RFR: JDK-8346465 : Add a check in setData() to restrict the update of Built-In ICC_Profiles [v8]
Alexey Ivanov
aivanov at openjdk.org
Tue Feb 25 11:01:06 UTC 2025
On Tue, 25 Feb 2025 02:16:11 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:
>> Built-in Profiles are singleton objects and if the user happens to modify this shared profile object via setData() then the modified version of the profile is returned each time the same built-in profile is requested via getInstance().
>>
>> It is good to protect Built-in profiles from such direct modification by adding BuiltIn profile check in `setData()` such that **only copies** of Built-In profiles are allowed to be updated.
>>
>> With the proposed fix, if Built-In profile is updated using `.setData()` it throws _**IAE - "BuiltIn profile cannot be modified"**_
>>
>> Fix consists of:
>> * `private boolean isBuiltIn = false` in ICC_Profile which is set to true when BuiltIn profiles are created and false for non-builtIn profile.
>> * Converted BuiltInProfile from private interface to private static class (with all the profile instances as static final)
>> * `isBuiltIn` flag is set to true when BuiltInProfile are loaded.
>> * JavaDoc update for setData() (CSR required)
>>
>> There are no restrictions on creating copies of BuiltIn profile and then modifying it, but what is being restricted with this fix is - the direct modification of the shared BuiltIn profile instance.
>>
>> Applications which need a modified version of the ICC Profile should instead do the following:
>>
>>
>> byte[] profileData = ICC_Profile.getData() // get the byte array represtation of BuiltIn- profile
>> ICCProfile newProfile = ICC_Profile.getInstance(profileData) // create a new profile
>> newProfile.setData() // to modify and customize the profile
>>
>>
>> Following existing tests are modified to update a copy of Built-In profile.
>>
>> - java/awt/color/ICC_Profile/SetHeaderInfo.java
>> - java/awt/color/ICC_ProfileSetNullDataTest.java
>> - sun/java2d/cmm/ProfileOp/SetDataTest.java
>
> Harshitha Onkar has updated the pull request incrementally with one additional commit since the last revision:
>
> renamed flag to builtIn
Changes requested by aivanov (Reviewer).
src/java.desktop/share/classes/java/awt/color/ICC_Profile.java line 115:
> 113: * This check is used in {@link #setData(int, byte[])} to prevent modifying
> 114: * Built-in profiles.
> 115: */
/**
* Set to {@code true} for {@code BuiltInProfile},
* remains {@code false} otherwise.
* This flag is used in {@link #setData(int, byte[])} to prevent modifying
* built-in profiles.
*/
There's no need to capitalise “Built-in”.
test/jdk/java/awt/color/ICC_Profile/BuiltInProfileCheck.java line 70:
> 68: throw new RuntimeException("Test Failed! IAE NOT thrown.");
> 69: } catch (IllegalArgumentException iae) {
> 70: if (!iae.getMessage().equalsIgnoreCase(EXCEPTION_MSG)) {
I think we can compare with regular `equals`. It is unlikely the message will change by letter case only. The test uses exactly the same message as the one that's thrown in `ICC_Profile.setData`, therefore the messages should match.
If the message is changed in the code for whatever reason, the message in the test will need updating, which is expected, isn't it?
-------------
PR Review: https://git.openjdk.org/jdk/pull/23606#pullrequestreview-2640520613
PR Review Comment: https://git.openjdk.org/jdk/pull/23606#discussion_r1969536537
PR Review Comment: https://git.openjdk.org/jdk/pull/23606#discussion_r1969481870
More information about the client-libs-dev
mailing list