06c27a9feb
Fix out of bound memory access in lppTransposer am: 6d3dd40e20 am: 2a7b438754 am: fca1027937 am: d8e897ae9e
...
am: 6e15baff97
2017-11-03 19:19:22 +00:00
724b40ccce
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: d0e8397b7b am: 7462464e43 am: 2bebb8fb65
...
am: d157498711
2017-11-03 19:19:04 +00:00
73d49a121c
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 51f38b3a6d am: 5285345743 am: 3e28ad2039
...
am: d948041971
2017-11-03 19:17:58 +00:00
75fe8cb95e
Merge "DO NOT MERGE Prevent out of bound memory access in GetInvInt" into lmp-mr1-dev am: 5565e7791f -s ours am: e1d517a909 am: c0719825a2
...
am: 022a305d55
2017-11-03 19:17:35 +00:00
bceba8dd97
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 3b6a14a1e0
...
am: a1deac7b1a
2017-11-03 19:17:35 +00:00
14713b88c7
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 0d54662fe8 -s ours
...
am: 139ba15904
2017-11-03 19:17:34 +00:00
6e15baff97
Fix out of bound memory access in lppTransposer am: 6d3dd40e20 am: 2a7b438754 am: fca1027937
...
am: d8e897ae9e
2017-11-03 19:16:22 +00:00
022a305d55
Merge "DO NOT MERGE Prevent out of bound memory access in GetInvInt" into lmp-mr1-dev am: 5565e7791f -s ours am: e1d517a909
...
am: c0719825a2
2017-11-03 19:16:06 +00:00
d948041971
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 51f38b3a6d am: 5285345743
...
am: 3e28ad2039
2017-11-03 19:16:06 +00:00
272ae57aa8
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 070e7b81c0 am: 6fac7101c6
...
am: 96fbbc31db
2017-11-03 19:16:05 +00:00
d157498711
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: d0e8397b7b am: 7462464e43
...
am: 2bebb8fb65
2017-11-03 19:16:05 +00:00
c0719825a2
Merge "DO NOT MERGE Prevent out of bound memory access in GetInvInt" into lmp-mr1-dev am: 5565e7791f -s ours
...
am: e1d517a909
2017-11-03 19:14:05 +00:00
3e28ad2039
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 51f38b3a6d
...
am: 5285345743
2017-11-03 19:14:05 +00:00
4d9b54962d
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 5ce724f1dd
...
am: e64c501013
2017-11-03 19:14:05 +00:00
23ee0f0ee2
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 9fb4261c43
...
am: f6100335b8
2017-11-03 19:14:04 +00:00
139ba15904
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: 0d54662fe8
2017-11-03 19:14:04 +00:00
d8e897ae9e
Fix out of bound memory access in lppTransposer am: 6d3dd40e20 am: 2a7b438754
...
am: fca1027937
2017-11-03 19:13:45 +00:00
a1deac7b1a
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: 3b6a14a1e0
2017-11-03 19:13:34 +00:00
96fbbc31db
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 070e7b81c0
...
am: 6fac7101c6
2017-11-03 19:13:34 +00:00
2bebb8fb65
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: d0e8397b7b
...
am: 7462464e43
2017-11-03 19:13:34 +00:00
e1d517a909
Merge "DO NOT MERGE Prevent out of bound memory access in GetInvInt" into lmp-mr1-dev
...
am: 5565e7791f
2017-11-03 19:10:33 +00:00
5285345743
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: 51f38b3a6d
2017-11-03 19:10:33 +00:00
fca1027937
Fix out of bound memory access in lppTransposer am: 6d3dd40e20
...
am: 2a7b438754
2017-11-03 19:10:25 +00:00
f6100335b8
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: 9fb4261c43
2017-11-03 19:10:04 +00:00
e64c501013
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: 5ce724f1dd
2017-11-03 19:10:04 +00:00
6fac7101c6
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: 070e7b81c0
2017-11-03 19:10:04 +00:00
7462464e43
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: d0e8397b7b
2017-11-03 19:10:04 +00:00
2a7b438754
Fix out of bound memory access in lppTransposer
...
