RFR: JDK-8285932 Implementation of JEP-430 String Templates (Preview) [v7]
Jim Laskey
jlaskey at openjdk.org
Wed Nov 9 21:16:40 UTC 2022
On Tue, 1 Nov 2022 19:06:57 GMT, Jim Laskey <jlaskey at openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/template/TemplateRuntime.java line 99:
>>
>>> 97: private static <E> List<E> toList(E... elements) {
>>> 98: return JUCA.listFromTrustedArrayNullsAllowed(elements);
>>> 99: }
>>
>> I'm ok with using JUCA to create an unmodifiable list that can contain nulls.
>>
>> However, it "trusts" the argument array, meaning that the array is assumed to be referenced exclusively and so the array reference is used directly in the resulting List object. That implies that one needs to be very careful about the array that gets passed in, otherwise, the resulting List might not actually be unmodifiable.
>>
>> In particular, the call site in StringTemplate.of()
>>
>> https://github.com/openjdk/jdk/pull/10889/files#diff-d4e02e5ead5ad4f2cfe509c58d1145f599285cd6736bbf37e4116045b2fd50bcR309
>>
>> passes the array obtained from a List parameter that comes directly from a public call, meaning that malicious code could keep a reference to the array returned by `toArray` and modify it later. You could clone the array, or just revert back to the slow path.
>
> Changing caller
Changing
-------------
PR: https://git.openjdk.org/jdk/pull/10889
More information about the compiler-dev
mailing list