| Age | Commit message (Collapse) | Author |
|---|
|
y-f-release-4299435 snap-temp-L00000000103192657
Change-Id: I58443068ed9fc31fd32afb158b5522c446b7cee8
|
|
2781184, 2780842, 2780843, 2780920, 2780921, 2780922, 2780923, 2780924, 2780925, 2780926, 2780927, 2780894, 2780895, 2781304, 2780844, 2780845, 2780846, 2781209] into nyc-mr1-security-e-release
Change-Id: I0553dda90b95d3723aafb29902e366eeffc7dae1
|
|
Test: run the poc with and without the patch
Bug: 63045918
Change-Id: I27804d42c55480c25303d1a5dbb43b1d86d7fa94
(cherry picked from commit 272f2c23c8ba8579adb0618b4124163b9bf086fb)
|
|
For clips with tiles and dimensions >= 4096,
CTB size of 16 can result in tile position > 255.
This is not supported by the decoder
Bug: 37930177
Test: ran poc w/o crashing
Change-Id: I2f223a124c4ea9bfd98343343fd010d80a5dd8bd
(cherry picked from commit 248e72c7a8c7c382ff4397868a6c7453a6453141)
|
|
2648038, 2648039, 2648040, 2648041, 2648042, 2647918, 2647429, 2647906, 2647907, 2647951, 2647952, 2647953, 2647954, 2647955, 2648056, 2648057, 2648058, 2648059, 2648060, 2648061, 2648062, 2648063, 2648064, 2647919, 2648065, 2647908, 2648049, 2647909, 2647910, 2648066, 2648050, 2647430, 2647431, 2647432, 2647433, 2647434, 2647435, 2648076, 2648051] into nyc-mr1-security-e-release
Change-Id: I7de8aeaf98cb4299865487d5e90522bd1f044a61
|
|
In case of error clips, some PUs are marked as skip.
Ensure such PUs stay within the picture
Bug: 37615911
Test: ran POC included with the bug.
Change-Id: Ie0aeccc752cf556f9dea84de61c15a7906e1060b
(cherry picked from commit 62830d130b33ab196245e8fbda63639fe9420c18)
|
|
change hard-coded array sizes to use appropriate defined constant
Bug: 62534693
Bug: 62534786
Bug: 62534806
Bug: 62533909
Test: run POC before/after on master
Change-Id: I999545c42d3321570e931991076a942a9134a17d
(cherry picked from commit 4146e81c6dd50634b28b566adda5ac797f47c374)
|
|
Bug: 37435531
Bug: 36817631
Bug: 36492741
Change-Id: I85e3da9a8aaefaac0b494868fdc94d858e4cf8e6
(cherry picked from commit 1ffb19f7ae4c9622a270ad87f950ce8ffe622783)
|
|
Test: run poc with and without the patch
Bug: 62214264
Change-Id: If627ee9a8f0dbd65963897966e1c2d39f5fbd428
(cherry picked from commit e8c26c16d78c5accec081c8f4516918eee679c4c)
|
|
2647441, 2647442, 2647443, 2647444, 2647916, 2647421, 2647898, 2647899, 2647936, 2647937, 2647938, 2647939, 2647940, 2647941, 2647942, 2647943, 2647944, 2647945, 2647946, 2647947, 2647948, 2647949, 2647917, 2647950, 2647900, 2647445, 2647901, 2647902, 2647903, 2647446, 2647422, 2647423, 2647424, 2647425, 2647426, 2647427, 2647428, 2647447] into nyc-mr1-security-f-release
Change-Id: I13fea3931e0f0ea20ce75bea4f5a7c2cb30e9e5b
|
|
In case of error clips, some PUs are marked as skip.
Ensure such PUs stay within the picture
Bug: 37615911
Test: ran POC included with the bug.
