From ae09decb17727001b086331da77d3c08091ad9a9 Mon Sep 17 00:00:00 2001
From: Sergey Bylokhov <serb@openjdk.org>
Date: Mon, 26 Aug 2024 23:56:50 +0000
Subject: [PATCH] 8273135:
 java/awt/color/ICC_ColorSpace/MTTransformReplacedProfile.java crashes in
 liblcms.dylib with NULLSeek+0x7

---
 jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c b/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c
index 1b32f9f415..05baa9392e 100644
--- a/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c
+++ b/jdk/src/share/native/sun/java2d/cmm/lcms/cmsio0.c
@@ -1660,7 +1660,7 @@ cmsBool IsTypeSupported(cmsTagDescriptor* TagDescriptor, cmsTagTypeSignature Typ
 void* CMSEXPORT cmsReadTag(cmsHPROFILE hProfile, cmsTagSignature sig)
 {
     _cmsICCPROFILE* Icc = (_cmsICCPROFILE*) hProfile;
-    cmsIOHANDLER* io = Icc ->IOhandler;
+    cmsIOHANDLER* io;
     cmsTagTypeHandler* TypeHandler;
     cmsTagTypeHandler LocalTypeHandler;
     cmsTagDescriptor*  TagDescriptor;
@@ -1705,6 +1705,8 @@ void* CMSEXPORT cmsReadTag(cmsHPROFILE hProfile, cmsTagSignature sig)
 
     if (TagSize < 8) goto Error;
 
+    io = Icc ->IOhandler;
+
     if (io == NULL) { // This is a built-in profile that has been manipulated, abort early
 
         cmsSignalError(Icc->ContextID, cmsERROR_CORRUPTION_DETECTED, "Corrupted built-in profile.");