Age | Commit message (Collapse) | Author |
|
mm-video-v4l2: Protect buffer access and increase input buffer size
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement.
mm-video-v4l2: correct the buffer error flag setting
The buffer error flag setting is corrected in free_buffer()
call
Bug: 64340487
Test: poc from bug
Change-Id: I32d6cb7f61b873edd567881d1bf3e620cd78e715
(cherry picked from commit ff8cc2b25beca2401208e5e04840f58b8f4055fd)
|
|
into pi-dev
|
|
(cherry-picked from https://partner-android-review.googlesource.com/c/platform/hardware/qcom/media/+/1069023)
Added support to handle color transfer characteristics enum values
for HDR content
Bug:76227412
Change-Id: I25e34bbb746defa49115b4c846ea9b7234d6a937
|
|
This reverts commit 4f368aba8c090006c96ad496558a66d15a63b79d.
Reason for revert: regressions at oc-mr1/bullhead and pi/walleye
Change-Id: Ie9caad90482698913db06cdb9aeebfd869fe1a6a
Bug: 64340487
Bug: 78291359
Bug: 78913375
|
|
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement
Author: Santhosh Behara <santhoshbehara@codeaurora.org>
Bug: 64340487
Test: PoC before/after
Change-Id: Icc65fe43134493fefe6e420ca818f60995084871
|
|
Enable split mode for thumbnail usecase for HDR clips
Bug: 77583227
Change-Id: If1b162a16cba510be813fddad13846718345aa89
|
|
44b9dee3df
am: 5dfaa7ae65
Change-Id: I51d7b311535604491e9a9f8867b06bd963898fac
|
|
am: 44b9dee3df
Change-Id: I6e6dca52f539da3232dda8dbf638026ffd52a06f
|
|
Bug: 66996870
Test: normal builds.
Change-Id: Ie9d18e6ea8db12b0ccde25f2718d0ef83fe4ba3a
|
|
|
|
|
|
Change-Id: I0a257e39860a60dce90e4f6c2c701144b7f89702
|
|
am: b74baf2c2a
Change-Id: I6a4acaeab222e98a6499eeff438aecd6c8d8343a
|
|
am: 2f628ab267
Change-Id: I05d591a2fbac6b130618baf8fdededa9d1998a59
|
|
* Suppress existing warnings.
Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: Ib73eb0d5d7b8706e5b40c82ee44bd26fd5c2f501
|
|
mm-video-v4l2: venc: Protect buffer from being freed while accessing
Change-Id: I6141e81d7dbd50bc3601c8df066fd8cbd06b4e0b
mm-video-v4l2: Protect buffer lifecycle with lock
Change-Id: I0fdb4051c94044e032c257febbe2ba1c7e4d6c7e
mm-video-v4l2: venc: Avoid buffer access after free
Change-Id: Id439aac54ee64a65ea68b6431a9f5150255a6980
mm-video-v4l2: venc: Use client allocated memory if available
Change-Id: I45e4f117e98588ee7c888ec5c1cb2424bc7e5fa3
mm-video-v4l2: Avoid buffer access after free buffer call
Change-Id: Ifde8d4e170b8dbeb9f7485d0222b05c3b2a960f3
Bug:62452543 Bug:36130225 Bug:64750179
CRs-Fixed: 2062772, 2106434, 2106434, 2115779
Test: cts-tradefed run cts -m CtsMediaTestCases and CtsCameraTestCases
Change-Id: Ifde8d4e170b8dbeb9f7485d0222b05c3b2a960f3
|
|
Video driver always operates in dynamic buffer mode for decoder
output. Disable meta buffer mode even if driver fails to move to
static buffer mode.
Test: make vts -j123 && vts-tradefed run commandAndExit vts \
--skip-all-system-status-check \
--skip-preconditions -m VtsHalMediaOmxV1_0Host \
-l INFO
Bug: 66804380
Change-Id: Ibebfabb9950a22f48265b1f479823e8ae705f679
|
|
Set input buffer requirement on driver, as input buffers may
be allocated without set param, due to which driver may have
0 buffers allocated
Test: make vts -j123 && vts-tradefed run commandAndExit vts \
--skip-all-system-status-check \
--skip-preconditions -m VtsHalMediaOmxV1_0Host \
-l INFO
Bug: 66804380
Author: Surajit Podder<spodder@codeaurora.org>
Change-Id: I52d35ebeeaa9c32d5e85f63ab6394ea7dabda020
|
|
This reverts commit 2c15b5832ac2631b27b2ec20936b3161fd167939.
Bug: 67670457
Bug: 36130225
Test: capture a video
|
|
This reverts commit d53750a9db5b622fa19423ab82f0ee3ab1e25cbb.
