On Thu, 16 Jan 2025 00:14:31 GMT, Phil Race <p...@openjdk.org> wrote:
>> Added 2 more cases that tests loading a profile using
>> ICC_Profile.getInstance(byte[] data)
>> Now we hit the code path where verifyHeader() is called within
>> getInstance().
>> Also , I did test by directly loading a profile from a file -
>> ICC_Profile.getInstance("sRGB.pf") and it works fine.
>>
>> Did you mean this code path or something else?
>
> I *think* what he means is that a profile with a now rejected header might
> allowed on JDK 21,
> and serialised on JDK 21 and when deserialised on JDK 25 (with this change)
> it is then rejected.
>
> Since it is unlikely the profile actually worked properly anyway on JDK 21, I
> don't think that would be an issue except for contrived tests, and is an
> insufficient reason to not make this change.
> Also if we were to consider backporting this to 21u then they'd not be able
> to serialise it.
> If we get a bug report on serialisation with a legitimate case, we can take
> another look.
Makes sense - Serialization and deserialization on different versions of JDK.
Thanks for clarifying.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23044#discussion_r1917573088
