Age | Commit message (Collapse) | Author |
|
Added SPDX-license-identifier-Apache-2.0 to:
msm8974/libstagefrighthw/Android.mk
msm8996/libstagefrighthw/Android.mk
msm8998/libstagefrighthw/Android.mk
Added SPDX-license-identifier-BSD to:
msm8974/libc2dcolorconvert/Android.mk
msm8974/mm-video-legacy/DivxDrmDecrypt/Android.mk
msm8974/mm-video-legacy/vidc/vdec.mk
msm8974/mm-video-legacy/vidc/venc.mk
msm8974/mm-video-v4l2/DivxDrmDecrypt/Android.mk
msm8974/mm-video-v4l2/vidc/vdec.mk
msm8974/mm-video-v4l2/vidc/venc.mk
msm8996/libc2dcolorconvert/Android.mk
msm8996/mm-video-v4l2/vidc/common/Android.mk
msm8996/mm-video-v4l2/vidc/vdec/Android.mk
msm8996/mm-video-v4l2/vidc/venc/Android.mk
msm8996/videopp/Android.mk
msm8998/libc2dcolorconvert/Android.mk
msm8998/mm-video-v4l2/vidc/common/Android.mk
msm8998/mm-video-v4l2/vidc/vdec/Android.mk
msm8998/mm-video-v4l2/vidc/venc/Android.mk
Added SPDX-license-identifier-BSD SPDX-license-identifier-MIT to:
msm8974/mm-core/Android.mk
msm8974/mm-core/omxcore/Android.mk
msm8996/mm-core/Android.mk
msm8998/mm-core/Android.mk
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: I7d795088bc8aba125e671ed5188bf2ccf074c0fb
|
|
am: fab1ad1153
Change-Id: I7bc88ed81f050271900817d4fe533adfaee3fa07
|
|
This code incorrectly uses || to combine a bunch of state constants. The
next Clang warns on this buggy pattern.
hardware/qcom/media/msm8996/mm-video-v4l2/vidc/venc/src/omx_video_base.cpp:1130:40:
error: use of logical '||' with constant operand
[-Werror,-Wconstant-logical-operand]
if (eState == (OMX_StateLoaded || OMX_StateWaitForResources
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
hardware/qcom/media/msm8996/mm-video-v4l2/vidc/venc/src/omx_video_base.cpp:1130:40:
note: use '|' for a bitwise operation
if (eState == (OMX_StateLoaded || OMX_StateWaitForResources
^~
|
Bug: http://b/110779387
Test: ./test_compiler.py --build-only --target aosp_sailfish-eng --no-clean-built-target ../../ --clang-path ../../prebuilts/clang/host/linux-x86/llvm-toolchain-dev/
Change-Id: I7332508f0f9827c7968a4680fe42eedffb3714e7
|
|
size am: 83aeab22d1 am: 2a0384e026 am: c68a7ce355 am: 32e9465138 am: 04f8e526b4 am: 7314778d75 am: bfc24b86ac
am: 48dd91c89c
Change-Id: I393d1d913c4851e9adfbbc28dc73a25e59037342
|
|
size am: 83aeab22d1 am: 2a0384e026 am: c68a7ce355 am: 32e9465138 am: 04f8e526b4 am: 7314778d75
am: bfc24b86ac
Change-Id: I18fd25029704ab2e7b5a164f22ce43c5b224bfc4
|
|
size am: 83aeab22d1 am: 2a0384e026 am: c68a7ce355 am: 32e9465138 am: 04f8e526b4
am: 7314778d75
Change-Id: Iefff1c8402c68b7aa2c23d95f5b6724e6e399ef4
|
|
size am: 83aeab22d1 am: 2a0384e026 am: c68a7ce355 am: 32e9465138 am: 04f8e526b4
Change-Id: I1e64eea0d3bf5e03b8a041e22efbd2b476a53469
|
|
size am: 83aeab22d1 am: 2a0384e026
Change-Id: I50c491c2301cc8382f40251da2cf6f7e1ed13c45
|
|
size am: 83aeab22d1
Change-Id: I4e7ad1ed9de14f79b802d7091371d22e1d88762c
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement.
