On Tue, 1 Nov 2022 00:09:21 GMT, David Schlosnagle <d...@openjdk.org> wrote:
>> Jim Laskey has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Add @SafeVarargs declarations
>
> src/java.base/share/classes/java/lang/runtime/TemplateSupport.java line 201:
>
>> 199: @SuppressWarnings("unchecked")
>> 200: public static <E> List<E> toList(E... elements) {
>> 201: return JUCA.listFromTrustedArrayNullsAllowed(elements);
>
> Is this public method leaking access to the JUCA shared secrets method here?
Yes, this is leaking access. I suppose this is public because it is called from
`javac` generated code. But, from the perspective of the runtime, code
generated by `javac` is the same as any other arbitrary non-trusted bytecode.
-------------
PR: https://git.openjdk.org/jdk/pull/10889
