An xbm file with the wrong width and/or height information leads to out of bounds reads. Example file: #define example_width 12 #define example_height 10000 static unsigned char example_bits[] = { 0x00, 0x00, 0x00, 0x00 0x00, 0x00 0x40, 0x00, 0xe0, 0x00, 0xf0, 0x01, 0xf8, 0x03, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xe0, 0x00, 0x00, 0x00 0x00, 0x00 0x00, 0x00 }; The actual height of the image is 16, as can be seen in the pixel array (each row represents one row of pixels). Okular displays this image as 10000 pixels high, with rows > 16 filled with seemingly random data. Version info from About box: Okular Version 0.25.0 Using KDE Development Platform 4.14.20 Backend info: Image Backend Version 0.1.2 Using KDE Development Platform 4.14.20 Reproducible: Always Steps to Reproduce: 1. Save given XBM to example.xbm 2. Run okular example.xbm Actual Results: Displayed image is 10000 pixels high, with all but the top 16 seemingly random. Expected Results: Displayed image is 16 pixels high and/or a warning/error about an invalid image is shown.
The code for reading xbm files we are using is part of Qt. So any program using Qt to read images will have this problem. Please report the bug upstream at https://bugreports.qt.io/
OK, I'll do that.