RFR: 8340232: Optimize DataInputStream::readUTF
Chen Liang
liach at openjdk.org
Tue Sep 17 03:29:31 UTC 2024
On Mon, 16 Sep 2024 16:41:04 GMT, Shaojin Wen <swen at openjdk.org> wrote:
>> src/java.base/share/classes/java/io/DataInputStream.java line 590:
>>
>>> 588: if (bytearr == null) {
>>> 589: bytearr = new byte[utflen];
>>> 590: allocate = true;
>>
>> Can we rename this boolean to `trusted` and set it to `false` when we assign it back to `dis.bytearr`? Even though that assignment will be redundant, calling it `trusted` is helpful to avoid causing security problems if we reorganize this code in the future.
>
> When ascii != utflen, bytearr will be reused, and the name of `trusted` is not clear here.
I mean to add a `trusted = false;` when bytearr is reused; trusted will be clear there, and in the future it's less likely for programmers to accidentally leak the trusted array.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20903#discussion_r1761571703
More information about the core-libs-dev
mailing list