RFR: JDK-8361748 : Enforce limits on the size of an XBM image [v2]
Jayathirth D V
jdv at openjdk.org
Mon Aug 4 08:37:57 UTC 2025
On Fri, 25 Jul 2025 23:58:39 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:
>> XBM (X Bitmap) images are small one-bit deep images that were developed as a simple uncompressed format that could easily be included in C source files as include files.
>>
>> Format of XBM image:
>>
>>
>> #define width w
>> #define height h
>> static char foo_bits[] = {
>> 0xnn,0xnn,0xnn,0xnn,0xnn, .......
>> 0xnn,0xnn,0xnn,0xnn, .........
>> 0xnn,0xnn,0xnn,0xnn};
>>
>>
>> The first two #defines statements specify the width and height of the bitmap in pixels followed by hex byte array which represent pixel data itself.
>>
>> The current implementation allows an arbitrarily large XBM which is not a valid use case for any XBM.
>> Also it doesn't validate that the provided byte array is sufficient to populate the specified WxH. Since these are small one-bit mono images a reasonable size limit is set to `MAX_XBM_SIZE = 16384 bytes`. It can be set to a larger limit if someone thinks it is necessary.
>>
>> The XBMDecoder's produceImage() has outdated logic, it has been restructured by adding more efficient parser logic and better error handling checks.
>
> Harshitha Onkar has updated the pull request incrementally with two additional commits since the last revision:
>
> - rename
> - test summary
Apart from minor indentation issue, change looks good to me.
test/jdk/java/awt/image/XBMDecoder/XBMDecoderTest.java line 55:
> 53: System.out.println("--- Testing " + fileName + " ---");
> 54: try (FileInputStream fis = new FileInputStream(file);
> 55: ByteArrayOutputStream errContent = new ByteArrayOutputStream()) {
Indentation issue.
-------------
Marked as reviewed by jdv (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/26488#pullrequestreview-3083016584
PR Review Comment: https://git.openjdk.org/jdk/pull/26488#discussion_r2250642777
More information about the client-libs-dev
mailing list