RFR: 8320971: Use BufferedInputStream.buf directly when param of implTransferTo() is trusted [v3]

Alan Bateman alanb at openjdk.org
Mon Dec 4 13:18:38 UTC 2023


On Thu, 30 Nov 2023 17:24:47 GMT, Brian Burkhalter <bpb at openjdk.org> wrote:

>> What do you think of adding `OutputStream extends WritableByteChannel`, so `transferTo` could be implemented with `if (target instanceof WritableByteChannel) { target.write(ByteBuffer.wrap(buf, off, len).asReadOnly()); }`?
>> 
>> Read-only byte buffer will not allow modifying the data in the buffer, it would eliminate buffer copies, and adding `write(ByteBuffer)` to `OutputStream` seems reasonable.
>
>> It could be special cased for trusted targets but at the cost of auditing and complexity. So more thought needed on this [...]
> 
> Could the target additionally be checked to see whether it is a `FilterOutputStream` and if so not be trusted?

> What do you think of adding `OutputStream extends WritableByteChannel`, so `transferTo` could be implemented with `if (target instanceof WritableByteChannel) { target.write(ByteBuffer.wrap(buf, off, len).asReadOnly()); }`?

Interesting but I don't think that is workable as WBC specifies that writes executing serially and also specifies the exception when attempting to write to a closed channel, both of which are not compatible with OutputStream.

In any case, it doesn't solve the second part of the concern which is read-only view on the internal buffer.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/16879#discussion_r1413859006


More information about the core-libs-dev mailing list