RFR: JDK-8347377 : Add validation checks for ICC_Profile header fields [v3]
Phil Race
prr at openjdk.org
Mon Jan 13 20:07:48 UTC 2025
On Mon, 13 Jan 2025 19:53:29 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:
>> @mrserb
>> Non-header data are updated using cooked approach (and validated by LCMS) whereas header data are updated using raw LCMS APIs hence require additional validation before setData() is called (On native side it is handled here: setTagDataNative() in [LCMS.c](https://github.com/openjdk/jdk/blob/63eb4853f6782f350f67b6bcf25d83bc4480be71/src/java.desktop/share/native/liblcms/LCMS.c#L445)).
>>
>> Without the fix, if invalid rendering intent, PCS, ColorSpace or Device class is updated using setData() it does not throw IAE.
>
>> don't we need to ignore unknown intents(and other parameters) and lets lcms decide what to do?
>
> Yes, LCMS ignores invalid header data and updates the profile, this can cause exceptions later on for instance when the modified profile is used to create BufferedImage which can be prevented by adding checks in `setData()` and restricting updates to only allowed values as specified in ICC Spec Doc.
> how it is handled by the lcms library? don't we need to ignore unknown intents(and other parameters) and lets lcms decide what to do?
The ICC spec. only defines these 4 intents, so I don't see a problem here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23044#discussion_r1913744824
More information about the client-libs-dev
mailing list