GitLab

Bug: 25070434
Change-Id: Iade3472c496ac42456e42db35e402f7b66416f5b
(cherry picked from commit b41fd0d4)

DO NOT MERGE - libstagefright: check requested memory size before allocation for SoftMPEG4Encoder and SoftVPXEncoder.

Bug: 25812794
Change-Id: I96dc74734380d462583f6efa33d09946f9532809
(cherry picked from commit 87f8cbb2)
(cherry picked from commit 04629752)

bug: 18730095, 25563255
Change-Id: Ibd4f54907949daae1d095fa0922050310d16698f
(cherry picked from commit fc6cfd83)

Sample decoding still occurs in SoundPoolThread
without holding the SoundPool lock.

Bug: 25781119
Change-Id: I11fde005aa9cf5438e0390a0d2dfe0ec1dd282e8

Bug: 24445127
Change-Id: I1c6cb9e2518b852d48d5d0d625b54409bd4e13ec

Bug: 24310423
Change-Id: Iebcfc58b447f925ec2134898060af2ef227266a3
(cherry picked from commit 8dde7269)

Bug: 24623447
Change-Id: Ifbc74454d6e28ad7136efe35ab638a07e46398b1
(cherry picked from commit b3694ff5)

Bug: 24441553
Bug: 24445122
Change-Id: Ib7f025769adbafd5a2cb64fae5562a0a565945c2

Bug: 24346430
Change-Id: I897a724e968841d9160f819d06c0ce22f6d743c4
(cherry picked from commit 5cae16bd)

Bug: 24630158
Change-Id: If042aebebb58c218eb7bbf01dcddbcbd05dca1d6

Add check for incoming mNumItems. Also add check readCString return
value.

Fix style & add log.

Bug: 24123723

Change-Id: If41a5312c27d868f481893eef56019b6807c39b7

Bug: 24211743
Bug: 24267152
Change-Id: I58c55e56b85067b71e4e300f947b4dfc159637ba

ICrypto.cpp: ASLR bypass using DECRYPT IPC

bug: 24074485
Change-Id: Ia12942d6b86adde28745908d36a728ab5d69a037

Because the constructor of NuCachedSource2 sent a message to
AHandlerReflector object, AHandlerReflector::onMessageReceived could
have executed just before the object gets wrapped in a strong
pointer, resulting in erroneous early free. Fix the issue by using
static Create function to ensure the message is sent after the
object is wrapped in a sp.

Bug: 23882800
Change-Id: I38a9d7a3083f184b4c81d0b00ba1661721278855

Corrupt files could cause very large allocations, limit them to something
more reasonable.

Bug: 17769851
Change-Id: Ib0f722fd6fddff873bd7a547aac456e608c34c84

IAudioFlinger: fix the missing initialization of variable to ensure no info leak when writing them to Parcel.

Bug: 23953967
Change-Id: I3a1d0144ba3832649e322c197ff0f03305ee7829
(cherry picked from commit 4cac44b5)

DO NOT MERGE - IAudioFlinger: always initialize variables to ensure no info leak when writing them to Parcel.

Bug: 23953967
Change-Id: Ibbe841da149038675e9e8daea76c77558bc8564b
(cherry picked from commit 983dca39)

bug: 23600291
Change-Id: I7979e9e25ada01c13775be8580d433a8b4ce4ffe

bug: 23540426
Change-Id: I7ca419e4008967a0387649e5293ac9d4be71d3c4

Switch to foundation base64 function in OggExtractor and fix the
issue there.

This reverts commit 28314aef.

Bug: 23707088
Change-Id: I268bd50431de5b5e579343bf1b425c42ada6daba

Bug: 23905951
Bug: 23912202
Change-Id: Id13a9d3cae2c09e7381b841e67ddfb188274d74c
(cherry picked from commit e995e477)

Also remove some CHECK's.

Bug: 23680780
Change-Id: I62d0941e203e40209fa6fbe3f923f3efdc5a6c23
(cherry picked from commit 7bb772e0)

Bug: 23707088
Change-Id: I8d32841fee3213c721cdcc57788807ea64d19d74

More specifically when handling GET_OUTPUT_FOR_ATTR in IAudioPolicyService.
This prevents leaking a uninitialized `output` across binder if
getOutputForAttr were to encounter errors.

Bug: 23756261
Change-Id: Ibff8a1249a4e8a3c89a33a540dda428b10d6ca82

More specifically when handling:
* GET_STREAM_VOLUME in IAudioPolicyService, and
* GET_CURRENT_POSITION and GET_DURATION in IMediaPlayer

This prevents leaking uninitialized values across binder in error cases.

Bug: 23756261
Change-Id: I0ffd900ab12b685b0611259ade4a3efb1ec5defe

Bug: 23540907
Change-Id: If30cfa535ad51521053706fc40fc98d893db5bc7
(cherry picked from commit 10e6660c)

Add bounds checking and fix other bugs.

Bug: 23284974
Bug: 23541506
Bug: 23542351
Bug: 23542352
Change-Id: I53551efdf109ce1833e0c361efaf4cee7a851023

Credit https://code.google.com/p/android/issues/detail?id=183310

Bug: 23515142
Change-Id: Idbd66fb148bd0ac1dd78f8651d0164f2a41e2427
(cherry picked from commit b73b826c)

Bug: 23540907
Change-Id: Ib89afc6b273b0eb310bbc5a1bd92b1e3d407c249

Check allocations when the size is read from a file and might therefore
be invalid.

b/14388161

Change-Id: Ia08cc0a6107f275a70e793ef3b50c0ce16ceeee0

bug: 19779574
Change-Id: I4ffe8c3fadc07da211f421e75ee83010b01d9cbb

Bug: 23658148
Change-Id: Ic37cac7b5d166143e0b77e9919b0aaef486e4fdd

Resolved conflicts from cherry-picking ag/764007 into the lmp-mr1-release branch.

This reverts commit d3831760.

Change-Id: I0509f7eadb3a27c4cadbd3088cb57a588463f457

Bug: 22414321

Change-Id: I062c662a440a1becccd248c3b8ddf711c51e53cc
related-to-bug: 18394494
related-to-bug: 19664283
(cherry picked from commit 2fb561a6)

This reverts commit d3831760.

Change-Id: I0509f7eadb3a27c4cadbd3088cb57a588463f457

Various software video decoders would specify the buffer size as if it were
fully cropped, which then failed a sanity check in SoftwareRenderer.
They now return the full buffer size.

Bug: 21717327
Bug: 21443020
Change-Id: I19fcd091827ebd52a95a5509281a07ccc156e0e5
(cherry picked from commit 3ecc9db4)

Bug: 20674086
Change-Id: Ie2c711865c3b92f3fa2f3c7a436fa0e3687eb8b3
(cherry picked from commit d7bb1cd7)

This reverts commit c23e3dd8.

This speculative fix didn't fix the compile failure, do checking locally.

Change-Id: I1598f7208c8232ca38c0fcad17f211598591594e

Bug: 20674086
Change-Id: I431aa2b7d30a942350ab6d105451c6b77e2f99d4
(cherry picked from commit 42cccd7c)

Bug: 22414321

Change-Id: I062c662a440a1becccd248c3b8ddf711c51e53cc
related-to-bug: 18394494
related-to-bug: 19664283
(cherry picked from commit 2fb561a6)