RFR [9] 8138978: Examine usages of sun.misc.IOUtils

Paul Sandoz paul.sandoz at oracle.com
Thu Oct 8 08:32:05 UTC 2015


> On 7 Oct 2015, at 22:28, Alan Bateman <Alan.Bateman at oracle.com> wrote:
> 
> 
> On 07/10/2015 20:57, Chris Hegarty wrote:
>> :
>> I updated Connection with a readFully that has the same
>> semantics as IOUtils.
>> 
>>   http://cr.openjdk.java.net/~chegar/8138978/webrev.01/jdk/
>> 
> I agree with Roger. Couldn't this be changed to use create an array of length seqlen and use readNBytes?
> 

It reads at most “seqlen" bytes, so the array may be larger than necessary, which might be ok depending on whether one can trust "seqlen".


The following pattern occurs a few times:

  byte[] b = is.readAllBytes();
  if (len !- -1 && b.length != len) throw new EOFException(…)

A further useful addition to consider would be an IS.readFulyl(int expectedLength).

I suspect you could probably remove sun.security.util.IOUtils, if the assumption is correct than one never relies on a length of -1 or Integer.MAX_VALUE to signal “readAllBytes”. That seems to be the case since all security usages pass in a true value for readAll. From what i can tell the length passed in is never < 0, since it is checked before hand. So that leaves the Integer.MAX_VALUE case, which i am not sure is intentional in the use-cases, as that will mean readAllBytes and not readNBytes.

Paul

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.openjdk.java.net/pipermail/security-dev/attachments/20151008/e4f6aac8/signature-0001.asc>


More information about the security-dev mailing list