RFC: JDK-8282648: Problems due to conflicting specification of Inflater::inflate(..) and InflaterInputStream::read(..)

Alan Bateman Alan.Bateman at oracle.com
Mon Mar 21 19:19:30 UTC 2022


On 04/03/2022 10:04, Volker Simonis wrote:
> :
>
> 1. Relax the specification of `InflaterInputStream::read(..)` and
> specifically note in the API documentation that a call to
> `InflaterInputStream::read(byte[] b, int off, int len)` may write more
> than *k* characters into `b` where *k* is the returned number of
> inflated bytes. Notice that there's a precedence for this approach in
> `java.io.ByteArrayInputStream::read(..)` which "*unlike the overridden
> method of InputStream, returns -1 instead of zero if the end of the
> stream has been reached and len==0*".
>
On the surface this is probably okay. It wouldn't really be relaxing the 
specification, rather than it would say for a return value n, the bytes 
in b[n] to b[len-1] are undefined as the read operate may have clobbered 
their original values. The risk is that it becomes a performance "trick" 
to provide a larger buffer. That said, I think the main thing we need to 
satisfy ourselves on is security. One part of that is whether anything 
can be gleaned by reading from the byte array during or after an 
inflate. The other part is how the implementation behaves when there is 
a tampering of the array contents during an inflate.

-Alan


More information about the core-libs-dev mailing list