On Thu, 27 Oct 2022 21:21:52 GMT, ExE Boss <d...@openjdk.org> wrote: >> Jim Laskey has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Move StringConcatItem to FormatConcatItem > > src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java line > 115: > >> 113: * we do not use all those slots, to let the strategies with >> MethodHandle >> 114: * combinators to use some arguments. >> 115: */ > > Suggestion: > > * > * @since 20 > */
Updated along with a couple @since 19 > src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java line > 1058: > >> 1056: * @throws Throwable if fails to prepend value (unusual). >> 1057: */ >> 1058: long prepend(long lengthCoder, byte[] buffer) throws Throwable; > > This method is inherently unsafe, as `StringConcatFactory` uses > `Unsafe.allocateUninitializedArray(...)` to construct the `buffer`, the > intrinsic implementation of which ***DOESN’T*** zero‑out the memory region > occupied by the array, which can contain potentially sensitive data. > > -------------------------------------------------------------------------------- > > The `StringConcatItem` interface should be sealed or at least moved to a > `jdk.internal.*` package. Went the sealed class route. Unfortunately, the permitted classes are all package private otherwise I would have moved to an internal package. ------------- PR: https://git.openjdk.org/jdk/pull/10889
