Age | Commit message (Collapse) | Author |
|
15151896, 15150908, 15151384, 15151699, 15151700, 15151701] into security-aosp-oc-mr1-release
Change-Id: I640b1a4308df54d0bcfb05bd54e9649ec3279168
|
|
Increment u2_cur_slice_num only if current slice had atleast
one MB of memory left.
Test: clusterfuzz generated poc in bug
Bug: b/182152757
Bug: b/179938345
Bug: b/185112718
Change-Id: Ic5eb07e961bccb7fde954bcfd791fd879804e335
(cherry picked from commit a88e0683a420d7ee9aa4b6f41f94cb8dc0c5e040)
|
|
14554378, 14554522, 14554523, 14554381, 14554563, 14554564, 14554566, 14554568, 14554570, 14554571, 14554573, 14554526, 14554576] into security-aosp-oc-mr1-release
Change-Id: I3a7412f3adba6df78ed3bb97dd9679ab5a790423
|
|
Return current input buffer as buffer to be freed in case
of errors that are seen before picking up the input buffer
to be from the input queue.
Once a buffer is picked up from the queue, that is returned
as the buffer to be freed.
There is no need to return a buffer from ps_proc context
Bug: 180643802
Test: poc in the bug description
Test: atest CtsMediaV2TestCases:CodecEncoderTest
Test: atest VtsHalMediaC2V1_0TargetVideoEncTest
Change-Id: I1671ca1e82f522004d1f070df89b256b856f75b8
(cherry picked from commit 3e73f0d56298ba6256927928669d0cc6e4b1c9ee)
|
|
14128745, 14128746, 14128251, 14128748, 14126431, 14125341, 14128805, 14128806] into security-aosp-oc-mr1-release
Change-Id: Ifd23ee5b67d4b9e859d89bb7df401c052db0487e
|
|
Bug: 176533109
Test: poc in the bug description
Change-Id: Ia83383f9b65cbde8d7a50a1af8a054936daa4d78
(cherry picked from commit b59de5a25f28f0fe411526b2e50bb8052957c517)
(cherry picked from commit 10910bf9106eff724390255faa48f9f61dcfc744)
|
|
first_mb_in_slice shouldn't be >= mbs in the picture.
Test: poc in bugs
Bug: b/174238784
Bug: b/174507022
Bug: oss-fuzz:27856
Bug: oss-fuzz:28039
Change-Id: Id3a41c8c2ddf814910fc2d5dd4f57bdd84d28fec
(cherry picked from commit 7e06940dce7245f03fd950edf7f72ff321b2b451)
|
|
While adding the decoded buffer to display queue, allow buffer with
poc set to 0x7FFFFFFF
Bug: 145364230
Test: poc in bug
Change-Id: I2a15f73b8422cfa4fd3360bc21c0cea4542a3375
(cherry picked from commit ffcf2a87d66f935210ebd011eed474514d086b40)
|
|
Earlier these were only initialized during static buffer allocations.
Initializing them in init_decoder() will ensure that these get
initialized to default values during reset() as well. Without this,
in some error cases, there is a possibility of heap-use-after free,
when resolution changes and these pointers point to memory that is freed
Bug: 142602711
Test: poc in bug
Change-Id: Ie39fee0eca56bf32cdc558099bf167d05eb89620
(cherry picked from commit 01da7b5a52a76aee615b4e32eeceb4887d3662f0)
|
|
If lt_list and st_list point to same node then delete it from st.
If there is error while adding a node in bottom field of lt_list (top is
already added) then this node will be pointed by st_list also. So we need
to remove it from st_list
bug: 73552574
Test: poc before/after on Android N security branch
Change-Id: I95304c242c5854b18c5c7220d114ce6215760124
(cherry picked from commit f312a1d305dae23f9f6f663d2157bf9cf47bb92c)
|
|
IVD_RES_CHANGED was not signaled when crop parameters changed, i.e.
display dimensions changed without change in decode dimensions.
In such cases, if output buffer was allocated as per the current
dimension being decoded, without IVD_RES_CHANGED signalled, there can be
an OOB write if the new buffer is smaller than the frame being returned
as output
Bug: 118399205
Test: vendor
Change-Id: Ia750a99cda08a3254a6f8ea8b55d07e655b34d05
(cherry picked from commit 442a01bf37d5bd97bb6d13b382f00265051abbe8)
|
|
Do not mark bottom field as short term in case of error.
Bug: 73553038
Bug: 73552574
Bug: 73552999
Test: poc before/after
Change-Id: I8576861af36996a361a81f48ba9b251f0ae4e660
(cherry picked from commit 47cc04b40c94b14841d27eb3ac0b01c3f1739180)
|
|
Bug: 73625898
Test: ran POC before/after under ASAN
Change-Id: I9765b57f4afc6a2b6ad9cd19c8c7c5000beb9de9
(cherry picked from commit 9fa58d4db3ef176ed54af5f602970b48624be413)
|
|
Fixed initialization of u1_pr_sl_type for I slice.
