RFR: JDK-8346465 : Add a check in setData() to restrict the update of Built-In ICC_Profiles [v19]
Phil Race
prr at openjdk.org
Sat Mar 22 02:48:21 UTC 2025
On Fri, 21 Mar 2025 17:39:37 GMT, Harshitha Onkar <honkar at openjdk.org> wrote:
>> Built-in Profiles are singleton objects and if the user happens to modify this shared profile object via setData() then the modified version of the profile is returned each time the same built-in profile is requested via getInstance().
>>
>> It is good to protect Built-in profiles from such direct modification by adding BuiltIn profile check in `setData()` such that **only copies** of Built-In profiles are allowed to be updated.
>>
>> With the proposed fix, if Built-In profile is updated using `.setData()` it throws _**IAE - "BuiltIn profile cannot be modified"**_
>>
>> There are no restrictions on creating copies of BuiltIn profile and then modifying it, but what is being restricted with this fix is - the direct modification of the shared BuiltIn profile instance.
>>
>> Applications which need a modified version of the ICC Profile should instead do the following:
>>
>>
>> byte[] profileData = ICC_Profile.getData() // get the byte array representation of BuiltIn- profile
>> ICCProfile newProfile = ICC_Profile.getInstance(profileData) // create a new profile
>> newProfile.setData() // to modify and customize the profile
>>
>>
>> Following existing tests are modified to update a copy of Built-In profile.
>>
>> - java/awt/color/ICC_Profile/SetHeaderInfo.java
>> - java/awt/color/ICC_ProfileSetNullDataTest.java
>> - sun/java2d/cmm/ProfileOp/SetDataTest.java
>
> Harshitha Onkar has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 21 additional commits since the last revision:
>
> - Merge branch 'master' into BuiltInCheck
> - updated test to check for all builtIn profiles, serial-deserialization
> - redudant stmt removed
> - modifier order changed, added comment to BuiltInProfile
> - review changes
> - builtIn converted to transient, tests updated
> - minor
> - review changes
> - doc update
> - builtIn flag moved to constructor
> - ... and 11 more: https://git.openjdk.org/jdk/compare/63e9b2ec...7da4c5c7
>
That's an interesting point. The way to obtain them is a get* method which conventionally means it isn't a "new" instance, but the first line of the javadoc unhelpfully says
"Constructs an ICC_Profile".
As a matter of practicality it is hard to imagine that getInstance(int) would return new instances every time in any implementation. Particularly since ICC_Profile doesn't over-ride equals() ! Perhaps we should improve the doc of that method too in some way. But I think that can be a separate PR with its own separate CSR.
The spec. update being made here is valid in either case.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23606#issuecomment-2744915887
More information about the client-libs-dev
mailing list