Change-Id: Ie0aeccc752cf556f9dea84de61c15a7906e1060b
(cherry picked from commit 62830d130b33ab196245e8fbda63639fe9420c18)
|
|
change hard-coded array sizes to use appropriate defined constant
Bug: 62534693
Bug: 62534786
Bug: 62534806
Bug: 62533909
Test: run POC before/after on master
Change-Id: I999545c42d3321570e931991076a942a9134a17d
(cherry picked from commit 4146e81c6dd50634b28b566adda5ac797f47c374)
|
|
Bug: 37435531
Bug: 36817631
Bug: 36492741
Change-Id: I85e3da9a8aaefaac0b494868fdc94d858e4cf8e6
(cherry picked from commit 1ffb19f7ae4c9622a270ad87f950ce8ffe622783)
|
|
Test: run poc with and without the patch
Bug: 62214264
Change-Id: If627ee9a8f0dbd65963897966e1c2d39f5fbd428
(cherry picked from commit e8c26c16d78c5accec081c8f4516918eee679c4c)
|
|
y-f-release-4118426 snap-temp-L72200000081371809
Change-Id: I8c89f10ddf07c7e4fbe2e5d0993a400f77ae2031
|
|
2435617, 2435558, 2435784, 2435709, 2435631, 2435559, 2435560, 2435618, 2435801, 2435674, 2435710, 2435746, 2435579, 2435747, 2435711, 2435785, 2435786, 2435787, 2435713, 2435804, 2435822, 2435842, 2435753, 2435965, 2436024, 2435885] into nyc-mr1-security-e-release
Change-Id: I566401497839926c2812c913b67f40bc51c795a4
|
|
Bug: 37712181
Test: ran patched against POC on nyc-mr2
Change-Id: I5408b3afd898db99265f94573d1163ef83c9b99c
(cherry picked from commit 62ebc3276199bef53c4b87cfcd8c8586af255fee)
|
|
Bug: 37469795
In pic_init, pic_present was set in the beggining. If pic_present
was set, process and buffer managment were done. For an error
stream, a crash occured when pic_init returned with error after setting
pic_present.
Change-Id: Iea42e6ad2bc5a74517188fa5e4cc434bb96d46c7
(cherry picked from commit d012a1ffc0a260de924b7af5e3ba30eb65526f8a)
|
|
Bug: 37430213
Change-Id: I77f5973db54edccc0972649035b0fbde961c10dd
(cherry picked from commit 16c8c8cceeb74c7f4634803723a0b8b1f4881dc9)
(cherry picked from commit 453587489900c62280aadd1d1c8e3899dc57e965)
|
|
2315713, 2315746, 2315786, 2315799, 2315576, 2315800, 2315673, 2315821, 2315578, 2315597, 2315633, 2315598, 2315769, 2315716, 2315634, 2315823, 2315801, 2315636, 2315717, 2315772, 2315753, 2315803, 2315638, 2315840, 2315841, 2315842, 2315824, 2315791, 2315879, 2315804, 2315827, 2315863, 2315792, 2315864, 2315755, 2315882, 2315756, 2315828, 2315793, 2315865, 2315883, 2315899, 2315885, 2315796, 2315869, 2315923, 2315924, 2315943] into nyc-mr1-security-e-release
Change-Id: Icca24c83a61ac3c96b52d49e14912a91a628771c
|
|
Bug: 37094889
Test: Tested POC on ASAN build
Change-Id: Id4e52cd10a4d5eac015efe4b752162dc39cc30b8
(cherry picked from commit 520465122804c4022edd0c8c3c54a93fb4cba613)
|
|
Bug: 36215950
Bug: 36215953
Bug: 36216719
Change-Id: Ibdc05e1d5aa21d060d7c683fd9af4bed8537053f
(cherry picked from commit d61d5e5f6aa0e5f80b8ae793aca4a4085d015c06)
|
|
SPS structure is memset to zero in parse_sps()
Bug: 33966031
Bug: 37458993
Change-Id: I7d4c04d2d25d7e9c8f581bd470260fc4394a564b
(cherry picked from commit 2e0e75aedef322baeb829bf5151aba312840ed40)
|
|
This works for mnc-dr-dev and later.
