Commit Graph

103 Commits

Author SHA1 Message Date
Jean-Michel Trivi 6e15baff97 Fix out of bound memory access in lppTransposer am: 6d3dd40e20 am: 2a7b438754 am: fca1027937
am: d8e897ae9e

Change-Id: Id2b60900e4abe08d2f1c1612e7c729c75f2e61c0
2017-11-03 19:16:22 +00:00
Jean-Michel Trivi d157498711 DO NOT MERGE Prevent out of bound memory access in GetInvInt am: d0e8397b7b am: 7462464e43
am: 2bebb8fb65

Change-Id: I4645d168431438e8bfbfc28514f21aad015633ac
2017-11-03 19:16:05 +00:00
Jean-Michel Trivi d8e897ae9e Fix out of bound memory access in lppTransposer am: 6d3dd40e20 am: 2a7b438754
am: fca1027937

Change-Id: I8803d858a432aea8fba8b7ec29ba28458e7418d8
2017-11-03 19:13:45 +00:00
Jean-Michel Trivi 96fbbc31db DO NOT MERGE Prevent out of bound memory access in GetInvInt am: 070e7b81c0
am: 6fac7101c6

Change-Id: If3c68bd6341d7c9eff5257ec41ca6c1a2161077c
2017-11-03 19:13:34 +00:00
Jean-Michel Trivi 2bebb8fb65 DO NOT MERGE Prevent out of bound memory access in GetInvInt am: d0e8397b7b
am: 7462464e43

Change-Id: I064298bc197e53e6f5a6ce1872cb77c9444d8dee
2017-11-03 19:13:34 +00:00
Jean-Michel Trivi fca1027937 Fix out of bound memory access in lppTransposer am: 6d3dd40e20
am: 2a7b438754

Change-Id: If16bd906722b4a639be890fcc98bd21db253f404
2017-11-03 19:10:25 +00:00
Jean-Michel Trivi 6fac7101c6 DO NOT MERGE Prevent out of bound memory access in GetInvInt
am: 070e7b81c0

Change-Id: Ibcddd5c0e53aaae0d26e1c33c6e42bc7268cf6a1
2017-11-03 19:10:04 +00:00
Jean-Michel Trivi 7462464e43 DO NOT MERGE Prevent out of bound memory access in GetInvInt
am: d0e8397b7b

Change-Id: If35860a327395c578e6f02b3706db0fd041e719e
2017-11-03 19:10:04 +00:00
Jean-Michel Trivi 2a7b438754 Fix out of bound memory access in lppTransposer
am: 6d3dd40e20

Change-Id: I4a2b70c82e6bc42b3a0ec00efeb100fe6971a62c
2017-11-03 19:07:04 +00:00
Jean-Michel Trivi 6d3dd40e20 Fix out of bound memory access in lppTransposer
In TRANSPOSER_SETTINGS, initialize the whole bwBorders array to a
  reasonable value to guarantee correct termination in while loop
  in lppTransposer function. This fixes the reported bug.
For completeness:
  - clear the whole bwIndex array instead of noOfPatches entries only.
  - abort criterion in while loop to prevent potential
    infinite loop, and limit bwIndex[patch] to a valid range.

Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65280786

Change-Id: I16ed2e1c0f1601926239a652ca20a91284151843
2017-10-31 21:40:14 +00:00
Jean-Michel Trivi 070e7b81c0 DO NOT MERGE Prevent out of bound memory access in GetInvInt
In GetInvInt(int) function, malicious content can access memory
 outside of the invCount array. Always bound access to valid
 indices.

Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: Iff889601828f95b82d9291075f3909922ef533ef
2017-10-30 22:46:18 +00:00
Jean-Michel Trivi d0e8397b7b DO NOT MERGE Prevent out of bound memory access in GetInvInt
In GetInvInt(int) function, malicious content can access memory
 outside of the invCount array. Always bound access to valid
 indices.