Bug: 64340487
Test: ran POC on bullhead/nyc-dev
Change-Id: Iabbb2d7e00ff97bfc47b04386feec66976fca99a
|
|
This reverts commit 3f5de9fcd5c9653446ec8d4cb6b1c39536485ee5.
Reason for revert: regression at oc-mr1/bullhead
Change-Id: I800e3da4f056fe37be23a7a2567171f42c92e4a6
Bug: 64340487
Bug: 78291359
Bug: 78913375
Merged-In: I9db2e2592600137151d0e3f86f6b6dc2f03a950d
Merged-In: Ibd1ed01c7d740553b3cf90b6f3dd2fd447563284
Merged-In: I1763963839375db90f76dd0022bd1767ac5f067d
Merged-In: I69398d4fb236289be5f0b79f8db9a3bc30144b90
Merged-In: Ie9caad90482698913db06cdb9aeebfd869fe1a6a
|
|
buffer size" am: b2255366c0
Change-Id: I7b42e23afd028bdc3d9e99d1d7bc31261891688c
|
|
This reverts commit eaa23dde940ac3f3cb36c9e1a8836beea1410e2f.
Reason for revert: regression at oc-mr1/bullhead
Change-Id: I9db2e2592600137151d0e3f86f6b6dc2f03a950d
Bug: 64340487
Bug: 78291359
Bug: 78913375
Merged-In: Ibd1ed01c7d740553b3cf90b6f3dd2fd447563284
Merged-In: I1763963839375db90f76dd0022bd1767ac5f067d
Merged-In: I69398d4fb236289be5f0b79f8db9a3bc30144b90
Merged-In: Ie9caad90482698913db06cdb9aeebfd869fe1a6a
|
|
This reverts commit 25b99a64b3275d7c98141689c568081fd91fd201.
Reason for revert: regressions at oc-mr1/bullhead
Change-Id: I1763963839375db90f76dd0022bd1767ac5f067d
Bug: 64340487
Bug: 78291359
Bug: 78913375
Merged-In: I69398d4fb236289be5f0b79f8db9a3bc30144b90
Merged-In: Ie9caad90482698913db06cdb9aeebfd869fe1a6a
|
|
This reverts commit be6ea9de328743d7a8b970629a0c082c9cacd4ea.
Reason for revert: regressions at oc-mr1/bullhead
Change-Id: I69398d4fb236289be5f0b79f8db9a3bc30144b90
Bug: 64340487
Bug: 78291359
Bug: 78913375
Merged-In: Ie9caad90482698913db06cdb9aeebfd869fe1a6a
|
|
This reverts commit 4f368aba8c090006c96ad496558a66d15a63b79d.