Bug: 70897454
Test: ran PoC before/after patch
Change-Id: I0c37317513b72236be98c2b25482a67bf2b56052
(cherry picked from commit aecdfd1aff2505da11ad48ad4f9f918054ce0c97)
|
|
Memset to zero whenever new sps occurs.
Bug: 70897394
Test: manual
Change-Id: I5936fd55265ff8ad2b275a72b175cdb540bb7933
(cherry picked from commit 9c32ad7126890dfaa79fd29affaaf07de335fa3a)
|
|
The factor multiplication should happen only at the source,
not at the destination.
Bug: 71375536
Test: manual
Change-Id: Ib5f00b87150a0533880346fac5464b0b1a802c36
(cherry picked from commit c3b026a87d7da17ca5196e1973137b8691e60bde)
|
|
The output buffer size given by the application, needs to be checked
in every process call. This is required in the case of resolution
change in shared display mode.
Bug: 70294343
Bug: 70350193
Bug: 70526411
Bug: 70526485
Test: manual
Change-Id: I2c1e59425e84ac62a874e5ee180e1b98f0a4058f
(cherry picked from commit 3692aceb1b244be3e1b36d8e7b804986f593bb69)
|
|
When ref_pic_list_reordering_flag_l1 is equal to 1, the number of times
that reordering_of_pic_nums_idc is not equal to 3 following
ref_pic_list_reordering_flag_l1 should not exceed
num_ref_idx_l1_active_minus1 + 1.
Bug: 69478425
Change-Id: I031bb744869ac8a57f85bb97574832efd0eefc25
(cherry picked from commit 7ea47d575d26d4d5356670092af26fb6915e75bf)
|
|
If memory allocation for dec_hdl fails, return gracefully
with an error code. All other allocation failures are
handled correctly.
Bug: 68300072
Test: ran poc before/after
Change-Id: I118ae71f4aded658441f1932bd4ede3536f5028b
(cherry picked from commit 7720b3fe3de04523da3a9ecec2b42a3748529bbd)
|
|
Change in Mbaff flag needs re-initialization of NMB group
and other variables in decoder context.
Bug: 64380237
Test: ran poc on ASAN before/after
Change-Id: I0fc65e4dfc3cc2c15528ec52da1782ecec61feab
(cherry picked from commit d524ba03101c0c662c9d365d7357536b42a0265e)
|
|
This prevents heap overflow while parsing sei_message.
Bug: 63122634
Test: ran PoC on unpatched/patched
Change-Id: I61c1ff4ac053a060be8c24da4671db985cac628c
(cherry picked from commit f2b70d353768af8d4ead7f32497be05f197925ef)
|
|
Added extra structure to read mmco values and copied only once per
picture.
Bug: 65735716
Change-Id: I25b08a37bc78342042c52957774b089abce1a54b
(cherry picked from commit 3c70b9a190875938fc57164d9295a3ec791554df)
|
|
Change-Id: Ib88fca8164e0a459338c57ffb17952ce72772ee0
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours am: 458c4a866c -s ours am: e8235bbcea -s ours am: 23d505806b -s ours am: d570b32872 -s ours am: 82e6cbe7e2 -s ours am: 16aecc3c23 -s ours am: 4a356a0170 -s ours am: 301a5d4bdc -s ours
am: c68f846406 -s ours
Change-Id: I4cba680e65e9c0eb3317c0b03b4a03c9dc4196e1
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours am: 458c4a866c -s ours am: e8235bbcea -s ours am: 23d505806b -s ours am: d570b32872 -s ours am: 82e6cbe7e2 -s ours am: 16aecc3c23 -s ours am: 4a356a0170 -s ours
am: 301a5d4bdc -s ours
Change-Id: I9cfb90eaf44441ab12098b14c5f050b4f4e10e35
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours am: 458c4a866c -s ours am: e8235bbcea -s ours am: 23d505806b -s ours am: d570b32872 -s ours am: 82e6cbe7e2 -s ours am: 16aecc3c23 -s ours
am: 4a356a0170 -s ours
Change-Id: I03e86e7361489a3210ecbeaaff8ddb19da4ae24e
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours am: 458c4a866c -s ours am: e8235bbcea -s ours am: 23d505806b -s ours am: d570b32872 -s ours am: 82e6cbe7e2 -s ours
am: 16aecc3c23 -s ours
Change-Id: I8488f11dc27212fb3ad6cb9f8bab9e64e3b8fd1f
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours am: 458c4a866c -s ours am: e8235bbcea -s ours am: 23d505806b -s ours am: d570b32872 -s ours
am: 82e6cbe7e2 -s ours
Change-Id: I041366ad064f29c4a6d68b26915fa6bcea0b6e75
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours am: 458c4a866c -s ours am: e8235bbcea -s ours am: 23d505806b -s ours
am: d570b32872 -s ours
Change-Id: Ib46ed8947b0b5199c5c9a1db120b68016dbe9cac
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours am: 458c4a866c -s ours am: e8235bbcea -s ours
am: 23d505806b -s ours
Change-Id: Ia9d7fe958960e3d7918e3b61c42c3980c50dcfa1
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours am: 458c4a866c -s ours
am: e8235bbcea -s ours
Change-Id: I34c5addff3c61db5367d7b5017b7d91cebfed4d5
|
|
api." into mnc-dev am: 6a09a35355 -s ours am: b288f51729 -s ours
am: 458c4a866c -s ours
Change-Id: I4f89fbfa370e568457a436607b93e690083a6f85
|
|
api." into mnc-dev am: 6a09a35355 -s ours
am: b288f51729 -s ours
Change-Id: I673972e25b586ceb6f7c162ef1385dbb47fa3c29
|
|
api." into mnc-dev
am: 6a09a35355 -s ours
Change-Id: I01c0bfe70914107bee7763ec1beec9bd7abbf175
|
|
api." into mnc-dev
|
|
Fixed incorrect use of ps_dec->pv_dec_out to set error code.
