summaryrefslogtreecommitdiffstats
path: root/media
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'cm-13.0' of https://github.com/LineageOS/android_frameworks_av ↵HEADreplicant-6.0-0001replicant-6.0Wolfgang Wiedmeyer2017-05-026-36/+85
|\ | | | | | | into replicant-6.0
| * resolve merge conflicts of 79cf158c51 to mnc-devMarco Nelissen2017-04-051-4/+10
| | | | | | | | | | | | | | | | | | | | AOSP-Change-Id: Ied32e83215e386c801c02991a0b2fa4baa25b643 CVE-2017-0558 (cherry picked from commit 50358a80b1724f6cf1bcdf003e1abf9cc141b122) Change-Id: Ic2e40c7d6aec8427444a1fd145726e490e994d08
| * Fix overflow check and check read resultMarco Nelissen2017-04-051-8/+10
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 33861560 Test: build AOSP-Change-Id: Ia85519766e19a6e37237166f309750b3e8323c4e CVE-2017-0547 (cherry picked from commit 9667e3eff2d34c3797c3b529370de47b2c1f1bf6) Change-Id: I171aa1c7c4a4a5095ac7041371db14e3a4f3676a
| * EffectBundle: check nb channels to write speaker anglesJean-Michel Trivi2017-04-051-8/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When speaker angles are queried, the size of the array for the returned data is 3x the number of channels (where really it should be max(2, nbChannels)). The code assumed it was at least 3x2 (where 2 is the number of virtual speakers this effect supports) and would thus crash when called for a mono channel mask. Test: see repro steps in bug Bug: 32591350 AOSP-Change-Id: I33d4bff6b2e19a9fc4284a85a446804878d3a410 CVE-2017-0545 Change-Id: Ie4480d9abcfafcd53fca15ab2fd8ef7ecb6fd48d (cherry picked from commit e5a54485e08400a976092cd5b1c6d909d0e1a4ab)
| * avc_utils: skip empty NALs from malformed bistreamsRobert Shih2017-03-221-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid a CHECK and make it the decoder's repsonsibility to handle a malformed bistream gracefully. Bug: 34509901 Bug: 33137046 Test: StagefrightTest#testStagefright_bug_27855419_CVE_2016_2463 CVE-2017-0483 Change-Id: I2d94f8da63d65a86a9c711c45546e4c695e0f3b4 (cherry picked from commit 91fe76a157847825601b8f7a627efd1c9cbadcae) (cherry picked from commit 5cabe32a59f9be1e913b6a07a23d4cfa55e3fb2f)
| * Don't initialize sync sample parameters until the endMarco Nelissen2017-03-221-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | to avoid leaving them in a partially initialized state. Bug: 33137046 Test: ran CTS tests CVE-2017-0483 Change-Id: I1f5c070233c5917d85da9e930e01a3fc51a0a0ec (cherry picked from commit a9660fe122ca382e1777e0c5d3c42ca67ffb0377) (cherry picked from commit bc62c086e9ba7530723dc8874b83159f4d77d976)
| * Fix security vulnerability: potential OOB write in audioserverrago2017-03-132-6/+33
| | | | | | | | | | | | | | | | | | Bug: 32705438 Bug: 32703959 Test: cts security test Change-Id: I8900c92fa55b56c4c2c9d721efdbabe6bfc8a4a4 (cherry picked from commit e275907e576601a3579747c3a842790bacf111e2) (cherry picked from commit b0bcddb44d992e74140a3f5eedc7177977ea8e34)
* | Merge branch 'cm-13.0' of https://github.com/LineageOS/android_frameworks_av ↵Wolfgang Wiedmeyer2017-02-115-46/+118
|\ \ | |/ | | | | into replicant-6.0
| * IOMX: convert ANWB to Gralloc meta if using useBuffer in the same processLajos Molnar2017-02-031-3/+5
| | | | | | | | | | | | | | | | This was disabled by a previous commit. Bug: 32436178 Change-Id: I9f9c6a372a039226d61f3651be3af207fed63e60 (cherry picked from commit 4fb1e42a16e77d7abf1d84bedbc20f901af26524)
