On Mon, 31 Oct 2022 21:23:19 GMT, Stuart Marks <sma...@openjdk.org> wrote:
>> Jim Laskey has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add @SafeVarargs declarations
>
> src/java.base/share/classes/java/lang/template/TemplateRuntime.java line 99:
>
>> 97: private static <E> List<E> toList(E... elements) {
>> 98: return JUCA.listFromTrustedArrayNullsAllowed(elements);
>> 99: }
>
> I'm ok with using JUCA to create an unmodifiable list that can contain nulls.
>
> However, it "trusts" the argument array, meaning that the array is assumed to
> be referenced exclusively and so the array reference is used directly in the
> resulting List object. That implies that one needs to be very careful about
> the array that gets passed in, otherwise, the resulting List might not
> actually be unmodifiable.
>
> In particular, the call site in StringTemplate.of()
>
> https://github.com/openjdk/jdk/pull/10889/files#diff-d4e02e5ead5ad4f2cfe509c58d1145f599285cd6736bbf37e4116045b2fd50bcR309
>
> passes the array obtained from a List parameter that comes directly from a
> public call, meaning that malicious code could keep a reference to the array
> returned by `toArray` and modify it later. You could clone the array, or just
> revert back to the slow path.
Changing caller
-------------
PR: https://git.openjdk.org/jdk/pull/10889
