diff --git a/app/src/main/java/org/fdroid/fdroid/FDroidApp.java b/app/src/main/java/org/fdroid/fdroid/FDroidApp.java index 0d3a05068..aa9ae58fb 100644 --- a/app/src/main/java/org/fdroid/fdroid/FDroidApp.java +++ b/app/src/main/java/org/fdroid/fdroid/FDroidApp.java @@ -32,15 +32,18 @@ import android.content.pm.PackageInfo; import android.content.pm.PackageManager; import android.content.pm.ResolveInfo; import android.content.res.Configuration; +import android.graphics.Bitmap; import android.os.Build; import android.os.Environment; import android.os.StrictMode; import android.text.TextUtils; import android.util.Log; +import android.view.Display; import android.view.WindowManager; import android.widget.Toast; import com.nostra13.universalimageloader.core.ImageLoader; import com.nostra13.universalimageloader.core.ImageLoaderConfiguration; +import com.nostra13.universalimageloader.core.process.BitmapProcessor; import info.guardianproject.netcipher.NetCipher; import info.guardianproject.netcipher.proxy.OrbotHelper; import org.acra.ACRA; @@ -61,6 +64,7 @@ import org.fdroid.fdroid.net.ImageLoaderForUIL; import org.fdroid.fdroid.net.WifiStateChangeService; import org.fdroid.fdroid.views.hiding.HidingManager; +import javax.microedition.khronos.opengles.GL10; import java.io.IOException; import java.security.Security; import java.util.List; @@ -380,9 +384,31 @@ public class FDroidApp extends Application { UpdateService.schedule(getApplicationContext()); bluetoothAdapter = getBluetoothAdapter(); + // There are a couple things to pay attention to with this config: memory usage, + // especially on small devices; and, image processing vulns, since images are + // submitted via app's git repos, so anyone with commit privs there could submit + // exploits hidden in images. Luckily, F-Droid doesn't need EXIF at all, and + // that is where the JPEG/PNG vulns have been. So it can be entirely stripped. + Display display = ((WindowManager) getSystemService(WINDOW_SERVICE)).getDefaultDisplay(); + int maxSize = GL10.GL_MAX_TEXTURE_SIZE; // see ImageScaleType.NONE_SAFE javadoc + int width = display.getWidth(); + if (width > maxSize) { + maxSize = width; + } + int height = display.getHeight(); + if (height > maxSize) { + maxSize = height; + } ImageLoaderConfiguration config = new ImageLoaderConfiguration.Builder(getApplicationContext()) .imageDownloader(new ImageLoaderForUIL(getApplicationContext())) .defaultDisplayImageOptions(Utils.getDefaultDisplayImageOptionsBuilder().build()) + .diskCacheExtraOptions(maxSize, maxSize, new BitmapProcessor() { + @Override + public Bitmap process(Bitmap bitmap) { + // converting JPEGs to Bitmaps, then saving them removes EXIF metadata + return bitmap; + } + }) .threadPoolSize(getThreadPoolSize()) .build(); ImageLoader.getInstance().init(config); diff --git a/app/src/main/java/org/fdroid/fdroid/Utils.java b/app/src/main/java/org/fdroid/fdroid/Utils.java index a0480f461..c9a5258c8 100644 --- a/app/src/main/java/org/fdroid/fdroid/Utils.java +++ b/app/src/main/java/org/fdroid/fdroid/Utils.java @@ -379,7 +379,7 @@ public final class Utils { .cacheOnDisk(true) .considerExifParams(false) .bitmapConfig(Bitmap.Config.RGB_565) - .imageScaleType(ImageScaleType.NONE); + .imageScaleType(ImageScaleType.EXACTLY); } return defaultDisplayImageOptionsBuilder; } diff --git a/app/src/main/java/org/fdroid/fdroid/data/App.java b/app/src/main/java/org/fdroid/fdroid/data/App.java index 120021760..aff0a6e78 100644 --- a/app/src/main/java/org/fdroid/fdroid/data/App.java +++ b/app/src/main/java/org/fdroid/fdroid/data/App.java @@ -219,12 +219,13 @@ public class App extends ValueObject implements Comparable, Parcelable { public App() { } - public App(Cursor cursor) { + public App(final Cursor cursor) { checkCursorPosition(cursor); - for (int i = 0; i < cursor.getColumnCount(); i++) { - String n = cursor.getColumnName(i); + final int cursorColumnCount = cursor.getColumnCount(); + for (int i = 0; i < cursorColumnCount; i++) { + final String n = cursor.getColumnName(i); switch (n) { case Cols.ROW_ID: id = cursor.getLong(i); diff --git a/app/src/main/java/org/fdroid/fdroid/views/apps/AppListAdapter.java b/app/src/main/java/org/fdroid/fdroid/views/apps/AppListAdapter.java index 4d1590cce..32fc0561d 100644 --- a/app/src/main/java/org/fdroid/fdroid/views/apps/AppListAdapter.java +++ b/app/src/main/java/org/fdroid/fdroid/views/apps/AppListAdapter.java @@ -34,7 +34,8 @@ class AppListAdapter extends RecyclerView.Adapter @Override public void onBindViewHolder(StandardAppListItemController holder, int position) { cursor.moveToPosition(position); - holder.bindModel(new App(cursor)); + final App app = new App(cursor); + holder.bindModel(app); } @Override diff --git a/app/src/main/java/org/fdroid/fdroid/views/whatsnew/WhatsNewAdapter.java b/app/src/main/java/org/fdroid/fdroid/views/whatsnew/WhatsNewAdapter.java index 7500f16d6..671ec8b27 100644 --- a/app/src/main/java/org/fdroid/fdroid/views/whatsnew/WhatsNewAdapter.java +++ b/app/src/main/java/org/fdroid/fdroid/views/whatsnew/WhatsNewAdapter.java @@ -80,7 +80,8 @@ public class WhatsNewAdapter extends RecyclerView.Adapter { @Override public void onBindViewHolder(AppCardController holder, int position) { cursor.moveToPosition(position); - holder.bindApp(new App(cursor)); + final App app = new App(cursor); + holder.bindApp(app); } @Override