RFR: JDK-8347377 : Add validation checks for ICC_Profile header fields [v9]

Harshitha Onkar honkar at openjdk.org
Fri Jan 31 21:14:02 UTC 2025 

On Fri, 31 Jan 2025 10:17:11 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

>> ICC specifies 4 rendering intents, no more. And is clear that these are the 4 ICC rendering intents.
>> 
>> Non-ICC intents are not something we'd support. I see absolutely no problem with that.
>> If a profile has an intent that is unknown to JDK APIs, it doesn't matter what LCMS might do with it
>> if you were programming directly to LCMS as a CMM.
>> Who knows how many things we'd have to do in order to support 'custom' ICC intents.
>> 
>> For Color Spaces, the ICC spec. says
>> "The names and signatures of the permitted data colour spaces are shown in Table 19."
>> 
>> The word "permitted" makes it clear that anything not in this table is not permitted, and thus illegal.
>> 
>> So in summary, the changes made here are all fine.
>
>>Non-ICC intents are not something we'd support. I see absolutely no problem with that.
> If a profile has an intent that is unknown to JDK APIs, it doesn't matter what LCMS might do with it
> if you were programming directly to LCMS as a CMM.
> 
> non-cc intents in lcms are just examples of profiles in the wild that don't violate the icc spec, currently such profiles can be loaded and used for conversion, this patch will break that. Why we should apply this limit and do that now?
> 
> Note that it is possible to use custom intents as well, and we will break it:
>>Little CMS plug-in architecture allows to implement user-defined intents
> 
>>Who knows how many things we'd have to do in order to support 'custom' ICC intents.
> 
> Then let's at least not break it intentionally. Then test and fix if it does not work.

@mrserb 

> non-cc intents in lcms are just examples of profiles in the wild that don't violate the icc spec, currently such profiles can be loaded and used for conversion, this patch will break that. Why we should apply this limit and do that now?

When Rendering Intent validation is skipped, it means that along with non-icc intents other random invalid values are also allowed while updating the profile.. Is it okay to allow invalid Rendering Intents that successfully updated the profile only to cause exception later by LCMS (as below during color transform)?


java.awt.color.CMMException: LCMS error 8: Unsupported intent '5'
	at java.desktop/sun.java2d.cmm.lcms.LCMS.createNativeTransform(Native Method)
	at java.desktop/sun.java2d.cmm.lcms.LCMS.createTransform(LCMS.java:113)
	at java.desktop/sun.java2d.cmm.lcms.LCMSTransform.doTransform(LCMSTransform.java:114)
	at java.desktop/sun.java2d.cmm.lcms.LCMSTransform.colorConvert(LCMSTransform.java:534)
	at java.desktop/java.awt.color.ICC_ColorSpace.toRGB(ICC_ColorSpace.java:224)


The same is true for ColorSpace or Device profile with the original code (without validation checks). You are allowed to update the profile with invalid values successfully which later causes exception.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/23044#issuecomment-2628404798

More information about the client-libs-dev mailing list