RFR [9] 8138978: Examine usages of sun.misc.IOUtils
Paul Sandoz
paul.sandoz at oracle.com
Thu Oct 8 08:32:05 UTC 2015
> On 7 Oct 2015, at 22:28, Alan Bateman <Alan.Bateman at oracle.com> wrote:
>
>
> On 07/10/2015 20:57, Chris Hegarty wrote:
>> :
>> I updated Connection with a readFully that has the same
>> semantics as IOUtils.
>>
>> http://cr.openjdk.java.net/~chegar/8138978/webrev.01/jdk/
>>
> I agree with Roger. Couldn't this be changed to use create an array of length seqlen and use readNBytes?
>
It reads at most “seqlen" bytes, so the array may be larger than necessary, which might be ok depending on whether one can trust "seqlen".
The following pattern occurs a few times:
byte[] b = is.readAllBytes();
if (len !- -1 && b.length != len) throw new EOFException(…)
A further useful addition to consider would be an IS.readFulyl(int expectedLength).
I suspect you could probably remove sun.security.util.IOUtils, if the assumption is correct than one never relies on a length of -1 or Integer.MAX_VALUE to signal “readAllBytes”. That seems to be the case since all security usages pass in a true value for readAll. From what i can tell the length passed in is never < 0, since it is checked before hand. So that leaves the Integer.MAX_VALUE case, which i am not sure is intentional in the use-cases, as that will mean readAllBytes and not readNBytes.
Paul
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20151008/e4f6aac8/signature.asc>
More information about the security-dev
mailing list