frameworks-av

Fork

Android 9.0.0 release 56
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXrBHQAAKCRDorT+BmrEO
eMQRAJ99qmEAqv5GOHLw4HtWoY/WrAmY7gCcC0woKoltynY72DsQ4c7cll3dXdI=
=sjG+
-----END PGP SIGNATURE-----

Merge tag 'android-9.0.0_r56' into pie-x86

Android 9.0.0 release 56

Fix unsafe use of memcpy in audiopreprocessing

Memcpy cannot be used with overlapping memory areas. One should use
memmove instead.

See: https://issuetracker.google.com/issues/154712995

RESTRICT AUTOMERGE: Camera: fix use after free in sensor timestamp

The metadata object might be overriden later and has it memory
re-allocated; hence snaping the sensor timestamp value before
we call into any method that might change the metadata.

Test: build
Bug: 150944913
Merged-In: I5b10b680e0cce96ca49e1772770adb4835545472
Change-Id: I5b10b680e0cce96ca49e1772770adb4835545472
(cherry picked from commit 1859a38c4d8f438eba9cb7b39be102747407fa36)

BnCrypto: fix use-before-init in CREATE_PLUGIN

Bug: 144767096
Test: poc_ICrypto_283
Merged-In: Id67dc9e793ee886e4cc49370d800c7f3580df313
Merged-In: I81ff7cde5e1693f05c90380e879f74d0c4bce5f1
Change-Id: If268553440b8a0cbbe011b5396974fd864a7d083
(cherry picked from commit 4bbfb6d8815002fc79b26aebba5f3ad2226c468e)

[DO NOT MERGE] Fix heap buffer overflow in clearkey CryptoPlugin::decrypt

Fix destPtr was not pointing to destination raw pointer.

bug: 144506242

Test: sts
ANDROID_BUILD_TOP= ./android-sts/tools/sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc19_12#testPocBug_144506242

Change-Id: I9425baa21c82d5a5edf37c87989adbade0428b67
(cherry picked from commit dc4c427b2155a9928a7cdaac7c0a787dd9c8192d)

[DO NOT MERGE] Fix heap buffer overflow for releaseSecureStops.

If the input SecureStopRelease size is less than sizeof(uint32_t)
in releaseSecureStops(), an out of bound read will occur.

bug: 144766455
bug: 144746235
bug: 147281068

Test: sts
ANDROID_BUILD_TOP= ./android-sts/tools/sts-tradefed run sts-engbuild-no-spl-lock -m StsHostTestCases --test android.security.sts.Poc19_11#testPocBug_144766455

Change-Id: I050504c1ef4e5c41fb47ee97e98db41399288a91
(cherry picked from commit 2587ab6c7642062ea1791de1868c28b1164a073c)

Android 9.0.0 release 52
-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCXhOwnQAKCRDorT+BmrEO
eMkKAKCIV2wV0O0evOlVrBhhNDSkChezXQCfUinmEb5ARo4wCZJvTxB6Lrde4Ho=
=Pezi
-----END PGP SIGNATURE-----

Merge tag 'android-9.0.0_r52' into pie-x86

Android 9.0.0 release 52

stagefright: Trivial FFMPEG fixes

* Ensure our codecs are never touched for encoders
* Don't duplicate InitOMXParams, use utility class

Change-Id: Icde45b4d8b844fdb52b4f11a862ecb57059d17c0

stagefright: Copy the thumbnail time

* In case we do a conversion, we need this to seek the extractor
to the right position for extracting a thumbnail.

Change-Id: I003a599c15890aeeb6d2494b219f170ba5b278d8

stagefright: allow multiple custom OMXPlugins

* Separated by comma(,)
* Example: media.sf.omx-plugin=libffmpeg_omx.so,libsomxcore.so

Change-Id: I15556a48df282b01f54ca864317eafff5468e739
Signed-off-by: Jesse Chan <jc@lineageos.org>

stagefright: Add support for loading a custom OMXPlugin

* To facilitate moving the stagefright-plugins glue out of the
framework, support is added to OMXMaster to load multiple
external plugins besides internal/vendor versions.
* This is currently limited to one plugin, defined by the
"mm.sf.omx-plugin" system property. The code will allow any
number of libraries to be loaded, though.
* Should also be useful for nonstandard vendor implementations too.

