RFR: 8258915: Temporary buffer cleanup [v3]
Valerie Peng
valeriep at openjdk.java.net
Mon Jan 25 11:37:43 UTC 2021
On Sat, 23 Jan 2021 16:04:53 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/pkcs/PKCS8Key.java line 221:
>>
>>> 219: if (encodedKey == null) {
>>> 220: try {
>>> 221: DerOutputStream tmp = new DerOutputStream();
>>
>> What is the criteria of using the default constructor vs the one with a initial size? Here is using the default, are we sure about the key (line 224 below) will always fit?
>
> Here the key is the last thing to be written into the DerOutputStream, so there will be no more reallocation after and its content will not be leaked.
I see. Interesting...
-------------
PR: https://git.openjdk.java.net/jdk/pull/2070
More information about the security-dev
mailing list