Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 98f52156 authored by John Reck's avatar John Reck Committed by Michael Bestas
Browse files

Add mimetype filter to LocalImageResolver 

Only allow "trusted" codecs

Test: LocalImageResolverTest
Bug: 456471290
Flag: EXEMPT BUGFIX

(cherry picked from commit e69ce2095f902a9f2ebd1871e9a0bda06908f0ab)
Cherrypick-From: https://googleplex-android-review.googlesource.com/q/commit:3fcb2a5f4f371d3e47aee3d56d0789248ac716c4
Merged-In: Idafd13a01311f4966bd99c4a5de17b49bd0b8586
Change-Id: Idafd13a01311f4966bd99c4a5de17b49bd0b8586
parent 4fbc9074

core/java/com/android/internal/widget/LocalImageResolver.java

+23 −0
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ import android.util.Size; 
import com.android.internal.annotations.VisibleForTesting;



import java.io.IOException;

import java.util.Locale;



/** A class to extract Drawables from a MessagingStyle/ConversationStyle message. */

public class LocalImageResolver {
@@ -259,6 +260,28 @@ public class LocalImageResolver { 
            int maxWidth, int maxHeight) {

        final Size size = info.getSize();



        final String mimeType = info.getMimeType();

        boolean isAllowedCodec = false;

        if (mimeType != null) {

            switch (mimeType.toLowerCase(Locale.US)) {

                case "image/png":

                case "image/jpeg":

                case "image/webp":

                case "image/gif":

                case "image/bmp":

                case "image/x-ico":

                case "image/vnd.wap.wbmp":

                case "image/heif":

                case "image/heic":

                case "image/avif":

                    isAllowedCodec = true;

                    break;

            }

        }

        if (!isAllowedCodec) {

            throw new RuntimeException("Image mime type (" + mimeType + ") is not allowed.");

        }



        if (size.getWidth() > DEFAULT_DECODE_HARD_LIMIT_PX

                || size.getHeight() > DEFAULT_DECODE_HARD_LIMIT_PX) {

            // The image is larger than what we can reasonably expect to decode without filling up

core/tests/coretests/res/raw/dng_opcode_MapTable_ProcessArea.png

0 → 100644
+85.4 KiB
Loading image diff...

core/tests/coretests/src/com/android/internal/widget/LocalImageResolverTest.java

+8 −0
Original line number Diff line number Diff line
@@ -334,4 +334,12 @@ public class LocalImageResolverTest { 
        Icon icon = Icon.createWithResource("invalid.package", R.drawable.test32x24);

        assertThat(LocalImageResolver.resolveResourcesForIcon(mContext, icon)).isNull();

    }



    @Test(expected = IOException.class)

    public void resolveImage_asset_invalidMimeType() throws IOException {

        // dng mimetype is not supported

        Uri uri = Uri.parse("android.resource://"

                + mContext.getPackageName() + "/" + R.raw.dng_opcode_MapTable_ProcessArea);

        LocalImageResolver.resolveImage(uri, mContext);

    }

}