Bug: 67670457
Bug: 36130225
Test: capture a video
|
|
This reverts commit 38641613a6eb7b761429fcdfa31218e8c63c1c56.
Bug: 67670457
Bug: 62452543
Test: capture a video
|
|
6ec830ac0c am: c566cb0e26
am: c454469b5f
Change-Id: I66e159cc5b45f60ed2729e20a52efa7f9b228069
|
|
6ec830ac0c
am: c566cb0e26
Change-Id: I0b9c874343a78ab932c7213cf9a28685a164678e
|
|
am: cdb855bdd1
Change-Id: I9200739f22fe887dd705f1f3c302dfe59d291420
|
|
am: 6ec830ac0c
Change-Id: I2efd77b960bac14cf1b8e043a3935bcad6a253b1
|
|
IL client may free the buffer and calls for free buffer on IL
component to free the buffer header. It may happen that the IL
component may reject the free buffer due to various reasons.
In such scenario, client might have already freed the memory
allocated by client (such scenario will appear in use buffer
mode of buffer allocation). Now accessing client buffer in
such scenario may lead to use after free vulnerability.
Added a flag to indicate if the client buffer is available to
perform any operation on the client allocated memory. If not,
restrict from doing any operation on client memory.
Bug: 62452543
CRs-Fixed: 2106434
Test: build & boot
Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg
CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice
Change-Id: If24c36b9a1cca36a2728d3aec8ab589a48a9da35
Author: Vikash Garodia<vgarodia@codeaurora.org>
|
|
client expects buffer to be free if free_buffer
is called, but if omx is in executing state free
buffer call will error out.
When async thread tries to copy data to client
buffer which is already freed,it leads to crash.
Added a bitmask to avoid copy to buffer after free.
Bug: 36130225
CRs-Fixed: 2106434
Test: build & boot
Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg
CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice
Change-Id: I4eb44837f9b3f8f1b8b2b4c879d8c3dd470bb52f
Author: Uma Mehta <umamehta@codeaurora.org>
|
|
Initialize variable allocate_native_handle in constructor.
Bug: 67046752
Change-Id: I07bd041654218f60f409458aa867bfb590d3a863
|
|
client expects buffer to be free if free_buffer
is called, but if omx is in executing state free
buffer call will error out.
When async thread tries to copy data to client
buffer which is already freed,it leads to crash.
Added a bitmask to avoid copy to buffer after free.
Bug: 36130225
CRs-Fixed: 2106434
Author: Uma Mehta <umamehta@codeaurora.org>
Change-Id: Id439aac54ee64a65ea68b6431a9f5150255a6980
|
|
Output buffer (in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Author: Praveen Chavan <pchavan@codeaurora.org>
Change-Id: I6141e81d7dbd50bc3601c8df066fd8cbd06b4e0b
|
|
msm8998: from hardware/qcom/media
f16cfef8 mm-video-v4l2: venc: Advertise correct output-size for meta-mode
Test: build, boot, sanity checks
Bug: 65735819
Change-Id: I79363f79ae9cc720bee7da87cf4d90c013d82e55
Signed-off-by: Thierry Strudel <tstrudel@google.com>
|
|
msm8998: from hardware/qcom/media
2ce45c6c mm-video-v4l2: Protect buffer lifecycle with lock
Test: build, boot, sanity checks
Bug: 64986220
Change-Id: I556c32a4ffefd5b2088e9ee146e4b2cb8e9edcfb
Signed-off-by: Thierry Strudel <tstrudel@google.com>
|
|
Enumerate and advertise constrained profiles for AVC encoder.
Inorder to have backward compatability advertise exisisting as well
as newly added constants.
Keep legacy constants for getters as Android media framework does not
use them.
Bug: 65043406
Change-Id: I6fe88a505005731c4891aa1a7c1f627c65f01861
|
|
Output buffer (in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Author: Praveen Chavan <pchavan@codeaurora.org>
Change-Id: I6141e81d7dbd50bc3601c8df066fd8cbd06b4e0b
|
|
am: f317b50135
Change-Id: I2034c234abc9606cf9c42439dfcf8c9dec260e1f
|
|
|
|
am: 79d5f68936
Change-Id: Ifafb500d746ec9abbeb115aca540c1aff636d34a
|
|
Component doesn't support flush on single port, Internally
it calls flush on both ports though client request on single
port. Hence notify flush done to client after flush on all
the ports has been completed.
