Info Call to XML parsing API

Description

Improper XML parsing could lead to several vulnerabilities which could to arbitrary file access (External XML Entities injection, XML injection) or denial of service (Billion laughs, quadratic blowup).

Recommendation

This entry is informative, no recommendations applicable.

Technical details

Method android.support.v7.internal.widget.p.a() calling method android.util.Xml.newSerializer()


    public varargs Void a(Object[] p13)
    {
        int v2_0 = 0;
        java.io.IOException v0_4 = ((java.util.List) p13[0]);
        try {
            StringBuilder v3_0 = android.support.v7.internal.widget.j.a(this.a).openFileOutput(((String) p13[1]), 0);
            String v4_2 = android.util.Xml.newSerializer();
            try {
                v4_2.setOutput(v3_0, 0);
                v4_2.startDocument("UTF-8", Boolean.valueOf(1));
                v4_2.startTag(0, "historical-records");
                int v5_3 = v0_4.size();
            } catch (java.io.IOException v0_11) {
                android.util.Log.e(android.support.v7.internal.widget.j.c(), new StringBuilder().append("Error writing historical recrod file: ").append(android.support.v7.internal.widget.j.b(this.a)).toString(), v0_11);
                android.support.v7.internal.widget.j.a(this.a, 1);
                if (v3_0 == null) {
                    return 0;
                } else {
                    try {
                        v3_0.close();
                    } catch (java.io.IOException v0) {
                    }
                    return 0;
                }
            } catch (java.io.IOException v0_9) {
                android.util.Log.e(android.support.v7.internal.widget.j.c(), new StringBuilder().append("Error writing historical recrod file: ").append(android.support.v7.internal.widget.j.b(this.a)).toString(), v0_9);
                android.support.v7.internal.widget.j.a(this.a, 1);
                if (v3_0 == null) {
                    return 0;
                } else {
                    try {
                        v3_0.close();
                    } catch (java.io.IOException v0) {
                    }
                    return 0;
                }
            } catch (java.io.IOException v0_7) {
                android.util.Log.e(android.support.v7.internal.widget.j.c(), new StringBuilder().append("Error writing historical recrod file: ").append(android.support.v7.internal.widget.j.b(this.a)).toString(), v0_7);
                android.support.v7.internal.widget.j.a(this.a, 1);
                if (v3_0 == null) {
                    return 0;
                } else {
                    try {
                        v3_0.close();
                    } catch (java.io.IOException v0) {
                    }
                    return 0;
                }
            } catch (java.io.IOException v0_1) {
                android.support.v7.internal.widget.j.a(this.a, 1);
                if (v3_0 != null) {
                    try {
                        v3_0.close();
                    } catch (String v1) {
                    }
                }
                throw v0_1;
            }
            while (v2_0 < v5_3) {
                String v1_3 = ((android.support.v7.internal.widget.n) v0_4.remove(0));
                v4_2.startTag(0, "historical-record");
                v4_2.attribute(0, "activity", v1_3.a.flattenToString());
                v4_2.attribute(0, "time", String.valueOf(v1_3.b));
                v4_2.attribute(0, "weight", String.valueOf(v1_3.c));
                v4_2.endTag(0, "historical-record");
                v2_0++;
            }
            v4_2.endTag(0, "historical-records");
            v4_2.endDocument();
            android.support.v7.internal.widget.j.a(this.a, 1);
            if (v3_0 == null) {
                return 0;
            } else {
                try {
                    v3_0.close();
                } catch (java.io.IOException v0) {
                }
                return 0;
            }
        } catch (java.io.IOException v0_2) {
            android.util.Log.e(android.support.v7.internal.widget.j.c(), new StringBuilder().append("Error writing historical recrod file: ").append(0).toString(), v0_2);
            return 0;
        }
    }