| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A security patch that was trying to detect infinite loops
was accidentally rejecting very large MIDI files.
This is because there is a scanning pass that looks at the entire
file. That was generating a very high eventCount.
With this change, we do not check event counts during the scanning pass.
Bug: 112735915
Bug: 112575219
Bug: 68664359
Test: Generate a MIDI files with more than 50000 events.
Test: There are some in b/112735915 and b/112575219
Test: mmma frameworks/av/cmds/stagefright
Test: adb push out/target/product/marlin/system/bin/stagefright /system/bin/.
Test: adb shell stagefright -a /sdcard/Download/verybigfile.mid
Test: It should play correctly and not abort.
Change-Id: Iddf2f5b178e9ca3867b14fcd78d538023d79240d
Merged-In: Iddf2f5b178e9ca3867b14fcd78d538023d79240d
(cherry picked from commit 123051dd0271ac0f245cb88c38878c6b21880632)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This detects and blocks infinite loops in corrupt files.
Bug: 68664359
Bug: 110435401
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.StagefrightTest#testStagefright_bug_68664359
Test: cts-tradefed run cts -m CtsSecurityTestCases -t android.security.cts.StagefrightTest#testStagefright_bug_110435401
Change-Id: I67652fbcc8b0812a838ae6551d0be2770a655c95
Merged-In: I67652fbcc8b0812a838ae6551d0be2770a655c95
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: 69804002
Bug: 68953854
Bug: 68664359
Test: cts-tradefed run cts --class android.security.cts.StagefrightTest --method testStagefright_bug_68953854
Change-Id: I29e5ffd6f5be25180d7ed65806480257d79a884d
Merged-In: I19b3ca2d66866039b199d2049c6234df51797b3c
(cherry picked from commit ba9ea234666052f8415194966bcd242ea6fecf0e)
CVE-2018-9347, CVE-2018-9348
|
|
|
|
|
|
|
|
| |
Bug: 68160703
Test: stagefright poc.xmf
Change-Id: I1ed8cbbfaf2f26e9d3679898a62669da87a2251d
(cherry picked from commit 781ff001b9e734dd4297765b6b0d15f391cb06d9)
CVE-2017-13229
|
|
|
|
|
|
|
|
| |
Bug: 68159767
Test: build
Change-Id: Iecbb69e59ccbe33989ad9d76f6826c22cda7724b
(cherry picked from commit 2815be21f2f5e8f1d345f35bf9b3a008fc546efa)
CVE-2017-13234
|
|
|
|
|
|
|
|
| |
Bug: 23342881
Bug: 35472997
Change-Id: I025338c5f0b39cac89ad786afc69cf085e830568
(cherry picked from commit eefb545f69f6ae1e8b32150dd9a28b73cc751f17)
CVE-2017-0644
|
|
|
|
|
|
|
|
|
|
|
| |
If the phase increment was larger than the loop size, the interpolator
would read further and further outside the sample, eventually segfaulting.
Bug: 38342499
Test: manual
Change-Id: I0e70d037e61fdeffdbd49460caa692e9781cc511
(cherry picked from commit d19edc9c090d64926469463991ca7e86c73368fa)
CVE-2017-0777
|
|
|
|
|
|
|
|
|
|
|
|
| |
to make sure we actually advance in the file
Bug: 37093318
Test: decoded poc and other files with and without change
AOSP-Change-Id: I94cf65336ce4132c17c39b651dc520264f02a704
(cherry picked from commit f01750adb0558d1885c7d5a5c8900d2187d0d38d)
CVE-2017-0694
Change-Id: I3627f73dccfbb04dd744475c96e5532302b8196a
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: 36725407
Test: decoded poc and other files with and without fix
AOSP-Change-Id: I9e23b2dbf133321bb01ae47c39761e17e46bd846
(cherry picked from commit ede62341663cf356edb20e3d14424aec767ea66b)
CVE-2017-0692
Change-Id: I72d0426fc73b390b31b152709ab2e810076827ee
|
|
|
|
|
|
|
|
|
|
| |
Bug: 34031018
AOSP-Change-Id: I8d373c905f64286b23ec819bdbee51368b12e85a
CVE-2017-0541
Change-Id: Ifb1825e25751e98b7f1d5355c5d3d0699ec08be7
(cherry picked from commit 56d153259cc3e16a6a0014199a2317dde333c978)
|
|\
| |
| |
| |
| |
| |
| | |
Android 6.0.1 release 66
# gpg: Signature made Tue 06 Sep 2016 09:26:38 AM PDT using DSA key ID 9AB10E78
# gpg: Can't check signature: public key not found
|
| |
| |
| |
| |
| |
| | |
Bug: 29770686
Bug: 23304983
Change-Id: I1648aab90bc281702a00744bf884ae8bb8009412
|
| |
| |
| |
| |
| | |
Bug: 26366256
Change-Id: Ief72e01b7cc6d87a015105af847a99d3d9b03cb0
|
| |
| |
| |
| |
| | |
Bug: 26366256
Change-Id: I066888c25035ea4c60c88f316db4508dc4dab6bc
|
|\ \
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/platform/external/sonivox into cm-13.0
Android 6.0.1 release 22
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 95a4f1d4af
* commit '95a4f1d4af0118e9f7cdd8852b7445fb837aba57':
Sonivox: add SafetyNet log.
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Bug: 26366256
Change-Id: Ief72e01b7cc6d87a015105af847a99d3d9b03cb0
|
| |\| |
| | |/
| |/|
| | |
| | |
| | |
| | | |
am: 68ea08e38a
* commit '68ea08e38ae022a548cde64b6c71a8cb608c799f':
Sonivox: sanity check numSamples.
|
| | |
| | |
| | |
| | |
| | | |
Bug: 26366256
Change-Id: I066888c25035ea4c60c88f316db4508dc4dab6bc
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let S_SMF_DATA.numStreams set after S_SMF_DATA.streams is
initialized.