| * stagefright: remove allottedSize equality check in IOMX::useBufferLajos Molnar2017-02-031-7/+0
| | | | | | | | | | | | | | | | | | This was meant for buffers shared cross-process, but we are not gaining anything from this check even if it was at the correct place. Bug: 32436178 Change-Id: I6919e8ac6e35092273e171f49f6711ba577ba2e6 (cherry picked from commit 58388aa7be1c6963eb4b8464d46938ba9b0a04b0)
| * Visualizer: Check capture size and latency parametersAndy Hung2017-02-031-11/+32
| | | | | | | | | | | | | | Bug: 31781965 Change-Id: I1c439a0d0f6aa0057b3c651499f28426e1e1f5e4 (cherry picked from commit 9a2732ba0a8d609ab040d2c1ddee28577ead9772) (cherry picked from commit 557bd7bfe6c4895faee09e46fc9b5304a956c8b7)
| * Make VBRISeeker more robustMarco Nelissen2017-01-131-2/+16
| | | | | | | | | | | | | | Bug: 32577290 Change-Id: I9bcc9422ae7dd3ae4a38df330c9dcd7ac4941ec8 (cherry picked from commit 7fdd36418e945cf6a500018632dfb0ed8cb1a343) (cherry picked from commit 453b351ac5bd2b6619925dc966da60adf6b3126c)
| * DO NOT MERGE: defensive parsing of mp3 album art informationRay Essick2017-01-131-17/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | several points in stagefrights mp3 album art code used strlen() to parse user-supplied strings that may be unterminated, resulting in reading beyond the end of a buffer. This changes the code to use strnlen() for 8-bit encodings and strengthens the parsing of 16-bit encodings similarly. It also reworks how we watch for the end-of-buffer to avoid all over-reads. Bug: 32377688 Test: crafted mp3's w/ good/bad cover art. See what showed in play music Change-Id: Ia9f526d71b21ef6a61acacf616b573753cd21df6 (cherry picked from commit fa0806b594e98f1aed3ebcfc6a801b4c0056f9eb) (cherry picked from commit 7a3246b870ddd11861eda2ab458b11d723c7f62c)
| * Fix security vulnerability: Effect command might allow negative indexesrago2017-01-131-6/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 32448258 Bug: 32095626 Test: Use POC bug or cts security test Change-Id: I69f24eac5866f8d9090fc4c0ebe58c2c297b63df (cherry picked from commit 01183402d757f0c28bfd5e3b127b3809dfd67459) (cherry picked from commit 321ea5257e37c8edb26e66fe4ee78cca4cd915fe) Fix security vulnerability: Equalizer command might allow negative indexes Bug: 32247948 Bug: 32438598 Bug: 32436341 Test: use POC on bug or cts security test Change-Id: I91bd6aadb6c7410163e03101f365db767f4cd2a3 (cherry picked from commit 0872b65cff9129633471945431b9a5a28418049c) (cherry picked from commit e981cca9fff3608af22bdf8fc1acef5470e25663) (cherry picked from commit c66c43ad571ed2590dcd55a762c73c90d9744bac)
* | Merge branch 'cm-13.0' of ↵Wolfgang Wiedmeyer2016-12-132-8/+26
|\ \ | |/ | | | | https://github.com/CyanogenMod/android_frameworks_av into replicant-6.0
| * DO NOT MERGE Fix divide by zeroMarco Nelissen2016-12-121-5/+18
| | | | | | | | | | | | | | | | | | | | and be stricter about the layout of various boxes in mp4 files. CYNGNOS-3312 Bug: 31318219 Change-Id: I50034d5b6b1967ca6e88aabeacf49f26ba3c0d32 (cherry picked from commit 2e211d38a3124849ef46376256d01e69549c422f) (cherry picked from commit d4eb1e1ca163d6ab0eaf0d80ca138f851f87c3d2)
| * Fix potential NULL dereference in Visualizer effectrago2016-12-121-3/+8
| | | | | | | | | | | | | | | | | | | | | | CYNGNOS-3312 Bug: 30229821 Test: fixing CL. Existing unit tests still pass. Change-Id: I6e4abd759d5d2abc3b391e92e2e18f060cab7af0 (cherry picked from commit 874f9e0b8eb0cbe508d15c8c03796c863851f21f) (cherry picked from commit 244e7fd2a45b4e7d70d2c2e550181220371b7edf)
