Media services on meizu mobile phones can produce SQL Injection
Media services on meizu mobile phones can generate SQL injection.
When the file name is enclosed in quotation marks, the Media Service may have the risk of SQL injection. The direct impact is that the media service constantly crashes and the Image Library cannot be used. Third-party applications that reference the image library, such as QQ, cannot take photos and send images.
Device Model: m2 note
Flayme version: 4.5.4.1A
E/SQLiteLog(16495): (1) near "suki": syntax errorE/AndroidRuntime(16495): FATAL EXCEPTION: Download ServiceE/AndroidRuntime(16495): Process: android.process.media, PID: 16495E/AndroidRuntime(16495): android.database.sqlite.SQLiteException: near "suki": syntax error (code 1): , while compiling: SELECT _id, date_modified, mini_thumb_magic FROM images WHERE (_data="/storage/emulated/0/Pictures/Mbooru/yande.re/yande.re 336109 sample cleavage game_cg goshogawara_yuuki k-ko pantsu panty_pull undressing watashi_ga_suki_nara_"suki"_tte_itte!.jpg")E/AndroidRuntime(16495): at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:898)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:509)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteProgram.
(SQLiteProgram.java:58)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteQuery.
(SQLiteQuery.java:37)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteDirectCursorDriver.query(SQLiteDirectCursorDriver.java:44)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteDatabase.rawQueryWithFactory(SQLiteDatabase.java:1346)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteQueryBuilder.query(SQLiteQueryBuilder.java:400)E/AndroidRuntime(16495): at android.database.sqlite.SQLiteQueryBuilder.query(SQLiteQueryBuilder.java:333)E/AndroidRuntime(16495): at com.android.providers.media.MediaProvider.query(MediaProvider.java:3137)E/AndroidRuntime(16495): at android.content.ContentProvider.query(ContentProvider.java:1110)E/AndroidRuntime(16495): at android.content.ContentProvider$Transport.query(ContentProvider.java:238)E/AndroidRuntime(16495): at android.content.ContentResolver.query(ContentResolver.java:485)E/AndroidRuntime(16495): at android.content.ContentResolver.query(ContentResolver.java:429)E/AndroidRuntime(16495): at com.android.providers.downloads.DownloadNotification.getThumbFromImage(DownloadNotification.java:853)E/AndroidRuntime(16495): at com.android.providers.downloads.DownloadNotification.getThumb(DownloadNotification.java:1068)E/AndroidRuntime(16495): at com.android.providers.downloads.DownloadNotification.updateCompletedNotification(DownloadNotification.java:531)E/AndroidRuntime(16495): at com.android.providers.downloads.DownloadNotification.updateNotification(DownloadNotification.java:186)E/AndroidRuntime(16495): at com.android.providers.downloads.DownloadService$UpdateThread.run(DownloadService.java:375)