On Tue, 1 Nov 2022 19:06:57 GMT, Jim Laskey <jlas...@openjdk.org> wrote:
>> src/java.base/share/classes/java/lang/template/TemplateRuntime.java line 99:
>>
>>> 97: private static <E> List<E> toList(E... elements) {
>>> 98: return JUCA.listFromTrustedArrayNullsAllowed(elements);
>>> 99: }
>>
>> I'm ok with using JUCA to create an unmodifiable list that can contain nulls.
>>
>> However, it "trusts" the argument array, meaning that the array is assumed
>> to be referenced exclusively and so the array reference is used directly in
>> the resulting List object. That implies that one needs to be very careful
>> about the array that gets passed in, otherwise, the resulting List might not
>> actually be unmodifiable.
>>
>> In particular, the call site in StringTemplate.of()
>>
>> https://github.com/openjdk/jdk/pull/10889/files#diff-d4e02e5ead5ad4f2cfe509c58d1145f599285cd6736bbf37e4116045b2fd50bcR309
>>
>> passes the array obtained from a List parameter that comes directly from a
>> public call, meaning that malicious code could keep a reference to the array
>> returned by `toArray` and modify it later. You could clone the array, or
>> just revert back to the slow path.
>
> Changing caller
Changing
-------------
PR: https://git.openjdk.org/jdk/pull/10889