Reason for revert: regressions at oc-mr1/bullhead and pi/walleye
Change-Id: Ie9caad90482698913db06cdb9aeebfd869fe1a6a
Bug: 64340487
Bug: 78291359
Bug: 78913375
|
|
size am: eaa23dde94
Change-Id: I6f6a28a9898c58d3a86fe13076723f860ece801f
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement
Change-Id: I3c8e59cc21828c2c8ef4c59642700a31f8c81e83
Author: Santhosh Behara <santhoshbehara@codeaurora.org>
Bug: 64340487
Test: PoC before/after
Merged-In: Icc65fe43134493fefe6e420ca818f60995084871
Merged-In: I70fa1dc7ac43b9281209955afc30f6737ce25f0e
Merged-In: I722ab9b6ecff20dcb97bc3b02830ef484e8bd495
Merged-In: I2e45bbcc6a2438ff226409b35ee802d123cf3dd8
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement
Change-Id: I49915dcf33e0dce94fe8ecb7334c7725d54c22aa
Author: Santhosh Behara <santhoshbehara@codeaurora.org>
Bug: 64340487
Test: PoC before/after
Merged-In: Icc65fe43134493fefe6e420ca818f60995084871
Merged-In: I70fa1dc7ac43b9281209955afc30f6737ce25f0e
Merged-In: I722ab9b6ecff20dcb97bc3b02830ef484e8bd495
Merged-In: I2e45bbcc6a2438ff226409b35ee802d123cf3dd8
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement
Change-Id: I722ab9b6ecff20dcb97bc3b02830ef484e8bd495
Author: Santhosh Behara <santhoshbehara@codeaurora.org>
Bug: 64340487
Test: PoC before/after
Merged-In: Icc65fe43134493fefe6e420ca818f60995084871
Merged-In: I70fa1dc7ac43b9281209955afc30f6737ce25f0e
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement
Author: Santhosh Behara <santhoshbehara@codeaurora.org>
Bug: 64340487
Test: PoC before/after
Merged-In: Icc65fe43134493fefe6e420ca818f60995084871
Change-Id: I70fa1dc7ac43b9281209955afc30f6737ce25f0e
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement
Author: Santhosh Behara <santhoshbehara@codeaurora.org>
Bug: 64340487
Test: PoC before/after
Change-Id: Icc65fe43134493fefe6e420ca818f60995084871
|
|
Bug: 66996870
Test: normal builds.
Change-Id: Ie9d18e6ea8db12b0ccde25f2718d0ef83fe4ba3a
|
|
Enumerate and advertise constrained profiles for AVC encoder.
Inorder to have backward compatability advertise exisisting as well
as newly added constants.
Keep legacy constants for getters as Android media framework does not
use them.
Bug: 65043406
Change-Id: I6fe88a505005731c4891aa1a7c1f627c65f01861
|
|
0008e21211 am: c0f642a22f am: 979b0e6864
am: 81323f63e3
Change-Id: I93a2d095b546151434a0c2ae8a5c919e2c6cd727
|
|
0008e21211 am: c0f642a22f
am: 979b0e6864
Change-Id: I2faf25ea66357a2444cf2f26b195e811c1d28c03
|
|
Output buffer(in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Bug: 36130225
Change-Id: If5e89703b2dec0aee8acb7e897e9df94227af3f3
Author: Praveen Chavan<pchavan@codeaurora.org>
|
|
Bug: 37647680, 37648355
Test: compile, manual
Change-Id: I7214dcc1e57f2a0466fc28173dd5de5d54c9a721
|
|
LOCAL_EXPORT_C_INCLUDE_DIRS, for VNDK"" am: a19e87fe30 am: 6d355e61ff am: 1673ee7a26
am: 07e30ae927
Change-Id: I94ac13b79554f607d10c5e35171b7cb8839f8677
|
|
LOCAL_EXPORT_C_INCLUDE_DIRS, for VNDK"" am: a19e87fe30
am: 6d355e61ff
Change-Id: Ieff87139db8c4bef748b7caee406b94278e47d07
|
|
This reverts commit 7bbd6afa54e361119c348c96eada150d998b3246.
Change-Id: I5b2aad573ea6e8048e6e1f25bc0026d23ede9f2a
|
|
|
|
VNDK" am: 1079b0b1d3
am: 05d18dc7ca
Change-Id: I8ad930da96f5faf307192335721cd47654c0f5c3
|
|
- Meta mode for sending native handles from camera
should be supported along with rest of the modes.
BUG: 34516149
Test: Camera CTS API1 and API2 using legacy Hal1 module
Change-Id: Ia9dc5936b0b5a2792b1286b979030f0f5b6104a1
|
|
Moved msm8974/mm-core header files from inc/ to inc/mm-core/omxcore for exporting.
Moved msm8974/mm-video-v4l2/DivxDrmDecrypt headers to subfolder for exporting.
Moved msm8974/libstagefrighthw headers to include/ folder for exporting
In msm8974/mm-core, inc/ has newer OMX_* headers than inc/mm-core/omxcore and
frameworks/native/include/media/openmax. Updating these headers will be
handled in a separate CL.
