RFR: 8317332: Prepare security for permissive-
Daniel Jeliński
djelinski at openjdk.org
Mon Oct 2 12:30:12 UTC 2023
On Mon, 2 Oct 2023 08:19:54 GMT, Julian Waters <jwaters at openjdk.org> wrote:
>> src/java.security.jgss/windows/native/libsspi_bridge/sspi.cpp line 372:
>>
>>> 370: SEC_WCHAR* value = new SEC_WCHAR[len + 1];
>>> 371:
>>> 372: {
>>
>> This is ugly. I'm not a fan of braces appearing in the middle of the code for no apparent reason.
>>
>> [This SO question](https://stackoverflow.com/questions/31513798/error-jump-to-label-foo-crosses-initialization-of-bar) states that we can fix the compilation errors by splitting inline initialization into definition + assignment. I think I'd prefer that approach.
>
> I agree that it's ugly, but at the time I couldn't think of another way to solve the issue. By any chance, why does splitting it out into separate declaration assignment work? Last I remember, it still jumps over the local even when split up like this.
Well, SO offers a speculative answer:
https://stackoverflow.com/a/14274292
the modified form is not more safe, but the standard does not forbid it.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/15996#discussion_r1342622719
More information about the security-dev
mailing list