On Mon, 16 Sep 2024 16:41:04 GMT, Shaojin Wen <s...@openjdk.org> wrote:
>> src/java.base/share/classes/java/io/DataInputStream.java line 590:
>>
>>> 588: if (bytearr == null) {
>>> 589: bytearr = new byte[utflen];
>>> 590: allocate = true;
>>
>> Can we rename this boolean to `trusted` and set it to `false` when we assign
>> it back to `dis.bytearr`? Even though that assignment will be redundant,
>> calling it `trusted` is helpful to avoid causing security problems if we
>> reorganize this code in the future.
>
> When ascii != utflen, bytearr will be reused, and the name of `trusted` is
> not clear here.
I mean to add a `trusted = false;` when bytearr is reused; trusted will be
clear there, and in the future it's less likely for programmers to accidentally
leak the trusted array.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20903#discussion_r1761571703
