RFR: 8320971: Use BufferedInputStream.buf directly when param of implTransferTo() is trusted
Vladimir Sitnikov
vsitnikov at openjdk.org
Wed Nov 29 20:10:10 UTC 2023
On Wed, 29 Nov 2023 19:55:09 GMT, Alan Bateman <alanb at openjdk.org> wrote:
>> src/java.base/share/classes/java/io/BufferedInputStream.java line 653:
>>
>>> 651: byte[] buffer = Arrays.copyOfRange(getBufIfOpen(), pos, count);
>>> 652: out.write(buffer);
>>> 653: }
>>
>> Suggestion:
>>
>> out.write(getBufIfOpen(), pos, count);
>>
>>
>> What do you think of passing the buffer as is?
>> `ByteArrayInputStream` passes the buffer without extra copies anyway: https://github.com/openjdk/jdk/blob/9a6ca233c7e91ffa2ce9451568b3be88ccd04504/src/java.base/share/classes/java/io/ByteArrayInputStream.java#L207-L213
>
>> What do you think of passing the buffer as is?
>
> No, it should only do for trusted targets. BAIS has an issue in that area that should be fixed.
The buffer in question is protected, so any subclass can directly access it. In other words, untrusted code can easily acoess the buffer, and it does not sound fair to add extra overhead to the method which was created for the performance reasons.
Does copyOfRange do any good here? Do you mean JDK should copy every buffer it passes to non-JDK code?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16879#discussion_r1409810571
More information about the core-libs-dev
mailing list