On Fri, 17 Jan 2025 23:58:52 GMT, Harshitha Onkar <hon...@openjdk.org> wrote:
>> ICC_Profile.setData(..) does validation of the specified tag contents and >> throws an exception if it is not valid. But if the tag represents the >> header, at least some of the validation is lazy, occurring only when the >> data is used, leading to unexpected exceptions at a later time. The check >> should be done up-front when the data is set, as in other cases. >> >> `verifyHeader(byte[] data)`is called when header data is being updated and >> the following fields are validated according to the ICC Spec Document. [[1] >> Pg#19](https://www.color.org/specification/ICC.1-2022-05.pdf). >> >> - Profile/Device class >> - Color Space >> - Rendering Intent >> - PCS >> - Header Size check (ICC Header Size = 128 bytes) >> >> These validation checks are added to ICC_Profile.getInstance(..) & >> ICC_Profile.setData(..) methods. >> >> Reference: [1] https://www.color.org/specification/ICC.1-2022-05.pdf > > Harshitha Onkar has updated the pull request incrementally with one > additional commit since the last revision: > > moved verifyHeader() src/java.desktop/share/classes/java/awt/color/ICC_Profile.java line 791: > 789: try { > 790: byte[] theHeader = new byte[HEADER_SIZE]; > 791: System.arraycopy(data, 0, theHeader, 0, HEADER_SIZE); We won't run into ArrayIndexOutOfBoundsException here since the incoming data array size is already being verified in ProfileDataVerifier.verify(data). ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/23044#discussion_r1920886673