Test: see bug for malicious content, decoded with "stagefright -s -a"
Bug: 65025048
Change-Id: Iff889601828f95b82d9291075f3909922ef533ef
2017-10-30 15:20:44 -07:00
Jean-Michel Trivi 0cf3a7671a Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d am: be3ff35425 am: b762ff3e4f am: 1a54e8f638 am: 78653b30e9 am: 0a20959871 am: 6318d60241 am: 7147e71a75 am: 1de50b286f
am: d110691d01

* commit 'd110691d01e15a555d84fcd98e4b275dd38b37ba':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: I6c009e94d626cc1dd6ec1510fd2e07c1b3a4031a
2016-04-19 01:30:15 +00:00
Jean-Michel Trivi d110691d01 Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d am: be3ff35425 am: b762ff3e4f am: 1a54e8f638 am: 78653b30e9 am: 0a20959871 am: 6318d60241 am: 7147e71a75
am: 1de50b286f

* commit '1de50b286fdadc07f94e0d8fae69a564796ab12a':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: Ib1dce026d6ddc9fdfa68cc5b4213a2685dc1ac17
2016-04-19 01:27:53 +00:00
Jean-Michel Trivi 1de50b286f Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d am: be3ff35425 am: b762ff3e4f am: 1a54e8f638 am: 78653b30e9 am: 0a20959871 am: 6318d60241
am: 7147e71a75

* commit '7147e71a75a48009e6d2b835422767cf466813d8':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: I7f677fae038640739834d4c44309680b78748acf
2016-04-19 01:25:09 +00:00
Jean-Michel Trivi 7147e71a75 Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d am: be3ff35425 am: b762ff3e4f am: 1a54e8f638 am: 78653b30e9 am: 0a20959871
am: 6318d60241

* commit '6318d6024194f89d809f4e22266105f27389f41b':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: I1a836bd8b024948f18b2d2c0e912601722f887bc
2016-04-19 01:00:01 +00:00
Jean-Michel Trivi 6318d60241 Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d am: be3ff35425 am: b762ff3e4f am: 1a54e8f638 am: 78653b30e9
am: 0a20959871

* commit '0a209598713cccc4f10e9c0036df487bea5af312':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: If2339aad0e0e825302773f2f04f0dd43cc754ac6
2016-04-19 00:57:44 +00:00
Jean-Michel Trivi 0a20959871 Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d am: be3ff35425 am: b762ff3e4f am: 1a54e8f638
am: 78653b30e9

* commit '78653b30e9c1907d4c6eefa30ff954e0c4398447':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: I53cabb3bab17e8754a03648ffac356e4a3a05e28
2016-04-19 00:55:30 +00:00
Jean-Michel Trivi 78653b30e9 Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d am: be3ff35425 am: b762ff3e4f
am: 1a54e8f638

* commit '1a54e8f6385f9cbb8d950f0ff003bb71daa62caf':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: I3c992ce7d3a60685f75a944d8d588fb9ff0d050c
2016-04-19 00:53:17 +00:00
Jean-Michel Trivi 1a54e8f638 Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d am: be3ff35425
am: b762ff3e4f

* commit 'b762ff3e4fdc29ce517824e19d187ba667e80623':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: I29eaf51574e1834f223a9755a353abd90fcf912b
2016-04-19 00:50:57 +00:00
Jean-Michel Trivi b762ff3e4f Fix aacDecoder_drcExtractAndMap() am: 97a1b8140d
am: be3ff35425

* commit 'be3ff35425f026fb3714f1bd45c40aee6737fe05':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: I82060408eab9a8990c511af4c6be8a588d2a1b49
2016-04-19 00:48:42 +00:00
Jean-Michel Trivi be3ff35425 Fix aacDecoder_drcExtractAndMap()
am: 97a1b8140d

* commit '97a1b8140d410ed3942006aa22b40ccb322f747b':
  Fix aacDecoder_drcExtractAndMap()

Change-Id: I1bf523e635139d71ef124462bd61e0da06191d35
2016-04-19 00:46:26 +00:00
Jean-Michel Trivi 97a1b8140d Fix aacDecoder_drcExtractAndMap()
Parse DVB DRC data only when numThreads is below
 MAX_DRC_THREADS. The post-increment is necessary as
 it is used in fill element DRC data section.
This solution parses as many DRC payloads as allowed by
 MAX_DRC_THREADS and skips all remaining DRC elements in the stream.