Bug: 34779227
Test: re-ran POC before/after patch to verify behavior
Change-Id: Ida0bf6bcc236494c3c89b228039501e287839fbe
(cherry picked from commit 99df61bb9a89cdd123d4f515c44238b48d62642a)
|
|
without resolution change
backported from master as part of fixing a security issue on
nyc-*.
Bug: 34779227
Test: successful re-run of POC after patch
Change-Id: I404099ac24439b5f6eddc9265dc571929433b3ee
(cherry picked from commit 27ad0d7bffb18dc47ab420789ca45f5481906903)
|
|
Bug: 34896431
The arrays in hrd are of size MAX_CPB_CNT. If cpb cnt is more
than MAX_CPB_CNT, more data is parsed and the subsequent buffer
is corrupted.
Change-Id: I74c01b8c7142b67a358eb5e36b160a7fbf2b69e4
(cherry picked from commit 3e194e0edde1d9ceb71d18f6f0e0bf156a76a650)
|
|
Bug: 36231493
Bug: 34064500
Change-Id: Ib17b2c68360685c5a2c019e1497612a130f9f76a
(cherry picked from commit 07ef4e7138e0e13d61039530358343a19308b188)
|
|
If previous slice is not completed, update the current slice
ctb_x and ctb_y so that while filling the previous slice,
the parse slice code can break properly.
Bug: 32322258
Test: boot, ran POC supplied with bug
Change-Id: Ie9090694514a018268851560a3f056194ff6fc91
(cherry picked from commit 830858436bb31036d4260f30c25fa83fd351ed40)
|
|
When checking mv bufs for releasing from reference, unallocated
mv bufs were also checked. This issue was fixed by restricting
the loop count to allocated number of mv bufs.
Bug: 34896906
Bug: 34819017
Change-Id: If832f590b301f414d4cd5206414efc61a70c17cb
(cherry picked from commit 23bfe3e06d53ea749073a5d7ceda84239742b2c2)
|
|
When the offset was greater than range, the bitstream was read
more than the valid range in leaf-level cabac parsing modules.
Error check was added to cabac init to fix this issue. Additionally
end of slice and slice error were signalled to suppress further
parsing of current slice.
Bug: 34897036
Change-Id: I1263f1d1219684ffa6e952c76e5a08e9a933c9d2
(cherry picked from commit 3b175da88a1807d19cdd248b74bce60e57f05c6a)
(cherry picked from commit b92314c860d01d754ef579eafe55d7377962b3ba)
|
|
The error returned by ref_list function was not handled by the
caller parse_slice_header.
Bug: 34672748
Change-Id: I55f6cb0e651746e77f7ff3375115894ec3964203
(cherry picked from commit 25206ffa6eeb25f32103e69f893287425ab1bd10)
|
|
Bug: 35039946
Change-Id: Ia97fa8711f313d0029d2b13e6d150d5e46b2bb99
(cherry picked from commit a6c58e18a49a1ea4929f8345b3c59f900d5813f5)
(cherry picked from commit 232bbe1908d1dd9f10513d7b8065ecaf5c9a11a6)
|
|
Bug: 33864300
Change-Id: I920e45c3420a1a41a366ad45bd4186c5f6af6d6b
(cherry picked from commit 1ab5ce7e42feccd49e49752e6f58f9097ac5d254)
|
|
cu_qp_delta is now checked for the range as specified in the spec
Bug: 33966031
Change-Id: I00420bf68081af92e9f2be9af7ce58d0683094ca
(cherry picked from commit 01ca88bb6c5bdd44e071f8effebe12f1d7da9853)
|
|
Bug: 33918236
Bug: 33964497
Bug: 33965905
Bug: 33862021
Change-Id: If121221d0f6e983c05d95d123af9bed378d1961f
(cherry picked from commit b5cae8181efbb9649ffddb659305a0da59ed445a)
|
|
Limit func_idx to valid range to ensure invalid functions are not
