| Device Name | Android Version | App Name | App Version |
|---|---|---|---|
| Samsung Galaxy Note4 | 6.0.1 | MemeTastic | 1.6.7 |
Description
The calling context has a permission check, but the returned file path is read/write without check, thus a crash happens when re-entering the app, when the onResume is invoked.
Reproduce crash:
- enter the app from the home screen and allow the permission request
- choose one meme item and enter the ``create meme activity’’
- go to system setting and revoke the storage permission
- go back to the app and it crashes
Aper Outputs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
API:
<android.os.Environment: java.io.File getExternalStorageDirectory()>
---
PERMISSIONS:
[android.permission.READ_EXTERNAL_STORAGE,android.permission.WRITE_EXTERNAL_STORAGE]
---
CALLCHAIN:
net.gsantner.memetastic.activity.MemeCreateActivity.onResume()void
net.gsantner.memetastic.activity.MemeCreateActivity.initMemeSettings(android.os.Bundle)boolean
net.gsantner.memetastic.activity.MemeCreateActivity.extractBitmapFromIntent(android.content.Intent)android.graphics.Bitmap
net.gsantner.opoc.util.ShareUtil.extractFileFromIntent(android.content.Intent)java.io.File
android.os.Environment.getExternalStorageDirectory()java.io.File
======
DANGEROUS: android.permission.READ_EXTERNAL_STORAGE
Is Declared: true
Check Sites: NONE
Request Sites: NONE
Has Handle: in <net.gsantner.memetastic.activity.MemeCreateActivity: void onRequestPermissionsResult(int,java.lang.String[],int[])>
---
DANGEROUS: android.permission.WRITE_EXTERNAL_STORAGE
Is Declared: true
Check Sites: in <net.gsantner.memetastic.service.AssetUpdater$LoadAssetsThread: void run()>
Request Sites: NONE
Has Handle: in <net.gsantner.memetastic.activity.MemeCreateActivity: void onRequestPermissionsResult(int,java.lang.String[],int[])>