RFR: JDK-8361748 : Enforce limits on the size of an XBM image
Harshitha Onkar
honkar at openjdk.org
Fri Jul 25 23:43:17 UTC 2025
XBM (X Bitmap) images are small one-bit deep images that were developed as a simple uncompressed format that could easily be included in C source files as include files.
Format of XBM image:
#define width w
#define height h
static char foo_bits[] = {
0xnn,0xnn,0xnn,0xnn,0xnn, .......
0xnn,0xnn,0xnn,0xnn, .........
0xnn,0xnn,0xnn,0xnn};
The first two #defines statements specify the width and height of the bitmap in pixels followed by hex byte array which represent pixel data itself.
The current implementation allows an arbitrarily large XBM which is not a valid use case for any XBM.
Also it doesn't validate that the provided byte array is sufficient to populate the specified WxH. Since these are small one-bit mono images we have set a reasonable size limit to `MAX_XBM_SIZE = 16384 bytes`. This can be set to a larger limit if someone thinks it is necessary.
The XBMDecoder's produceImage() has outdated logic, it has been restructured by adding more efficient parser logic and better error handling checks.
-------------
Commit messages:
- regression test
- src code changes
Changes: https://git.openjdk.org/jdk/pull/26488/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26488&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8361748
Stats: 234 lines in 7 files changed: 148 ins; 25 del; 61 mod
Patch: https://git.openjdk.org/jdk/pull/26488.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26488/head:pull/26488
PR: https://git.openjdk.org/jdk/pull/26488
More information about the client-libs-dev
mailing list