RFR: 8320971: Use BufferedInputStream.buf directly when param of implTransferTo() is trusted
Markus KARG
duke at openjdk.org
Wed Nov 29 22:39:06 UTC 2023
On Wed, 29 Nov 2023 20:07:37 GMT, Vladimir Sitnikov <vsitnikov at openjdk.org> wrote:
>>> What do you think of passing the buffer as is?
>>
>> No, it should only do for trusted targets. BAIS has an issue in that area that should be fixed.
>
> The buffer in question is protected, so any subclass can directly access it. In other words, untrusted code can easily acoess the buffer, and it does not sound fair to add extra overhead to the method which was created for the performance reasons.
>
> Does copyOfRange do any good here? Do you mean JDK should copy every buffer it passes to non-JDK code?
@vlsi Yes, unless the JRE comes up with read-only buffers all untrusted code should get copies of JRE-internal buffers only to provide buffer poisoning and spying data located beyond range limits. Subclasses are free to do what they want with the inherited buffer (it is *their* buffer implicitly), but target output stream might be an injected bad guy that we must not trust in any regard.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16879#discussion_r1409945330
More information about the core-libs-dev
mailing list