RFR: 8367384: The ICC_Profile class may throw exceptions during serialization
Phil Race
prr at openjdk.org
Wed Sep 17 19:26:11 UTC 2025
On Tue, 16 Sep 2025 23:51:06 GMT, Sergey Bylokhov <serb at openjdk.org> wrote:
> Additional checks were recently added to ICC_Profile (see [JDK-8347377](https://bugs.openjdk.org/browse/JDK-8347377)). As a result, objects previously stored as valid profiles may now throw an IllegalArgumentException during serialization. Discussion about serialization was started in https://github.com/openjdk/jdk/pull/23044 but it seems at the end non-serialization related check was [verified](https://github.com/openjdk/jdk/pull/23044/commits/a5201b5f353e8957a1274261372496768edbc7a2). =(
>
> The patch itself is simple, but I found that we do not have good test coverage in this area. So I added two tests to cover all possible variants specified by the serialization spec.
src/java.desktop/share/classes/java/awt/color/ICC_Profile.java line 1564:
> 1562: case null, default -> getInstance(data);
> 1563: };
> 1564: } catch (ClassCastException | IllegalArgumentException e) {
I don't see InvalidObjectException as a declared exception either for
This is a little tricky InvalidObjectException isn't listed explicitly by
https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/io/ObjectInputStream.html#readObject()
although it is a subclass of IOException
https://docs.oracle.com/en/java/javase/25/docs/api/java.base/java/io/InvalidObjectException.html#%3Cinit%3E(java.lang.String)
However the docs for
https://docs.oracle.com/en/java/javase/25/docs/api/java.desktop/java/awt/color/ICC_Profile.html#getInstance(byte%5B%5D)
say that IOException is thrown by ObjectInputStream
* @throws IOException thrown by {@code ObjectInputStream}
but the exceptions you are catching are from the profile verifier - at least the IAE is.
And there is a (closed) test that expects IAE in this case and fails because it now gets InvalidObjectException
Either that test, or this fix, or both will need revising. Perhaps the spec. of readObject should be updated too.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27326#discussion_r2356533149
More information about the client-libs-dev
mailing list