RFR: JDK-8361748 : Enforce limits on the size of an XBM image [v2]
Harshitha Onkar
honkar at openjdk.org
Fri Jul 25 23:58:39 UTC 2025
> XBM (X Bitmap) images are small one-bit deep images that were developed as a simple uncompressed format that could easily be included in C source files as include files.
>
> Format of XBM image:
>
>
> #define width w
> #define height h
> static char foo_bits[] = {
> 0xnn,0xnn,0xnn,0xnn,0xnn, .......
> 0xnn,0xnn,0xnn,0xnn, .........
> 0xnn,0xnn,0xnn,0xnn};
>
>
> The first two #defines statements specify the width and height of the bitmap in pixels followed by hex byte array which represent pixel data itself.
>
> The current implementation allows an arbitrarily large XBM which is not a valid use case for any XBM.
> Also it doesn't validate that the provided byte array is sufficient to populate the specified WxH. Since these are small one-bit mono images we have set a reasonable size limit to `MAX_XBM_SIZE = 16384 bytes`. This can be set to a larger limit if someone thinks it is necessary.
>
> The XBMDecoder's produceImage() has outdated logic, it has been restructured by adding more efficient parser logic and better error handling checks.
Harshitha Onkar has updated the pull request incrementally with two additional commits since the last revision:
- rename
- test summary
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/26488/files
- new: https://git.openjdk.org/jdk/pull/26488/files/6bbe3e73..f3df2849
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=26488&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=26488&range=00-01
Stats: 6 lines in 2 files changed: 1 ins; 0 del; 5 mod
Patch: https://git.openjdk.org/jdk/pull/26488.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26488/head:pull/26488
PR: https://git.openjdk.org/jdk/pull/26488
More information about the client-libs-dev
mailing list