RFR: 8287908: Use non-cloning reflection methods where acceptable [v2]
Roger Riggs
rriggs at openjdk.org
Wed Sep 7 19:44:47 UTC 2022
On Tue, 14 Jun 2022 19:54:44 GMT, Roger Riggs <rriggs at openjdk.org> wrote:
>> Right, I was looking into usages of `getAllGenericParameterTypes()` and all of them are read-only. However I agree that later it might become an issue, so I'd use `getParameterTypes()` in line 345.
>
> You can probably appreciate how hard it is to keep track of what's a copy (and needs to be copied) and what's not through several levels of APIs. From a security perspective, its better to spend a little extra at runtime, than to run the risk of allowing an internal data structure to be corrupted.
To ensure the shared types are not too easily exposed, move 317: to inside the `if (realParamData)`.
That's also the only scope in which it is used.
-------------
PR: https://git.openjdk.org/jdk/pull/9064
More information about the core-libs-dev
mailing list