RFR: JDK-8361748 : Enforce limits on the size of an XBM image [v2]
Phil Race
prr at openjdk.org
Tue Jul 29 18:11:02 UTC 2025
On Fri, 25 Jul 2025 23:58:39 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:
>> XBM (X Bitmap) images are small one-bit deep images that were developed as a simple uncompressed format that could easily be included in C source files as include files.
>>
>> Format of XBM image:
>>
>>
>> #define width w
>> #define height h
>> static char foo_bits[] = {
>> 0xnn,0xnn,0xnn,0xnn,0xnn, .......
>> 0xnn,0xnn,0xnn,0xnn, .........
>> 0xnn,0xnn,0xnn,0xnn};
>>
>>
>> The first two #defines statements specify the width and height of the bitmap in pixels followed by hex byte array which represent pixel data itself.
>>
>> The current implementation allows an arbitrarily large XBM which is not a valid use case for any XBM.
>> Also it doesn't validate that the provided byte array is sufficient to populate the specified WxH. Since these are small one-bit mono images a reasonable size limit is set to `MAX_XBM_SIZE = 16384 bytes`. It can be set to a larger limit if someone thinks it is necessary.
>>
>> The XBMDecoder's produceImage() has outdated logic, it has been restructured by adding more efficient parser logic and better error handling checks.
>
> Harshitha Onkar has updated the pull request incrementally with two additional commits since the last revision:
>
> - rename
> - test summary
LGTM
-------------
Marked as reviewed by prr (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/26488#pullrequestreview-3068654119
More information about the client-libs-dev
mailing list