On Fri, 1 Dec 2023 14:05:37 GMT, Bernd <d...@openjdk.org> wrote: >> Did you review if all Java.* streams are safe? >> >> There are a few stream adapters in sun.nio.ch, which would benefit this >> optimization too, unfortunately they wrap the arrays with ByteBuffer.wrap, I >> guess that’s not safe, so the package can’t be allowed? > >> @ecki I've checked the streams in `java.*` and it looks like none of them >> modifies the incoming `byte[]` > > i think modification is not the problem, the querstion is if they get exposed > to user code. (but yes the readonly ByteBuffer wrapper looks like a good > thing to use more).
> @ecki , what do you think of using read-only `ByteBuffer` instead? > > See [#16879 > (comment)](https://github.com/openjdk/jdk/pull/16879#discussion_r1410416823) > > It looks like there might be `OutputStream extends WritableByteChannel`. Then > we won't need to perform deep analysis. i am not completely sure if exposing buffers is a problem in terms of dirty data and if thats an issue with those wrappers. Well honestly it cant be anissue since we dont have untrusted code, but I understand future undertakings need to take this into account (insert SecurityManager rant here :) ------------- PR Comment: https://git.openjdk.org/jdk/pull/16879#issuecomment-1836184267
