Jean-Michel Trivi
6e15baff97
Fix out of bound memory access in lppTransposer am: 6d3dd40e20
am: 2a7b438754
am: fca1027937
...
am: d8e897ae9e
Change-Id: Id2b60900e4abe08d2f1c1612e7c729c75f2e61c0
2017-11-03 19:16:22 +00:00
Jean-Michel Trivi
d157498711
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: d0e8397b7b
am: 7462464e43
...
am: 2bebb8fb65
Change-Id: I4645d168431438e8bfbfc28514f21aad015633ac
2017-11-03 19:16:05 +00:00
Jean-Michel Trivi
d8e897ae9e
Fix out of bound memory access in lppTransposer am: 6d3dd40e20
am: 2a7b438754
...
am: fca1027937
Change-Id: I8803d858a432aea8fba8b7ec29ba28458e7418d8
2017-11-03 19:13:45 +00:00
Jean-Michel Trivi
96fbbc31db
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 070e7b81c0
...
am: 6fac7101c6
Change-Id: If3c68bd6341d7c9eff5257ec41ca6c1a2161077c
2017-11-03 19:13:34 +00:00
Jean-Michel Trivi
2bebb8fb65
DO NOT MERGE Prevent out of bound memory access in GetInvInt am: d0e8397b7b
...
am: 7462464e43
Change-Id: I064298bc197e53e6f5a6ce1872cb77c9444d8dee
2017-11-03 19:13:34 +00:00
Jean-Michel Trivi
fca1027937
Fix out of bound memory access in lppTransposer am: 6d3dd40e20
...
am: 2a7b438754
Change-Id: If16bd906722b4a639be890fcc98bd21db253f404
2017-11-03 19:10:25 +00:00
Jean-Michel Trivi
6fac7101c6
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: 070e7b81c0
Change-Id: Ibcddd5c0e53aaae0d26e1c33c6e42bc7268cf6a1
2017-11-03 19:10:04 +00:00
Jean-Michel Trivi
7462464e43
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
am: d0e8397b7b
Change-Id: If35860a327395c578e6f02b3706db0fd041e719e
2017-11-03 19:10:04 +00:00
Jean-Michel Trivi
2a7b438754
Fix out of bound memory access in lppTransposer
...
am: 6d3dd40e20
Change-Id: I4a2b70c82e6bc42b3a0ec00efeb100fe6971a62c
2017-11-03 19:07:04 +00:00
Jean-Michel Trivi
6d3dd40e20
Fix out of bound memory access in lppTransposer
...
In TRANSPOSER_SETTINGS, initialize the whole bwBorders array to a
reasonable value to guarantee correct termination in while loop
in lppTransposer function. This fixes the reported bug.
For completeness:
- clear the whole bwIndex array instead of noOfPatches entries only.
- abort criterion in while loop to prevent potential
infinite loop, and limit bwIndex[patch] to a valid range.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65280786
Change-Id: I16ed2e1c0f1601926239a652ca20a91284151843
2017-10-31 21:40:14 +00:00
Jean-Michel Trivi
070e7b81c0
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: Iff889601828f95b82d9291075f3909922ef533ef
2017-10-30 22:46:18 +00:00
Jean-Michel Trivi
d0e8397b7b
DO NOT MERGE Prevent out of bound memory access in GetInvInt
...
In GetInvInt(int) function, malicious content can access memory
outside of the invCount array. Always bound access to valid
indices.
Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: Iff889601828f95b82d9291075f3909922ef533ef
2017-10-30 15:20:44 -07:00
Jean-Michel Trivi
0cf3a7671a
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425
am: b762ff3e4f
am: 1a54e8f638
am: 78653b30e9
am: 0a20959871
am: 6318d60241
am: 7147e71a75
am: 1de50b286f
...
am: d110691d01
* commit 'd110691d01e15a555d84fcd98e4b275dd38b37ba':
Fix aacDecoder_drcExtractAndMap()
Change-Id: I6c009e94d626cc1dd6ec1510fd2e07c1b3a4031a
2016-04-19 01:30:15 +00:00
Jean-Michel Trivi
d110691d01
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425
am: b762ff3e4f
am: 1a54e8f638
am: 78653b30e9
am: 0a20959871
am: 6318d60241
am: 7147e71a75
...
