RFR: JDK-8347377 : Add validation checks for ICC_Profile header fields [v3]
Phil Race
prr at openjdk.org
Thu Jan 16 00:17:41 UTC 2025
On Wed, 15 Jan 2025 23:50:28 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:
>> test/jdk/java/awt/color/ICC_Profile/ValidateICCHeaderData.java line 39:
>>
>>> 37:
>>> 38: public class ValidateICCHeaderData {
>>> 39: private static ICC_Profile profile;
>>
>> the change will also affect serialization, the test should check that code path.
>
> Added 2 more cases that tests loading a profile using ICC_Profile.getInstance(byte[] data)
> Now we hit the code path where verifyHeader() is called within getInstance().
> Also , I did test by directly loading a profile from a file - ICC_Profile.getInstance("sRGB.pf") and it works fine.
>
> Do you mean this code path or something else?
I *think* what he means is that a profile with a now rejected header might allowed on JDK 21,
and serialised on JDK 21 and when deserialised on JDK 25 (with this change) it is then rejected.
Since it is unlikely the profile actually worked properly anyway on JDK 21, I don't think that would be an issue except for contrived tests, and is an insufficient reason to not make this change.
Also if we were to consider backporting this to 21u then they'd not be able to serialise it.
If we get a bug report on serialisation with a legitimate case, we can take another look.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23044#discussion_r1917497644
More information about the client-libs-dev
mailing list