| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Indicate error if width/height is parsed as 0.
Bug: 37561455
Test: re-ran POC without failure
Change-Id: I67245af1cd21621a3abafad3141aca109b2a4664
(cherry picked from commit 9ba62ccd598b40429e207ce3a5e4e743a35c739e)
(cherry picked from commit f0d73551ba85b90de57faa3c574a4d0a6d03677b)
|
|
|
|
|
|
|
|
|
|
| |
Checking to ensure the picture structure read in dec_pic_coding_ext is
valid. If invalid, decode should not procede because the buffer obtained
to decode a picture with invalid picture structure will not be freed.
Bug: 37273673
Change-Id: I1469bb7b5daeab285ad55dcb77f54d0cb5d19dad
(cherry picked from commit f7546c1710348b975e204b07317a7bfb3c9c69de)
|
|
|
|
|
|
|
|
|
|
| |
If a vertical slice position is read different from the current decode
position, the u2_mb_y and u2_mb_x values were updated but the number of
MBs left to decode was not. Adding code to do the same.
Bug: 37273547
Change-Id: I8e4df576525eb0536446532967eb1fdbd4f5af4a
(cherry picked from commit f013a814f7765f3da1f26acfe003d3f16402735c)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The coefficient index should be less than the number of coefficients
allowed (max = 64). The check has been moved, so we check only before
reading a new coefficient.
Bug: 37237390
Bug: 37203196
Test: ran POC on patched n-mr2 system
Change-Id: I61060c524a5c3c26c7d1fe901393df083b2372ea
(cherry picked from commit edfd6f6089d54c9bdf937b614724cb02179ed178)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If it is NULL then it should first get assigned to a value before dereferencing
Adding check for the same.
Bug: 34231231
AOSP-Change-Id: I8ed89ea791d78d5fa8e35d123a92866b3da1ceb1
(cherry picked from commit a8dbcd2b5c956a45a848a332c35909ad58c6a2a9)
CVE-2017-0686
Change-Id: If7bde30f811372979abc8f9952a70746ccbf7d2e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Number of bytes consumed in multi-thread run was 0, causing the decoder to
run in an infinite loop. Fixed the same.
Bug: 34203195
Bug: 34203325
AOSP-Change-Id: I3adc833b6a6a69e63f62f2e179a1ed886f39b3ee
(cherry picked from commit d4c1922a42aafe9a2511f630a8f4c05644517709)
CVE-2017-0685
Change-Id: I6a008cfe36f31c8a54086cac82d5046bc6fa46f0
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding check to make sure the number of skip MBs do not exceed the total
number of MBs left to decode.
Bug: 34231163
AOSP-Change-Id: I62ceffdafcbc0c6d580f6ae1b5b9ab0708a7134f
(cherry picked from commit f217b853e7527552290bd047381338f934bccdd6)
CVE-2017-0674
Change-Id: I7b81dc4ea88ab31da8e1467560e4f16987360399
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If header decode was unsuccessful, do not try decoding a frame
Also, initialize pic_wd, pic_ht for reinitialization when
decoder is created with smaller dimensions
Bug: 28886651
Bug: 35219737
AOSP-Change-Id: I8c06d9052910e47fce2e6fe25ad318d4c83d2c50
(cherry picked from commit 2b9fa9ace2dbedfbac026fc9b6ab6cdac7f68c27)
(cherry picked from commit c2395cd7cc0c286a66de674032dd2ed26500aef4)
CVE-2017-0587
Change-Id: I86bf7208f238598a0ffe87b51ffb035044beaf2e
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The maximum number of lead zeros in a VLD symbol (17 bits long) is 11.
Bug: 34093073
AOSP-Change-Id: Ifd3f64a3a5199d6e4c33ca65449fc396cfb2f3fc
(cherry picked from commit 75e0ad5127752ce37e3fc78a156652e5da435f14)
CVE-2017-0557
Change-Id: I77829335659afc8bab2f5878785d1be0ee15750a
(cherry picked from commit 227c1f829127405e21dab1664393050c652ef71e)
|
|
|
|
|
|
|
|
|
|
|
| |
Bug: 34093952
AOSP-Change-Id: I9f009edda84555e8d14b138684a38114fb888bf8
(cherry picked from commit 3f068a4e66cc972cf798c79a196099bd7d3bfceb)
CVE-2017-0556
Change-Id: I86f9600e387f2ca94cc901e76a0f89fc7ed86459
(cherry picked from commit f301cff2c1ddd880d9a2c77b22602a137519867b)
|
|
|
|
|
| |
Bug: 28168413
Change-Id: I3db5432a08daf665e160c0dab2d1928a576418b4
|
|
|
|
|
| |
Bug: 26070014
Change-Id: Id9f063a2c72a802d991b92abaf00ec687db5bb0f
|
|
|
|
|
|
|
|
| |
Bugfix: 25812590
Moved check for numCoeffs > 64 inside the coeff decode loop
Change-Id: I444b77ef2a3da9233ec14bb72ac70b7e2fa56bd1
(cherry picked from commit ff3496c45c571da7eb93d6f9f05758813468fc72)
|
|
|
|
|
|
|
| |
If mb_type decoded returns an invalid type of MB, then return error
Bug: 26070014
Change-Id: I66abcad5de1352dd42d05b1a13bb4176153b133c
|
|
|
|
|
|
|
|
| |
allocated size.
Bug: 25765591
Change-Id: I98c23a3c3f84f6710f29bffe5ed73adcf51d47f6
|
|
|
|
|
|
|
| |
This removes unnecessary changes from build to build.
Bug: 24204119
Change-Id: Ie06330f196a64509fc066b329b6e383f02a6db4b
(cherry picked from commit 89fff63d42d951dd538613641ef97ec0ebd7a59d)
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Stack now points to top always
Change-Id: I0a45a0dd218d254fb0b5e0f93ce6ed56a83a2dd1
|
|\ \ |
|
| | |
| | |
| | |
| | | |
Change-Id: Iec059e0f2790e07243d9890232459c52869836cd
|
| |/
|/|
| |
| | |
Change-Id: I9d89ff1b167b57299665e53efc876b11b1f5a432
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Decoder output is deinterlaced if a picture is signalled as interlaced
Added SIMD optimizations for arm, armv8 and x86/x64
Bug: 20932810
Change-Id: I6079922f4fc8f1d3680e5169a4d8e70efe8ea471
|
|/
|
|
|
|
|
|
|
|
|
| |
Removed alignment requirements for stride
Fixed strides passed to frame copy function
Display width is passed to frame copy function instead of stride
Moved decoder specific definitions from common to decoder files
Bug: 20932810
Change-Id: Ieb1370e2ff9c6b3d04e4c0b9630653943346eb54
|
|
|
|
|
|
|
|
|
|
|
|
| |
Buffer managers are reset to init state in reset()
Return picture type of picture being output instead of picture decoded
Read start code only if input bitstream has enough bytes
Bug: 22860270
Change-Id: Ic158d9dbff6d6b5295173b6ff2a4c6d6da66115f
|
|
|
|
|
|
| |
Disable clang for assembly, and pass include paths to clang-assembly in a clang way
Change-Id: Id0e4f433cd0b7f28addf50b36e2bce29e7fba3a8
|
|
|
|
| |
Change-Id: I25ec2b8b6d0517097678b62fe4dcd286bf746d24
|
|\ |
|
| |
| |
| |
| | |
Change-Id: I5a9473876e596e7461e91f971b0243f694f7e8fb
|
|\ \
| |/
|/| |
|
| |
|
|
|