frameworks_av/media, branch replicant-6.0 frameworks/av Revert "Backport: OMXNodeInstance: use a lock around OMX::freeNode" 2020-01-04T00:00:43+00:00 Joonas Kylmälä joonas.kylmala@iki.fi 2019-10-19T22:08:09+00:00 f2b34d8daf26fa21e7248a75b2e6b34d15d5121c This reverts commit 19d12edc1aad955ecd2e2b1bc786f1e7acb5fe0c. It was causing lots of programs to crash in Replicant and made booting significantly longer. Reverting this commit is not ideal but because we currently don't know how to fix this properly at least by reverting this commit we can release other security issue fixes in the Replicant 6.0 0004 release. This is an excerpt from the backtrace of one of the crashes that happened because of this commit: F DEBUG : #00 pc 00046248 /system/lib/libc.so (tgkill+12) F DEBUG : #01 pc 00043d01 /system/lib/libc.so (pthread_kill+32) F DEBUG : #02 pc 0001bd73 /system/lib/libc.so (raise+10) F DEBUG : #03 pc 00018c03 /system/lib/libc.so (__libc_android_abort+42) F DEBUG : #04 pc 000167ec /system/lib/libc.so (abort+4) F DEBUG : #05 pc 0001a763 /system/lib/libc.so (__libc_fatal+26) F DEBUG : #06 pc 0002f50d /system/lib/libc.so (__bionic_heap_corruption_error+8) F DEBUG : #07 pc 0003173b /system/lib/libc.so (dlfree+310) F DEBUG : #08 pc 0000e9bb /system/lib/libutils.so (_ZNK7android7RefBase9decStrongEPKv+50) F DEBUG : #09 pc 0001936f /system/lib/libstagefright_omx.so Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi> Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> 
This reverts commit 19d12edc1aad955ecd2e2b1bc786f1e7acb5fe0c. It was
causing lots of programs to crash in Replicant and made booting
significantly longer. Reverting this commit is not ideal but because
we currently don't know how to fix this properly at least by reverting
this commit we can release other security issue fixes in the Replicant
6.0 0004 release.

This is an excerpt from the backtrace of one of the crashes that
happened because of this commit:

F DEBUG   :     #00 pc 00046248  /system/lib/libc.so (tgkill+12)
F DEBUG   :     #01 pc 00043d01  /system/lib/libc.so (pthread_kill+32)
F DEBUG   :     #02 pc 0001bd73  /system/lib/libc.so (raise+10)
F DEBUG   :     #03 pc 00018c03  /system/lib/libc.so (__libc_android_abort+42)
F DEBUG   :     #04 pc 000167ec  /system/lib/libc.so (abort+4)
F DEBUG   :     #05 pc 0001a763  /system/lib/libc.so (__libc_fatal+26)
F DEBUG   :     #06 pc 0002f50d  /system/lib/libc.so (__bionic_heap_corruption_error+8)
F DEBUG   :     #07 pc 0003173b  /system/lib/libc.so (dlfree+310)
F DEBUG   :     #08 pc 0000e9bb  /system/lib/libutils.so (_ZNK7android7RefBase9decStrongEPKv+50)
F DEBUG   :     #09 pc 0001936f  /system/lib/libstagefright_omx.so

Signed-off-by: Joonas Kylmälä <joonas.kylmala@iki.fi>
Acked-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
colorconversion: not only check for the emulator, but also for a device that only has software rendering 2019-07-21T22:24:19+00:00 Wolfgang Wiedmeyer wolfgit@wiedmeyer.de 2015-12-21T12:49:50+00:00 b5d9e3856374f0a619015283cd58453e9e5b9ee8 Change-Id: I895cc30e6ed47629442b4cd949089fc940a8382c Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> 
Change-Id: I895cc30e6ed47629442b4cd949089fc940a8382c
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Check for overflow of crypto size 2018-12-03T17:18:50+00:00 Marco Nelissen marcone@google.com 2018-07-31T22:12:51+00:00 779361abc2ace8edf7e84170498a3980599087eb Bug: 111603051 Test: CTS Change-Id: Ib5b1802b9b35769a25c16e2b977308cf7a810606 (cherry picked from commit d1fd02761236b35a336434367131f71bef7405c9) 
Bug: 111603051
Test: CTS
Change-Id: Ib5b1802b9b35769a25c16e2b977308cf7a810606
(cherry picked from commit d1fd02761236b35a336434367131f71bef7405c9)
Fix information disclosure in mediadrmserver 2018-12-03T16:02:09+00:00 Jeff Tinker jtinker@google.com 2018-10-08T12:26:28+00:00 9127c1fd403ca552950e6e0f9fe34d27fbb21bf4 Test:POC provided in bug Bug:79218474 (cherry picked from commit c1bf68a8d1321d7cdf7da6933f0b89b171d251c6) Change-Id: Iba12c07a5e615f8ed234b01ac53e3559ba9ac12e 
Test:POC provided in bug
Bug:79218474
(cherry picked from commit c1bf68a8d1321d7cdf7da6933f0b89b171d251c6)