* | Merge branch 'cm-13.0' of ↵Wolfgang Wiedmeyer2016-12-12127-1036/+2100
|\ \ | |/ | | | | https://github.com/CyanogenMod/android_frameworks_av into replicant-6.0
| * Merge tag 'android-6.0.1_r74' into HEADJessica Wagantall2016-11-0911-69/+264
| |\ | | | | | | | | | | | | | | | | | | | | | CYNGNOS-3303 Android 6.0.1 release 74 Change-Id: I0a14578751f4ecb8d13def26b9ffe5dcba4afd72
| | * stagefright: don't fail MediaCodec.configure if clients use store-meta keyLajos Molnar2016-10-111-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | Even though storing metadata is not supported in MediaCodec.configure and is only meant to be used by Stagefright recorder, don't fail configure. Bug: 31986922 Change-Id: Id9f083be6e857e7a0d8d4a74159be5b8894e28be (cherry picked from commit ae52fd383a43ac239f459078fd003ce8ac2efb55)
| | * IOMX: do not clear buffer if it's allocated by componentChong Zhang2016-09-301-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | The component might depends on their buffers to be initialized in certain ways to work. Don't clear unless we're allocating it. bug: 31586647 Change-Id: Ia0a125797e414998ef0cd8ce03672f5b1e0bbf7a (cherry picked from commit ea76573aa276f51950007217a97903c4fe64f685)
| | * IOMX: allow configuration after going to loaded stateLajos Molnar2016-09-301-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | This was disallowed recently but we still use it as MediaCodcec.stop only goes to loaded state, and does not free component. Bug: 31450460 Change-Id: I72e092e4e55c9f23b1baee3e950d76e84a5ef28d (cherry picked from commit e03b22839d78c841ce0a1a0a1ee1960932188b0b)
| | * IOMX: restrict conversion of ANWB to gralloc source in emptyBufferLajos Molnar2016-09-301-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is only allowed in-process (if backup and codec buffers are connected.) Bug: 29422020 Bug: 31412859 Change-Id: If48e3e0b6f1af99a459fdc3f6f03744bbf0dc375 (cherry picked from commit 087ff38490016f4a0b6a1e717ae8af781d9b750c)
| | * Limit mp4 atom size to something reasonableMarco Nelissen2016-09-271-0/+13
| | | | | | | | | | | | | | | | | | Bug: 28615448 Change-Id: I5916f6839b4a9bbee4388a106e7373bcd4154f5a (cherry picked from commit cb898dca47ac03738db91ddc371207435d2a1526)
| | * SampleIterator: clear members on seekTo errorRobert Shih2016-09-271-3/+4
| | | | | | | | | | | | | | | | | | Bug: 31091777 Change-Id: Iddf99d0011961d0fd3d755e57db4365b6a6a1193 (cherry picked from commit 03237ce0f9584c98ccda76c2474a4ae84c763f5b)
| | * Check mprotect resultMarco Nelissen2016-09-271-24/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | mprotect can theoretically fail, which could then let one exploit a vulnerable codec if one exists on the device. Bug: 31350239 Change-Id: I7b99c190619f0fb2eb93119596e6da0d2deb8ba5 (cherry picked from commit 866c800c0624bb13eee44973cc8a2ecd0012de6e)
| | * Fix stack content leak vulnerability in mediaserverJeff Tinker2016-09-271-1/+1
| | | | | | | | | | | | | | | | | | bug: 30875060 Change-Id: I03f4d08b7b31ac5b507cfc9e65e5607c73972d95 (cherry picked from commit 9a6861cbd3bb0e1b8fe4c105795256ee032f9664)
| | * Fix potential overflow in Visualizer effectrago2016-09-271-0/+9
| | | | | | | | | | | | | | | | | | | | | Bug: 30229821 Change-Id: Idd3c1563dc9d3261e6e168e945005bf133ab2cdb (cherry picked from commit 099ab280775946e7c36c73fde47f2ee5a2579f53) (cherry picked from commit 46dc714d523a41a4f886eecbe5b9947a4c900510)
