6 months worth of security patches! #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prevent OOB read in C2SurfaceSyncObj::Import from libcodec2_vndk. Bug: 240140929 Test: Manual Change-Id: I7b4cd8aa3fa5b9b2160f0eba40a618b4dd536d5c (cherry picked from commit 9b4f38105ad66615e811483f4927942b231c84b7) Merged-In: I7b4cd8aa3fa5b9b2160f0eba40a618b4dd536d5c (cherry picked from commit e3958886dbdd65ac8020a4554c9e567f95a6d813) Merged-In: I7b4cd8aa3fa5b9b2160f0eba40a618b4dd536d5c
readSampleData() did not initialize buffer before filling it, leading to OOB memory references. Correct and clarify the book keeping around output buffer management. Bug: 275418191 Test: CtsMediaExtractorTestCases w/debug messages (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:943fc12219b21d2a98f0ddc070b9b316a6f5d412) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:84c69bca81175feb2fd97ebb22e432ee41572786) Merged-In: Ie744f118526f100d82a312c64f7c6fcf20773b6d Change-Id: Ie744f118526f100d82a312c64f7c6fcf20773b6d
We call startRecording unconditionally in startInput, so we must update the client state to be unsilenced (since we are treating as such). We subsequently re-update the silence state (with the client marked as active to dispatch ops) in updateUidStates_l. This fixes an issue where we call startRecording for a silenced client, then call it again when it moves to unsilenced when the client is active. Since startRecording is ref-counted, this leaves the client in the recording state leading to incorrect appop attributions. Bug: 279905816 Bug: 281485019 Test: Manual verification of repro cases + verbose log analysis (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e7720b379bfaba648ab6d85c4c2df6f03ec854d3) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:12e41309c3e6bde85430c288e469fc1776835db0) Merged-In: I31d50457ca8adae577407a28d4d4c0e8582bac5d Change-Id: I31d50457ca8adae577407a28d4d4c0e8582bac5d
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.