On Tue, 11 Mar 2025 21:08:42 GMT, Harshitha Onkar <hon...@openjdk.org> wrote:

>> Built-in Profiles are singleton objects and if the user happens to modify 
>> this shared profile object via setData() then the modified version of the 
>> profile is returned each time the same built-in profile is requested via 
>> getInstance().
>> 
>> It is good to protect Built-in profiles from such direct modification by 
>> adding BuiltIn profile check in `setData()` such that **only copies** of 
>> Built-In profiles are allowed to be updated.
>> 
>> With the proposed fix, if Built-In profile is updated using `.setData()` it 
>> throws _**IAE - "BuiltIn profile cannot be modified"**_
>> 
>> There are no restrictions on creating copies of BuiltIn profile and then 
>> modifying it, but what is being restricted with this fix is - the direct 
>> modification of the shared BuiltIn profile instance.
>> 
>> Applications which need a modified version of the ICC Profile should instead 
>> do the following:
>> 
>> 
>> byte[] profileData = ICC_Profile.getData() // get the byte array 
>> representation of BuiltIn- profile
>> ICCProfile newProfile = ICC_Profile.getInstance(profileData) // create a new 
>> profile
>> newProfile.setData() // to modify and customize the profile
>> 
>> 
>> Following existing tests are modified to update a copy of Built-In profile.
>> 
>> - java/awt/color/ICC_Profile/SetHeaderInfo.java
>> - java/awt/color/ICC_ProfileSetNullDataTest.java
>> - sun/java2d/cmm/ProfileOp/SetDataTest.java
>
> Harshitha Onkar has updated the pull request incrementally with one 
> additional commit since the last revision:
> 
>   modifier order changed, added comment to BuiltInProfile

src/java.desktop/share/classes/java/awt/color/ICC_Profile.java line 126:

> 124:         /*
> 125:          * Deferral is only used for standard profiles. Enabling the 
> appropriate
> 126:          * access privileges is handled at a lower level.

I wonder if “Enabling the appropriate access privileges is handled at a lower 
level” is still relevant after `SecurityManager` was removed.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/23606#discussion_r1990133673

Reply via email to