- 27 Oct, 2015 2 commits
-
-
Wonsik Kim authored
Because the constructor of NuCachedSource2 sent a message to AHandlerReflector object, AHandlerReflector::onMessageReceived could have executed just before the object gets wrapped in a strong pointer, resulting in erroneous early free. Fix the issue by using static Create function to ensure the message is sent after the object is wrapped in a sp. Bug: 23882800 Change-Id: I38a9d7a3083f184b4c81d0b00ba1661721278855
-
Marco Nelissen authored
Corrupt files could cause very large allocations, limit them to something more reasonable. Bug: 17769851 Change-Id: Ib0f722fd6fddff873bd7a547aac456e608c34c84
-
- 28 Sep, 2015 17 commits
-
-
Jeff Tinker authored
bug: 23600291 Change-Id: I7979e9e25ada01c13775be8580d433a8b4ce4ffe
-
Jeff Tinker authored
bug: 23540426 Change-Id: I7ca419e4008967a0387649e5293ac9d4be71d3c4
-
Wonsik Kim authored
Switch to foundation base64 function in OggExtractor and fix the issue there. This reverts commit 28314aef. Bug: 23707088 Change-Id: I268bd50431de5b5e579343bf1b425c42ada6daba
-
Wonsik Kim authored
Bug: 23707088 Change-Id: I8d32841fee3213c721cdcc57788807ea64d19d74
-
Robert Shih authored
More specifically when handling GET_OUTPUT_FOR_ATTR in IAudioPolicyService. This prevents leaking a uninitialized `output` across binder if getOutputForAttr were to encounter errors. Bug: 23756261 Change-Id: Ibff8a1249a4e8a3c89a33a540dda428b10d6ca82
-
Robert Shih authored
More specifically when handling: * GET_STREAM_VOLUME in IAudioPolicyService, and * GET_CURRENT_POSITION and GET_DURATION in IMediaPlayer This prevents leaking uninitialized values across binder in error cases. Bug: 23756261 Change-Id: I0ffd900ab12b685b0611259ade4a3efb1ec5defe
-
Marco Nelissen authored
Add bounds checking and fix other bugs. Bug: 23284974 Bug: 23541506 Bug: 23542351 Bug: 23542352 Change-Id: I53551efdf109ce1833e0c361efaf4cee7a851023
-
Nick Kralevich authored
Credit https://code.google.com/p/android/issues/detail?id=183310 Bug: 23515142 Change-Id: Idbd66fb148bd0ac1dd78f8651d0164f2a41e2427 (cherry picked from commit b73b826c)
-
Andy Hung authored
Bug: 23540907 Change-Id: Ib89afc6b273b0eb310bbc5a1bd92b1e3d407c249
-
Marco Nelissen authored
Check allocations when the size is read from a file and might therefore be invalid. b/14388161 Change-Id: Ia08cc0a6107f275a70e793ef3b50c0ce16ceeee0
-
Chong Zhang authored
bug: 19779574 Change-Id: I4ffe8c3fadc07da211f421e75ee83010b01d9cbb
-
Robert Shih authored
Bug: 23658148 Change-Id: Ic37cac7b5d166143e0b77e9919b0aaef486e4fdd Resolved conflicts from cherry-picking ag/764007 into the lmp-mr1-release branch.
- 16 Sep, 2015 1 commit
-
-
Baligh Uddin authored
This reverts commit d3831760. Change-Id: I0509f7eadb3a27c4cadbd3088cb57a588463f457
-
- 09 Sep, 2015 1 commit
-
-
Jeff Tinker authored
Bug: 22414321 Change-Id: I062c662a440a1becccd248c3b8ddf711c51e53cc related-to-bug: 18394494 related-to-bug: 19664283 (cherry picked from commit 2fb561a6)
-
- 08 Sep, 2015 5 commits
-
-
Baligh Uddin authored
This reverts commit d3831760. Change-Id: I0509f7eadb3a27c4cadbd3088cb57a588463f457
-
Marco Nelissen authored
Various software video decoders would specify the buffer size as if it were fully cropped, which then failed a sanity check in SoftwareRenderer. They now return the full buffer size. Bug: 21717327 Bug: 21443020 Change-Id: I19fcd091827ebd52a95a5509281a07ccc156e0e5 (cherry picked from commit 3ecc9db4)
-
Abhishek Arya authored
This reverts commit c23e3dd8. This speculative fix didn't fix the compile failure, do checking locally. Change-Id: I1598f7208c8232ca38c0fcad17f211598591594e
-
- 02 Sep, 2015 1 commit
-
-
Jeff Tinker authored
Bug: 22414321 Change-Id: I062c662a440a1becccd248c3b8ddf711c51e53cc related-to-bug: 18394494 related-to-bug: 19664283 (cherry picked from commit 2fb561a6)
-
- 01 Sep, 2015 13 commits
-
-
Wei Jia authored
Bug: 23416608 Change-Id: I4dacd38ed42db8f4887c3ee386dc909451f4346f
-
Joshua J. Drake authored
Integer overflows could occur a few places within findFrame. These can lead to out-of-bounds reads and potentially infinite loops. Ensure that arithmetic does not wrap around to prevent these behaviors. Bug: 23285192 Change-Id: I72a61df7d5719d1d3f2bd0b37fba86f0f4bbedee
-
Jeff Tinker authored
Clarify that decrypt destination is not a pointer for secure case. b/23223325 Change-Id: I642dcf790a9eb9e32175f3e0d8f040c82228e3ac (cherry picked from commit ed555d70)
-
Marco Nelissen authored
Bug: 23346388 Change-Id: Ifd918cefc90527c2f52177c3ce0da7a13259ad08
-
Wei Jia authored
- The ABuffer used for the Message has a preset value of 1024, if flattening the meta data exceeds this value, a check fails hence the crash. - This change creates a new ABuffer if the buffer size would exceed the buffer capacity. Bug: 22771132 CRs-Fixed: 857850 (cherry picked from commit 9c170c07) Change-Id: I056ade2f95bc8d82dfe092de7ecddba588cc5b72
-
Eric Laurent authored
Clear output stream pointer in duplicating thread when the main output to which it is attached is closed. Also do not forward master mute and volume commands to duplicating threads as this is not applicable. Also fix logic in AudioFlinger::primaryPlaybackThread_l() that could accidentally return a duplicating thread. This never happens because the primary thread is always first in the list. Bug: 20731946. Change-Id: Ic8869699836920351b23d09544c50a258d3fb585 (cherry picked from commit f6870aef)
-
Marco Nelissen authored
Bug: 23306638 Change-Id: I2b5160e0f58f90d3f67c3964f41f5734ec0da053
-
Wei Jia authored
Bug: 20674674 Change-Id: I511c22d59789e1cc3a21fe13ea08ac3752e737c6
-
Robert Shih authored
Bug: 21335999 Change-Id: I76bd34610e52048ffcf16e41aa6175afc8a14ee4 (cherry picked from commit 2dcf6138)
-
Neel Mehta authored
Bug: 23227354 Change-Id: Iaa36cfda4fd84ca7e039f56086fd61b4118020db (cherry picked from commit 77e23413)