Bug 906402 - security exception when checking signature of favicon, r=mfinkle
authorMark Capella <markcapella@twcny.rr.com>
Tue, 29 Oct 2013 08:42:37 -0400
changeset 152571 06e480dedcb08716eacf7b951e166b3e7665299c
parent 152570 200fa2ac65e4c1d1c947a5cac90e22a9013f07a2
child 152572 127e27f7c2127c2e7de24ea4b3a2ef032566c1aa
push id3259
push usermarkcapella@twcny.rr.com
push dateTue, 29 Oct 2013 12:42:42 +0000
treeherderfx-team@06e480dedcb0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmfinkle
bugs906402
milestone28.0a1
Bug 906402 - security exception when checking signature of favicon, r=mfinkle
mobile/android/base/gfx/BitmapUtils.java
--- a/mobile/android/base/gfx/BitmapUtils.java
+++ b/mobile/android/base/gfx/BitmapUtils.java
@@ -56,16 +56,21 @@ public final class BitmapUtils {
             (new UiAsyncTask<Void, Void, Drawable>(ThreadUtils.getBackgroundHandler()) {
                 @Override
                 public Drawable doInBackground(Void... params) {
                     try {
                         if (data.startsWith("jar:jar")) {
                             return GeckoJarReader.getBitmapDrawable(context.getResources(), data);
                         }
 
+                        // Don't attempt to validate the JAR signature when loading an add-on icon
+                        if (data.startsWith("jar:file")) {
+                            return GeckoJarReader.getBitmapDrawable(context.getResources(), Uri.decode(data));
+                        }
+
                         URL url = new URL(data);
                         InputStream is = (InputStream) url.getContent();
                         try {
                             return Drawable.createFromStream(is, "src");
                         } finally {
                             is.close();
                         }
                     } catch (Exception e) {