RFR: JDK-8347377 : Add validation checks for ICC_Profile header fields [v3]

[Harshitha Onkar]

On Mon, 13 Jan 2025 19:44:54 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:

>> src/java.desktop/share/classes/java/awt/color/ICC_Profile.java line 1176:
>> 
>>> 1174:                 return true;
>>> 1175:             }
>>> 1176:             default -> throw new IllegalArgumentException("Unknown Rendering Intent");
>> 
>> how it is handled by the lcms library? don't we need to ignore unknown intents(and other parameters) and lets lcms decide what to do?
>
> @mrserb 
> Non-header data are updated using cooked approach (and validated by LCMS) whereas header data are updated using raw LCMS APIs hence require additional validation before setData() is called (On native side it is handled here: setTagDataNative() in [LCMS.c](https://github.com/openjdk/jdk/blob/63eb4853f6782f350f67b6bcf25d83bc4480be71/src/java.desktop/share/native/liblcms/LCMS.c#L445)).
> 
> Without the fix, if  invalid rendering intent, PCS, ColorSpace or Device class is updated using setData()  it does not throw IAE.

> don't we need to ignore unknown intents(and other parameters) and lets lcms decide what to do?

LCMS does not catch invalid header data and updates the profile, this can cause exceptions later on for instance when the modified profile is used to create BufferedImage.
This can be prevented by adding checks in setData and restricting updates to only allowed values as specified in ICC Spec Doc.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23044#discussion_r1913732872