Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 244794bc authored by John Reck's avatar John Reck Committed by Nishith Khanna
Browse files

Add mimetype filter to LocalImageResolver 

Only allow "trusted" codecs

Test: LocalImageResolverTest
Bug: 456471290
Flag: EXEMPT BUGFIX

(cherry picked from commit e69ce2095f902a9f2ebd1871e9a0bda06908f0ab)
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:3fcb2a5f4f371d3e47aee3d56d0789248ac716c4
Merged-In: Idafd13a01311f4966bd99c4a5de17b49bd0b8586
Change-Id: Idafd13a01311f4966bd99c4a5de17b49bd0b8586
parent fd1d60c4

core/java/com/android/internal/widget/LocalImageResolver.java

+23 −0
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ import android.util.Size; 
import com.android.internal.annotations.VisibleForTesting;



import java.io.IOException;

import java.util.Locale;



/** A class to extract Drawables from a MessagingStyle/ConversationStyle message. */

public class LocalImageResolver {
@@ -259,6 +260,28 @@ public class LocalImageResolver { 
            int maxWidth, int maxHeight) {

        final Size size = info.getSize();



        final String mimeType = info.getMimeType();

        boolean isAllowedCodec = false;

        if (mimeType != null) {

            switch (mimeType.toLowerCase(Locale.US)) {

                case "image/png":

                case "image/jpeg":

                case "image/webp":

                case "image/gif":

                case "image/bmp":

                case "image/x-ico":

                case "image/vnd.wap.wbmp":

                case "image/heif":

                case "image/heic":

                case "image/avif":

                    isAllowedCodec = true;

                    break;

            }

        }

        if (!isAllowedCodec) {

            throw new RuntimeException("Image mime type (" + mimeType + ") is not allowed.");

        }



        if (size.getWidth() > DEFAULT_DECODE_HARD_LIMIT_PX

                || size.getHeight() > DEFAULT_DECODE_HARD_LIMIT_PX) {

            // The image is larger than what we can reasonably expect to decode without filling up

core/tests/coretests/res/raw/dng_opcode_MapTable_ProcessArea.png

0 → 100644
+85.4 KiB
Loading image diff...

core/tests/coretests/src/com/android/internal/widget/LocalImageResolverTest.java

+8 −0
Original line number Diff line number Diff line
@@ -334,4 +334,12 @@ public class LocalImageResolverTest { 
        Icon icon = Icon.createWithResource("invalid.package", R.drawable.test32x24);

        assertThat(LocalImageResolver.resolveResourcesForIcon(mContext, icon)).isNull();

    }



    @Test(expected = IOException.class)

    public void resolveImage_asset_invalidMimeType() throws IOException {

        // dng mimetype is not supported

        Uri uri = Uri.parse("android.resource://"

                + mContext.getPackageName() + "/" + R.raw.dng_opcode_MapTable_ProcessArea);

        LocalImageResolver.resolveImage(uri, mContext);

    }

}