8347377: Add validation checks for ICC_Profile header fields

Reviewed-by: prr, jdv

Author: Harshitha Onkar

jdk/src/share/classes/java/awt/color/ICC_ColorSpace.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -114,13 +114,14 @@ public ICC_ColorSpace (ICC_Profile profile) {
         int profileClass = profile.getProfileClass();
 
         /* REMIND - is NAMEDCOLOR OK? */
-        if ((profileClass != ICC_Profile.CLASS_INPUT) &&
-            (profileClass != ICC_Profile.CLASS_DISPLAY) &&
-            (profileClass != ICC_Profile.CLASS_OUTPUT) &&
-            (profileClass != ICC_Profile.CLASS_COLORSPACECONVERSION) &&
-            (profileClass != ICC_Profile.CLASS_NAMEDCOLOR) &&
-            (profileClass != ICC_Profile.CLASS_ABSTRACT)) {
-            throw new IllegalArgumentException("Invalid profile type");
+        if (profileClass != ICC_Profile.CLASS_INPUT
+                && profileClass != ICC_Profile.CLASS_DISPLAY
+                && profileClass != ICC_Profile.CLASS_OUTPUT
+                && profileClass != ICC_Profile.CLASS_DEVICELINK
+                && profileClass != ICC_Profile.CLASS_COLORSPACECONVERSION
+                && profileClass != ICC_Profile.CLASS_NAMEDCOLOR
+                && profileClass != ICC_Profile.CLASS_ABSTRACT) {
+            throw new IllegalArgumentException("Invalid profile class");
         }
 
         thisProfile = profile;

jdk/src/share/classes/java/awt/color/ICC_Profile.java

@@ -723,6 +723,7 @@ public class ICC_Profile implements Serializable {
      */
     public static final int icXYZNumberX       = 8;    /* XYZNumber X */
 
+    private static final int HEADER_SIZE = 128;
 
     /**
      * Constructs an ICC_Profile object with a given ID.
@@ -767,6 +768,10 @@ public static ICC_Profile getInstance(byte[] data) {
         ProfileDataVerifier.verify(data);
 
         try {
+            byte[] theHeader = new byte[HEADER_SIZE];
+            System.arraycopy(data, 0, theHeader, 0, HEADER_SIZE);
+            verifyHeader(theHeader);
+
             p = CMSManager.getModule().loadProfile(data);
         } catch (CMMException c) {
             throw new IllegalArgumentException("Invalid ICC Profile Data");
@@ -1084,16 +1089,18 @@ public int getMinorVersion() {
      * @return One of the predefined profile class constants.
      */
     public int getProfileClass() {
-    byte[] theHeader;
-    int theClassSig, theClass;
 
         ProfileDeferralInfo info = deferralInfo;
         if (info != null) {
             return info.profileClass;
         }
 
-        theHeader = getData(icSigHead);
+        byte[] theHeader = getData(icSigHead);
+        return getProfileClass(theHeader);
+    }
 
+    private static int getProfileClass(byte[] theHeader) {
+        int theClassSig, theClass;
         theClassSig = intFromBigEndian (theHeader, icHdrDeviceClass);
 
         switch (theClassSig) {
@@ -1163,6 +1170,11 @@ static int getColorSpaceType(Profile p) {
         return theColorSpace;
     }
 
+    private static int getColorSpaceType(byte[] theHeader) {
+        int theColorSpaceSig = intFromBigEndian(theHeader, icHdrColorSpace);
+        return iccCStoJCS(theColorSpaceSig);
+    }
+
     /**
      * Returns the color space type of the Profile Connection Space (PCS).
      * Returns one of the color space type constants defined by the
@@ -1192,6 +1204,29 @@ static int getPCSType(Profile p) {
     }
 
 
+    private static int getPCSType(byte[] theHeader) {
+        int thePCSSig = intFromBigEndian(theHeader, icHdrPcs);
+        int theDeviceClass = intFromBigEndian(theHeader, icHdrDeviceClass);
+        int thePCSType;
+
+        if (theDeviceClass == icSigLinkClass) {
+            return iccCStoJCS(thePCSSig);
+        } else {
+            switch (thePCSSig) {
+                case icSigXYZData:
+                    thePCSType = ColorSpace.TYPE_XYZ;
+                    break;
+                case icSigLabData:
+                    thePCSType = ColorSpace.TYPE_Lab;
+                    break;
+                default:
+                    throw new IllegalArgumentException("Unexpected PCS type");
+            };
+        }
+
+        return thePCSType;
+    }
+
     /**
      * Write this ICC_Profile to a file.
      *
@@ -1316,12 +1351,49 @@ static byte[] getData(Profile p, int tagSignature) {
      * @see #getData
      */
     public void setData(int tagSignature, byte[] tagData) {
+        if (tagSignature == ICC_Profile.icSigHead) {
+            verifyHeader(tagData);
+        }
 
         activate();
 
         CMSManager.getModule().setTagData(cmmProfile, tagSignature, tagData);
     }
 
+    private static void verifyHeader(byte[] data) {
+        if (data == null || data.length < HEADER_SIZE) {
+            throw new IllegalArgumentException("Invalid header data");
+        }
+        getProfileClass(data);
+        getColorSpaceType(data);
+        getPCSType(data);
+        checkRenderingIntent(data);
+    }
+
+    private static boolean checkRenderingIntent(byte[] header) {
+        int index = ICC_Profile.icHdrRenderingIntent;
+
+        /* According to ICC spec, only the least-significant 16 bits shall be
+         * used to encode the rendering intent. The most significant 16 bits
+         * shall be set to zero. Thus, we are ignoring two most significant
+         * bytes here. Please refer ICC Spec Document for more details.
+         */
+        int renderingIntent = ((header[index+2] & 0xff) <<  8) |
+                              (header[index+3] & 0xff);
+
+        switch (renderingIntent) {
+            case icPerceptual:
+            case icMediaRelativeColorimetric:
+            case icSaturation:
+            case icAbsoluteColorimetric:
+                break;
+            default:
+                throw new IllegalArgumentException("Unknown Rendering Intent");
+        }
+
+        return true;
+    }
+
     /**
      * Sets the rendering intent of the profile.
      * This is used to select the proper transform from a profile that