RFR [9] 8138978: Examine usages of sun.misc.IOUtils

Paul Sandoz paul.sandoz at oracle.com
Thu Oct 8 08:32:05 UTC 2015

> On 7 Oct 2015, at 22:28, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> On 07/10/2015 20:57, Chris Hegarty wrote:
>> :
>> I updated Connection with a readFully that has the same
>> semantics as IOUtils.
>>   http://cr.openjdk.java.net/~chegar/8138978/webrev.01/jdk/
> I agree with Roger. Couldn't this be changed to use create an array of length seqlen and use readNBytes?

It reads at most “seqlen" bytes, so the array may be larger than necessary, which might be ok depending on whether one can trust "seqlen".

The following pattern occurs a few times:

  byte[] b = is.readAllBytes();
  if (len !- -1 && b.length != len) throw new EOFException(…)

A further useful addition to consider would be an IS.readFulyl(int expectedLength).

I suspect you could probably remove sun.security.util.IOUtils, if the assumption is correct than one never relies on a length of -1 or Integer.MAX_VALUE to signal “readAllBytes”. That seems to be the case since all security usages pass in a true value for readAll. From what i can tell the length passed in is never < 0, since it is checked before hand. So that leaves the Integer.MAX_VALUE case, which i am not sure is intentional in the use-cases, as that will mean readAllBytes and not readNBytes.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20151008/e4f6aac8/signature-0001.asc>

More information about the security-dev mailing list