On Mon, 3 Oct 2022 05:54:31 GMT, Markus KARG <d...@openjdk.org> wrote:
>> This PR implements JDK-8294696. > > Markus KARG has updated the pull request incrementally with one additional > commit since the last revision: > > Checking explicitly -1 instead of < 0 I think before we give up, we should consider the alternatives, as the performance benefit of this PR is just too big to give up! * Alternative A: I check the existing code to proof that we do not need any safety means if that is OK for everybody (is it?). * Alternative B: Instead of double-buffering I drop the original buffer and use a same-size replacement each time the buffer was drained inside of `transferTo`. This is a rather cheap solution and rather perfectly prevents OOME, as I drop *first* before reallocating. * Alternative C: Instead of double-buffering I zero-out (using `Arrays.fill()`) the original buffer after draining it. This would be a super-cheap alternative if somebody knows a hardware-accelerated array cleanup (do you?), but unfortunately the current code seems to be a simple Java-loop, actually. I do not agree to close this PR unless we have a proof that the security problem really exists (I still can check that) *and* we didn't find a well-performing workaround. ------------- PR: https://git.openjdk.org/jdk/pull/10525
