RFR: 8287442: Reduce list to array conversions in java.lang.invoke.MethodHandles
liach
duke at openjdk.java.net
Fri May 27 16:11:53 UTC 2022
On Fri, 27 May 2022 14:38:27 GMT, Claes Redestad <redestad at openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/invoke/MethodHandles.java line 5266:
>>
>>> 5264: */
>>> 5265: public static MethodHandle dropArguments(MethodHandle target, int pos, List<Class<?>> valueTypes) {
>>> 5266: return dropArguments(target, pos, valueTypes.toArray(new Class<?>[0]).clone(), true);
>>
>> Isn't this call to `clone()` unnecessary, as `valueTypes.toArray` should either return the passed empty array, or a newly created array?
>
> It might be a bit too paranoid in this instance (since we don't keep the array around for long), but not cloning the result of calling `toArray` on an arbitrary and possibly adversary `List` could open up for TOCTOU race bugs / attacks. The existing code was being paranoid and copying and I don't want to weaken something that could have security implications without double- and triple-checking that it's safe to do so.
You can probably call the `dropArguments` with `false` for `trusted` instead.
-------------
PR: https://git.openjdk.java.net/jdk/pull/8923
More information about the core-libs-dev
mailing list