RFC: JDK-8282648: Problems due to conflicting specification of Inflater::inflate(..) and InflaterInputStream::read(..)
Alan Bateman
Alan.Bateman at oracle.com
Mon Mar 28 08:53:30 UTC 2022
On 22/03/2022 12:28, Volker Simonis wrote:
> :
> I don't really understand this concern? Do you mean what happens if
> another thread is changing the content of the output buffer during an
> inflate? I think such a use case has never been well-defined and
> amending the specification won't change anything for such a situation.
The setup means that user code has access to temporary storage used by
the inflater library. It's important that nothing sensitive leaks, also
important that flipping bits in any of the bytes in that temporary
buffer doesn't lead to something that is considered a security issue. If
you are confident that nothing bad can happen they great, I'm just
pointing out things to consider when allow for the behavior discussed here.
-Alan
More information about the core-libs-dev
mailing list