RFR: 8367384: The ICC_Profile class may throw exceptions during serialization

Phil Race prr at openjdk.org
Wed Sep 17 19:26:11 UTC 2025 

On Tue, 16 Sep 2025 23:51:06 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:

> Additional checks were recently added to ICC_Profile (see [JDK-8347377](https://bugs.openjdk.org/browse/JDK-8347377)). As a result, objects previously stored as valid profiles may now throw an IllegalArgumentException during serialization. Discussion about serialization was started in https://github.com/openjdk/jdk/pull/23044 but it seems at the end non-serialization related check was [verified](https://github.com/openjdk/jdk/pull/23044/commits/a5201b5f353e8957a1274261372496768edbc7a2). =(
> 
> The patch itself is simple, but I found that we do not have good test coverage in this area. So I added two tests to cover all possible variants specified by the serialization spec.

src/java.desktop/share/classes/java/awt/color/ICC_Profile.java line 1564:

> 1562:                 case null, default -> getInstance(data);
> 1563:             };
> 1564:         } catch (ClassCastException | IllegalArgumentException e) {

I don't see InvalidObjectException as a declared exception either for
This is a little tricky InvalidObjectException isn't listed explicitly by 
https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/io/ObjectInputStream.html#readObject()
although it is a subclass of IOException
https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/io/InvalidObjectException.html#%3Cinit%3E(java.lang.String)

However the docs for 
https://docs.oracle.com/en/java/javase/25/docs/api/java.desktop/java/awt/color/ICC_Profile.html#getInstance(byte%5B%5D)

say that IOException is thrown by ObjectInputStream
     * @throws IOException thrown by {@code ObjectInputStream}
but the exceptions you are catching are from the profile verifier - at least the IAE is.
And there is a (closed) test that expects IAE in this case and fails because it now gets InvalidObjectException

Either that test, or this fix, or both will need revising. Perhaps the spec. of readObject should be updated too.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/27326#discussion_r2356533149

More information about the client-libs-dev mailing list