diff options
| author | Todd Kennedy <toddke@google.com> | 2018-05-03 10:05:04 +0100 |
|---|---|---|
| committer | Ryan Longair <rlongair@google.com> | 2018-06-12 11:24:23 -0700 |
| commit | 53606459742bc25d7b655cc0c98040450ee25de9 (patch) | |
| tree | 6143b1f578164ac00bb0f386b61df66fc2a2aa84 | |
| parent | c18765ce43f4157d8d7b708105a414573d390651 (diff) | |
| download | base-53606459742bc25d7b655cc0c98040450ee25de9.tar.gz | |
Make safe label more safe
* limit the absolute maximum size of the label to 50000 characters
[which is probably far more than necessary, but, can be dialed down]
* use a string buffer while processing the string [instead of creating
multiple string objects]
Bug: 62537081
Test: Manual. Install APK in bug and see that it can be uninstalled
Change-Id: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
Merged-In: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
(cherry picked from commit 2263da9539daef134395226a2718ba2d7af7547d)
| -rw-r--r-- | core/java/android/content/pm/PackageItemInfo.java | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/core/java/android/content/pm/PackageItemInfo.java b/core/java/android/content/pm/PackageItemInfo.java index 11830c294116..84b779466dbf 100644 --- a/core/java/android/content/pm/PackageItemInfo.java +++ b/core/java/android/content/pm/PackageItemInfo.java @@ -42,6 +42,9 @@ import java.util.Comparator; */ public class PackageItemInfo { private static final float MAX_LABEL_SIZE_PX = 500f; + /** The maximum length of a safe label, in characters */ + private static final int MAX_SAFE_LABEL_LENGTH = 50000; + /** * Public name of this item. From the "android:name" attribute. */ @@ -169,7 +172,8 @@ public class PackageItemInfo { // If the label contains new line characters it may push the UI // down to hide a part of it. Labels shouldn't have new line // characters, so just truncate at the first time one is seen. - final int labelLength = labelStr.length(); + final int labelLength = Math.min(labelStr.length(), MAX_SAFE_LABEL_LENGTH); + final StringBuffer sb = new StringBuffer(labelLength); int offset = 0; while (offset < labelLength) { final int codePoint = labelStr.codePointAt(offset); @@ -181,14 +185,19 @@ public class PackageItemInfo { break; } // replace all non-break space to " " in order to be trimmed + final int charCount = Character.charCount(codePoint); if (type == Character.SPACE_SEPARATOR) { - labelStr = labelStr.substring(0, offset) + " " + labelStr.substring(offset + - Character.charCount(codePoint)); + sb.append(' '); + } else { + sb.append(labelStr.charAt(offset)); + if (charCount == 2) { + sb.append(labelStr.charAt(offset + 1)); + } } - offset += Character.charCount(codePoint); + offset += charCount; } - labelStr = labelStr.trim(); + labelStr = sb.toString().trim(); if (labelStr.isEmpty()) { return packageName; } |