Merge cherrypicks of [2338295, 2338197, 2338407, 2338385, 2338425, 2338465, 2338447, 2338426, 2338386, 2338387, 2338466, 2338368, 2338296, 2338198, 2338450, 2338470, 2338429, 2338390, 2338430, 2338315, 2338452, 2338453, 2338431, 2338297, 2338354, 2338200, 2338391, 2338392, 2338482, 2338357, 2338411, 2338394, 2338318, 2338370, 2338434, 2338472, 2338473, 2338395, 2338299, 2338412, 2338413, 2338454, 2338396, 2338474, 2338397, 2338360, 2338455] into nyc-mr2-security-b-release
Change-Id: I2dc3b32aaa7303f0c5bac0d5edb59aed88f36ae7
diff --git a/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/MPEG4Extractor.cpp
index f42fbcf..2d6e776 100644
--- a/media/libstagefright/MPEG4Extractor.cpp
+++ b/media/libstagefright/MPEG4Extractor.cpp
@@ -468,6 +468,22 @@
const char *mime;
CHECK(track->meta->findCString(kKeyMIMEType, &mime));
if (!strncasecmp("video/", mime, 6)) {
+ // MPEG2 tracks do not provide CSD, so read the stream header
+ if (!strcmp(mime, MEDIA_MIMETYPE_VIDEO_MPEG2)) {
+ off64_t offset;
+ size_t size;
+ if (track->sampleTable->getMetaDataForSample(
+ 0 /* sampleIndex */, &offset, &size, NULL /* sampleTime */) == OK) {
+ if (size > kMaxTrackHeaderSize) {
+ size = kMaxTrackHeaderSize;
+ }
+ uint8_t header[kMaxTrackHeaderSize];
+ if (mDataSource->readAt(offset, &header, size) == (ssize_t)size) {
+ track->meta->setData(kKeyStreamHeader, 'mdat', header, size);
+ }
+ }
+ }
+
if (mMoofOffset > 0) {
int64_t duration;
if (track->meta->findInt64(kKeyDuration, &duration)) {
@@ -488,22 +504,6 @@
((int64_t)sampleTime * 1000000) / track->timescale);
}
}
-
- // MPEG2 tracks do not provide CSD, so read the stream header
- if (!strcmp(mime, MEDIA_MIMETYPE_VIDEO_MPEG2)) {
- off64_t offset;
- size_t size;
- if (track->sampleTable->getMetaDataForSample(
- 0 /* sampleIndex */, &offset, &size, NULL /* sampleTime */) == OK) {
- if (size > kMaxTrackHeaderSize) {
- size = kMaxTrackHeaderSize;
- }
- uint8_t header[kMaxTrackHeaderSize];
- if (mDataSource->readAt(offset, &header, size) == (ssize_t)size) {
- track->meta->setData(kKeyStreamHeader, 'mdat', header, size);
- }
- }
- }
}
}
@@ -1233,6 +1233,7 @@
ALOGV("allocated pssh @ %p", pssh.data);
ssize_t requested = (ssize_t) pssh.datalen;
if (mDataSource->readAt(data_offset + 24, pssh.data, requested) < requested) {
+ delete[] pssh.data;
return ERROR_IO;
}
mPssh.push_back(pssh);
diff --git a/media/libstagefright/OggExtractor.cpp b/media/libstagefright/OggExtractor.cpp
index 37e8e9c..ebbe510 100644
--- a/media/libstagefright/OggExtractor.cpp
+++ b/media/libstagefright/OggExtractor.cpp
@@ -697,7 +697,21 @@
if (buffer != NULL) {
fullSize += buffer->range_length();
}
- MediaBuffer *tmp = new MediaBuffer(fullSize);
+ if (fullSize > 16 * 1024 * 1024) { // arbitrary limit of 16 MB packet size
+ if (buffer != NULL) {
+ buffer->release();
+ }
+ ALOGE("b/36592202");
+ return ERROR_MALFORMED;
+ }
+ MediaBuffer *tmp = new (std::nothrow) MediaBuffer(fullSize);
+ if (tmp == NULL) {
+ if (buffer != NULL) {
+ buffer->release();
+ }
+ ALOGE("b/36592202");
+ return ERROR_MALFORMED;
+ }
if (buffer != NULL) {
memcpy(tmp->data(), buffer->data(), buffer->range_length());
tmp->set_range(0, buffer->range_length());
diff --git a/media/libstagefright/codecs/avcenc/SoftAVCEnc.cpp b/media/libstagefright/codecs/avcenc/SoftAVCEnc.cpp
index 9e7a3be..5b06722 100644
--- a/media/libstagefright/codecs/avcenc/SoftAVCEnc.cpp
+++ b/media/libstagefright/codecs/avcenc/SoftAVCEnc.cpp
@@ -614,6 +614,7 @@
IV_STATUS_T status;
WORD32 level;
uint32_t displaySizeY;
+
CHECK(!mStarted);
OMX_ERRORTYPE errType = OMX_ErrorNone;
@@ -917,6 +918,9 @@
}
}
+ // clear other pointers into the space being free()d
+ mCodecCtx = NULL;
+
mStarted = false;
return OMX_ErrorNone;
@@ -1509,6 +1513,14 @@
return;
}
+void SoftAVC::onReset() {
+ SoftVideoEncoderOMXComponent::onReset();
+
+ if (releaseEncoder() != OMX_ErrorNone) {
+ ALOGW("releaseEncoder failed");
+ }
+}
+
} // namespace android
android::SoftOMXComponent *createSoftOMXComponent(
diff --git a/media/libstagefright/codecs/avcenc/SoftAVCEnc.h b/media/libstagefright/codecs/avcenc/SoftAVCEnc.h
index cf6f899..8b24b62 100644
--- a/media/libstagefright/codecs/avcenc/SoftAVCEnc.h
+++ b/media/libstagefright/codecs/avcenc/SoftAVCEnc.h
@@ -136,6 +136,8 @@
protected:
virtual ~SoftAVC();
+ virtual void onReset();
+
private:
enum {
kNumBuffers = 2,
diff --git a/media/libstagefright/omx/OMXNodeInstance.cpp b/media/libstagefright/omx/OMXNodeInstance.cpp
index 43a50ae..c3514b3 100644
--- a/media/libstagefright/omx/OMXNodeInstance.cpp
+++ b/media/libstagefright/omx/OMXNodeInstance.cpp
@@ -792,6 +792,12 @@
return BAD_VALUE;
}
+ if (!mSailed) {
+ ALOGE("b/35467458");
+ android_errorWriteLog(0x534e4554, "35467458");
+ return BAD_VALUE;
+ }
+
// metadata buffers are not connected cross process
// use a backup buffer instead of the actual buffer
BufferMeta *buffer_meta;
@@ -1223,6 +1229,12 @@
Mutex::Autolock autoLock(mLock);
+ if (!mSailed) {
+ ALOGE("b/35467458");
+ android_errorWriteLog(0x534e4554, "35467458");
+ return BAD_VALUE;
+ }
+
BufferMeta *buffer_meta = new BufferMeta(size, portIndex);
OMX_BUFFERHEADERTYPE *header;
@@ -1278,6 +1290,12 @@
return BAD_VALUE;
}
+ if (!mSailed) {
+ ALOGE("b/35467458");
+ android_errorWriteLog(0x534e4554, "35467458");
+ return BAD_VALUE;
+ }
+
// metadata buffers are not connected cross process; only copy if not meta
bool copy = mMetadataType[portIndex] == kMetadataBufferTypeInvalid;