am: 1de50b286f
* commit '1de50b286fdadc07f94e0d8fae69a564796ab12a':
Fix aacDecoder_drcExtractAndMap()
Change-Id: Ib1dce026d6ddc9fdfa68cc5b4213a2685dc1ac17
2016-04-19 01:27:53 +00:00
Jean-Michel Trivi
1de50b286f
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425
am: b762ff3e4f
am: 1a54e8f638
am: 78653b30e9
am: 0a20959871
am: 6318d60241
...
am: 7147e71a75
* commit '7147e71a75a48009e6d2b835422767cf466813d8':
Fix aacDecoder_drcExtractAndMap()
Change-Id: I7f677fae038640739834d4c44309680b78748acf
2016-04-19 01:25:09 +00:00
Jean-Michel Trivi
7147e71a75
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425
am: b762ff3e4f
am: 1a54e8f638
am: 78653b30e9
am: 0a20959871
...
am: 6318d60241
* commit '6318d6024194f89d809f4e22266105f27389f41b':
Fix aacDecoder_drcExtractAndMap()
Change-Id: I1a836bd8b024948f18b2d2c0e912601722f887bc
2016-04-19 01:00:01 +00:00
Jean-Michel Trivi
6318d60241
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425
am: b762ff3e4f
am: 1a54e8f638
am: 78653b30e9
...
am: 0a20959871
* commit '0a209598713cccc4f10e9c0036df487bea5af312':
Fix aacDecoder_drcExtractAndMap()
Change-Id: If2339aad0e0e825302773f2f04f0dd43cc754ac6
2016-04-19 00:57:44 +00:00
Jean-Michel Trivi
0a20959871
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425
am: b762ff3e4f
am: 1a54e8f638
...
am: 78653b30e9
* commit '78653b30e9c1907d4c6eefa30ff954e0c4398447':
Fix aacDecoder_drcExtractAndMap()
Change-Id: I53cabb3bab17e8754a03648ffac356e4a3a05e28
2016-04-19 00:55:30 +00:00
Jean-Michel Trivi
78653b30e9
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425
am: b762ff3e4f
...
am: 1a54e8f638
* commit '1a54e8f6385f9cbb8d950f0ff003bb71daa62caf':
Fix aacDecoder_drcExtractAndMap()
Change-Id: I3c992ce7d3a60685f75a944d8d588fb9ff0d050c
2016-04-19 00:53:17 +00:00
Jean-Michel Trivi
1a54e8f638
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425
...
am: b762ff3e4f
* commit 'b762ff3e4fdc29ce517824e19d187ba667e80623':
Fix aacDecoder_drcExtractAndMap()
Change-Id: I29eaf51574e1834f223a9755a353abd90fcf912b
2016-04-19 00:50:57 +00:00
Jean-Michel Trivi
b762ff3e4f
Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
...
am: be3ff35425
* commit 'be3ff35425f026fb3714f1bd45c40aee6737fe05':
Fix aacDecoder_drcExtractAndMap()
Change-Id: I82060408eab9a8990c511af4c6be8a588d2a1b49
2016-04-19 00:48:42 +00:00
Jean-Michel Trivi
be3ff35425
Fix aacDecoder_drcExtractAndMap()
...
am: 97a1b8140d
* commit '97a1b8140d410ed3942006aa22b40ccb322f747b':
Fix aacDecoder_drcExtractAndMap()
Change-Id: I1bf523e635139d71ef124462bd61e0da06191d35
2016-04-19 00:46:26 +00:00
Jean-Michel Trivi
97a1b8140d
Fix aacDecoder_drcExtractAndMap()
...
Parse DVB DRC data only when numThreads is below
MAX_DRC_THREADS. The post-increment is necessary as
it is used in fill element DRC data section.
This solution parses as many DRC payloads as allowed by
MAX_DRC_THREADS and skips all remaining DRC elements in the stream.