| | * IOMX: work against metadata buffer spoofingLajos Molnar2016-09-276-39/+194
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Prohibit direct set/getParam/Settings for extensions meant for OMXNodeInstance alone. This disallows enabling metadata mode without the knowledge of OMXNodeInstance. - Do not share metadata mode buffers cross process. - Disallow setting up metadata mode/tunneling/input surface after first sendCommand. - Disallow store-meta for input cross process. - Disallow emptyBuffer for surface input (via IOMX). - Fix checking for input surface. Bug: 29422020 Change-Id: I801c77b80e703903f62e42d76fd2e76a34e4bc8e (cherry picked from commit f8a4cb410115045278f534e54b41ac78d6bf6c07)
| | * MediaPlayerService: allow next player to be NULLWei Jia2016-08-301-1/+1
| | | | | | | | | | | | | | | | | | | | | Bug: 31155917 Bug: 30204103 Change-Id: I9a2a59ddb900fc942e7c19b31b53a110d790474c (cherry picked from commit 282841278723166e74039329ca56e444ad472daf)
| | * Fix build breakage caused by commitPawin Vongmasa2016-08-251-2/+2
| | | | | | | | | | | | | | | | | | | | | 940829f69b52d6038db66a9c727534636ecc456d. Change-Id: I4776db4a26fb3c31bb994d48788373fe569c812a (cherry picked from commit baa9146401e28c5acf54dea21ddd197f0d3a8fcd)
| | * MediaPlayerService: avoid invalid static castRobert Shih2016-08-252-0/+11
| | | | | | | | | | | | | | | | | | Bug: 30204103 Change-Id: Ie0dd3568a375f1e9fed8615ad3d85184bcc99028 (cherry picked from commit ee0a0e39acdcf8f97e0d6945c31ff36a06a36e9d)
| | * better validation lengths of strings in ID3 tagsRay Essick2016-08-251-15/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Validate lengths on strings in ID3 tags, particularly around 0. Also added code to handle cases when we can't get memory for copies of strings we want to extract from these tags. Affects L/M/N/master, same patch for all of them. Bug: 30744884 Change-Id: I2675a817a39f0927ec1f7e9f9c09f2e61020311e Test: play mp3 file which caused a <0 length. (cherry picked from commit d23c01546c4f82840a01a380def76ab6cae5d43f)
| | * SoftMPEG4: Check the buffer size before writing the reference frame.Pawin Vongmasa2016-08-252-2/+24
| | | | | | | | | | | | | | | | | | | | | | | | Also prevent overflow in SoftMPEG4 and division by zero in SoftMPEG4Encoder. Bug: 30033990 Change-Id: I7701f5fc54c2670587d122330e5dc851f64ed3c2 (cherry picked from commit 695123195034402ca76169b195069c28c30342d3)
| * | Allow to use baseline profile for AVC recordingAndreas Blaesius2016-11-082-1/+5
| | | | | | | | | | | | | | | | | | - some encoder seem to crash using higher h264 profiles Change-Id: I2beb881e76519f872e3e99957f8b981eeaa53b56
| * | libstagefright: wfd: don't use intra macroblock refresh mode on omap4Ziyan2016-11-062-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most, if not all OMAP4 Ducatis doesn't support intra macroblock refresh mode, causing the encoder to fail initializing. This patch disables intra macroblock refresh mode for wifi display on omap4. Note: Ideally, the decoder shouldn't fail if intra macroblock refresh mode can't be configured. However, that would trick higher layers into thinking that it's on, because they set that parameter. As of now, this mode seems to only ever be used for wifi display. Change-Id: I9696af8f22db82cc436a351e4d93bf7323588f43
| * | Merge tag 'android-6.0.1_r72' into HEADJessica Wagantall2016-10-065-17/+77
| |\ \ | | | | | | | | | | | | | | | | | | | | Android 6.0.1 Release 72 (M4B30X) Change-Id: I617426a3fbf7a8d013c5be838ad4c80a00b61a5f