Change-Id: I27d7e16ad56baa17754d8ea47a8c608a0d73d6f1

libstagefright: Extended media support via FFMPEG

* Original work by Michael Chen - https://github.com/omxcodec
* Original Kitkat port by Chih-Wei Huang / Android X86 project
* Additional work up to Nougat by:
- Steve Kondik
- Ricardo Cerqueira
- Keith Mok
- Scott Mertz
- Ethan Chen
- Diogo Ferreira
* Additional work up to Oreo/Pie by:
- Michael Goffioul

Change-Id: Ie871b56f6f6d895a87de8c8920e9e8692382b420

nuplayer: skip bad SAR values

Historically there are two definitions of SAR:

1. Storage Aspect Ratio
2. Sample Aspect Ratio

The first one is used in MPEG2 terminology, while the second is used
in MPEG4-AVC terminology.

The MPEG2 terminology actually means the real frame dimension (w:h),
while the MPEG4-AVC terminology means the shape of individual pixels.
It's called PAR (Pixel Aspect Ratio) in MPEG2 terminology.

Android apparently uses the second definition as comments in the code.
However, some video files include SAR tags in MPEG2 terminology sense.
For example,

08-14 18:13:45.212 2841 4769 I NuPlayer: int32_t width = 856
08-14 18:13:45.212 2841 4769 I NuPlayer: int32_t height = 480
08-14 18:13:45.212 2841 4769 I NuPlayer: int32_t sar-width = 852
08-14 18:13:45.212 2841 4769 I NuPlayer: int32_t sar-height = 480

That makes Android calculate the DAR (Display Aspect Ratio)
incorrectly, where DAR = FAR (Frame Aspect Ratio) x SAR.
As a result the video is stretched strangely.

To workaround it, skip the SAR tags if they look like the
Storage Aspect Ratio.

media: enable dithering for RGB565 conversion

This seems to improve video playback quality.

Inspired by a patch from WuZhen.

Allow screenrecord usage on Android-x86

Selects a supported color format for screenrecord (
OMX_COLOR_FormatYUV420Planar instead of OMX_COLOR_FormatAndroidOpaque)
and removes a check on SoftVideoEncoderOMXComponent.cpp
in order to make screenrecord work on Android-x86.

Don't use YV12 color format for video decoding

YV12 is not supported by Mesa yet. This has to be reverted
when we can enable h/w decoder.

CameraSource: set up right frame rate

If camera recorder uses HW codec, the capabilities of the codec
are from media_profile.xml; If using SW codec, it is invisible
to the applications, In other words, the applications won't be
able to use the codec or query the capabilities of the codec
at all, it only gives some ranges. StagefrightRecorder will
use default parameters to configure camera, as for framerate,
it should be from camera HAL feedback.

Issue:AXIA-1446
Change-Id: I77bf41239a19d26e2da1c28258288fdaa1c98297
Signed-off-by: Hua Wang <Hua.Wang@windriver.com>

FLACExtractor: Add more sample rates support

In FLACExtractor.cpp, it has function to check file's sample rate.
If the input sample rate is not in its list, it will return "unsupported
sample rate" issue. Modify code to make other sample rates (100,1k,42k,46k)
pass the check

Issue: AXIA-1441
Change-Id: I48f91119275560ec6d00feb0dedc70d10aa55262
Signed-off-by: Xiaobing Feng <xiaobing.feng@windriver.com>
Signed-off-by: Matt Gumbel <matthew.k.gumbel@intel.com>

Change max width and height supported by H.263 decoder.

Currently this is set to CIF PAL resolution (352x288) which
won't calculate the actual output buffer size for higher resolutions

The h.263 decoder needs the max width and height supported to be able
to decode

H.263 decoders supports: QCIF, CIF, D1 and 16CIF; all PAL.

Change-Id: If5e44c522cb3cb56bb6235ec2992e2544b1737e9
Original-Change-Id: I7f8d2ae4263925ac4cf9250404ef92fc819ca33a
Signed-off-by: Daniel Charles <daniel.charles@intel.com>

SW encode: Fix output buffer size

The output buffer size needs to be updated if the resolution is updated.
The output buffer was configured for QCIF resolution when the actual
resolution was VGA. Buffer overflow was resulting.

Change-Id: Ieca3943d8d67bfcfcf49fed95d17be712f4b14b5
Signed-off-by: Robert Crabtree <robertx.l.crabtree@intel.com>

AudioFlinger: enforce OP_RECORD_AUDIO during recording

Fix issue where RecordTrack silencing didn't silence the
full buffer: the memset to 0 was using the RecordThread frame
size, not the RecordTrack frame size.
OP_RECORD_AUDIO was only enforced at the start of a recording
which would fail if not granted. This patch silences the recording
(i.e. silence is recorded instead) when it is lost, and undoes that
when granted again. This requires:
- propagating the package name of the client to the RecordTrack class
- registering an appOp callback in RecordTrack (through a new
OpRecordAudioMonitor class) to (un)silence the recording
- update the isSilenced() method to take into account the appOp.

Bug: 138968594
Bug: 138636979
Test: run app that records audio, then "adb shell appops __pack_name__ 27 2"
and verify recording is silent after that.