Change-Id: Iba12c07a5e615f8ed234b01ac53e3559ba9ac12e
M3UParser: handle missing EXT-X-MEDIA URIs 2018-10-08T04:32:21+00:00 Robert Shih robertshih@google.com 2018-07-12T23:17:45+00:00 fd974399aa40e7bfee3761d73f445a816a6fdb57 Bug: 111381540 Test: http://devimages.apple.com.edgekey.net/streaming/examples/bipbop_16x9/bipbop_16x9_variant.m3u8 Change-Id: I57f6cea59ce4c25267385289ab805eefe74b04ac (cherry picked from commit b8c3a74de55a76e2ee21c731828a8afca7aa4ae0) 
Bug: 111381540
Test: http://devimages.apple.com.edgekey.net/streaming/examples/bipbop_16x9/bipbop_16x9_variant.m3u8
Change-Id: I57f6cea59ce4c25267385289ab805eefe74b04ac
(cherry picked from commit b8c3a74de55a76e2ee21c731828a8afca7aa4ae0)
M3UParser: make url on demand 2018-10-08T04:31:44+00:00 Robert Shih robertshih@google.com 2018-06-01T22:09:21+00:00 14f22c3a2532b1f91fc3f28691e6a3fca50373d4 Bug: 77823362 Test: adb shell am start -a android.intent.action.VIEW -d http://10.42.0.1:8080 Change-Id: Ieaf8a13985277eee5b085ed243205a597627cf5e (cherry picked from commit 26e236bd426770869644a9962778dedea7bf59be) 
Bug: 77823362
Test: adb shell am start -a android.intent.action.VIEW -d http://10.42.0.1:8080
Change-Id: Ieaf8a13985277eee5b085ed243205a597627cf5e
(cherry picked from commit 26e236bd426770869644a9962778dedea7bf59be)
Fix possible out of bounds read 2018-08-08T19:23:33+00:00 Marco Nelissen marcone@google.com 2018-06-01T17:48:25+00:00 61c1950d60b1b29567cee9c8e73e4c336b618496 Bug: 78656554 Test: manual Change-Id: I677f827483dcc80afac57fd7ef6807e633542252 (cherry picked from commit 3762e0615273f25b059556d5b5f65102e9c55c35) 
Bug: 78656554
Test: manual
Change-Id: I677f827483dcc80afac57fd7ef6807e633542252
(cherry picked from commit 3762e0615273f25b059556d5b5f65102e9c55c35)
Speed up id3v2 unsynchronization 2018-07-16T18:17:40+00:00 Robert Shih robertshih@google.com 2018-05-09T22:16:17+00:00 dc3b246bb1422b805937343e65b513d246952eb6 Instead of doing many overlapping memmoves, do a single copy pass that skips over the inserted unsynchronization bytes. For some files this reduces parsing time from minutes to milliseconds. Similar to commit 72a43b68da but for v2.2 and v2.3. Bug: 78029004 Test: poc Change-Id: I735b7051e77a093d86fb7a3e46209875946225ed (cherry picked from commit f9d87cc850a589b9b0cc3658cf222187822bcc00) 
Instead of doing many overlapping memmoves, do a single copy pass
that skips over the inserted unsynchronization bytes. For some
files this reduces parsing time from minutes to milliseconds.

Similar to commit 72a43b68da but for v2.2 and v2.3.

Bug: 78029004
Test: poc
Change-Id: I735b7051e77a093d86fb7a3e46209875946225ed
(cherry picked from commit f9d87cc850a589b9b0cc3658cf222187822bcc00)
Add check preventing div0 issue 2018-06-08T17:33:02+00:00 Ryszard Grzesica ryszard.grzesica@sonymobile.com 2015-12-29T05:28:44+00:00 c81197623a895ae05354b4ad713066ab63978b81 There might be a scenario while period is zero or after including precision would be zero, prevent from division in that case and return false (to use previously used period). Bug: 73898703 bug: 74067957 Test: run playback as stability test Change-Id: I3fad1060b095b7b5ea4c1f9cb3f9d42a4c503560 (cherry picked from commit 27e47ce3c3bbc0b4dc629163de7ebbba7e80b149) CVE-2018-9354 
There might be a scenario while period is zero or after including
precision would be zero, prevent from division in that case and
return false (to use previously used period).

Bug: 73898703
bug: 74067957
Test: run playback as stability test

Change-Id: I3fad1060b095b7b5ea4c1f9cb3f9d42a4c503560
(cherry picked from commit 27e47ce3c3bbc0b4dc629163de7ebbba7e80b149)
CVE-2018-9354
Sanitize effect descriptors for AudioPolicyService binder calls. 2018-06-08T17:08:54+00:00 Andy Hung hunga@google.com 2018-04-12T18:06:56+00:00 33b6a0d4e2ce158fee4241985cfca3b959ec99a7 Zero initialize structs before parcel read, if status is not checked. Sanitize parcel read audio_port_config. Test: Audio CTS, See bug for POC Bug: 73126106 Merged-in: Iece43eb463385927e6babcf93654eea8aaebc29c Change-Id: Iece43eb463385927e6babcf93654eea8aaebc29c (cherry picked from commit 498bdcc90bc470a79bf8943cbac64502f7c1c091) CVE-2018-9378 
Zero initialize structs before parcel read, if status is not checked.
Sanitize parcel read audio_port_config.

Test: Audio CTS, See bug for POC
Bug: 73126106
Merged-in: Iece43eb463385927e6babcf93654eea8aaebc29c
Change-Id: Iece43eb463385927e6babcf93654eea8aaebc29c
(cherry picked from commit 498bdcc90bc470a79bf8943cbac64502f7c1c091)
CVE-2018-9378