RFR: 8318200: String::newStringNoRepl and String::getBytesNoRepl does not throw CharacterCodingException [v5]

Roger Riggs rriggs at openjdk.org
Wed Oct 18 17:39:13 UTC 2023

On Wed, 18 Oct 2023 16:39:47 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> We have to be very careful with proposals like this as it means code outside of java.lang having access to the underlying bytes. I think other alternatives needs to be explored to avoid this and related concerns.

Yes, adding another method in the "NoRepl" family needs to be done with care and be narrowly focused.
JLA already exposes several methods that allow the contents of strings to be read from the underlying value or created from caller provided buffers. All to avoid extra allocations and copying.


PR Comment: https://git.openjdk.org/jdk/pull/16209#issuecomment-1769026087

More information about the security-dev mailing list