Integrated: JDK-8361748 : Enforce limits on the size of an XBM image
Harshitha Onkar
honkar at openjdk.org
Thu Aug 7 21:22:17 UTC 2025
On Fri, 25 Jul 2025 23:37:27 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:
> XBM (X Bitmap) images are small one-bit deep images that were developed as a simple uncompressed format that could easily be included in C source files as include files.
>
> Format of XBM image:
>
>
> #define width w
> #define height h
> static char foo_bits[] = {
> 0xnn,0xnn,0xnn,0xnn,0xnn, .......
> 0xnn,0xnn,0xnn,0xnn, .........
> 0xnn,0xnn,0xnn,0xnn};
>
>
> The first two #defines statements specify the width and height of the bitmap in pixels followed by hex byte array which represent pixel data itself.
>
> The current implementation allows an arbitrarily large XBM which is not a valid use case for any XBM.
> Also it doesn't validate that the provided byte array is sufficient to populate the specified WxH. Since these are small one-bit mono images a reasonable size limit is set to `MAX_XBM_SIZE = 16384 bytes`. It can be set to a larger limit if someone thinks it is necessary.
>
> The XBMDecoder's produceImage() has outdated logic, it has been restructured by adding more efficient parser logic and better error handling checks.
This pull request has now been integrated.
Changeset: c71be802
Author: Harshitha Onkar <honkar at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/c71be802b530034169d17325478dba6e2f1c3238
Stats: 245 lines in 7 files changed: 157 ins; 33 del; 55 mod
8361748: Enforce limits on the size of an XBM image
Reviewed-by: prr, jdv
-------------
PR: https://git.openjdk.org/jdk/pull/26488
More information about the client-libs-dev
mailing list