Android Nougat AOSP Changes

Changes from 7.1.1_r53 (N9F27L) to 7.1.1_r54 (N4F27P):

Warning Releases with no significant changes other than version bump in platform/build component are likely to only feature proprietary binary blob (e.g. firmwares) changes.

Newly Added Components (0):

None

Removed Components (0):

None

Updated Components (26):

  • device/htc/flounder-kernel with 1 change(s)
    • 5a2b6e8 : flounder: update kernel prebuild (Jul 2017 NYC-MR1 Security)

  • platform/bionic with 1 change(s)
    • 3dd8fd9 : linker: remove link from external library on unload

  • platform/build with 9 change(s)

  • platform/external/boringssl with 1 change(s)

  • platform/external/dng_sdk with 1 change(s)
    • ebd4085 : Throw exception on integer overflow in dng_ifd.cpp.

  • platform/external/dnsmasq with 2 change(s)
    • f09b94b : Add extra (size_t) cast to avoid compiler warning.
    • 34a5e1b : Make dnsmasq more stable.

  • platform/external/libavc with 20 change(s)
    • 4da576e : Decoder: Fixed allocation of pv_map_ref_idx_to_poc_buf.
    • 411a00e : Decoder: Fixed overflow in refernce list creation.
    • f7fe15d : Initialize DPB structures to valid values.
    • 8f1483b : Added error check for output buffer size.
    • aeab48d : Fixed hang in the case of multiple sps id.
    • f0b3242 : Decoder: Fix in the case of MMCO 6
    • 53d36a4 : Decoder: Cleaned up parse sps function.
    • 64ea48b : Initializing reference list for every P/B slice.
    • e2eb5b1 : Fix resolution change within a decode call.
    • 3773f20 : Decoder: Fixed allocation size of pred info buffer
    • cac3375 : Decoder: Fix end of bitstream error.
    • ceb6280 : Decoder: Fix allocation for Mbaff weight matrix
    • b3e7b89 : Decoder: Initialize MB info buffer to zero.
    • 929c583 : Decoder: Fixed flag u1_top_bottom_decoded.
    • b0c4f7b : Decoder: Added an error check while parsing PPS.
    • 3da38f2 : Fix stack buffer overflow in ih264d_process_intra_mb
    • 611d72b : Decoder: Fix in reference list initialization.
    • b39f9d0 : Decoder: Fixes in accessing mbaff flag in error cases
    • 548b588 : Fix in the case of MMCO 3 (long term reference idx).
    • 87eb124 : Decoder: Fixed number of MB calculation for interlaced error streams

  • platform/external/libhevc with 17 change(s)
    • b58f66d : Fix slice decrement for skipped slices
    • 8ebb78d : Ensure CTB size 16 for clips with tiles and width/height = 4096
    • f12819e : Limit boundary PU sizes in case of errors
    • e7b7610 : Fix array size for hrd parameters
    • 5370950 : Check number of output buffers and sizes
    • 421090a : Return error for invalid crop parameters
    • 719a02c : Fix OOB issue in nal unit parsing
    • 32ce806 : Set pic_present at end of pic_init instead of beginning
    • f1b81b9 : Handle error return in parse slice
    • 1e5b235 : Fix heap buffer overflow while searching for valid PPS
    • 865b6b1 : Check for buffer overflow in pps/slice header parsing
    • 068e676 : memset SPS to zero
    • e59fb1d : Fix reallocation for new sps
    • 8549298 : Check for cpb cnt in hrd parsing
    • 47e9b74 : Correct Tiles rows and cols check
    • 5d17663 : Set current slice ctb x and y to fill prev incomplete slice
    • e6f04b1 : Check only allocated mv bufs for releasing from reference

  • platform/external/libmpeg2 with 8 change(s)
    • 7e2e5d0 : Fixed Memory Overflow Errors
    • e460766 : Correcting NumCoeff Check in VLD
    • 8425c2e : Adding Error Check For PictureStructure Param
    • 397159f : Update mbs_left In Case Of Missing Slice
    • 6c62499 : Check For Zero Width/Height in Frame Header
    • 09dcec8 : Check Number of Skip MBs
    • 4f63cc1 : Error Resilience - Check on as_recent_fld[0][1]
    • c1ed402 : Fix Bytes Consumed Issue

  • platform/external/libvpx with 1 change(s)
    • 05184fc : Limit vpx decoder to 4K frames

  • platform/external/sonivox with 3 change(s)

  • platform/external/tremolo with 3 change(s)
    • 7a22cb4 : Fix out of bounds access in codebook processing
    • db70f58 : Use heap instead of alloca in res012.c
    • 4e76a6e : Always use unsigned char

