RFR: 8296024: Usage of DIrectBuffer::address should be guarded [v9]
ExE Boss
duke at openjdk.org
Tue Nov 22 19:28:27 UTC 2022
On Tue, 22 Nov 2022 13:49:45 GMT, Per Minborg <pminborg at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/GaloisCounterMode.java line 914:
>>
>>> 912: * If so, make a copy to put the dst data in.
>>> 913: */
>>> 914: @SuppressWarnings("try")
>>
>> After looking at the implementation some more, I'm not sure this need fixing? E.g. this method is just using the address to compute some overlap - and return a buffer sliced accordingly. There's no access to the buffer data (except for the last part which does a `put`). The access will fail if the session is closed from underneath. I don't think this can crash the VM (in fact this code did not have a reachability fence to begin with).
>
> Well spotted. I will remove the guarding here.
This `@SuppressWarnings` annotation is no longer needed:
Suggestion:
-------------
PR: https://git.openjdk.org/jdk/pull/11260
More information about the security-dev
mailing list