1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "android-base/stringprintf.h"
18 #include "android-base/strings.h"
19 #include "androidfw/Png.h"
20 #include "androidfw/Streams.h"
21 #include "androidfw/StringPiece.h"
22 
23 using ::android::base::StringPrintf;
24 
25 namespace android {
26 
27 static constexpr const char* kPngSignature = "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a";
28 
29 // Useful helper function that encodes individual bytes into a uint32
30 // at compile time.
u32(uint8_t a,uint8_t b,uint8_t c,uint8_t d)31 constexpr uint32_t u32(uint8_t a, uint8_t b, uint8_t c, uint8_t d) {
32   return (((uint32_t)a) << 24) | (((uint32_t)b) << 16) | (((uint32_t)c) << 8) | ((uint32_t)d);
33 }
34 
35 // Allow list of PNG chunk types that we want to keep in the resulting PNG.
36 enum PngChunkTypes {
37   kPngChunkIHDR = u32(73, 72, 68, 82),
38   kPngChunkIDAT = u32(73, 68, 65, 84),
39   kPngChunkIEND = u32(73, 69, 78, 68),
40   kPngChunkPLTE = u32(80, 76, 84, 69),
41   kPngChunktRNS = u32(116, 82, 78, 83),
42   kPngChunksRGB = u32(115, 82, 71, 66),
43 };
44 
Peek32LE(const char * data)45 static uint32_t Peek32LE(const char* data) {
46   uint32_t word = ((uint32_t)data[0]) & 0x000000ff;
47   word <<= 8;
48   word |= ((uint32_t)data[1]) & 0x000000ff;
49   word <<= 8;
50   word |= ((uint32_t)data[2]) & 0x000000ff;
51   word <<= 8;
52   word |= ((uint32_t)data[3]) & 0x000000ff;
53   return word;
54 }
55 
IsPngChunkAllowed(uint32_t type)56 static bool IsPngChunkAllowed(uint32_t type) {
57   switch (type) {
58     case kPngChunkIHDR:
59     case kPngChunkIDAT:
60     case kPngChunkIEND:
61     case kPngChunkPLTE:
62     case kPngChunktRNS:
63     case kPngChunksRGB:
64       return true;
65     default:
66       return false;
67   }
68 }
69 
PngChunkFilter(StringPiece data)70 PngChunkFilter::PngChunkFilter(StringPiece data) : data_(data) {
71   if (android::base::StartsWith(data_, kPngSignature)) {
72     window_start_ = 0;
73     window_end_ = kPngSignatureSize;
74   } else {
75     error_msg_ = "file does not start with PNG signature";
76   }
77 }
78 
ConsumeWindow(const void ** buffer,size_t * len)79 bool PngChunkFilter::ConsumeWindow(const void** buffer, size_t* len) {
80   if (window_start_ != window_end_) {
81     // We have bytes to give from our window.
82     const size_t bytes_read = window_end_ - window_start_;
83     *buffer = data_.data() + window_start_;
84     *len = bytes_read;
85     window_start_ = window_end_;
86     return true;
87   }
88   return false;
89 }
90 
Next(const void ** buffer,size_t * len)91 bool PngChunkFilter::Next(const void** buffer, size_t* len) {
92   if (HadError()) {
93     return false;
94   }
95 
96   // In case BackUp was called, we must consume the window.
97   if (ConsumeWindow(buffer, len)) {
98     return true;
99   }
100 
101   // Advance the window as far as possible (until we meet a chunk that
102   // we want to strip).
103   while (window_end_ < data_.size()) {
104     // Chunk length (4 bytes) + type (4 bytes) + crc32 (4 bytes) = 12 bytes.
105     const size_t kMinChunkHeaderSize = 3 * sizeof(uint32_t);
106 
107     // Is there enough room for a chunk header?
108     if (data_.size() - window_end_ < kMinChunkHeaderSize) {
109       error_msg_ = StringPrintf("Not enough space for a PNG chunk @ byte %zu/%zu", window_end_,
110                                 data_.size());
111       return false;
112     }
113 
114     // Verify the chunk length.
115     const uint32_t chunk_len = Peek32LE(data_.data() + window_end_);
116     if ((size_t)chunk_len > data_.size() - window_end_ - kMinChunkHeaderSize) {
117       // Overflow.
118       const uint32_t chunk_type = Peek32LE(data_.data() + window_end_ + sizeof(uint32_t));
119       error_msg_ = StringPrintf(
120           "PNG chunk type %08x is too large: chunk length is %zu but chunk "
121           "starts at byte %zu/%zu",
122           chunk_type, (size_t)chunk_len, window_end_ + kMinChunkHeaderSize, data_.size());
123       return false;
124     }
125 
126     // Do we strip this chunk?
127     const uint32_t chunk_type = Peek32LE(data_.data() + window_end_ + sizeof(uint32_t));
128     if (IsPngChunkAllowed(chunk_type)) {
129       // Advance the window to include this chunk.
130       window_end_ += kMinChunkHeaderSize + chunk_len;
131 
132       // Special case the IEND chunk, which MUST appear last and libpng stops parsing once it hits
133       // such a chunk (let's do the same).
134       if (chunk_type == kPngChunkIEND) {
135         // Truncate the data to the end of this chunk. There may be garbage trailing after
136         // (b/38169876)
137         data_ = data_.substr(0, window_end_);
138         break;
139       }
140 
141     } else {
142       // We want to strip this chunk. If we accumulated a window,
143       // we must return the window now.
144       if (window_start_ != window_end_) {
145         break;
146       }
147 
148       // The window is empty, so we can advance past this chunk
149       // and keep looking for the next good chunk,
150       window_end_ += kMinChunkHeaderSize + chunk_len;
151       window_start_ = window_end_;
152     }
153   }
154 
155   if (ConsumeWindow(buffer, len)) {
156     return true;
157   }
158   return false;
159 }
160 
BackUp(size_t count)161 void PngChunkFilter::BackUp(size_t count) {
162   if (HadError()) {
163     return;
164   }
165   window_start_ -= count;
166 }
167 
Rewind()168 bool PngChunkFilter::Rewind() {
169   if (HadError()) {
170     return false;
171   }
172   window_start_ = 0;
173   window_end_ = kPngSignatureSize;
174   return true;
175 }
176 }  // namespace android
177