Author : Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
CRs-Fixed: 2076660
Test: make vts
vts-tradefed run vts -m VtsHalMediaOmxV1_0Host
Bug: 63603864
Change-Id: I3c66a0b1853d598574fc19707da580bb88666b11
|
|
By calling STREAM_ON after QBUF, and meanwhile if there is
any buffer requirements query, there is a chance that queued
buffer will be ignored by driver. Hence changing the QBUF and
STREAM_ON sequence.
CRs-Fixed: 2065953
Author : Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
Bug: 62602083
Test: make vts
vts-tradefed run vts -m VtsHalMediaOmxV1_0Host
Merged-In: I0ec277a5b245d7b4aa343030ca74a2d86d7d91c1
Change-Id: I0ec277a5b245d7b4aa343030ca74a2d86d7d91c1
|
|
am: 30d04e5dd3
Change-Id: I443884ada5e1f6c566227ada0947e4e6231a45be
|
|
msm8998: from hardware/qcom/media
c3ec4719 mm-video-v4l2: venc: Set 601-Limited colorspace for color-converted buffers
43b62e11 Merge "mm-video-v4l2: venc: Protect buffer from being freed while accessing"
93872aa1 Merge "mm-video-v4l2: remove legacy compilation flag TARGET_USES_MEDIA_EXTENSIONS"
5c572948 mm-video-v4l2: remove legacy compilation flag TARGET_USES_MEDIA_EXTENSIONS
c0dd3100 video: Move data dump location to vendor partition
175584c5 mm-video-v4l2: venc: Protect buffer from being freed while accessing
Test: build, boot, sanity checks
Bug: 63804057
Change-Id: Ie4c9e98f522f72ec022abc5f856e616ef65147f6
Signed-off-by: Thierry Strudel <tstrudel@google.com>
|
|
am: a9d05ecc08
Change-Id: I1750757e4fd7d73a7540488e910bfa6a1a2148e7
|
|
VQZIP feature needs vendor dependencies. Remove support
for aosp builds.
Build PQ conditionally if dependecies are present.
Bug: 62377037
Change-Id: I2df6f2d9223b00cdabe4d86c8e83839b7676f0ad
|
|
This flag was used to conditionally disable features not
backwards compatible with older android versions.
This is not needed anymore. Moreover, this was disabling the
required features in builds where this flag was not defined.
Test: make gts -j123 && gts-tradefed run gts -m \
GtsMediaTestCases -t \
com.google.android.media.gts.WidevineCodecStressTests
Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice
Bug: 62276042
CRs-Fixed: 2064239
Author: pchavan@codeaurora.org
Merged-In: Ie4d1754ee01b644aaafc4cd958ea858ebc5507ac
Change-Id: Ie4d1754ee01b644aaafc4cd958ea858ebc5507ac
(cherry picked from commit d65458b9b8b5b8f7109dce36f0c3805817aaf2e3)
|
|
This flag was used to conditionally disable features not
backwards compatible with older android versions.
This is not needed anymore. Moreover, this was disabling the
required features in builds where this flag was not defined.
Test: make gts -j123 && gts-tradefed run gts -m \
GtsMediaTestCases -t \
com.google.android.media.gts.WidevineCodecStressTests
Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice
Bug: 62276042
CRs-Fixed: 2064239
Author: pchavan@codeaurora.org
Change-Id: Ie4d1754ee01b644aaafc4cd958ea858ebc5507ac
|
|
am: 72a6741bef
am: d95e55300b
Change-Id: I6b29db6964668064922aa3f8f7a705ad7f3d5cd5
|
|
|
|
Colorspace is derived from gralloc-handles for graphic-buffers and set to codec.
RGBA8888 Buffers are converted to YUV via C2D and have 601-Limited color.
When passed to the device-layer, such buffers do not have gralloc-handle
and hence colorspace does not get set.
Set colorspace as 601-L explicitly in such case to the codec.
b/63147656
Test: verified that it fixes the failures in EncodeVirtualDisplayTest#
testEncodeVirtualDisplay and DecodeEditEncodeTest#testVideoEdit720p
CRs-Fixed: 2070838
Change-Id: Iae2705b8f4256d8e76309d2d1adb7cb6d3eb1692
|
|
Added missing header libraries and headers.
Bug: 37342627
Test: BOARD_VNDK_VERSION=current m -j libOmxVdec
Test: BOARD_VNDK_VERSION=current m -j libOmxVenc
Change-Id: Icedd09bf88d039d15c670b3bacf19b78c6facce0
|
|
Instead of relying on the global include paths, use the new headers lib
'media_plugin_headers'.
Bug: 37342627
Test: BOARD_VNDK_VERSION=current m -j libstagefrighthw
Change-Id: I09fc6c053a0b18c6a0c8f6d017bc001d50d11ca2
|