RFR: 8279283 - BufferedInputStream should override transferTo [v11]
Markus KARG
duke at openjdk.org
Sun Sep 25 10:22:24 UTC 2022
On Sun, 25 Sep 2022 07:28:56 GMT, Alan Bateman <alanb at openjdk.org> wrote:
>>> I do not quite understand what would be wrong with the code below instead of falling back to the super implementation _in case of non-empty buffer_?
>>
>> I think you are asking if is safe to leak a reference to the internal buffer. If there is no mark then it might be okay because there is no replay for an evil output stream to attack. However, I think it would require wider review to be confident that there aren't other interesting ways to break it; hence the suggestion in one of the earlier comments to keep it simple and limit it when there is no subclassing, no mark, and no bytes buffered. This does not prevent widening the conditions in the future.
>
>> @AlanBateman Kindly requesting approval. :-)
>
> I don't have any more comments, the recent test cleanups are good. I assume @bplb will sponsor.
@AlanBateman Kindly asking for `/approve`. Thanks. :-)
-------------
PR: https://git.openjdk.org/jdk/pull/6935
More information about the core-libs-dev
mailing list