RFR: 8323706: Remove SimpleSelector and CompoundSelector classes [v7]
Andy Goryachev
angorya at openjdk.org
Wed Aug 7 22:56:41 UTC 2024
On Wed, 7 Aug 2024 22:48:07 GMT, John Hendrikx <jhendrikx at openjdk.org> wrote:
>> modules/javafx.graphics/src/main/java/com/sun/javafx/css/BinarySerializer.java line 111:
>>
>>> 109: }
>>> 110:
>>> 111: int nRelationships = is.readShort();
>>
>> same here: should we check for a positive value?
>>
>> as a general rule, we should be validating the input as it might come from untrusted sources, right? L79 and other places?
>
> I considered doing more here, but as this is all just moved code, I'm hesitant to change it as part of this PR. For example, if there is a faulty binary CSS file which has a negative value for the short, then the original code will just skip the loop. If I add a check, it will change the behavior.
Well, we could create a separate ticket.
-------------
PR Review Comment: https://git.openjdk.org/jfx/pull/1333#discussion_r1708057352
More information about the openjfx-dev
mailing list