Age | Commit message (Collapse) | Author |
|
Added SPDX-license-identifier-Apache-2.0 to:
msm8974/libstagefrighthw/Android.mk
msm8996/libstagefrighthw/Android.mk
msm8998/libstagefrighthw/Android.mk
Added SPDX-license-identifier-BSD to:
msm8974/libc2dcolorconvert/Android.mk
msm8974/mm-video-legacy/DivxDrmDecrypt/Android.mk
msm8974/mm-video-legacy/vidc/vdec.mk
msm8974/mm-video-legacy/vidc/venc.mk
msm8974/mm-video-v4l2/DivxDrmDecrypt/Android.mk
msm8974/mm-video-v4l2/vidc/vdec.mk
msm8974/mm-video-v4l2/vidc/venc.mk
msm8996/libc2dcolorconvert/Android.mk
msm8996/mm-video-v4l2/vidc/common/Android.mk
msm8996/mm-video-v4l2/vidc/vdec/Android.mk
msm8996/mm-video-v4l2/vidc/venc/Android.mk
msm8996/videopp/Android.mk
msm8998/libc2dcolorconvert/Android.mk
msm8998/mm-video-v4l2/vidc/common/Android.mk
msm8998/mm-video-v4l2/vidc/vdec/Android.mk
msm8998/mm-video-v4l2/vidc/venc/Android.mk
Added SPDX-license-identifier-BSD SPDX-license-identifier-MIT to:
msm8974/mm-core/Android.mk
msm8974/mm-core/omxcore/Android.mk
msm8996/mm-core/Android.mk
msm8998/mm-core/Android.mk
Bug: 68860345
Bug: 151177513
Bug: 151953481
Test: m all
Exempt-From-Owner-Approval: janitorial work
Change-Id: I7d795088bc8aba125e671ed5188bf2ccf074c0fb
|
|
This revert commit If5a974ce7d99632531045a57cf3a9e2ec68d15c5
Bug: 134527014
Test: run cts -m CtsMediaTestCases
Change-Id: I7c35a6b8b355f0687d4c48d1d116f89c77503afc
CRs-Fixed: 970975
|
|
empty_this_buffer_opaque
private handle flags was updated only once in C2DColorConvert.
C2D_FORMAT_UBWC_COMPRESSED should be aligned if private_handle_t::PRIV_FLAGS_UBWC_ALIGNED is SET.
Bug: 134527014
Test: Daydream cast to sink, screenrecord, camera recording
Change-Id: I7f04bea4eb89e5e90309c26723361f2e956fd63b
|
|
Colorspace is derived from gralloc-handles for graphic-buffers and set to codec.
RGBA8888 Buffers are converted to YUV via C2D and have 601-Limited color.
When passed to the device-layer, such buffers do not have gralloc-handle
and hence colorspace does not get set.
Set colorspace as 601-L explicitly in such case to the codec.
Bug: 63147656
Bug: 134527014
CRs-Fixed: 2070838
Change-Id: Iae2705b8f4256d8e76309d2d1adb7cb6d3eb1692
|
|
am: fab1ad1153
Change-Id: I7bc88ed81f050271900817d4fe533adfaee3fa07
|
|
This code incorrectly uses || to combine a bunch of state constants. The
next Clang warns on this buggy pattern.
hardware/qcom/media/msm8996/mm-video-v4l2/vidc/venc/src/omx_video_base.cpp:1130:40:
error: use of logical '||' with constant operand
[-Werror,-Wconstant-logical-operand]
if (eState == (OMX_StateLoaded || OMX_StateWaitForResources
^ ~~~~~~~~~~~~~~~~~~~~~~~~~
hardware/qcom/media/msm8996/mm-video-v4l2/vidc/venc/src/omx_video_base.cpp:1130:40:
note: use '|' for a bitwise operation
if (eState == (OMX_StateLoaded || OMX_StateWaitForResources
^~
|
Bug: http://b/110779387
Test: ./test_compiler.py --build-only --target aosp_sailfish-eng --no-clean-built-target ../../ --clang-path ../../prebuilts/clang/host/linux-x86/llvm-toolchain-dev/
Change-Id: I7332508f0f9827c7968a4680fe42eedffb3714e7
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement.