  • platform/frameworks/av with 32 change(s)
    • 294f3a2 : Fix 'potential memory leak' compiler warning.
    • 404d9db : Check buffer size in useBuffer in software components
    • 1d1eb11 : stagefright: avoid buffer overflow in base64 decoder
    • 1e818e0 : Add EFFECT_CMD_SET_PARAM parameter checking to Downmix and Reverb
    • e0fbed2 : Fix memory leak in OggExtractor
    • ba5079e : Skip track if verification fails
    • 6701dd3 : MPEG4Source: fix fragmented read.
    • 89a1edc : stagefright: fix crash due to bad timestamp index
    • b1a1cce : stagefright: check aac_frame_length to prevent infinite loop
    • 006badf : MediaPlayerService: fix access of mPlayer in client
    • 7e41ba5 : audio effects: filter reserved effect commands
    • 0c18b2e : MPEG4Extractor: ensure returned status is checked.
    • 8fed620 : Change MPEG2 reinit Error Handling
    • 6ee4ab6 : Track: Check buffer size of static tracks
    • c1d0a3c : MPEG4Extractor: check size for yrrc box
    • a55e646 : AudioFlinger: Fix memory allocation for client-less tracks
    • 2e06b35 : Notify Errors Appropriately from SoftMPEG2
    • 106b034 : EffectBundle: Check value size for get preset name
    • d8c0143 : Fix TOCTOU problem in libstagefright_soft_aacenc
    • f6a7fbb : Fix security vulnerability: Equalizer setParameter memory overflow
    • 15b0e4d : RESTRICT AUTOMERGE Check the buffer index from acquireBuffer
    • a180dfb : better manage buffer for libstagefright_soft_mpeg4enc
    • 561cabd : m4v_h263: update width/height only when they are valid.
    • a841d4e : m4v_h263: check header first before decoding a frame.
    • fa5abc9 : Fix integer overflow in mediadrmserver
    • 2893492 : Fix potential leak
    • 86ba6a6 : Modifying MetaData invalidates previous char*
    • d590200 : Fix memory leak in error case
    • b141632 : Limit ogg packet size
    • 2ba843c : Prevent OOB write in soft_avc encoder
    • 3277238 : Don't allow using or allocating a buffer after the first state transition
    • 9d5ee26 : Avoid crash for stss sync sample number 0

  • platform/frameworks/base with 7 change(s)
    • cf628c4 : Fix security hole in GateKeeperResponse.
    • e65f667 : Enforce policy for camera gesture in keyguard
    • cc29b09 : Back-port fixes for b/62196835
    • 37a1727 : Close connection before retrying
    • 5312011 : ZygoteInit: Remove CAP_SYS_RESOURCE
    • 9a5f25a : system_server: add CAP_SYS_PTRACE
    • 4d0c0b2 : Make a11y node info parceling more robust

  • platform/frameworks/native with 4 change(s)
    • acb44f4 : fix race condition that can cause a use after free
    • ab23ef3 : libgui: check for invalid slot in attachBuffer
    • a37af6f : libgui: Check slot received from IGBP in Surface
    • b479f1d : ui: Fix bad size check in Fence::unflatten

  • platform/frameworks/opt/net/wifi with 1 change(s)
    • c9aa0df : cherry-pick: wifinative jni: check array length for trackSignificantWifiChange

  • platform/hardware/broadcom/wlan with 3 change(s)
    • fbeac26 : net: wireless: bcmdhd: update bcm4354/4356 FW (7.35.101.8)
    • 98ba63a : net: wireless: bcmdhd: update bcm4354/56 FW (7.35.101.6)
    • e760be1 : net: wireless: bcmdhd: adding bssid count NL attribute in SWC config

  • platform/hardware/qcom/audio with 2 change(s)
    • 62b3932 : Equalizer: Check value size for get preset name
    • 37f5294 : Fix security vulnerability: Equalizer setParameter memory overflow

  • platform/libcore with 4 change(s)
    • 07cc7cf : Fix failing FileTest#test_canonicalCachesAreOff()
    • cdd7f7c : Disable File.getCanonicalPath caches.
    • 766b605 : Proper fix for rejecting ftp URL with /r/n.
    • 78da9d6 : Test for rejection of ftp URL with /r/n in userinfo

  • platform/packages/apps/Bluetooth with 2 change(s)
    • 6cfdc16 : Prevent OPP from opening files that aren't sent over Bluetooth
    • d8b4a6c : OPP: Restrict file based URI access to external storage

  • platform/packages/apps/Messaging with 1 change(s)
    • 532c96f : 37742976 - Catch bad gifs

  • platform/packages/apps/Nfc with 1 change(s)
    • d1b5ec8 : Add READ_EXTERNAL_STORAGE for file based Uri while beaming.

  • platform/packages/apps/Settings with 4 change(s)
    • 02cdfad : Disabling the activate button when paused
    • 81ff923 : Back-port ag/2491664
    • 08869b3 : Fix phishing attack in ChooseLockGeneric
    • 08b8b9b : resolve merge conflicts of 3964c51bf2 to nyc-dev

  • platform/system/bt with 8 change(s)
    • bf6f32b : Add missing extension length check while parsing BNEP control packets
    • 85dab2d : Free p_pending_data from tBNEP_CONN to avoid potential memory leaks
    • 5462195 : Add a missing check for PAN buffer size before copying data
    • cd6eefb : Add missing packet length checks while parsing BNEP control packets
    • 5196e85 : Add missing continuation offset check for SDP continuation requests
    • 3e8734c : Disable PAN Reverse Tethering when connection originated by the Remote
    • 8c87b2c : Allocate buffers of the right size when BT_HDR is included
    • b467e30 : Check LE advertising data length before caching advertising records

  • platform/system/core with 1 change(s)
    • 96d2e28 : Fix out of bound read in libziparchive

  • platform/system/sepolicy with 1 change(s)
    • ca0b449 : system_server: replace sys_resource with sys_ptrace