am: 6d3dd40e20
2017-11-03 19:07:04 +00:00
5565e7791f
Merge "DO NOT MERGE Prevent out of bound memory access in GetInvInt" into lmp-mr1-dev
2017-11-03 19:05:37 +00:00
9fb4261c43
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: I92d4a14519f45d5a329d7f69f21f2aef0a8c6daa
2017-11-02 19:18:56 +00:00
5ce724f1dd
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: I92d4a14519f45d5a329d7f69f21f2aef0a8c6daa
2017-11-02 18:55:37 +00:00
0d54662fe8
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: I92d4a14519f45d5a329d7f69f21f2aef0a8c6daa
2017-11-02 18:54:15 +00:00
3b6a14a1e0
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: I92d4a14519f45d5a329d7f69f21f2aef0a8c6daa
2017-11-02 18:52:41 +00:00
51f38b3a6d
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: I92d4a14519f45d5a329d7f69f21f2aef0a8c6daa
2017-11-02 16:25:34 +00:00
6d3dd40e20
Fix out of bound memory access in lppTransposer
...
In TRANSPOSER_SETTINGS, initialize the whole bwBorders array to a
reasonable value to guarantee correct termination in while loop
in lppTransposer function. This fixes the reported bug.
For completeness:
- clear the whole bwIndex array instead of noOfPatches entries only.
- abort criterion in while loop to prevent potential
infinite loop, and limit bwIndex[patch] to a valid range.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65280786
Change-Id: I16ed2e1c0f1601926239a652ca20a91284151843
2017-10-31 21:40:14 +00:00
070e7b81c0
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: Iff889601828f95b82d9291075f3909922ef533ef
2017-10-30 22:46:18 +00:00
76c4625fe3
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: Id1f1582bc5afc76e3e90128d92034a5899a9b51e
2017-10-30 22:45:05 +00:00
d0e8397b7b
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: Iff889601828f95b82d9291075f3909922ef533ef
2017-10-30 15:20:44 -07:00
1e3515e03e
Fix an assertion failure (avoid division by zero) when encoding a particular input
2017-10-30 23:06:44 +02:00
cf697df5ad
Avoid reading out of bounds due to negative aaIccIndexMapped
...
Fixes: 3452/clusterfuzz-testcase-4898065225875456
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
2017-10-20 16:33:25 +03:00
c366b3db8f
Add tighter sanity checks in CBlock_GetEscape
...
We can't read 31 bits of value here, since that would place the
topmost bit in the sign bit.
Fixes: 3480/clusterfuzz-testcase-4573445423628288
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
2017-10-20 16:33:25 +03:00
f7d8e3e2d7
Snap for 4383207 from 15759ceb7b to pi-release
...
Change-Id: I0c9541a967456c23dd621965cd7e8b9edd39ff85
2017-10-07 08:00:24 +00:00
15759ceb7b
Merge "Use -Werror in external/aac" am: f38aee2252 am: 82440fab16 am: 5a1868a64f
...
am: 858c2a7c6e
2017-10-07 00:55:09 +00:00
858c2a7c6e
Merge "Use -Werror in external/aac" am: f38aee2252 am: 82440fab16
...
am: 5a1868a64f
2017-10-07 00:50:14 +00:00
5a1868a64f
Merge "Use -Werror in external/aac" am: f38aee2252
...
am: 82440fab16
2017-10-07 00:47:44 +00:00
82440fab16
Merge "Use -Werror in external/aac"
...
am: f38aee2252
2017-10-07 00:45:22 +00:00
f38aee2252
Merge "Use -Werror in external/aac"
2017-10-07 00:39:23 +00:00
3e8a17c1c1
Use -Werror in external/aac
...
Bug: 66996870
Test: build with WITH_TIDY=1
Exempt-From-Owner-Approval: Colin +2 should be the owner approval
Change-Id: I167f73ee9dc5e977fd6976f48732ae1e1fe13c8b
2017-10-06 21:52:25 +00:00
e2e35b8273
Make sure there are enough bits when reading ADTS header.
2017-09-20 14:30:42 -07:00
a3d1168943
Adjust the fix for infinite loops with a drained ADTS stream
...
This should have less risk of causing other issues.
2017-08-18 22:38:09 +03:00
Jean-Michel Trivi
TreeHugger Robot
Martin Storsjo
android-build-team Robot
Chih-Hung Hsieh
Doug Benedict