Bug 27792766
Bug 26751339

Change-Id: Ie1641888bac1757c4d1491119f977fc5d436eaea
2016-04-15 08:14:50 -07:00
Jean-Michel Trivi 7657556633 Fix stack corruption happening in aacDecoder_drcExtractAndMap() am: a06d1c2 am: 47739cd
am: 118fc75

* commit '118fc75eee6cc763a3105d6e963b77d76d114a2e':
  Fix stack corruption happening in aacDecoder_drcExtractAndMap()
2016-03-22 02:49:48 +00:00
Jean-Michel Trivi 118fc75eee Fix stack corruption happening in aacDecoder_drcExtractAndMap() am: a06d1c2
am: 47739cd

* commit '47739cd9d8d7842436b90ef14207c935b0a799fe':
  Fix stack corruption happening in aacDecoder_drcExtractAndMap()
2016-03-22 02:44:32 +00:00
Jean-Michel Trivi 47739cd9d8 Fix stack corruption happening in aacDecoder_drcExtractAndMap()
am: a06d1c2

* commit 'a06d1c2b9af1621037b48557aac42b5ecbdb03b3':
  Fix stack corruption happening in aacDecoder_drcExtractAndMap()
2016-03-22 02:36:16 +00:00
Jean-Michel Trivi a06d1c2b9a Fix stack corruption happening in aacDecoder_drcExtractAndMap()
In the aacDecoder_drcExtractAndMap() function, self->numThreads
  can be used after having exceeded its intended max value,
  MAX_DRC_THREADS, causing memory to be cleared after the
  threadBs[MAX_DRC_THREADS] array.
The crash is prevented by never using self->numThreads with
  a value equal to or greater than MAX_DRC_THREADS.
A proper fix will be required as there seems to be an issue as
  to which entry in the threadBs array is meant to be initialized
  and used.

Bug 26751339

Change-Id: I655cc40c35d4206ab72e83b2bdb751be2fe52b5a
2016-03-21 21:59:22 +00:00
Dan Willemsen 2d435aa433 Remove __DATE__/__TIME__
Building __DATE__/__TIME__ into the binaries means that every build will
create different binaries, even if all the sources are identical. This
also means that any libraries including this one will need to be patched
during every OTA.

Nothing appears to use the build_date/build_time fields, so just replace
them with empty strings.

Bug: 24204119
Change-Id: I9543eb388a1e8ab9284df9035a62fc8942cdc082
(cherry picked from commit 6e8330732f)
2015-10-30 21:53:59 +00:00
Marco Nelissen 9f42dfb799 am b3c5a4bb: Fix crash on invalid channel config
* commit 'b3c5a4bb8442ab3158fa1f52b790fadc64546f46':
  Fix crash on invalid channel config
2015-09-15 01:10:04 +00:00
Marco Nelissen b3c5a4bb84 Fix crash on invalid channel config
Bug: 23876444
Change-Id: I90ad197811ebabceb5b5d74d6d3f20716fbe2d45
2015-09-08 15:50:08 +00:00
Bill Yi 267940f5bd am f2df045a: Merge commit \'10d211b84a5f0790b28fcc8b3db66884d5f9c729\' into HEAD
* commit 'f2df045ae92ee655481f73b19986084308ae684c':
2015-02-20 00:22:52 +00:00
Bill Yi f2df045ae9 Merge commit '10d211b84a5f0790b28fcc8b3db66884d5f9c729' into HEAD 2015-02-19 14:30:49 -08:00
Chih-Hung Hsieh bd8021bef1 am 2b6bf8dc: Merge "Do not include genericStds_linux.cpp."
* commit '2b6bf8dc0941f3a4531030b950cf24fd31248b0b':
  Do not include genericStds_linux.cpp.
2015-02-18 02:53:59 +00:00
Chih-Hung Hsieh 2b6bf8dc09 Merge "Do not include genericStds_linux.cpp." 2015-02-18 02:41:47 +00:00
Chih-Hung Hsieh 09f1d04467 Do not include genericStds_linux.cpp.
The __aeabi_memcpy functions are already defined in Android libc.
Redefining them to call memcpy will become recursive when clang/llvm
converts the memcpy call to __aeabi_memcpy.
With this change, we can enable clang/llvm by removing LOCAL_CLANG from Android.mk.

