Android Marshmallow AOSP Changes

Changes from 6.0.1_r80 (MOB31Z) to 6.0.1_r81 (MOI10E):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (1):

Updated Components (16):

  • platform/build with 2 change(s)
    • 2898d5e : Update security string to September for mnc-mr2-release (cherry picked from commit 9919a8f45e88be99acdc0657a69292587d649fdc)
    • 6883843 : Version bump to MOI10C

  • platform/external/dnsmasq with 2 change(s)
    • 8e61a18 : Add extra (size_t) cast to avoid compiler warning.
    • a8ca1b7 : Make dnsmasq more stable.

  • platform/external/libavc with 12 change(s)
    • 7982bb3 : Decoder: Fixed overflow in refernce list creation.
    • aa63aa8 : Initialize DPB structures to valid values.
    • dc02f24 : Added error check for output buffer size.
    • 8f14f2c : Return error when there are more mmco params than allocated size
    • 30006d8 : Fixed hang in the case of multiple sps id.
    • cdf55bf : Decoder: Fix in the case of MMCO 6
    • 5d381a7 : Decoder: Cleaned up parse sps function.
    • 0018b59 : Initializing reference list for every P/B slice.
    • 8aa3346 : Fix resolution change within a decode call.
    • 1b75278 : Decoder: Fixed allocation size of pred info buffer
    • 23ea14b : Initializing reference list for every P/B slice.
    • af62e6c : Decoder: Fixed allocation size of pred info buffer

  • platform/external/libhevc with 11 change(s)
    • 51daa94 : Fix slice decrement for skipped slices
    • ebfa865 : Ensure CTB size 16 for clips with tiles and width/height = 4096
    • 751066b : Limit boundary PU sizes in case of errors
    • b4b020b : Fix array size for hrd parameters
    • 64383a5 : Check number of output buffers and sizes
    • bca3e6f : Return error for invalid crop parameters
    • 7d407e2 : Fix OOB issue in nal unit parsing
    • 8efb4f1 : Set pic_present at end of pic_init instead of beginning
    • 94d0b63 : Handle error return in parse slice
    • 9387b70 : Set pic_present at end of pic_init instead of beginning
    • e58ae42 : Handle error return in parse slice

  • platform/external/libmpeg2 with 9 change(s)
    • dc28c7a : Fixed Memory Overflow Errors
    • 6fef55b : Correcting NumCoeff Check in VLD
    • 26cf994 : Adding Error Check For PictureStructure Param
    • f00eb9f : Update mbs_left In Case Of Missing Slice
    • 4ab8559 : Check For Zero Width/Height in Frame Header
    • 1d98429 : Correcting NumCoeff Check in VLD
    • b07fc26 : Adding Error Check For PictureStructure Param
    • 6f1e0a1 : Update mbs_left In Case Of Missing Slice
    • d0c0ee8 : Check For Zero Width/Height in Frame Header

  • platform/external/sonivox with 1 change(s)

  • platform/external/tremolo with 2 change(s)
    • 02e439f : Fix out of bounds access in codebook processing
    • 369676d : Use heap instead of alloca in res012.c

  • platform/frameworks/av with 29 change(s)
    • 0722044 : Check buffer size in useBuffer in software components
    • 60df6f9 : stagefright: avoid buffer overflow in base64 decoder
    • 3a2b694 : Add EFFECT_CMD_SET_PARAM parameter checking to Downmix and Reverb
    • 6c32471 : Fix memory leak in OggExtractor
    • 82611a7 : Skip track if verification fails
    • 9e00827 : MPEG4Source: fix fragmented read.
    • 64ae507 : stagefright: fix crash due to bad timestamp index
    • 35022b1 : stagefright: check aac_frame_length to prevent infinite loop
    • d7e9859 : MediaPlayerService: fix access of mPlayer in client
    • 7767ed0 : audio effects: filter reserved effect commands
    • d658ea0 : Change MPEG2 reinit Error Handling
    • 14381c9 : Track: Check buffer size of static tracks
    • 5787e7c : MPEG4Extractor: check size for yrrc box
    • e82db6b : Notify Errors Appropriately from SoftMPEG2
    • ab85024 : AudioFlinger: Fix memory allocation for client-less tracks
    • a900117 : EffectBundle: Check value size for get preset name
    • 3c069fa : Fix TOCTOU problem in libstagefright_soft_aacenc
    • bf8b140 : Fix security vulnerability: Equalizer setParameter memory overflow
    • c7b31e8 : Check the buffer index from acquireBuffer
    • a0aec66 : better manage buffer for libstagefright_soft_mpeg4enc
    • 0cc4649 : m4v_h263: update width/height only when they are valid.
    • 8bc5bf8 : m4v_h263: check header first before decoding a frame.
    • 7ae8415 : NuPlayerDecoder: fail gracefully when input data can't be held in allocated buffer.
    • 1d13ec5 : Fix integer overflow in mediadrmserver
    • 97ba0c4 : Fix potential leak
    • a85b732 : better manage buffer for libstagefright_soft_mpeg4enc
    • b217066 : m4v_h263: update width/height only when they are valid.
    • 4c1c46f : m4v_h263: check header first before decoding a frame.
    • 0a4c710 : Fix potential leak

  • platform/frameworks/base with 4 change(s)
    • 3d98aa4 : Fix security hole in GateKeeperResponse.
    • 3ecbdaf : Enforce policy for camera gesture in keyguard
    • ba8a607 : Back-port fixes for b/62196835
    • 69579af : Close connection before retrying

  • platform/frameworks/opt/net/wifi with 2 change(s)
    • 23bcb4c : cherry-pick: wifinative jni: check array length for trackSignificantWifiChange
    • f247252 : cherry-pick: wifinative jni: check array length for trackSignificantWifiChange

  • platform/hardware/qcom/audio with 2 change(s)
    • b4d3255 : Equalizer: Check value size for get preset name
    • 933a6a6 : Fix security vulnerability: Equalizer setParameter memory overflow

  • platform/packages/apps/Messaging with 1 change(s)
    • e621653 : 37742976 - Catch bad gifs

  • platform/packages/apps/Nfc with 1 change(s)
    • 5efcddc : Add READ_EXTERNAL_STORAGE for file based Uri while beaming.

  • platform/packages/apps/PackageInstaller with 1 change(s)

  • platform/packages/apps/Settings with 2 change(s)
    • 20fe61f : Disabling the activate button when paused
    • 577c8bd : Back-port ag/2491664

  • platform/system/bt with 7 change(s)
    • abbcc5c : Add missing extension length check while parsing BNEP control packets
    • 1883243 : Free p_pending_data from tBNEP_CONN to avoid potential memory leaks
    • ebbe7bc : Add a missing check for PAN buffer size before copying data
    • 19cbebe : Add missing packet length checks while parsing BNEP control packets
    • 62ec70f : Add missing continuation offset check for SDP continuation requests
    • 59788ce : Allocate buffers of the right size when BT_HDR is included
    • 482038b : Disable PAN Reverse Tethering when connection originated by the Remote