diff options
author | Tom Taylor <tomtaylor@google.com> | 2017-06-20 14:26:43 -0700 |
---|---|---|
committer | Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org> | 2020-12-03 17:04:51 +0100 |
commit | 326fb768ac04efe7678ed2a6670c133fb4ed36e1 (patch) | |
tree | acc015069aa85f8229e71fed3236b167e14b48b9 | |
parent | ffb80f8c5297480031b3bfd6e1b60622eb98dea0 (diff) | |
download | packages_apps_Messaging-replicant-6.0.tar.gz packages_apps_Messaging-replicant-6.0.tar.bz2 packages_apps_Messaging-replicant-6.0.zip |
37742976 - Catch bad gifsreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004replicant-6.0
* A security researcher crafted a gif that would cause the Android
Bitmap code to throw an NPE. That would cause messaging to crash when
decoding the NPE. Catch the NPE.
Test: manually tested the "crash.gif" attached to the bug. Stepped
through the debugger to verify we're catching the NPE and logging
the attempt. Verified normal gifs still work.
Bug: 37742976
Change-Id: Iab814d5b0b514bed0cecddd9a76f1fc095f90892
(cherry picked from commit 3671fd94ae1aad5c51d0730066e7f0c7b4c893ce)
(cherry picked from commit e0f247e3994869567288f8057d9e3afec1dd2fe6)
CVE-2017-0780
-rw-r--r-- | src/com/android/messaging/datamodel/media/GifImageResource.java | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/com/android/messaging/datamodel/media/GifImageResource.java b/src/com/android/messaging/datamodel/media/GifImageResource.java index d50cf47..6801165 100644 --- a/src/com/android/messaging/datamodel/media/GifImageResource.java +++ b/src/com/android/messaging/datamodel/media/GifImageResource.java @@ -23,6 +23,7 @@ import android.support.rastermill.FrameSequence; import android.support.rastermill.FrameSequenceDrawable; import com.android.messaging.util.Assert; +import com.android.messaging.util.LogUtil; import java.io.IOException; import java.io.InputStream; @@ -55,7 +56,14 @@ public class GifImageResource extends ImageResource { @Override public Drawable getDrawable(Resources resources) { - return new FrameSequenceDrawable(mFrameSequence); + try { + return new FrameSequenceDrawable(mFrameSequence); + } catch (final Exception e) { + // Malicious gif images can make platform throw different kind of exceptions. Catch + // them all. + LogUtil.e(LogUtil.BUGLE_TAG, "Error getting drawable for GIF", e); + return null; + } } @Override |