RFR: JDK-8347377 : Add validation checks for ICC_Profile header fields [v3]
Harshitha Onkar
honkar at openjdk.org
Sat Jan 18 00:04:40 UTC 2025
On Mon, 13 Jan 2025 19:15:32 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:
>> src/java.desktop/share/classes/java/awt/color/ICC_Profile.java line 795:
>>
>>> 793: }
>>> 794:
>>> 795: if (p != null) {
>>
>> If it possible to get null here we should thrown an exception, but I think we thrown that exception already in the native.
>
> it is probably better to add this validation into ProfileDataVerifier.verify(data), and check it even before .getModule().loadProfile(data)
@mrserb I have changed it so that verifyHeader is called before `CMSManager.getModule().loadProfile(data);`
Validation checks cannot be moved to ProfileDataVerifier without making verifyHeader() public.
NOTE: ProfileDataVerifier.verify() verifies entire profile data and not just the header and at this point we have not created a profile yet.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23044#discussion_r1920884419
More information about the client-libs-dev
mailing list