RFR: 8321053: Use ByteArrayInputStream.buf directly when parameter of transferTo() is trusted
Sergey Tsypanov
stsypanov at openjdk.org
Thu Nov 30 12:37:04 UTC 2023
On Thu, 30 Nov 2023 00:03:21 GMT, Brian Burkhalter <bpb at openjdk.org> wrote:
> Pass `ByteArrayInputStream.buf ` directly to the `OutputStream` parameter of `BAIS.transferTo` only if the target stream is in the `java.io` package.
src/java.base/share/classes/java/io/ByteArrayInputStream.java line 211:
> 209: if (len > 0) {
> 210: byte[] tmp;
> 211: if ("java.io".equals(out.getClass().getPackageName()))
I think we should trust all classes in `java.*` packages, i.e. the check should be
out.getClass().getPackageName().startsWith("java.")
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/16893#discussion_r1410610109
More information about the core-libs-dev
mailing list