Change-Id: I4ebdb2f02409fdf045a77132bf7a1b24249ad948
Merged-In: Ib33f5b592185a67204997213bab1ac2594d90d37
(cherry picked from commit 43def76fcdb1d3a9b14a3f19a4c8a33534f8b003)

[RESTRICT AUTOMERGE] clearkey hidl CryptoPlugin: security fixes

* reject native handle output
* validate subsample sizes

Bug: 137283376
Test: cryptopoc
Change-Id: Ic4267fdc0e391bdecc1caab3b8fd4aa34ad76541
(cherry picked from commit 5dd7590c6c6fcedd77ac5ec2dd97c8badfb9eb36)

Fix OOB access in mpeg4/h263 decoder

The decoder does not support an increase in frame width, and
would exceed its buffer if the width increased mid-stream.
There was an existing check to prevent the total frame size
(width*height) from increasing, but in fact the decoder also
does not even support a width increase, even if the height
decreases correspondingly.

Bug: 136175447
Bug: 136173699
Test: manual
Change-Id: Ic2d28bb0503635dadeb69ba3be9412d58684e910
(cherry picked from commit ef4ce157000b2b5bcbf2bcb36a228ec604803547)

m4v_h263: add a test for invalid/negative value

Test: run poc with and without the patch.
Bug: 134578122
Change-Id: I2d11826d1d9e2669aa5627065dc627729ddc823b
(cherry picked from commit 7802c68aebf7908983508fd4a52a7d53746a80eb)

AMR WB encoder: prevent OOB write in ACELP_4t64_fx

In ACELP_4t64_fx, when iterating over ind array, check index against
array size to prevent OOB write, log an error if such an access
was about to happen.

Bug: 132647222
Test: atest EncoderTest#testAMRWBEncoders
Change-Id: I33f476d94baec2feffc7bcccd0ad0481b8452518
(cherry picked from commit 82cb46d0d55a407f468023977204eb7133b7fd77)
Merged-in: I33f476d94baec2feffc7bcccd0ad0481b8452518
(cherry picked from commit 9a44849c88b306e1b4fb37bd9aa34d6ba0607b7a)

httplive: detect oom if playlist is infinite

Bug: 68399439
Test: StagefrightTest#testStagefright_cve_2017_13279
Change-Id: Icf39c2ae58d9d6ba7c74bbcfbe2154e66e6c9e40
(cherry picked from commit f3808d3a2e8c646d5edad451a80daa61a4e5d836)

Fix overflow/dos in 3gg text description parsing

Bug: 124781927
Test: run pocs
Change-Id: I8765ac9746c3de7d711ef866d4ec0e29972320c0
(cherry picked from commit 851e22d1dc89a7f708b9d2b56947f69cd1a08b94)

DO NOT MERGE: audiopolicy: Remove raw pointer references to AudioMix

AudioInputDescriptor, AudioOutputDescriptor, and AudioSession used
to reference AudioMix instances using a raw pointer. This isn't
safe as AudioMix was owned by AudioPolicyMix, which is not
referenced by descriptors.

Change AudioMix* pointers in Audio{Input|Output}Descriptor and
AudioSession to wp<AudioPolicyMix> which reflects their
relationship correctly.

To ensure that code does not operate on AudioMix instances
independently from AudioPolicyMix, and to avoid introducing
a lot of getter / setter methods into AudioPolicyMix, make
the latter to inherit AudioMix. This makes sense because
AudioPolicyMix is essentially a ref-counted version of AudioMix.

Bug: 124899895
Test: build and sanity check on marlin,
build marlin with USE_CONFIGURABLE_AUDIO_POLICY := 1
Merged-In: Ic508caedefe721ed7e7ba6ee3e9175ba9e8dc23a
Change-Id: Ic508caedefe721ed7e7ba6ee3e9175ba9e8dc23a
(cherry picked from commit a306e2a3577d4155345a24e5214f77870f63359b)

Zero-initialize HIDL structs before passing

Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice

Bug: 131267328
Bug: 131356202
Change-Id: Ie91b7946f8f4406fd06e9cb4ad883b3a2704f366
Merged-In: I2f696aa85143f74f753fbb0320dce5aee88846c4
(cherry picked from commit cad25f332373d834f80872239b5b06ab38274ee2)

NuPlayerCCDecoder: fix memory OOB

Test: cts
Bug: 129068792
Change-Id: Id78ddc983f245feda3a81da3448196340b57f5c9
(cherry picked from commit e1c7348e1c3fed25c16ae4673101f48b1ed95b7e)
(cherry picked from commit 0f7ff70737d58abda69fa6d4524b1943d6c41461)