Bug 27792766
Bug 26751339
Change-Id: Ie1641888bac1757c4d1491119f977fc5d436eaea
2016-04-15 08:14:50 -07:00
Jean-Michel Trivi
7657556633
Fix stack corruption happening in aacDecoder_drcExtractAndMap() am: a06d1c2
am: 47739cd
...
am: 118fc75
* commit '118fc75eee6cc763a3105d6e963b77d76d114a2e':
Fix stack corruption happening in aacDecoder_drcExtractAndMap()
2016-03-22 02:49:48 +00:00
Jean-Michel Trivi
118fc75eee
Fix stack corruption happening in aacDecoder_drcExtractAndMap() am: a06d1c2
...
am: 47739cd
* commit '47739cd9d8d7842436b90ef14207c935b0a799fe':
Fix stack corruption happening in aacDecoder_drcExtractAndMap()
2016-03-22 02:44:32 +00:00
Jean-Michel Trivi
47739cd9d8
Fix stack corruption happening in aacDecoder_drcExtractAndMap()
...
am: a06d1c2
* commit 'a06d1c2b9af1621037b48557aac42b5ecbdb03b3':
Fix stack corruption happening in aacDecoder_drcExtractAndMap()
2016-03-22 02:36:16 +00:00
Jean-Michel Trivi
a06d1c2b9a
Fix stack corruption happening in aacDecoder_drcExtractAndMap()
...
In the aacDecoder_drcExtractAndMap() function, self->numThreads
can be used after having exceeded its intended max value,
MAX_DRC_THREADS, causing memory to be cleared after the
threadBs[MAX_DRC_THREADS] array.
The crash is prevented by never using self->numThreads with
a value equal to or greater than MAX_DRC_THREADS.
A proper fix will be required as there seems to be an issue as
to which entry in the threadBs array is meant to be initialized
and used.
Bug 26751339
Change-Id: I655cc40c35d4206ab72e83b2bdb751be2fe52b5a
2016-03-21 21:59:22 +00:00
Dan Willemsen
2d435aa433
Remove __DATE__/__TIME__
...
Building __DATE__/__TIME__ into the binaries means that every build will
create different binaries, even if all the sources are identical. This
also means that any libraries including this one will need to be patched
during every OTA.
Nothing appears to use the build_date/build_time fields, so just replace
them with empty strings.
Bug: 24204119
Change-Id: I9543eb388a1e8ab9284df9035a62fc8942cdc082
(cherry picked from commit 6e8330732f
)
2015-10-30 21:53:59 +00:00
Marco Nelissen
9f42dfb799
am b3c5a4bb: Fix crash on invalid channel config
...
* commit 'b3c5a4bb8442ab3158fa1f52b790fadc64546f46':
Fix crash on invalid channel config
2015-09-15 01:10:04 +00:00
Marco Nelissen
b3c5a4bb84
Fix crash on invalid channel config
...
Bug: 23876444
Change-Id: I90ad197811ebabceb5b5d74d6d3f20716fbe2d45
2015-09-08 15:50:08 +00:00
Bill Yi
267940f5bd
am f2df045a: Merge commit \'10d211b84a5f0790b28fcc8b3db66884d5f9c729\' into HEAD
...
* commit 'f2df045ae92ee655481f73b19986084308ae684c':
2015-02-20 00:22:52 +00:00
Bill Yi
f2df045ae9
Merge commit '10d211b84a5f0790b28fcc8b3db66884d5f9c729' into HEAD
2015-02-19 14:30:49 -08:00
Chih-Hung Hsieh
bd8021bef1
am 2b6bf8dc: Merge "Do not include genericStds_linux.cpp."
...
* commit '2b6bf8dc0941f3a4531030b950cf24fd31248b0b':
Do not include genericStds_linux.cpp.
2015-02-18 02:53:59 +00:00
Chih-Hung Hsieh
2b6bf8dc09
Merge "Do not include genericStds_linux.cpp."
2015-02-18 02:41:47 +00:00
Chih-Hung Hsieh
09f1d04467
Do not include genericStds_linux.cpp.
...
The __aeabi_memcpy functions are already defined in Android libc.
Redefining them to call memcpy will become recursive when clang/llvm
converts the memcpy call to __aeabi_memcpy.
With this change, we can enable clang/llvm by removing LOCAL_CLANG from Android.mk.
