RFR: JDK-8346465 : Add a check in setData() to restrict the update of Built-In ICC_Profiles [v11]
Harshitha Onkar
honkar at openjdk.org
Wed Mar 5 20:04:01 UTC 2025
On Tue, 4 Mar 2025 13:05:30 GMT, Alexey Ivanov <aivanov at openjdk.org> wrote:
>>> This builtin flag check is exclusively for JDK built-in profiles created within the private interface `BuiltInProfile` and not applicable if an application loads the profile by serialization.
>>
>> The built-in profiles can be serialized and deserialized, [see](https://github.com/openjdk/jdk/blob/c4b516dfe7c5a5fddd4d9c97a21f5f36bf845646/src/java.desktop/share/classes/java/awt/color/ICC_Profile.java#L1573). This means the application may get a reference to the profile not only via the getInstance(id) method. Therefore, the new spec is not strictly accurate regarding ICC_Profile.getInstance(int colorSpaceID), but I am not sure that we should mention serialisation here.
>>
>> **Note:**
>> The new Javadoc for the new private built-in flag is "public" via the serialized form of the class. It probably should be marked as transient, so it will only be set to true when the built-in profile is loaded via serialization. In all other cases, it will be false.
>
> This is an interesting observation.
>
> Are the unserialized built-in profiles mapped to their corresponding singleton instances? I presume it's the case. Then, the `builtIn` flag will still be set to `true` in the returned object.
>
> **Should the serialized form be preserved?**
>
> If the `builtIn` field is `transient`, built-in profiles written by JDK 25 (mainline) could still be read in previous versions and vice versa. This will improve the backward compatibility.
Good point. I had not considered the effect of serialization on builtIn flag, let me check and get back.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23606#discussion_r1982109310
More information about the client-libs-dev
mailing list