Defensively load untrusted icons from account authenticator

Catch Resources.NotFoundException which should cover all parsing errors from loadDrawables(); also substitute a default icon if parsing returns null. Bug: 17760671 Change-Id: Ia0ec25e34974ed85b6ffe6882d5bce003d64e9d6
2015-06-08 17:21:19 +01:00
parent b777c6e205
commit d1ce82ae8b
3 changed files with 16 additions and 9 deletions
--- a/src/com/android/settings/MasterClear.java
+++ b/src/com/android/settings/MasterClear.java
@@ -234,15 +234,18 @@ public class MasterClear extends InstrumentedFragment {
                                authContext.getDrawable(desc.iconId), userHandle);
                    }
                } catch (PackageManager.NameNotFoundException e) {
-                    Log.w(TAG, "No icon for account type " + desc.type);
+                    Log.w(TAG, "Bad package name for account type " + desc.type);
+                } catch (Resources.NotFoundException e) {
+                    Log.w(TAG, "Invalid icon id for account type " + desc.type, e);
+                }
+                if (icon == null) {
+                    icon = context.getPackageManager().getDefaultActivityIcon();
                }

                TextView child = (TextView)inflater.inflate(R.layout.master_clear_account,
                        contents, false);
                child.setText(account.name);
-                if (icon != null) {
-                    child.setCompoundDrawablesWithIntrinsicBounds(icon, null, null, null);
-                }
+                child.setCompoundDrawablesWithIntrinsicBounds(icon, null, null, null);
                contents.addView(child);
            }
        }