Take precautions against ill-formed content URIs

* java/org/gnu/emacs/EmacsService.java (openContentUri)
(checkContentUri): Verify that URIs derived from user-provided
file names can be parsed before attempting to open them.

java/org/gnu/emacs/EmacsService.java

@@ -987,6 +987,7 @@ invocation of app_process (through android-emacs) can
     String name, mode;
     ParcelFileDescriptor fd;
     int i;
+    Uri uriObject;
 
     /* Figure out the file access mode.  */
 
@@ -1001,12 +1002,20 @@ invocation of app_process (through android-emacs) can
     if (truncate)
       mode += "t";
 
+    /* Decode the URI.  It might be possible for a perverse user to
+       construct a content file name that Android finds unparsable, so
+       punt if the result is NULL.  */
+
+    uriObject = Uri.parse (uri);
+    if (uriObject == null)
+      return -1;
+
     /* Try to open a corresponding ParcelFileDescriptor.  Though
        `fd.detachFd' is exclusive to Honeycomb and up, this function is
        never called on systems older than KitKat, which is Emacs's
        minimum requirement for access to /content/by-authority.  */
 
-    fd = resolver.openFileDescriptor (Uri.parse (uri), mode);
+    fd = resolver.openFileDescriptor (uriObject, mode);
     if (fd == null)
       return -1;
 
@@ -1027,7 +1036,14 @@ invocation of app_process (through android-emacs) can
     Uri uri;
     int rc, flags;
 
+    /* Decode the URI.  It might be possible that perverse user should
+       construct a content file name that Android finds unparsable, so
+       punt if the result is NULL.  */
+
     uri = Uri.parse (name);
+    if (uri == null)
+      return false;
+
     flags = 0;
 
     if (readable)