Bug: 66372937
Test: at vendor
Merged-In: Ib04e0b15573b2482c9d5b43c8bc7dd30d8f8efdd
Change-Id: I7b66ee010089399c050a75d6d67feb03da0b8b3e
|
|
2f1ca945b1 am: 1b1e6d3ec9 am: 8ec4061310 am: 40d1b833d8 am: 73763b165e am: e9ec948685 am: 2411d507d4 am: 5795e09124 am: a55b5dd44f am: 359a2ba846
am: e127b146ff
Change-Id: Ic163faee250695def214290f06c8b5ab432e98eb
|
|
2f1ca945b1 am: 1b1e6d3ec9 am: 8ec4061310 am: 40d1b833d8 am: 73763b165e am: e9ec948685 am: 2411d507d4 am: 5795e09124 am: a55b5dd44f
am: 359a2ba846
Change-Id: Ia72f639861505d09d38f14abc67bbf5ca5ae21f1
|
|
2f1ca945b1 am: 1b1e6d3ec9 am: 8ec4061310 am: 40d1b833d8 am: 73763b165e am: e9ec948685 am: 2411d507d4 am: 5795e09124
am: a55b5dd44f
Change-Id: I4393ad6185c54c0cf6cd8534e03cbca1d81f5af5
|
|
2f1ca945b1 am: 1b1e6d3ec9 am: 8ec4061310 am: 40d1b833d8 am: 73763b165e am: e9ec948685 am: 2411d507d4
am: 5795e09124
Change-Id: I77647b40a35dd939e8b910afd0335c3a3027a56a
|
|
2f1ca945b1 am: 1b1e6d3ec9 am: 8ec4061310 am: 40d1b833d8 am: 73763b165e am: e9ec948685
am: 2411d507d4
Change-Id: Iac44e12ba187b7f30487401397af8b9125cbfe11
|
|
2f1ca945b1 am: 1b1e6d3ec9 am: 8ec4061310 am: 40d1b833d8 am: 73763b165e
am: e9ec948685
Change-Id: I02529daa59d105732e09d0e7cae38794e9041b3d
|
|
2f1ca945b1 am: 1b1e6d3ec9 am: 8ec4061310 am: 40d1b833d8
am: 73763b165e
Change-Id: Ia96b46ff5c254047eeff4dad62a0429a6d75ddf9
|
|
2f1ca945b1 am: 1b1e6d3ec9 am: 8ec4061310
am: 40d1b833d8
Change-Id: Id2268e35f95084f7c742587166c84404b979ac7a
|
|
2f1ca945b1 am: 1b1e6d3ec9
am: 8ec4061310
Change-Id: Ibe841cc94763771c315c3e084b68b5f60045053e
|
|
2f1ca945b1
am: 1b1e6d3ec9
Change-Id: I816a115c239a41b0008eb599fc6ff43b925f15f2
|
|
am: 2f1ca945b1
Change-Id: I203d518ad9dc60ea41dfdc88c1903b47398246ba
|
|
|
|
Change-Id: Ibc88851e4766ffb66b5ac1923b3ea44053065912
|
|
am: 848428bb84 am: a838b2f7f8 am: 3a8511dfaa -s ours am: 6d33435d4f am: 85615c3618 am: 586344f327 am: 6be35a62b0 am: 70defc46d2 -s ours am: cbab4f6e43
am: 553a478695
Change-Id: I85eb67eefc9fac4e5e762e7b06ae42c890e055ab
|