Bug: 64340487
Test: ran POC on sailfish/nyc-mr1-dev
Change-Id: Id699404d6c276c8702826d79b3a6ba9755b3439f
|
|
This reverts commit 4f368aba8c090006c96ad496558a66d15a63b79d.
Reason for revert: regressions at oc-mr1/bullhead and pi/walleye
Change-Id: Ie9caad90482698913db06cdb9aeebfd869fe1a6a
Bug: 64340487
Bug: 78291359
Bug: 78913375
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement
Author: Santhosh Behara <santhoshbehara@codeaurora.org>
Bug: 64340487
Test: PoC before/after
Change-Id: Icc65fe43134493fefe6e420ca818f60995084871
|
|
When the vndk is enabled (BOARD_VNDK_VERSION=current),
vendor libraries must only link against vendor variants
in the build system. This also means that they receive
restricted sets of headers and that automatic global
headers are restricted.
A static library moved to being vendor is a build
time only change for libOmxVidcCommon.
Dependency to libgui was removed since libgui is not available to
vendors and the dependency was bogus.
media_plugin_header are explicitly added since global include path isn't
available when BOARD_VNDK_VERSION is on.
Test: mma with BOARD_VNDK_VERSION=current
Bug: 69526027
Change-Id: Icb326660fbb90f39396fb2108bfc06e9fb72a93d
|
|
|
|
|
|
When the vndk is enabled (BOARD_VNDK_VERSION=current),
vendor libraries must only link against vendor variants
in the build system. This also means that they receive
restricted sets of headers and that automatic global
headers are restricted.
Test: build libstagefrighthw with BOARD_VNDK_VERSION=current
Bug: 69526027
Change-Id: Icbf9dd22646a1173d1f97e7646a2ee2f4d143074
|
|
When the vndk is enabled (BOARD_VNDK_VERSION=current),
vendor libraries must only link against vendor variants
in the build system. This also means that they receive
restricted sets of headers and that automatic global
headers are restricted.
Test: build libc2dcolorconvert with BOARD_VNDK_VERSION=current
Bug: 69526027
Change-Id: I7d7aeec7851b47ea1d4fa71f0271a364a13edef9
|
|
When the vndk is enabled (BOARD_VNDK_VERSION=current),
vendor libraries must only link against vendor variants
in the build system. This also means that they receive
restricted sets of headers and that automatic global
headers are restricted. This sometimes causes certain system
headers to not be included when they are not included by
the VNDK version of headers.
Test: building with BOARD_VNDK_VERSION=current finds undefined symbols
Bug: 69526027
Change-Id: I8d7825ec0bcb8a8a7fb08d923b5bbc2b00c4b971
|
|
44b9dee3df
am: 5dfaa7ae65
Change-Id: I51d7b311535604491e9a9f8867b06bd963898fac
|
|
Bug: 66996870
Test: normal builds.
Change-Id: Ie9d18e6ea8db12b0ccde25f2718d0ef83fe4ba3a
|
|
Video driver always operates in dynamic buffer mode for decoder
output. Disable meta buffer mode even if driver fails to move to
static buffer mode.
Test: make vts -j123 && vts-tradefed run commandAndExit vts \
--skip-all-system-status-check \
--skip-preconditions -m VtsHalMediaOmxV1_0Host \
-l INFO
Bug: 66804380
Change-Id: I9cfce1d812ee04120a127fd852cdc229fa30da25
|
|
Set input buffer requirement on driver, as input buffers may
be allocated without set param, due to which driver may have
0 buffers allocated
Test: make vts -j123 && vts-tradefed run commandAndExit vts \
--skip-all-system-status-check \
--skip-preconditions -m VtsHalMediaOmxV1_0Host \
-l INFO
Bug: 66804380
Change-Id: Ib3ce91bcc1adcc11e4d562d688652e77e08e8972
Author: Surajit Podder<spodder@codeaurora.org>
|
|
If the colorspace in bitstream gets updated, the client is notified.
