Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

6 months worth of security patches! #4

Open
wants to merge 3 commits into
base: 12.1
Choose a base branch
from
Open

6 months worth of security patches! #4

wants to merge 3 commits into from

Commits on Aug 6, 2023

  1. C2SurfaceSyncObj: prevent OOB read in Import 

    Prevent OOB read in C2SurfaceSyncObj::Import from libcodec2_vndk.

Bug: 240140929
Test: Manual
Change-Id: I7b4cd8aa3fa5b9b2160f0eba40a618b4dd536d5c
(cherry picked from commit 9b4f38105ad66615e811483f4927942b231c84b7)
Merged-In: I7b4cd8aa3fa5b9b2160f0eba40a618b4dd536d5c
(cherry picked from commit e3958886dbdd65ac8020a4554c9e567f95a6d813)
Merged-In: I7b4cd8aa3fa5b9b2160f0eba40a618b4dd536d5c
    @Meghthedev
    Sungtak Lee authored and Meghthedev committed Aug 6, 2023
    Configuration menu
    Copy the full SHA
    2af0875 View commit details
    Browse the repository at this point in the history

  2. Fix NuMediaExtractor::readSampleData buffer Handling 

    readSampleData() did not initialize buffer before filling it,
leading to OOB memory references. Correct and clarify the book
keeping around output buffer management.

Bug: 275418191
Test: CtsMediaExtractorTestCases w/debug messages
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:943fc12219b21d2a98f0ddc070b9b316a6f5d412)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:84c69bca81175feb2fd97ebb22e432ee41572786)
Merged-In: Ie744f118526f100d82a312c64f7c6fcf20773b6d
Change-Id: Ie744f118526f100d82a312c64f7c6fcf20773b6d
    @rbessick4 @Meghthedev
    rbessick4 authored and Meghthedev committed Aug 6, 2023
    Configuration menu
    Copy the full SHA
    2db82d0 View commit details
    Browse the repository at this point in the history

  3. Force unsilence record clients on startInput 

    We call startRecording unconditionally in startInput, so we must
update the client state to be unsilenced (since we are treating as
such). We subsequently re-update the silence state (with the client
marked as active to dispatch ops) in updateUidStates_l.

This fixes an issue where we call startRecording for a silenced client,
then call it again when it moves to unsilenced when the client is active.
Since startRecording is ref-counted, this leaves the client in the
recording state leading to incorrect appop attributions.

Bug: 279905816
Bug: 281485019
Test: Manual verification of repro cases + verbose log analysis
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:e7720b379bfaba648ab6d85c4c2df6f03ec854d3)
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:12e41309c3e6bde85430c288e469fc1776835db0)
Merged-In: I31d50457ca8adae577407a28d4d4c0e8582bac5d
Change-Id: I31d50457ca8adae577407a28d4d4c0e8582bac5d
    @atneya @Meghthedev
    atneya authored and Meghthedev committed Aug 6, 2023
    Configuration menu
    Copy the full SHA
    d73da4e View commit details
    Browse the repository at this point in the history