Sv: [Integrated] RFR: 6651: Exposing the magic bytes for the compressed formats supported
Marcus Hirt
marcus at hirt.se
Wed Dec 11 21:39:08 UTC 2019
Very good point. This should probably be two separate methods returning defensive copies, documented as such and then the user of the methods can decide whether or not they want to cache.
/M
-----Ursprungligt meddelande-----
Från: jmc-dev <jmc-dev-bounces at openjdk.java.net> För Erik Gahlin
Skickat: den 11 december 2019 16:38
Till: jmc-dev at openjdk.java.net; Marcus Hirt <marcus.hirt at datadoghq.com>
Ämne: Re: [Integrated] RFR: 6651: Exposing the magic bytes for the compressed formats supported
Some static analysis tool will probably classify this as a vulnerability since the contents of as public static final array field can be changed from the outside by a malicious user.
Erik
On 2019-12-11 16:23, Marcus Hirt wrote:
> Changeset: 16481354
> Author: Marcus Hirt <hirt at openjdk.org>
> Date: 2019-12-11 15:22:41 +0000
> URL: https://git.openjdk.java.net/jmc/commit/16481354
>
> 6651: Exposing the magic bytes for the compressed formats supported
>
> Reviewed-by: jkang, hdafgard
>
> !
> core/org.openjdk.jmc.common/src/main/java/org/openjdk/jmc/common/io/IO
> Toolkit.java
More information about the jmc-dev
mailing list