However, when the client comes back to read, it must be notified of
the color-space values from bitstream (if specified) and use
default (client's values) if unspecified.
Bug: 62323441
Bug: 67848210
Test: Camera recording and playback the recorded video.
CRs-Fixed: 2058030
Change-Id: Ida78ae290a8e020d40c44e9037635caa79b45f2e
|
|
6533d3dd97 am: 2d39f9e2b0 am: 9086e5116a am: 2684efbc38 am: 03fdd22ce8 am: 1991311b39
am: eec12a7884
Change-Id: I43ed3e22a72d8df7c40da5fbb5dab314c62f865a
|
|
a569853311 am: 2fcd17bd3a am: 95656fe660 am: fab48ae9b1 am: 238577213a am: f349f65cac am: 79202f8342
am: cb379b4a83
Change-Id: Ibe6e0e65defef5fad8cd1d35e24fc04d293f5875
|
|
6533d3dd97 am: 2d39f9e2b0 am: 9086e5116a am: 2684efbc38
am: 03fdd22ce8
Change-Id: I28381d44a361fdf8748f497082c2da822fb09b7b
|
|
a569853311 am: 2fcd17bd3a am: 95656fe660 am: fab48ae9b1 am: 238577213a
am: f349f65cac
Change-Id: I7d67a4ddf8730c1350f283be3f4360d3f0ab6fb0
|
|
6533d3dd97 am: 2d39f9e2b0 am: 9086e5116a
am: 2684efbc38
Change-Id: I464c9732003a94b67dddf8f14f293aff6a6aa97a
|
|
a569853311 am: 2fcd17bd3a am: 95656fe660 am: fab48ae9b1
am: 238577213a
Change-Id: I2499518f1a87a1e667b8f2639adb8200e7220cfd
|
|
6533d3dd97 am: 2d39f9e2b0
am: 9086e5116a
Change-Id: Ib3e4e55e67f23eb88c4fcc8f0f7dfa5d71886976
|
|
a569853311 am: 2fcd17bd3a am: 95656fe660
am: fab48ae9b1
Change-Id: Ie92d6a2786b82e7a812cef1524b1daaa9e53e62b
|
|
am: 6533d3dd97
Change-Id: I8702781f14174bf8ef13fdd42c845c249cebca05
|
|
a569853311
am: 2fcd17bd3a
Change-Id: I06082f4fb4f145c97e6e9a6694f28ff6cba217c5
|
|
am: b701fb182b
Change-Id: I2a9d917fc507a1e056d6aa743ccdcf11744299cc
|
|
am: a569853311
Change-Id: I773fff29d52e867cb34e5c0f8ef0d83cd25f6e3c
|
|
am: bf218371f6
Change-Id: I9df71da6eca1d201882005b3bdbfd84f0465a1d7
|
|
am: 2cd0260b52
Change-Id: I534a3498295bfeceb2e4a8396bda24f48ece4a86
|
|
client expects buffer to be free if free_buffer
is called, but if omx is in executing state free
buffer call will error out.
When async thread tries to copy data to client
buffer which is already freed,it leads to crash.
Added a bitmask to avoid copy to buffer after free.
Bug: 36130225
CRs-Fixed: 2106434
Author: Uma Mehta <umamehta@codeaurora.org>
Change-Id: Id439aac54ee64a65ea68b6431a9f5150255a6980
|
|
IL client may free the buffer and calls for free buffer on IL
component to free the buffer header. It may happen that the IL
component may reject the free buffer due to various reasons.
In such scenario, client might have already freed the memory
allocated by client (such scenario will appear in use buffer
mode of buffer allocation). Now accessing client buffer in
such scenario may lead to use after free vulnerability.
Added a flag to indicate if the client buffer is available to
perform any operation on the client allocated memory. If not,
restrict from doing any operation on client memory.
Bug: 62452543
CRs-Fixed: 2106434
Test: build & boot
Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg
CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice
Author: Vikash Garodia<vgarodia@codeaurora.org>
Change-Id: I45e4f117e98588ee7c888ec5c1cb2424bc7e5fa3
|
|
IL Client may choose to free the buffer which might
be in-use by IL component. This may lead to use-after
free situation.
