summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTom Taylor <tomtaylor@google.com>2017-06-20 21:26:43 (GMT)
committerHarry Youd <harry@harryyoud.co.uk>2017-09-20 20:04:04 (GMT)
commit20f6e4dc2fdadcf88cb8b48276169da47a913f9f (patch)
tree390fcfd1daa6fec6c0c3283601457f42fbdc9f59
parentd1d055f0a31c391ab88bccdadcc4d576cf3b7c02 (diff)
downloadandroid_packages_apps_Messaging-20f6e4dc2fdadcf88cb8b48276169da47a913f9f.zip
android_packages_apps_Messaging-20f6e4dc2fdadcf88cb8b48276169da47a913f9f.tar.gz
android_packages_apps_Messaging-20f6e4dc2fdadcf88cb8b48276169da47a913f9f.tar.bz2
37742976 - Catch bad gifs
* A security researcher crafted a gif that would cause the Android Bitmap code to throw an NPE. That would cause messaging to crash when decoding the NPE. Catch the NPE. Test: manually tested the "crash.gif" attached to the bug. Stepped through the debugger to verify we're catching the NPE and logging the attempt. Verified normal gifs still work. Bug: 37742976 Change-Id: Iab814d5b0b514bed0cecddd9a76f1fc095f90892 (cherry picked from commit 3671fd94ae1aad5c51d0730066e7f0c7b4c893ce) (cherry picked from commit e0f247e3994869567288f8057d9e3afec1dd2fe6) CVE-2017-0780
-rw-r--r--src/com/android/messaging/datamodel/media/GifImageResource.java10
1 files changed, 9 insertions, 1 deletions
diff --git a/src/com/android/messaging/datamodel/media/GifImageResource.java b/src/com/android/messaging/datamodel/media/GifImageResource.java
index d50cf47..6801165 100644
--- a/src/com/android/messaging/datamodel/media/GifImageResource.java
+++ b/src/com/android/messaging/datamodel/media/GifImageResource.java
@@ -23,6 +23,7 @@ import android.support.rastermill.FrameSequence;
import android.support.rastermill.FrameSequenceDrawable;
import com.android.messaging.util.Assert;
+import com.android.messaging.util.LogUtil;
import java.io.IOException;
import java.io.InputStream;
@@ -55,7 +56,14 @@ public class GifImageResource extends ImageResource {
@Override
public Drawable getDrawable(Resources resources) {
- return new FrameSequenceDrawable(mFrameSequence);
+ try {
+ return new FrameSequenceDrawable(mFrameSequence);
+ } catch (final Exception e) {
+ // Malicious gif images can make platform throw different kind of exceptions. Catch
+ // them all.
+ LogUtil.e(LogUtil.BUGLE_TAG, "Error getting drawable for GIF", e);
+ return null;
+ }
}
@Override