| 0c95c078771f637924fa7ae01b0d90df285dde64 |
|
02-May-2018 |
Ray Essick <essick@google.com> |
Revert "mm-video-v4l2: Protect buffer access and increase input buffer size"
This reverts commit 4f368aba8c090006c96ad496558a66d15a63b79d.
Reason for revert: regressions at oc-mr1/bullhead and pi/walleye
Change-Id: Ie9caad90482698913db06cdb9aeebfd869fe1a6a
Bug: 64340487
Bug: 78291359
Bug: 78913375
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|
| 4f368aba8c090006c96ad496558a66d15a63b79d |
|
13-Apr-2018 |
Ray Essick <essick@google.com> |
mm-video-v4l2: Protect buffer access and increase input buffer size
Protect buffer access for below scenarios:
*Increase the scope of buf_lock in free_buffer to avoid access
of freed buffer for both input and output buffers. Also, add check
before output buffer access.
*Disallow allocate buffer mode after client has called use buffer.
Allocate additional 512 bytes of memory for input buffers on top of
allocation size as per hardware requirement
Author: Santhosh Behara <santhoshbehara@codeaurora.org>
Bug: 64340487
Test: PoC before/after
Change-Id: Icc65fe43134493fefe6e420ca818f60995084871
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|
| 97e3ddfad60bf0417cbbc93dda97d2b887589fc0 |
|
25-Apr-2016 |
Praveen Chavan <pchavan@codeaurora.org> |
mm-video-v4l2: vdec: Avoid processing ETBs/FTBs in invalid states
(per the spec) ETB/FTB should not be handled in states other than
Executing, Paused and Idle. This avoids accessing invalid buffers.
Also add a lock to protect the private-buffers from being deleted
while accessing from another thread.
Bug: 27890802
Security Vulnerability - Heap Use-After-Free and Possible LPE in
MediaServer (libOmxVdec problem #6)
Change-Id: Iaac2e383cd53cf9cf8042c9ed93ddc76dba3907e
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|
| fd65fa891104fd7cedb06a8ba0849934dae63640 |
|
23-Mar-2016 |
Praveen Chavan <pchavan@codeaurora.org> |
mm-video-v4l2: vdec: add safety checks for freeing buffers
Allow only up to 64 buffers on input/output port (since the
allocation bitmap is only 64-wide).
Do not allow changing the actual buffer count while still
holding allocation (Client can technically negotiate buffer
count on a free/disabled port)
Add safety checks to free only as many buffers were allocated.
Fixes: Security Vulnerability - Heap Overflow and Possible
Local Privilege Escalation in MediaServer (libOmxVdec problem #3)
Bug: 27532282 27661749
Change-Id: I06dd680d43feaef3efdc87311e8a6703e234b523
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|
| e4010605f233a213cf0d972397bb33c34c364227 |
|
07-Mar-2016 |
Patrick Tjin <pattjin@google.com> |
Initial import of msm8996 media HAL
1) Move existing HAL to msm8974/
2) Import msm8996 HAL from LA.HB.1.1.2_rb1.12
3) Modify Makefiles to remove kernel dependencies and
fix for new directory structure
4) Modify top level makefile for new directory structure
Top commits from LA.HB.1.1.2_rb1.12 included in this commit:
db7937a mm-video: vidc: memset struct v4l2_format prior to S_FMT
d77ab10 Merge "mm-video-v4l2: vidc: Do not queue output buffer if flush is in progress"
8895985 mm-video-v4l2: vidc: vdec: Add property to disable UBWC for OPB
675af75 Merge "mm-video: vidc: Communicate the right colorformat to the driver"
dd79df2 Merge "mm-video: vidc: Reliably stop the message thread"
c3e8618 Merge "mm-video-v4l2: vidc: venc: Fix B-Frame handling"
755ec08 mm-video-v4l2: vidc: Do not queue output buffer if flush is in progress
3ac8410 mm-video: vidc: Reliably stop the message thread
b73dcba Merge "mm-video-v4l2: vidc: venc: Bug fixes for VZIP"
8358109 Merge "mm-video-v4l2: vdec: fix picture type decode mode return status"
BUG=27420204
Signed-off-by: Patrick Tjin <pattjin@google.com>
Change-Id: I71aa0190e48b332268334677894b0ad7c606296b
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|