Test: Add lib to LOCAL_EXPORT_SHARED_LIBRARIES
Change-Id: I4cdfe3085a459abdbd3de491eed10cdceadc4a85
|
|
am: 2495a6921d
Change-Id: I39c3365ec1e4283e75ea6a7900059af5edb1fb95
|
|
am: 7b99376ecf
Change-Id: I8104f710d235307138c01dda4c19ad006aa5788b
|
|
nyc-mr1-dev
|
|
In secure mode, input buffer _must_ be allocated by the component to
allocate a secure buffer.
Client-supplied memory via usebuffer does not qualify as secure-memory
and must be rejected. This also avoids accidental heap-overflow while
copying bitstream from user-memory to a smaller-sized secure-payload
(usually the buffer-header itself)
Bug : 30148882
Fixes : Heap Overflow/LPE in MediaServer (libOmxVdec problem #11)
CRs-Fixed: 1071731
Change-Id: Ibbde2d6a9c1f30e8482a533cadb13e44d8dcb2c0
|
|
In secure mode, input buffer _must_ be allocated by the component to
allocate a secure buffer.
Client-supplied memory via usebuffer does not qualify as secure-memory
and must be rejected. This also avoids accidental heap-overflow while
copying bitstream from user-memory to a smaller-sized secure-payload
(usually the buffer-header itself)
Bug : 30148882
Fixes : Heap Overflow/LPE in MediaServer (libOmxVdec problem #11)
CRs-Fixed: 1071731
Change-Id: Ibbde2d6a9c1f30e8482a533cadb13e44d8dcb2c0
|
|
am: b7b6466da4
am: 3a1263e033
Change-Id: I4c45d329bf3c803f59fae3fc2578188b018db1ca
|
|
ports am: ee06e61ff4
am: 8784ace2ba
Change-Id: I3a83d20fd685178d0105c30edf16e243d66affec
|
|
am: b7b6466da4
am: faed315fc0
Change-Id: I658e13ca2ceba5ec23528b9e3b98ce125ec4c479
|
|
ports am: ee06e61ff4
am: 64dca37cc4
Change-Id: I3417b9f125c1434d2c7226dde8d07b60688fec49
|
|
am: b7b6466da4
Change-Id: Idd7669adc3d4ac1b137d89c88aad893436bef19e
|
|
am: b7b6466da4
Change-Id: I26644f9ed6e9adece930b4ed7554b9ea7cc306c6
|
|
am: ee06e61ff4
Change-Id: I226d535a430d2790338224598beba99a3936f4a2
|
|
port" into nyc-dev
|
|
Count and size negotiation of port-buffers should only be allowed when
the port hasn't been allocated yet.
Letting the client change count/size on a pre-allocated port will
cause inconsistencies in the count/size of memory allocated for
headers and internal lists.
Fix resetting of buffer-base (m_inp_mem_ptr) when all buffers are
freed, for all the buffer-modes.
Bug: 29421682
Fixes: Local Privilege Escalation in MediaServer (libOmxVenc problem #10)
Change-Id: I9abead969bc3c908e6db9beb6316fd572dac25f7
|
|
Changing Count, size, usage-mode (metadata/bytebuffer/native-handle) or
allocation-mode (allocateBuffer/UseBuffer) of buffers should only be
allowed when the port hasn't been allocated yet.
Since buffer-modes determine the payload-size in case of meta-buffer-mode,
and also determine the memory-base to derive buffer indices from buffer-
headers, letting the client change count/size/mode on a pre-allocated port
will cause inconsistencies in the size of memory allocated for headers and
lead to index overflows.
Fix the range checks for the derived buffer-indices to avoid out-of-bounds
writes.
Also, ensure buffer-mode settings (metadata-mode, native-handle-mode)
are intended for the right ports.
Bug: 29617572 : Heap Overflow/LPE in MediaServer (libOmxVdec problem #8)
Bug: 29982686 : Memory Write/LPE in MediaServer (libOmxVdec problem #10)
Change-Id: I619636a48779580c247bffb3752c3e4025b46542
|