Google Git
Sign in
android / platform / frameworks / base / da24aa4^! / .
commitda24aa45a8b65a7b9adbe12ff94bf891bdd38825[log] [tgz]
authorTodd Kennedy <toddke@google.com>Thu May 03 10:05:04 2018 +0100
committerandroid-build-team Robot <android-build-team-robot@google.com>Fri Jul 20 00:18:11 2018 +0000
treed8383f3c7dc9450d77a09b4dc39943d67ea2058c
parentc4f66f4f607654611b2227827123e016c57a5729 [diff]
Make safe label more safe

* limit the absolute maximum size of the label to 50000 characters
[which is probably far more than necessary, but, can be dialed down]

* use a string buffer while processing the string [instead of creating
multiple string objects]

Bug: 62537081
Test: Manual. Install APK in bug and see that it can be uninstalled
Change-Id: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
Merged-In: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
(cherry picked from commit 2263da9539daef134395226a2718ba2d7af7547d)

diff --git a/core/java/android/content/pm/PackageItemInfo.java b/core/java/android/content/pm/PackageItemInfo.java
index 11830c2..84b7794 100644
--- a/core/java/android/content/pm/PackageItemInfo.java
+++ b/core/java/android/content/pm/PackageItemInfo.java

@@ -42,6 +42,9 @@
  */
 public class PackageItemInfo {
     private static final float MAX_LABEL_SIZE_PX = 500f;
+    /** The maximum length of a safe label, in characters */
+    private static final int MAX_SAFE_LABEL_LENGTH = 50000;
+
     /**
      * Public name of this item. From the "android:name" attribute.
      */
@@ -169,7 +172,8 @@
         // If the label contains new line characters it may push the UI
         // down to hide a part of it. Labels shouldn't have new line
         // characters, so just truncate at the first time one is seen.
-        final int labelLength = labelStr.length();
+        final int labelLength = Math.min(labelStr.length(), MAX_SAFE_LABEL_LENGTH);
+        final StringBuffer sb = new StringBuffer(labelLength);
         int offset = 0;
         while (offset < labelLength) {
             final int codePoint = labelStr.codePointAt(offset);
@@ -181,14 +185,19 @@
                 break;
             }
             // replace all non-break space to " " in order to be trimmed
+            final int charCount = Character.charCount(codePoint);
             if (type == Character.SPACE_SEPARATOR) {
-                labelStr = labelStr.substring(0, offset) + " " + labelStr.substring(offset +
-                        Character.charCount(codePoint));
+                sb.append(' ');
+            } else {
+                sb.append(labelStr.charAt(offset));
+                if (charCount == 2) {
+                    sb.append(labelStr.charAt(offset + 1));
+                }
             }
-            offset += Character.charCount(codePoint);
+            offset += charCount;
         }
 
-        labelStr = labelStr.trim();
+        labelStr = sb.toString().trim();
         if (labelStr.isEmpty()) {
             return packageName;
         }