37742976 - Catch bad gifsreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004replicant-6.0

* A security researcher crafted a gif that would cause the Android
Bitmap code to throw an NPE. That would cause messaging to crash when
decoding the NPE. Catch the NPE.

Test: manually tested the "crash.gif" attached to the bug. Stepped
through the debugger to verify we're catching the NPE and logging
the attempt. Verified normal gifs still work.

Bug: 37742976

Change-Id: Iab814d5b0b514bed0cecddd9a76f1fc095f90892
(cherry picked from commit 3671fd94ae1aad5c51d0730066e7f0c7b4c893ce)
(cherry picked from commit e0f247e3994869567288f8057d9e3afec1dd2fe6)
CVE-2017-0780

1 files changed, 9 insertions, 1 deletions

diff --git a/src/com/android/messaging/datamodel/media/GifImageResource.java b/src/com/android/messaging/datamodel/media/GifImageResource.java
index d50cf47..6801165 100644
--- a/src/com/android/messaging/datamodel/media/GifImageResource.java
+++ b/src/com/android/messaging/datamodel/media/GifImageResource.java
@@ -23,6 +23,7 @@ import android.support.rastermill.FrameSequence;
 import android.support.rastermill.FrameSequenceDrawable;
 
 import com.android.messaging.util.Assert;
+import com.android.messaging.util.LogUtil;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -55,7 +56,14 @@ public class GifImageResource extends ImageResource {
 
     @Override
     public Drawable getDrawable(Resources resources) {
-        return new FrameSequenceDrawable(mFrameSequence);
+        try {
+            return new FrameSequenceDrawable(mFrameSequence);
+        } catch (final Exception e) {
+            // Malicious gif images can make platform throw different kind of exceptions. Catch
+            // them all.
+            LogUtil.e(LogUtil.BUGLE_TAG, "Error getting drawable for GIF", e);
+            return null;
+        }
     }
 
     @Override