called when wrong TU size is signalled for chroma due to error in
parsing
Bug: 32915871
Change-Id: I662212eb2e9b8994e7e85780e667f14df73b5905
(cherry picked from commit a76773ab749bd57f3467c79aa60c16c1f2c87380)
|
|
Out of bound reads in the following variables are fixed
scaling_mat_offset in ihevcd_iquant_itrans_recon_ctb()
ai1_offset_y, ai1_offset_cb and ai1_offset_cr in ihevcd_sao_shift_ctb()
These values were read but not used
b/32915871
Change-Id: Ib07e2ed1bdcc600700d4e9e5d970f6cc2164ab1b
(cherry picked from commit 4def2dfabf8afcb185942131c1e67bb3ff211f05)
|
|
A register was not loaded correctly which was resulting in a crash
for a certain combination of availability flags and block height
Bug: 32873375
Test: Tested manually for the clip associated with the bug
Change-Id: I6e0969a1e51c8149853bae226b527411b45ec370
(cherry picked from commit 68215fd9ed309d1f1cc204e96bd788f5c865525c)
|
|
If an invalid slice_address was parsed, it was resulting in an incomplete
slice header during decode stage. Fix this by not incrementing slice_idx
for ignore slice error
Bug: 32322258
Change-Id: I8638d7094d65f4409faa9b9e337ef7e7b64505de
(cherry picked from commit f4f3556e04a9776bcc776523ae0763e7d0d5c668)
|
|
On some A72 based devices, data shared between cores was found to be
inconsistent which was resulting in an infinite loop.
Adding memory barriers before marking a CTB as parsed/processed,
all the pending memory operations are guaranteed to be completed.
Change-Id: I6e3bb11123a3c12ba7e69c4bfcd38960616f9fb5
(cherry picked from commit 031b91dde5dd07c15d6401601e47e7c937e79051)
(cherry picked from commit 27405a217f75f663a814454068bd81fcf30e9cf6)
|
|
params" into nyc-mr1-dev
|
|
Bug: 27442922
Change-Id: Id466d48070ed916f18ebed6d3cf592bdcd206b83
|
|
When VUI does not contain u1_matrix_coeffs, it should be set to 2
to signal that it is not present in the bitstream.
Bug: 29640760
Change-Id: I1f1217725f5c5dada2079e1487058381bfb00ef0
|
|
am: 063ce60457 -s ours am: cc3f8cbcf5
am: 4735213fa3
* commit '4735213fa3c44844471b0b588d0c9e8f1da1d040':
Fix the frame size alignments
|
|
am: 063ce60457 -s ours
am: cc3f8cbcf5
* commit 'cc3f8cbcf59fd8ee34744023039c8b3dcea8b454':
Fix the frame size alignments
|
|
am: 063ce60457 -s ours
* commit '063ce60457496a8ccac95f723ac71e364f3405bb':
Fix the frame size alignments
|
|
am: 30491833ff
* commit '30491833ff1802b28eb2b408ec429947a24c0279':
Fix the frame size alignments
|
|
am: 4917993a7e
* commit '4917993a7e6c32fe71f4ba3a0b74df22cd1f5c40':
Fix the frame size alignments
|
|
am: 50ad42cf93
* commit '50ad42cf932173dc438e26eda5bc4606b09cbcd8':
Fix the frame size alignments
|
|
Change I59c996161053e313c873381c5bf6f8c36488483f aligned the number
of luma samples to 64byte boundaries when calculating and creating
the buffers. Unfortunately, it doesn't change all instances of that
calculation, leading to mismatches between creation/allocation/destruction.
Fixes android.media.cts.DecoderTest#testEOSBehaviorHEVC and
android.media.cts.DecoderTest#testCodecEarlyEOSHEVC
Bug: 24686670
Bug: 25070493
Bug: 25995793
Bug: 26217939
Bug: 26239053
Change-Id: I5b9dd682e08cfb03d2bc54829c4908976251dee7
|