BUG: 12216385
Change-Id: I8b8b4ba7f3ff1e66f8110fc3b6356865a582c1d8
2015-02-12 11:20:14 -08:00
Marco Nelissen 10d211b84a am 1c6ab7db: Merge "Use gcc for the AAC decoder"
* commit '1c6ab7db30867f3eee0d550adb015b340fbbc668':
  Use gcc for the AAC decoder
2015-02-11 01:51:25 +00:00
Marco Nelissen 1c6ab7db30 Merge "Use gcc for the AAC decoder" 2015-02-11 01:22:20 +00:00
Marco Nelissen 355baa79bf Use gcc for the AAC decoder
clang generates crashing code for this.

Change-Id: I90355d6735403290e7c0d93ff4854520b7b80f4a
2015-02-10 15:39:28 -08:00
Chih-Hung Hsieh 28e448bb55 am 66091e46: Merge "Fix checks for {Front,Side,Back}ElementIsCpe"
* commit '66091e46d7aae1b45ed96f5f39274954a296db71':
  Fix checks for {Front,Side,Back}ElementIsCpe
2014-12-01 19:45:05 +00:00
Chih-Hung Hsieh 66091e46d7 Merge "Fix checks for {Front,Side,Back}ElementIsCpe" 2014-12-01 19:31:58 +00:00
Dan Albert 57f76311ba am 84851b23: Merge "Move back to C++98."
* commit '84851b23d6f65ce03da4fa8ef2348b4f46c0ed0f':
  Move back to C++98.
2014-12-01 19:27:01 +00:00
Chih-Hung Hsieh bb1e78a118 Fix checks for {Front,Side,Back}ElementIsCpe
{Front,Side,Back}ElementIsCpe is an array (per-channel). The check for
pPce->{Front,Side,Back}ElementIsCpe without an index checks the address
of the array, and will always evaluate to true. The elTagSce++
statements are unreachable.

Change-Id: If530371788a44038c500d6f9f7ac67681f77cc71
2014-12-01 11:26:03 -08:00
Dan Albert 84851b23d6 Merge "Move back to C++98." 2014-12-01 19:15:30 +00:00
Dan Albert d52f374768 Move back to C++98.
This code depends on narrowing hex literals to a signed long, which
trips -Wc++11-narrowing (the fix would be to explicitly cast each
value to signed).

Change-Id: I581a02ef0eeee5a2d95ce0ff2ec6f7ff26f3a074
2014-11-28 13:56:59 -08:00
Chih-Hung Hsieh 1c7368d7c0 am d149516e: am 7e464956: Merge "Move Clang only flags into LOCAL_CLANG_CPPFLAGS."
* commit 'd149516e1a3a63549d2c654b1398544d5de46a3e':
2014-10-25 19:54:26 +00:00
Chih-Hung Hsieh d149516e1a am 7e464956: Merge "Move Clang only flags into LOCAL_CLANG_CPPFLAGS."
* commit '7e46495606bd66973a10565f932acee7bddcc003':
  Move Clang only flags into LOCAL_CLANG_CPPFLAGS.
2014-09-23 16:54:56 +00:00
Chih-Hung Hsieh ab33d4d394 am 7e464956: Merge "Move Clang only flags into LOCAL_CLANG_CPPFLAGS."
* commit '7e46495606bd66973a10565f932acee7bddcc003':
  Move Clang only flags into LOCAL_CLANG_CPPFLAGS.
2014-09-23 16:54:34 +00:00
Chih-Hung Hsieh 7e46495606 Merge "Move Clang only flags into LOCAL_CLANG_CPPFLAGS." 2014-09-23 16:29:42 +00:00
Chih-Hung Hsieh 3c4c8d631f Move Clang only flags into LOCAL_CLANG_CPPFLAGS.
Gcc does not recognize -Wno-pointer-bool-conversion.

Change-Id: Ib6ffa321fff1947b6a098244f7d67fdeb45c2b41
2014-09-22 22:59:03 -07:00
Glenn Kasten 57daefcbe1 am 4803bf75: Merge "Ignore Clang warning on checking address of arrays."
* commit '4803bf75f564e5c9304527a5b902711f78e9f621':
  Ignore Clang warning on checking address of arrays.
2014-09-09 17:53:16 +00:00