On Tue, 18 Oct 2022 17:02:31 GMT, Alan Bateman <al...@openjdk.org> wrote:
> I sent a link to this PR to one of the security engineers and they share the > concern. Have you done any performance testing with an implementation that > makes a defensive copy? Thank you. So far I have not measured the actual performance drop, as I thought it would be common sense to not drop performance *at all*, unless actually *needed*. Given the fact that the buffer could be huge depending on the caller's settings, it is hard to give a single number. For small buffers (like some KB) it is obviously neglectible, but for huge buffers (like GB) it might be drastic, and might lead to OOME in some border cases. That is why I would prefer to abstain from a defensive copy unless *needed*. :-) Roman, your are right, the fact that the Java language misses a read-only flag (like `const` in C++) is a performance showstopper. ;-) @AlanBateman Can you please clarify: Does your answer mean that I shall provide a proof that the actual code actually does not run into the security concern, or does it mean that I *must* do defensive copy? ------------- PR: https://git.openjdk.org/jdk/pull/10525
