RFR [9] 8138978: Examine usages of sun.misc.IOUtils

Chris Hegarty chris.hegarty at oracle.com
Thu Oct 8 08:46:42 UTC 2015

On 8 Oct 2015, at 09:32, Paul Sandoz <paul.sandoz at oracle.com> wrote:

>> On 7 Oct 2015, at 22:28, Alan Bateman <Alan.Bateman at oracle.com> wrote:
>> On 07/10/2015 20:57, Chris Hegarty wrote:
>>> :
>>> I updated Connection with a readFully that has the same
>>> semantics as IOUtils.
>>>  http://cr.openjdk.java.net/~chegar/8138978/webrev.01/jdk/
>> I agree with Roger. Couldn't this be changed to use create an array of length seqlen and use readNBytes?
> It reads at most “seqlen" bytes, so the array may be larger than necessary, which might be ok depending on whether one can trust "seqlen”.

We do no trust ‘seqlen’. :-(

> The following pattern occurs a few times:
>  byte[] b = is.readAllBytes();
>  if (len !- -1 && b.length != len) throw new EOFException(…)
> A further useful addition to consider would be an IS.readFulyl(int expectedLength).

Yes, I think a variant of readNBytes(long expectedLength),
would  be a useful addition. I can file a bug and add it to
the I/O grab bag, 6852033 [1]. Then a further round of 
cleanup could possibly remove IOUtils completely.

> I suspect you could probably remove sun.security.util.IOUtils, if the assumption is correct than one never relies on a length of -1 or Integer.MAX_VALUE to signal “readAllBytes”. That seems to be the case since all security usages pass in a true value for readAll. From what i can tell the length passed in is never < 0, since it is checked before hand. So that leaves the Integer.MAX_VALUE case, which i am not sure is intentional in the use-cases, as that will mean readAllBytes and not readNBytes.


[1] https://bugs.openjdk.java.net/browse/JDK-6852033

More information about the security-dev mailing list