client expects buffer to be free if free_buffer
is called, but if omx is in executing state free
buffer call will error out.
When async thread tries to copy data to client
buffer which is already freed,it leads to crash.
Added a bitmask to avoid copy to buffer after free.
Bug: 36130225
CRs-Fixed: 2106434
Author: Uma Mehta <umamehta@codeaurora.org>
Change-Id: Id439aac54ee64a65ea68b6431a9f5150255a6980
Output buffer (in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Author: Praveen Chavan <pchavan@codeaurora.org>
Change-Id: I6141e81d7dbd50bc3601c8df066fd8cbd06b4e0b
client expects buffer to be free if free_buffer
is called, but if omx is in executing state free
buffer call will error out.
When async thread tries to copy data to client
buffer which is already freed,it leads to crash.
Added a bitmask to avoid copy to buffer after free.
Bug: 36130225
CRs-Fixed: 2106434
Author: Uma Mehta <umamehta@codeaurora.org>
Change-Id: Id439aac54ee64a65ea68b6431a9f5150255a6980
Output buffer (in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Author: Praveen Chavan <pchavan@codeaurora.org>
Change-Id: I6141e81d7dbd50bc3601c8df066fd8cbd06b4e0b
Component doesn't support flush on single port, Internally
it calls flush on both ports though client request on single
port. Hence notify flush done to client after flush on all
the ports has been completed.
Author : Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
CRs-Fixed: 2076660
Test: make vts
vts-tradefed run vts -m VtsHalMediaOmxV1_0Host
Bug: 63603864
Change-Id: I3c66a0b1853d598574fc19707da580bb88666b11
By calling STREAM_ON after QBUF, and meanwhile if there is
any buffer requirements query, there is a chance that queued
buffer will be ignored by driver. Hence changing the QBUF and
STREAM_ON sequence.
CRs-Fixed: 2065953
Author : Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
Bug: 62602083
Test: make vts
vts-tradefed run vts -m VtsHalMediaOmxV1_0Host
Merged-In: I0ec277a5b245d7b4aa343030ca74a2d86d7d91c1
Change-Id: I0ec277a5b245d7b4aa343030ca74a2d86d7d91c1
Component doesn't support flush on single port, Internally
it calls flush on both ports though client request on single
port. Hence notify flush done to client after flush on all
the ports has been completed.
author : Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
CRs-Fixed: 2076660
Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice
Bug: 63603864
Merged-In: I319f42a02361a74d7c0c51215f6bdaa7a1c2a2d6
Change-Id: I319f42a02361a74d7c0c51215f6bdaa7a1c2a2d6
Output buffer (in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Bug: 36130225
Change-Id: I75ef3df29fcabff52ea87cf5a4aa98e48bb40298
Author: Praveen Chavan<pchavan@codeaurora.org>
Output buffer(in use-buffer mode) has an internal backup ion buffer.
The contents of this buffer are deep-copied in client's buffer in
the context of VideoEncCallBackThread; while this buffer can be
freed in the client thread's context.
Check the allocation bitmask before attempting to copy and
synchronize these operations by holding a lock
Fixes bug 36130225
Security Vulnerability - Heap use after free in libOmxVenc
CRs-Fixed: 2053101
Bug: 36130225
Change-Id: If5e89703b2dec0aee8acb7e897e9df94227af3f3
Author: Praveen Chavan<pchavan@codeaurora.org>
This flag was used to conditionally disable features not
backwards compatible with older android versions.
This is not needed anymore. Moreover, this was disabling the
required features in builds where this flag was not defined.
Test: make gts -j123 && gts-tradefed run gts -m \
GtsMediaTestCases -t \
com.google.android.media.gts.WidevineCodecStressTests
Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice
Bug: 62276042
CRs-Fixed: 2064239
Author: pchavan@codeaurora.org
Merged-In: Ie4d1754ee01b644aaafc4cd958ea858ebc5507ac
Change-Id: Ie4d1754ee01b644aaafc4cd958ea858ebc5507ac
(cherry picked from commit d65458b9b8)
Colorspace is derived from gralloc-handles for graphic-buffers and set to codec.
RGBA8888 Buffers are converted to YUV via C2D and have 601-Limited color.
When passed to the device-layer, such buffers do not have gralloc-handle
and hence colorspace does not get set.
Set colorspace as 601-L explicitly in such case to the codec.
b/63147656
Test: verified that it fixes the failures in EncodeVirtualDisplayTest#
testEncodeVirtualDisplay and DecodeEditEncodeTest#testVideoEdit720p
CRs-Fixed: 2070838
Change-Id: Iae2705b8f4256d8e76309d2d1adb7cb6d3eb1692
By calling STREAM_ON after QBUF, and meanwhile if there is
any buffer requirements query, there is a chance that queued
buffer will be ignored by driver. Hence changing the QBUF and
STREAM_ON sequence.
CRs-Fixed: 2065953
author : Manikanta Kanamarlapudi <kmanikan@codeaurora.org>
Bug: 62602083
Bug: 62848424
Bug: 62848422
Merged-In: I9fd910208d197bd0d28160393c3426ed9270494c
Change-Id: I9fd910208d197bd0d28160393c3426ed9270494c
Cache invalidation is an expensive operation on 8998.
Using cached buffers and invalidating incurs more cost than
copying on to uncached memory.
This will help reduce the CPU utilization of the thread calling
invalidation
Bug: 36793371
CRs-Fixed: 2057245
Change-Id: Iec859323f50017e9bfbbae00dc4c89f1ee9524b3
If the colorspace in bitstream gets updated, the client is notified.
However, when the client comes back to read, it must be notified of
the color-space values from bitstream (if specified) and use
default (client's values) if unspecified.
Bug: 36373942
Test: Camera recording and playback the file.
CRs-Fixed: 2058039
Change-Id: Ie7c387371c55c655115c040f94f6e712a6c8b322
These dependencies are explicitly needed when enabling VNDK flag
Bug: 33241851
Test: build target and pass CTS
Test: With BOARD_VNDK_VERSION, mma works
Change-Id: I662e4f698e5206e6a713b878c380cdaf9b50ef07
If the colorspace in bitstream gets updated, the client is notified.
However, when the client comes back to read, it must be notified of
the color-space values from bitstream (if specified) and use
default (client's values) if unspecified.
Bug: 62323441
Test: Camera recording and playback the recorded video.
CRs-Fixed: 2058030
Change-Id: Ida78ae290a8e020d40c44e9037635caa79b45f2e
profile and level set flags are not initialized, due to
this wrong profile and levels are set to the encoder.
This change will fix the same.
Bug: 62095651
Change-Id: Ic45018ed6ec9c9d0a848b9d92194b440ef257cb5
This CL replaces all LOCAL_MODULE_PATH_* definitions for vendor shared
libraries with LOCAL_VENDOR_MODULE := true instead. This appropriately
generates sanitized versions of these libraries to /data/asan/* while
generating the stock versions in /vendor/lib* as desired. Needed for
ASAN builds to work correctly.
Bug: 37740897
Test: m -j40 && SANITIZE_TARGET="address" m -j40 # shared libs in
$ANDROID_PRODUCT_OUT/vendor/lib* do not contain asan symbols, while
the ones in $ANDROID_PRODUCT_OUT/data/asan/vendor/lib* do.
Change-Id: Ic909338aecff94e7970d6d33a9ba8ed1ba6a9aa3
