RFR: 8321053: Use ByteArrayInputStream.buf directly when parameter of transferTo() is trusted [v4]
Brian Burkhalter
bpb at openjdk.org
Tue Dec 5 16:41:01 UTC 2023
On Tue, 5 Dec 2023 12:58:45 GMT, Markus KARG <duke at openjdk.org> wrote:
>> I suspect it's left over from a previous iteration. In any case, limiting it to a small number of output streams makes this easier to look at. BAOS and FOS seem okay, POP seems okay too but legacy and not interesting.
>
>> I suspect it's left over from a previous iteration. In any case, limiting it to a small number of output streams makes this easier to look at. BAOS and FOS seem okay, POP seems okay too but legacy and not interesting.
>
> Agreed for a rather short list of explicitly whitelisted implementations. We should get rid of the package check.
I checked all the `OutputStreams` in the list for trustworthiness. The package check is vestigial; will remove. It could be useful if multiple packages were involved with multiple trusted classes in each.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16893#discussion_r1415944621
More information about the core-libs-dev
mailing list