BUG: 12216385
Change-Id: I8b8b4ba7f3ff1e66f8110fc3b6356865a582c1d8
2015-02-12 11:20:14 -08:00
Marco Nelissen
10d211b84a
am 1c6ab7db: Merge "Use gcc for the AAC decoder"
...
* commit '1c6ab7db30867f3eee0d550adb015b340fbbc668':
Use gcc for the AAC decoder
2015-02-11 01:51:25 +00:00
Marco Nelissen
1c6ab7db30
Merge "Use gcc for the AAC decoder"
2015-02-11 01:22:20 +00:00
Marco Nelissen
355baa79bf
Use gcc for the AAC decoder
...
clang generates crashing code for this.
Change-Id: I90355d6735403290e7c0d93ff4854520b7b80f4a
2015-02-10 15:39:28 -08:00
Chih-Hung Hsieh
28e448bb55
am 66091e46: Merge "Fix checks for {Front,Side,Back}ElementIsCpe"
...
* commit '66091e46d7aae1b45ed96f5f39274954a296db71':
Fix checks for {Front,Side,Back}ElementIsCpe
2014-12-01 19:45:05 +00:00
Chih-Hung Hsieh
66091e46d7
Merge "Fix checks for {Front,Side,Back}ElementIsCpe"
2014-12-01 19:31:58 +00:00
Dan Albert
57f76311ba
am 84851b23: Merge "Move back to C++98."
...
* commit '84851b23d6f65ce03da4fa8ef2348b4f46c0ed0f':
Move back to C++98.
2014-12-01 19:27:01 +00:00
Chih-Hung Hsieh
bb1e78a118
Fix checks for {Front,Side,Back}ElementIsCpe
...
{Front,Side,Back}ElementIsCpe is an array (per-channel). The check for
pPce->{Front,Side,Back}ElementIsCpe without an index checks the address
of the array, and will always evaluate to true. The elTagSce++
statements are unreachable.
Change-Id: If530371788a44038c500d6f9f7ac67681f77cc71
2014-12-01 11:26:03 -08:00
Dan Albert
84851b23d6
Merge "Move back to C++98."
2014-12-01 19:15:30 +00:00
Dan Albert
d52f374768
Move back to C++98.
...
This code depends on narrowing hex literals to a signed long, which
trips -Wc++11-narrowing (the fix would be to explicitly cast each
value to signed).
Change-Id: I581a02ef0eeee5a2d95ce0ff2ec6f7ff26f3a074
2014-11-28 13:56:59 -08:00
Chih-Hung Hsieh
1c7368d7c0
am d149516e: am 7e464956: Merge "Move Clang only flags into LOCAL_CLANG_CPPFLAGS."
...
* commit 'd149516e1a3a63549d2c654b1398544d5de46a3e':
2014-10-25 19:54:26 +00:00
Chih-Hung Hsieh
d149516e1a
am 7e464956: Merge "Move Clang only flags into LOCAL_CLANG_CPPFLAGS."
...
* commit '7e46495606bd66973a10565f932acee7bddcc003':
Move Clang only flags into LOCAL_CLANG_CPPFLAGS.
2014-09-23 16:54:56 +00:00
Chih-Hung Hsieh
ab33d4d394
am 7e464956: Merge "Move Clang only flags into LOCAL_CLANG_CPPFLAGS."
...
* commit '7e46495606bd66973a10565f932acee7bddcc003':
Move Clang only flags into LOCAL_CLANG_CPPFLAGS.
2014-09-23 16:54:34 +00:00
Chih-Hung Hsieh
7e46495606
Merge "Move Clang only flags into LOCAL_CLANG_CPPFLAGS."
2014-09-23 16:29:42 +00:00
Chih-Hung Hsieh
3c4c8d631f
Move Clang only flags into LOCAL_CLANG_CPPFLAGS.
...
Gcc does not recognize -Wno-pointer-bool-conversion.
Change-Id: Ib6ffa321fff1947b6a098244f7d67fdeb45c2b41
2014-09-22 22:59:03 -07:00
Glenn Kasten
57daefcbe1
am 4803bf75: Merge "Ignore Clang warning on checking address of arrays."
...
* commit '4803bf75f564e5c9304527a5b902711f78e9f621':
Ignore Clang warning on checking address of arrays.
2014-09-09 17:53:16 +00:00