0c95c078771f637924fa7ae01b0d90df285dde64 |
|
02-May-2018 |
Ray Essick <essick@google.com> |
Revert "mm-video-v4l2: Protect buffer access and increase input buffer size" This reverts commit 4f368aba8c090006c96ad496558a66d15a63b79d. Reason for revert: regressions at oc-mr1/bullhead and pi/walleye Change-Id: Ie9caad90482698913db06cdb9aeebfd869fe1a6a Bug: 64340487 Bug: 78291359 Bug: 78913375
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|
4f368aba8c090006c96ad496558a66d15a63b79d |
|
13-Apr-2018 |
Ray Essick <essick@google.com> |
mm-video-v4l2: Protect buffer access and increase input buffer size Protect buffer access for below scenarios: *Increase the scope of buf_lock in free_buffer to avoid access of freed buffer for both input and output buffers. Also, add check before output buffer access. *Disallow allocate buffer mode after client has called use buffer. Allocate additional 512 bytes of memory for input buffers on top of allocation size as per hardware requirement Author: Santhosh Behara <santhoshbehara@codeaurora.org> Bug: 64340487 Test: PoC before/after Change-Id: Icc65fe43134493fefe6e420ca818f60995084871
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|
97e3ddfad60bf0417cbbc93dda97d2b887589fc0 |
|
25-Apr-2016 |
Praveen Chavan <pchavan@codeaurora.org> |
mm-video-v4l2: vdec: Avoid processing ETBs/FTBs in invalid states (per the spec) ETB/FTB should not be handled in states other than Executing, Paused and Idle. This avoids accessing invalid buffers. Also add a lock to protect the private-buffers from being deleted while accessing from another thread. Bug: 27890802 Security Vulnerability - Heap Use-After-Free and Possible LPE in MediaServer (libOmxVdec problem #6) Change-Id: Iaac2e383cd53cf9cf8042c9ed93ddc76dba3907e
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|
fd65fa891104fd7cedb06a8ba0849934dae63640 |
|
23-Mar-2016 |
Praveen Chavan <pchavan@codeaurora.org> |
mm-video-v4l2: vdec: add safety checks for freeing buffers Allow only up to 64 buffers on input/output port (since the allocation bitmap is only 64-wide). Do not allow changing the actual buffer count while still holding allocation (Client can technically negotiate buffer count on a free/disabled port) Add safety checks to free only as many buffers were allocated. Fixes: Security Vulnerability - Heap Overflow and Possible Local Privilege Escalation in MediaServer (libOmxVdec problem #3) Bug: 27532282 27661749 Change-Id: I06dd680d43feaef3efdc87311e8a6703e234b523
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|
e4010605f233a213cf0d972397bb33c34c364227 |
|
07-Mar-2016 |
Patrick Tjin <pattjin@google.com> |
Initial import of msm8996 media HAL 1) Move existing HAL to msm8974/ 2) Import msm8996 HAL from LA.HB.1.1.2_rb1.12 3) Modify Makefiles to remove kernel dependencies and fix for new directory structure 4) Modify top level makefile for new directory structure Top commits from LA.HB.1.1.2_rb1.12 included in this commit: db7937a mm-video: vidc: memset struct v4l2_format prior to S_FMT d77ab10 Merge "mm-video-v4l2: vidc: Do not queue output buffer if flush is in progress" 8895985 mm-video-v4l2: vidc: vdec: Add property to disable UBWC for OPB 675af75 Merge "mm-video: vidc: Communicate the right colorformat to the driver" dd79df2 Merge "mm-video: vidc: Reliably stop the message thread" c3e8618 Merge "mm-video-v4l2: vidc: venc: Fix B-Frame handling" 755ec08 mm-video-v4l2: vidc: Do not queue output buffer if flush is in progress 3ac8410 mm-video: vidc: Reliably stop the message thread b73dcba Merge "mm-video-v4l2: vidc: venc: Bug fixes for VZIP" 8358109 Merge "mm-video-v4l2: vdec: fix picture type decode mode return status" BUG=27420204 Signed-off-by: Patrick Tjin <pattjin@google.com> Change-Id: I71aa0190e48b332268334677894b0ad7c606296b
/hardware/qcom/media/msm8974/mm-video-v4l2/vidc/vdec/inc/omx_vdec.h
|