432520 – Crash when tapping playback notification

Bug 432520 - Crash when tapping playback notification

Summary: Crash when tapping playback notification

Status:	REPORTED

Alias:	None

Product:	kdeconnect
Classification:	Applications
Component:	android-application (show other bugs)
Version:	unspecified
Platform:	Android Android 11.x

Importance:	NOR normal
Target Milestone:	---
Assignee:	Albert Vaca Cintora

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-02-05 01:35 UTC by Daniel Tang
Modified:	2021-02-05 01:35 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Tang 2021-02-05 01:35:41 UTC

SUMMARY

KDE Connect crashed when I did tapped something in my notifications.

STEPS TO REPRODUCE

1. Play a music video in the background with NewPipe on the phone, and wait for it to end
2. Play an audio file using VLC on the paired computer
3. Close VLC
4. Shut down the computer
5. Open the notification shade on the phone
6. Tap on NewPipe's notification's dismiss button (swipe down first) (the notification in the Android 11 media controls section, the first of a 2-page viewpager-like UI, with the second being KDE connect's notification describing media on the computer)
7. Accidentally touch the KDE Connect notification (I'm not really sure what happened in the first place, and I haven't attempted to reproduce this yet)

OBSERVED RESULT

It crashed with the following stack trace:

01-22 03:30:58.497  4919  4919 E AndroidRuntime: android.os.FileUriExposedException: file:///home/[username]/[redacted].webm exposed beyond app through Intent.getData()
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.os.StrictMode.onFileUriExposed(StrictMode.java:2141)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.net.Uri.checkFileUriExposed(Uri.java:2391)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.content.Intent.prepareToLeaveProcess(Intent.java:11183)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.content.Intent.prepareToLeaveProcess(Intent.java:11134)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.app.Instrumentation.execStartActivity(Instrumentation.java:1909)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.app.Activity.startActivityForResult(Activity.java:5326)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.fragment.app.FragmentActivity.startActivityForResult(FragmentActivity.java:675)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.app.Activity.startActivityForResult(Activity.java:5284)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.fragment.app.FragmentActivity.startActivityForResult(FragmentActivity.java:662)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.app.Activity.startActivity(Activity.java:5670)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.app.Activity.startActivity(Activity.java:5623)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at org.kde.kdeconnect.Plugins.MprisPlugin.MprisActivity.onOptionsItemSelected(MprisActivity.java:418)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.app.Activity.onMenuItemSelected(Activity.java:4275)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.fragment.app.FragmentActivity.onMenuItemSelected(FragmentActivity.java:383)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.appcompat.app.AppCompatActivity.onMenuItemSelected(AppCompatActivity.java:228)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.appcompat.view.WindowCallbackWrapper.onMenuItemSelected(WindowCallbackWrapper.java:109)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.appcompat.app.AppCompatDelegateImpl.onMenuItemSelected(AppCompatDelegateImpl.java:1176)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.appcompat.view.menu.MenuBuilder.dispatchMenuItemSelected(MenuBuilder.java:834)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.appcompat.view.menu.MenuItemImpl.invoke(MenuItemImpl.java:158)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.appcompat.view.menu.MenuBuilder.performItemAction(MenuBuilder.java:985)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at androidx.appcompat.view.menu.MenuPopup.onItemClick(MenuPopup.java:128)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.widget.AdapterView.performItemClick(AdapterView.java:330)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.widget.AbsListView.performItemClick(AbsListView.java:1210)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.widget.AbsListView$PerformClick.run(AbsListView.java:3202)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.os.Handler.handleCallback(Handler.java:938)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.os.Handler.dispatchMessage(Handler.java:99)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.os.Looper.loop(Looper.java:233)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at android.app.ActivityThread.main(ActivityThread.java:8010)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at java.lang.reflect.Method.invoke(Native Method)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:631)
01-22 03:30:58.497  4919  4919 E AndroidRuntime:        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:978)

EXPECTED RESULT

For it to not crash.

I would also expect a file URI corresponding to a file on my computer to be passed around to other Android apps, as it's both invalid and leaks sensitive information

SOFTWARE/OS VERSIONS

Device: OnePlus 7 Pro
Android: 11
Android Update: OP7Pro_O2_BETA_01
KDE Connect Android version: Built at 36b03274b60f92b33b8317010017ffe4127bf85c (inside a MR)