Bug: 23528803
Change-Id: Ie45156a03ec6700a9b0971626eb08cb5c9cdab6e
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
wave pool.
Bug: 23307276
Change-Id: I4c2644feb42c8455be63e48a12ebfc62313cf4cf
(cherry picked from commit 9cf7e8775823c4e136a9841d41dcdb5fe4f98173)
|
| | |
| | |
| | |
| | |
| | | |
Bug: 23307276
Change-Id: Iea56eae9a1855b41840f8d814717fe6379c5bb4d
|
| | |
| | |
| | |
| | |
| | |
| | | |
Bug: 23335715
Change-Id: I4a5522c46dcda9285db1f830337aa2642ddc4fd1
(cherry picked from commit 99e0e2e2c1fd0f895b6d4bdf0a85798cf044218e)
|
|\| |
| | |
| | |
| | | |
Android 6.0.0 release 26
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Let S_SMF_DATA.numStreams set after S_SMF_DATA.streams is
initialized.
Bug: 23528803
Change-Id: Ie45156a03ec6700a9b0971626eb08cb5c9cdab6e
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Support for mxmf file playback
-mxmf files couldn't be played.
-Added a condition check, in DLSParser(), to warn user if artCount is 0 and
to use default articulations.
CRs-Fixed: 465437
Change-Id: I42b1634c65e3779ee7924913cc17020bde9cc38d
midi decoder lib state is not updated on midiplayer stop
- On EAS_Pause() STREAM_FLAGS_PAUSE is added to streamFlags, but
EAS_State() returns SUCCESS before checking for streamFlags and
updating midiplayers state.
- Fix is to check for streamFlags for STREAM_FLAGS_PAUSE and update
midiplayers state before returning SUCCESS.
CRs-Fixed: 633774
Change-Id: Ie8845633f27f05c4917045dcf7cc2b3219c13ef6
|
| |
| |
| |
| |
| |
| |
| | |
wave pool.
Bug: 23307276
Change-Id: I4c2644feb42c8455be63e48a12ebfc62313cf4cf
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | | |
Bug: 23307276
Change-Id: Iea56eae9a1855b41840f8d814717fe6379c5bb4d
|
|\ \ \
| | | |
| | | |
| | | | |
into mnc-dev
|
| |/ /
| | |
| | |
| | |
| | | |
Bug: 23335715
Change-Id: I4a5522c46dcda9285db1f830337aa2642ddc4fd1
|
|\ \ \
| |/ /
|/| /
| |/
| | |
* commit '0a3e23a696b985a02d8f896f12a989e72c9b1cfe':
Check segments and libs
|
| |
| |
| |
| |
| | |
Bug: 23286323
Change-Id: I95ee385d0fb1503a4ce5a96e30d034ac8b81170e
|
| |
| |
| |
| |
| |
| | |
Bug: 21132860.
Change-Id: I8ae872ea2cc2e8fec5fa0b7815f0b6b31ce744ff
(cherry picked from commit 2d7f8e1be2241e48458f5d3cab5e90be2b07c699)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sonivox's EAS_I32 and EAS_U32 are defined as long, so actually 64-bit
when compiled in 64-bit mode. This breaks the math macros used by
reverb, so make those macros use (u)int32_t instead.
(changing EAS_I32 to actually be 32-bit breaks the synth itself)
Bug: 22506524
Change-Id: I86216b886b3696559d27d3f25819770fb91b6f9a
|
|/
|
|
|
| |
Bug: 21132860.
Change-Id: I8ae872ea2cc2e8fec5fa0b7815f0b6b31ce744ff
|
|
|
|
|
|
|
|
|
| |
The parser will parse only parse file type and revision level when
parsing XMF version 2.00 headers.
XMF versions 1.00 and 1.01 doesn't support file type and revision
level in the headers.
Change-Id: I883c9e78179fac45db4ab3c4e3d0cbbb2df4899b
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
> 2GB (MIDI parser memory leak)
Midi Parser support only 32 bit file operations and thus files
of size less than 2 GB. When file open is called on the Midi
parser, for files more than 2GB, internal seek operation fails
resulting in the non-closure of the opened file. This resulted
in the memory leak of the opened file descriptor. This is
fixed by closing the opened file descriptor on failed cases.
Change-Id: Ie9f53275206e2b4616d1cfc41c12b90544895548
Author: Muthukumar Kandasamy <muthukumar.kandasamy@intel.com>
Signed-off-by: Muthukumar Kandasamy <muthukumar.kandasamy@intel.com>
Signed-off-by: Gurudatta Bhakte <gurudattax.bhakte@intel.com>
Singed-off-by: Shuo Gao <shuo.gao@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 39292
|
|
|
|
|
|
| |
b/5453816
Change-Id: Ic2104fc0b86ef0b5ec3af7a009b193f85690d291
|
|
|
|
|
|
| |
b/3290604
Change-Id: If1d15499575b1448c6c1c735718c2269b87fae3e
|
|
|
|
|
|
|
|
|
|
|
| |
(bug 2068782).
It is possible to construct a legitimate iMelody file that consists of only control
commands such as ledon, ledoff, etc. in an infinite loop. If there are no notes or
rests in the file, the iMelody parser will spin in an infinite loop sucking as many
CPU cycles as it can get. This fix ignores loops that contain no notes or rests since
they make no sense. The controls will be processed, but the loop will only execute
once.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|