-Id: I25bb30d3666ab38d5150496375ed2f55ecb23ba8
* IOMX.cpp uninitialized pointer in BnOMX::onTransactmspector@google.com2016-02-261-3/+5
| | | | | | | | | This can lead to local code execution in media server. Fix initializes the pointer and checks the error conditions before returning Bug: 26403627 Change-Id: I7fa90682060148448dba01d6acbe3471d1ddb500
* Fix out-of-bounds writeMarco Nelissen2016-01-221-1/+9
| | | | | Bug: 26365349 Change-Id: Ia363d9f8c231cf255dea852e0bbf5ca466c7990b
* fix possible overflow in effect wrappers.Eric Laurent2016-01-222-2/+8
| | | | | | | | | | Add checks on parameter size field in effect command handlers to avoid overflow leading to invalid comparison with min allowed size for command and reply buffers. Bug: 26347509. Change-Id: I20e6a9b6de8e5172b957caa1ac9410b9752efa4d (cherry picked from commit ad1bd92a49d78df6bc6e75bee68c517c1326f3cf)
* Fix security vulnerability in ICrypto DO NOT MERGEJeff Tinker2015-12-101-1/+3
| | | | | | b/25800375 Change-Id: I03c9395f7c7de4ac5813a1207452aac57aa39484
* libstagefright: check requested memory size before allocation for ↵Wei Jia2015-12-102-0/+18
| | | | | | | | SoftMPEG4Encoder and SoftVPXEncoder. Bug: 25812794 Change-Id: I96dc74734380d462583f6efa33d09946f9532809 (cherry picked from commit 87f8cbb223ee516803dbb99699320c2484cbf3ba)
* ALooper::awaitResponse gets reply and returns immediately if the looper is ↵Ronghua Wu2015-11-021-16/+4
| | | | | | | stopped. Bug: 25088488 Change-Id: Id33d5d75f1173db52d00f4ff71d4c2c4f27f72f5
* Merge "Workaround for busy wait bug" into mnc-dr-devGlenn Kasten2015-10-221-1/+2
|\
| * Workaround for busy wait bugGlenn Kasten2015-10-221-1/+2
| | | | | | | | | | | | | | Underlying bug 25195759 is not yet fixed. Bug: 24263351 Change-Id: I04b644246640054d38c8de79e0eb80fcbfef0e48
* | Merge "Allow ALooper::awaitResponse to return immediately if the looper is ↵Ronghua Wu2015-10-222-3/+30
|\ \ | | | | | | | | | stopped." into mnc-dr-dev
| * | Allow ALooper::awaitResponse to return immediately if the looper is stopped.Ronghua Wu2015-10-222-3/+30
| |/ | | | | | | | | Bug: 25088488 Change-Id: I63e69886a8e9cffcaad675ca1a5642c0abf3b466
* | Merge "GenericSource: reset mDecryptHandle when mDataSource is cleared." ↵Wei Jia2015-10-221-0/+1
|\ \ | | | | | | | | | into mnc-dr-dev
| * | GenericSource: reset mDecryptHandle when mDataSource is cleared.Wei Jia2015-10-221-0/+1
| | | | | | | | | | | | | | | Bug: 25070434 Change-Id: Ib0eb6a419683a0e686a4f63b82e9300cb1f69484
* | | Merge "Fix offset adjustment when skipping off-spec meta chunk" into mnc-dr-devMarco Nelissen2015-10-221-3/+3
|\ \ \ | |/ / |/| |
| * | Fix offset adjustment when skipping off-spec meta chunkMarco Nelissen2015-10-221-3/+3
| |/ | | | | | | | | Bug: 25172843 Change-Id: Ibbfe4369176f2a367eab5a39fd742f425b017288
* | Merge "GenericSource: reset mDrmManagerClient when mDataSource is cleared." ↵Wei Jia2015-10-211-0/+1
|\ \ | |/ |/| | | into mnc-dr-dev
| * GenericSource: reset mDrmManagerClient when mDataSource is cleared.Wei Jia2015-10-191-0/+1
| | | | | | | | | | Bug: 25070434 Change-Id: Iade3472c496ac42456e42db35e402f7b66416f5b
generated by cgit v1.1 at 2024-05-31 00:25:38 +0000