RFR: 8344336: SM cleanup of java.lang.System, Runtime, String, StackWalker
Roger Riggs
rriggs at openjdk.org
Mon Nov 18 15:11:46 UTC 2024
On Mon, 18 Nov 2024 00:16:00 GMT, Chen Liang <liach at openjdk.org> wrote:
>> Removed use of SecurityManager to check permissions.
>> Relaxed defensive copying of byte arrays (due to lack of SM)
>
> src/java.base/share/classes/java/lang/String.java line 691:
>
>> 689: System.getSecurityManager() != null) {
>> 690: bytes = Arrays.copyOfRange(bytes, offset, offset + length);
>> 691: offset = 0;
>
> Was this defensive copy particularly important to security managers but has no effect for other scenarios?
Application supplied Charsets are not any more or less trusted than any other class in the application.
So the copy is not (adequately) effective as a defensive measure here.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22168#discussion_r1846753458
More information about the core-libs-dev
mailing list