GitLab

Bug: 21443020
Change-Id: I63cf86217b8201fb41809c23e4b752b845a93ee2
(cherry picked from commit 760f92f8)

Bug: 23416608
Change-Id: I4dacd38ed42db8f4887c3ee386dc909451f4346f

Integer overflows could occur a few places within findFrame. These can lead to
out-of-bounds reads and potentially infinite loops. Ensure that arithmetic does
not wrap around to prevent these behaviors.

Bug: 23285192
Change-Id: I72a61df7d5719d1d3f2bd0b37fba86f0f4bbedee

Clarify that decrypt destination is not a pointer for
secure case.

b/23223325

Change-Id: I642dcf790a9eb9e32175f3e0d8f040c82228e3ac
(cherry picked from commit ed555d70)

Bug: 23270724
Change-Id: Id7ba55c7bf6860fbfc892bbb6378aac644c82da4
(cherry picked from commit c51ab7dd)

Bug: 23346388
Change-Id: Ifd918cefc90527c2f52177c3ce0da7a13259ad08

- The ABuffer used for the Message has a preset value of 1024, if
  flattening the meta data exceeds this value, a check fails hence
  the crash.
- This change creates a new ABuffer if the buffer size would exceed
  the buffer capacity.

Bug: 22771132

CRs-Fixed: 857850

(cherry picked from commit 9c170c07)

Change-Id: I056ade2f95bc8d82dfe092de7ecddba588cc5b72

Bug: 23247055
Change-Id: I29ef59c7ff09248063714e5013f7c33f66c5eebd
(cherry picked from commit 3564c456)
(cherry picked from commit 108cd2dc)

Clear output stream pointer in duplicating thread
when the main output to which it is attached is closed.

Also do not forward master mute and volume commands to
duplicating threads as this is not applicable.

Also fix logic in AudioFlinger::primaryPlaybackThread_l()
that could accidentally return a duplicating thread.
This never happens because the primary thread is always
first in the list.

Bug: 20731946.
Change-Id: Ic8869699836920351b23d09544c50a258d3fb585
(cherry picked from commit f6870aef)

Bug: 23306638
Change-Id: I2b5160e0f58f90d3f67c3964f41f5734ec0da053

Bug: 20674674
Change-Id: I511c22d59789e1cc3a21fe13ea08ac3752e737c6

Bug: 21335999
Change-Id: I76bd34610e52048ffcf16e41aa6175afc8a14ee4
(cherry picked from commit 2dcf6138)

Bug: 23227354

Change-Id: Iaa36cfda4fd84ca7e039f56086fd61b4118020db
(cherry picked from commit 77e23413)

Bug: 20674674
Change-Id: Iace5b8c882339b3a9d2e706375255aeeeb0532fe

Bug: 20674086
Change-Id: I2ee6b7e0eabbf696c0986d08b2d759d48cb9eb7b

Bug: 22008959
Change-Id: I5f6e188adcc593796455bdaf7b0b8aba672b106e

BUG: 20674086
Change-Id: Idaff17975b327adea65c39bdba1ab4e88789c0cd

bug: 22845824
Change-Id: I8c375790c697e02b6ab3ea54b84d3f70d5e78141
(cherry picked from commit 346de3c2)

Bug: 23248776
Change-Id: I45cf53e58e4375afcf260b122264c968ec0ff6c8
(cherry picked from commit 3bf1e0fd)

Bug: 20674674

Change-Id: If80186a7b9078e575d389220f3bebe9f7630a956
(cherry picked from commit f6fe4340)

bug: 23016072
Change-Id: If3c9a835408773847c0024a812bd8b4915ebd680
(cherry picked from commit fa8ebb45)

The output buffer size as per opus project's sample decoder [1] is
960*6*channel_count. Whereas in SoftOpus, we use 960*6 (without the
channel count multiplier. Fixing it to include maximum number of
channels possible as the multiplier.

[1] http://git.xiph.org/?p=opus-tools.git;a=blob;f=src/opusdec.c;h=d085f04eacdfd49759ffdb73db805562ba396720;hb=f2a2e88b47f6f24083a37be476f140f677fe7160#l571

BUG=20721050

Change-Id: I323891a1b11491782bc093477b09e7757b885674
(cherry picked from commit 08e82275)

Bug: 21814993
Change-Id: Idaac61b4b9f4058b94e84093644593ba315d72ff
(cherry picked from commit c1a104aa)

Bug:23213430

Change-Id: I6f2e2b03b968a569b122004b4803c5d17fccfb12
(cherry picked from commit 635bc8f9)

Bug: 22077698
Change-Id: I2beb724662d041ad2339d0f4c7f983e7ac5e5e6f
(cherry picked from commit 94b0badc)

Bug: 22388975
Change-Id: I3c157b1029d37f6a22e6302ea7b52077fe27ce53
(cherry picked from commit 529c595b)

Bug: 23142203
Change-Id: I309df51e4df6412655f04cc093d792bf6c7944f7
(cherry picked from commit 9dd01777)

Bug: 23129786
Change-Id: I2e6b7a6927aa4362ab49dd6824bbb1abf7b4e661
(cherry picked from commit 09da8691)

Bug: 23036083
Bug: https://code.google.com/p/android/issues/detail?id=182053
Change-Id: I1a5cbe06990900160c2addade238c1e9feab8f71
(cherry picked from commit c63cc509)

If size == SIZE_MAX, the line:

  uint8_t *buffer = new (std::nothrow) uint8_t[size + 1];

ends up allocating zero bytes, which is obviously incorrect.

(cherry picked from commit b2d33aee)

Bug: 23031033
Change-Id: I8027247a4e24d2c8a8b4eac88c3643eccda108b9

Instead of rejecting the samples later when they don't fit in the
buffer, reject the entire file early.

Bug: 22882938
Change-Id: I748153b0e9e827e3f2526468756295b4b5000de6
(cherry picked from commit beef7e58)

Bug: 22954006
Change-Id: I488cb1e2c69fc7043b6040481b30fa866000515d

Bug: 20139950
Bug: 22935234
(cherry picked from commit a105482a)

Change-Id: I408d261de1a6dd5c4343bcf3a7dfd8a259e0e2f3

Limit number of ports and patches listed by
LIST_AUDIO_PATCHES and LIST_AUDIO_PORTS.

Also fix typo causing wring pointer to be used when writing to Parcel.

Bug: 19573085.
Change-Id: I41a9c710e45738a4f11990160587856c429a4646

This reverts commit d3831760.

Change-Id: I0509f7eadb3a27c4cadbd3088cb57a588463f457

Bug: 22414321

Change-Id: I062c662a440a1becccd248c3b8ddf711c51e53cc
related-to-bug: 18394494
related-to-bug: 19664283
(cherry picked from commit 2fb561a6)

chunk_size is a uint64_t, so it can legitimately be bigger
than SIZE_MAX, which would cause the subtraction to underflow.

https://code.google.com/p/android/issues/detail?id=182251

Bug: 23034759
Change-Id: Ic1637fb26bf6edb0feb1bcf2876fd370db1ed547

Bug: 21296336
Change-Id: I78be5141b3108142f12d7cb94839fa50f776d84a

This reverts commit d3831760.

Change-Id: I0509f7eadb3a27c4cadbd3088cb57a588463f457

Bug: 22414321

Change-Id: I062c662a440a1becccd248c3b8ddf711c51e53cc
related-to-bug: 18394494
related-to-bug: 19664283
(cherry picked from commit 2fb561a6)