Google Git
Sign in
android/platform/frameworks/base/android15-platform-release^1..android15-platform-release/.
commit
5346e56e39fa616a4a44f2bb3d231e86189fdfde
[log]
author
Android Build Coastguard Worker <android-build-coastguard-worker@google.com>
Thu Mar 26 03:03:53 2026 -0700
committer
Android Build Coastguard Worker <android-build-coastguard-worker@google.com>
Thu Mar 26 03:03:53 2026 -0700
tree
e46d5ee5d120223c0ff54e632399146a6bd9fa17
parent
d1ec43aed8963cc0a84e84a87a2054327867a198 [diff]
parent
4256c4582ac66753d28ad829f43e70cbf5e247d7 [diff]
Merge cherrypicks of ['googleplex-android-review.googlesource.com/37751804'] into 24Q3-platform-release.

Change-Id: Iade43ebe12f22062ba057f26ed617780b933f239

diff --git a/core/java/com/android/internal/widget/LocalImageResolver.java b/core/java/com/android/internal/widget/LocalImageResolver.java
index 6351c0e..97e66d9 100644
--- a/core/java/com/android/internal/widget/LocalImageResolver.java
+++ b/core/java/com/android/internal/widget/LocalImageResolver.java

@@ -34,6 +34,7 @@
 import com.android.internal.annotations.VisibleForTesting;
 
 import java.io.IOException;
+import java.util.Locale;
 
 /** A class to extract Drawables from a MessagingStyle/ConversationStyle message. */
 public class LocalImageResolver {
@@ -259,6 +260,28 @@
             int maxWidth, int maxHeight) {
         final Size size = info.getSize();
 
+        final String mimeType = info.getMimeType();
+        boolean isAllowedCodec = false;
+        if (mimeType != null) {
+            switch (mimeType.toLowerCase(Locale.US)) {
+                case "image/png":
+                case "image/jpeg":
+                case "image/webp":
+                case "image/gif":
+                case "image/bmp":
+                case "image/x-ico":
+                case "image/vnd.wap.wbmp":
+                case "image/heif":
+                case "image/heic":
+                case "image/avif":
+                    isAllowedCodec = true;
+                    break;
+            }
+        }
+        if (!isAllowedCodec) {
+            throw new RuntimeException("Image mime type (" + mimeType + ") is not allowed.");
+        }
+
         if (size.getWidth() > DEFAULT_DECODE_HARD_LIMIT_PX
                 || size.getHeight() > DEFAULT_DECODE_HARD_LIMIT_PX) {
             // The image is larger than what we can reasonably expect to decode without filling up

diff --git a/core/tests/coretests/res/raw/dng_opcode_MapTable_ProcessArea.png b/core/tests/coretests/res/raw/dng_opcode_MapTable_ProcessArea.png
new file mode 100644
index 0000000..3003143
--- /dev/null
+++ b/core/tests/coretests/res/raw/dng_opcode_MapTable_ProcessArea.png
Binary files differ

diff --git a/core/tests/coretests/src/com/android/internal/widget/LocalImageResolverTest.java b/core/tests/coretests/src/com/android/internal/widget/LocalImageResolverTest.java
index e2ce346..474e3c3 100644
--- a/core/tests/coretests/src/com/android/internal/widget/LocalImageResolverTest.java
+++ b/core/tests/coretests/src/com/android/internal/widget/LocalImageResolverTest.java

@@ -334,4 +334,12 @@
         Icon icon = Icon.createWithResource("invalid.package", R.drawable.test32x24);
         assertThat(LocalImageResolver.resolveResourcesForIcon(mContext, icon)).isNull();
     }
+
+    @Test(expected = IOException.class)
+    public void resolveImage_asset_invalidMimeType() throws IOException {
+        // dng mimetype is not supported
+        Uri uri = Uri.parse("android.resource://"
+                + mContext.getPackageName() + "/" + R.raw.dng_opcode_MapTable_ProcessArea);
+        LocalImageResolver.resolveImage(uri, mContext);
+    }
 }