| | * | MediaPlayerService: allow next player to be NULLWei Jia2016-08-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 31155917 Bug: 30204103 Change-Id: I9a2a59ddb900fc942e7c19b31b53a110d790474c (cherry picked from commit 282841278723166e74039329ca56e444ad472daf)
| | * | Fix build breakage caused by commitPawin Vongmasa2016-08-261-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | 940829f69b52d6038db66a9c727534636ecc456d. Change-Id: I4776db4a26fb3c31bb994d48788373fe569c812a (cherry picked from commit baa9146401e28c5acf54dea21ddd197f0d3a8fcd)
| | * | MediaPlayerService: avoid invalid static castRobert Shih2016-08-262-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 30204103 Change-Id: Ie0dd3568a375f1e9fed8615ad3d85184bcc99028 (cherry picked from commit ee0a0e39acdcf8f97e0d6945c31ff36a06a36e9d)
| | * | better validation lengths of strings in ID3 tagsRay Essick2016-08-261-15/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Validate lengths on strings in ID3 tags, particularly around 0. Also added code to handle cases when we can't get memory for copies of strings we want to extract from these tags. Affects L/M/N/master, same patch for all of them. Bug: 30744884 Change-Id: I2675a817a39f0927ec1f7e9f9c09f2e61020311e Test: play mp3 file which caused a <0 length. (cherry picked from commit d23c01546c4f82840a01a380def76ab6cae5d43f)
| | * | SoftMPEG4: Check the buffer size before writing the reference frame.Pawin Vongmasa2016-08-262-2/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also prevent overflow in SoftMPEG4 and division by zero in SoftMPEG4Encoder. Bug: 30033990 Change-Id: I7701f5fc54c2670587d122330e5dc851f64ed3c2 (cherry picked from commit 695123195034402ca76169b195069c28c30342d3)
| | * | DO NOT MERGE - stagefright: fix integer overflow errorWonsik Kim2016-08-161-14/+15
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 30103394 Change-Id: If449d3e30a0bf2ebea5317f41813bfed094f7408 (cherry picked from commit 2c74a3cd5d1d66b9a35424b9c4443dafa6db5bef)
| | * | Impose a size bound for dynamically allocated tables in stbl.Pawin Vongmasa2016-08-162-26/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Impose a restriction of 200MiB for tables in stsc, stts, ctts and stss boxes. Also change mTimeToSample from Vector to array. Bug: 29367429 Change-Id: I953bea9fe0590268cf27376740f582dc88563d42 Merge conflict resolution of ag/1170200 to mnc-mr2-release
| | * | omx: prevent input port enable/disable for software codecsWonsik Kim2016-08-161-0/+7
| | | | | | | | | | | | | | | | | | | | Bug: 29421804 Change-Id: Iba1011e9af942a6dff7f659af769a51e3f5ba66f
| | * | Fix buildRobert Shih2016-08-161-1/+1
| | | | | | | | | | | | | | | | Change-Id: I48ba34b3df9c9a896d4b18c3f48e41744b7dab54
| | * | Fix buildRobert Shih2016-08-161-1/+1
| | | | | | | | | | | | | | | | Change-Id: I96a9c437eec53a285ac96794cc1ad0c8954b27e0
| | * | Add bound checks to utf16_to_utf8Sergio Giro2016-08-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Bug: 29250543 Change-Id: I3518416e89ed901021970958fb6005fd69129f7c (cherry picked from commit 1d3f4278b2666d1a145af2f54782c993aa07d1d9)
| | * | fix buildLajos Molnar2016-08-161-1/+2
| | | | | | | | | | | | | | | | Change-Id: I9bb8c659d3fc97a8e748451d82d0f3448faa242b
| | * | SoftVPX: fix nFilledLen overflowRobert Shih2016-08-162-3/+20
| | | | | | | | | | | | | | | | | | | | Bug: 29421675 Change-Id: I25d4cf54a5df22c2130c37e95c7c7f75063111f3