Protect buffer lifecycle with a lock to ensure that
IL component operates on a buffer which exists.
Fixes bug 62452543
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2062772
Test: build & boot
Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg
CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice
Author: Vikash Garodia <vgarodia@codeaurora.org>
Change-Id: I0fdb4051c94044e032c257febbe2ba1c7e4d6c7e
|
|
client expects buffer to be free if free_buffer
is called, but if omx is in executing state free
buffer call will error out.
When async thread tries to copy data to client
buffer which is already freed,it leads to crash.
Added a bitmask to avoid copy to buffer after free.
Bug: 36130225
CRs-Fixed: 2106434
Test: build & boot
Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg
CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice
Author: Uma Mehta <umamehta@codeaurora.org>
Change-Id: Id439aac54ee64a65ea68b6431a9f5150255a6980
|
|
Output buffer (in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Author: Praveen Chavan<pchavan@codeaurora.org>
Change-Id: I6141e81d7dbd50bc3601c8df066fd8cbd06b4e0b
|
|
client expects buffer to be free if free_buffer
is called, but if omx is in executing state free
buffer call will error out.
When async thread tries to copy data to client
buffer which is already freed,it leads to crash.
Added a bitmask to avoid copy to buffer after free.
Bug: 36130225
CRs-Fixed: 2106434
Author: Uma Mehta <umamehta@codeaurora.org>
Change-Id: Id439aac54ee64a65ea68b6431a9f5150255a6980
|
|
Enumerate and advertise constrained profiles for AVC encoder.
Inorder to have backward compatability advertise exisisting as well
as newly added constants.
Keep legacy constants for getters as Android media framework does not
use them.
Bug: 65043406
Change-Id: I6fe88a505005731c4891aa1a7c1f627c65f01861
|
|
Unmap was being called with a modified address resulting in unmap
failure. Call unmap with the exact address which we get from map
call.
Change-Id: I6782480b3e680915ac00d3bd2b68ae54f7b11d2c
CRs-Fixed: 2056867
Bug: 62385648
|
|
into nyc-mr2-dev am: 4fb2744c19
am: e7e975e9bb
Change-Id: Ibbb3e21571ac97a1e5704ff7d332fcf05c44eaff
|
|
into nyc-mr2-dev
am: 4fb2744c19
Change-Id: I4301c264e54a4b1f98de4d7898015672b154ff7e
|
|
Component doesn't support flush on single port, Internally
it calls flush on both ports though client request on single
port. Hence notify flush done to client after flush on all
the ports has been completed.
author : Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
CRs-Fixed: 2076660
Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice
Bug: 63603864
Merged-In: I319f42a02361a74d7c0c51215f6bdaa7a1c2a2d6
Change-Id: I319f42a02361a74d7c0c51215f6bdaa7a1c2a2d6
|
|
Output buffer (in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Bug: 36130225
Change-Id: I75ef3df29fcabff52ea87cf5a4aa98e48bb40298
Author: Praveen Chavan<pchavan@codeaurora.org>
|
|
oc-dr1-dev
|
|
By calling STREAM_ON after QBUF, and meanwhile if there is
any buffer requirements query, there is a chance that queued
buffer will be ignored by driver. Hence changing the QBUF and
STREAM_ON sequence.
CRs-Fixed: 2065953
author : Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
Bug: 62602083
Bug: 62848424
Bug: 62848422
Merged-In: I9fd910208d197bd0d28160393c3426ed9270494c
Change-Id: I9fd910208d197bd0d28160393c3426ed9270494c
|
|
am: e34f279fc2
Change-Id: I70813022c6ad31288a6a4d72b9471d366433c222
|
|
Remove entries for unused/unimplemented OMX components and avoid
unnecessary VTS failures
Test: Small CtsMediaTestCases
CRs-Fixed: 2054495
Bug: 38507644
Change-Id: I8cfdf947f13b9a8a88619e9074938aab0e187685
|